Ensure Azure SQL Server data replication with Fail Over groups
SQL Server data should be replicated to avoid loss of unreplicated data.
Risk Level: Low
Cloud Entity: SQL Server on Virtual Machines
CloudGuard Rule ID: D9.AZU.DR.02
Covered by Spectral: Yes
Category: Compute
GSL LOGIC
SQLServer should have failOverGroups length()>0
REMEDIATION
From Portal
- Go to SQL Servers
- For each SQL Server
- Select Failover groups
- Press the Add group link on top of the page
- Select the Failover Group name, Server name and hit create
- Click Save
From TF
Set the below arguments under 'azurerm_sql_failover_group' as below:
resource "azurerm_sql_failover_group" "example" {
...
server_name = PRIMARY_SQL_SERVER_NAME
databases = [DATABASE_IDS]
partner_servers {
id = SECONDARY_SQL_SERVERS_ID
}
...
}
From Command Line
Run
az sql failover-group update --name FAILOVERGROUPNAME --resource-group RESOURCEGROUPNAME --server SQLSERVERNAME
Note: In order to associate Failover group you need to first create Primary, secondary SQL server and Failover group
References
- https://docs.microsoft.com/en-us/azure/azure-sql/database/auto-failover-group-sql-db?tabs=azure-powershell
- https://docs.microsoft.com/en-us/cli/azure/sql/failover-group?view=azure-cli-latest#az-sql-failover-group-update
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_failover_group
SQL Server on Virtual Machines
SQL Server on Azure virtual machines enables you to use full versions of SQL Server in the Cloud without having to manage any on-premises hardware. SQL Server VMs also simplify licensing costs when you pay as you go.
Azure virtual machines run in many different geographic regions around the world. They also offer a variety of machine sizes. The virtual machine image gallery allows you to create a SQL Server VM with the right version, edition, and operating system. This makes virtual machines a good option for a many different SQL Server workloads.
Compliance Frameworks
- Azure CSA CCM v.3.0.1
- Azure CloudGuard Best Practices
- Azure CloudGuard SOC2 based on AICPA TSC 2017
- Azure HIPAA
- Azure ISO 27001:2013
- Azure ITSG-33
- Azure NIST 800-53 Rev 4
- Azure NIST 800-53 Rev 5
- Azure NIST CSF v1.1
- Azure PCI-DSS 3.2
- CloudGuard Azure All Rules Ruleset
Updated over 1 year ago