Ensure Azure SQL Server data replication with Fail Over groups

SQL Server data should be replicated to avoid loss of unreplicated data.

Risk Level: Low
Cloud Entity: SQL Server on Virtual Machines
CloudGuard Rule ID: D9.AZU.DR.02
Covered by Spectral: Yes
Category: Compute

GSL LOGIC

SQLServer should have failOverGroups length()>0

REMEDIATION

From Portal

  1. Go to SQL Servers
  2. For each SQL Server
  3. Select Failover groups
  4. Press the Add group link on top of the page
  5. Select the Failover Group name, Server name and hit create
  6. Click Save

From TF
Set the below arguments under 'azurerm_sql_failover_group' as below:

resource "azurerm_sql_failover_group" "example" {
	...
	server_name         = PRIMARY_SQL_SERVER_NAME
	databases           = [DATABASE_IDS]
	partner_servers {
		id = SECONDARY_SQL_SERVERS_ID
	}
	...
}

From Command Line
Run

az sql failover-group update --name FAILOVERGROUPNAME --resource-group RESOURCEGROUPNAME --server SQLSERVERNAME

Note: In order to associate Failover group you need to first create Primary, secondary SQL server and Failover group
References

  1. https://docs.microsoft.com/en-us/azure/azure-sql/database/auto-failover-group-sql-db?tabs=azure-powershell
  2. https://docs.microsoft.com/en-us/cli/azure/sql/failover-group?view=azure-cli-latest#az-sql-failover-group-update
  3. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_failover_group

SQL Server on Virtual Machines

SQL Server on Azure virtual machines enables you to use full versions of SQL Server in the Cloud without having to manage any on-premises hardware. SQL Server VMs also simplify licensing costs when you pay as you go.

Azure virtual machines run in many different geographic regions around the world. They also offer a variety of machine sizes. The virtual machine image gallery allows you to create a SQL Server VM with the right version, edition, and operating system. This makes virtual machines a good option for a many different SQL Server workloads.

Compliance Frameworks

  • Azure CSA CCM v.3.0.1
  • Azure CloudGuard Best Practices
  • Azure CloudGuard SOC2 based on AICPA TSC 2017
  • Azure HIPAA
  • Azure ISO 27001:2013
  • Azure ITSG-33
  • Azure NIST 800-53 Rev 4
  • Azure NIST 800-53 Rev 5
  • Azure NIST CSF v1.1
  • Azure PCI-DSS 3.2
  • CloudGuard Azure All Rules Ruleset