SQL Server 2022 and Azure ARC with Azure subscription model

Posted by Harri Jaakkonen Posted on 28/11/2022 0 Comments on SQL Server 2022 and Azure ARC with Azure subscription model
Posted in Azure, Azure AD, Azure ARC, Compliance, Defender, IAM, Identity, Identity Platform, Microsoft Purview, On-premises, Powershell, Security, SQL

SQL 2022 has arrived and in this post I will try out the new setup that should have Azure ARC install embedded.

Why to use Azure ARC with SQL 2022?

One reason could be security, you will get these features through it.

  • Utilize Microsoft Defender for Cloud to safeguard your on-site data.
  • Secure identities using Azure Active Directory and single sign-on.

And the second reason could be billing as model as Pay-As-You-Go (PAYG)

And the third reason could be the completely automated technical evaluation of your database.

Setting it up

First, I want to note out that there is a statement saying that Azure ARC has been added as a default part to the setup.

But as we can see in the upcoming parts of this post, there isn’t anything that you choose for Azure ARC during the initial setup, you will just install and register the server to Azure ARC after the setup or before the setup to choose PAYG model.

Little bit confusing, so wanted to clarify this statement!

Onboarding experience

Once you download the media in a way you prefer and start the install, select the licensing model, you will see this screen.

As we can see there is no option for subscription model licensing.

How to enable it?

If you are using an Server outside Azure, the step is to register your server to Azure ARC.

Evaluating with Azure VM

First you will notice this error when you try to onboard Azure VM to ARC

And what is says in the tin.

And this happens because I’m running my VM inside Azure, so there will couple of steps more, not many but some.

Disable connectivity

When running inside Windows VM, do these.

How it looks like?

If you are wondering what is IDMS is, here is explanation for it.

Azure Instance Metadata Service will provide details on the instances of virtual machines that are currently executing. It can be utilized to set up and administer your virtual computers. The SKU, storage, network setups, and scheduled maintenance activities are all included in this data.

And it will check your Azure VM licensing and activation, this is the reason the blocking is meant for Evaluation purposes only. The following is one thing, you will surely see when you boot the VM for the first time.

And when you open Server activation, it will display that you ain’t legit player.

But this gives an ability to test out that Azure ARC, once done, just un-install the agent, remove VM from ARC, Disable or remove the create IDMS blocking rule and set Guest agent to automatic and start the service.

Still will bring thing back to normal, like we see in the following.

See more information here.

How to evaluate Azure Arc-enabled servers with an Azure VM – Azure Arc
Learn how to evaluate Azure Arc-enabled servers using an Azure virtual machine.

Azure IDMS is an API interface that doesn’t need user authorization and it will work in example with Managed identities that are ran by the VM, so keep this in mind when thinking about security.

Steal Secrets with Azure Instance Metadata Service? Don’t Oversight Role-based Access Control
Azure Instance Metadata Service (IMDS) provides information about the current running virtual machines, such as OS, computer name etc…

Did you know that this IP-address is commonly used also by other Cloud vendors? Like Amazon, they also use this “Magic IP”

Just wanted to shed some light on this steps also, now …

Continuing the process

Azure ARC

Open Azure ARC from https://portal.azure.com/#view/Microsoft_Azure_HybridCompute/AzureArcCenterBlade/~/sqlServers

And choose Connect servers

And you will be presented the process. If you are using an account that has enough rights, the script will handle all the steps, even registering the Resource provider, so you don’t need to worry on it.

Give you Subscription, resource group, location , OS and proxy-address (if needed)

And they will added to the script that you can copy / paste to the VM itself and run.

Note to Microsoft, would you please make this onboarding page a little more interactive, once the deployment is done, it would be nice to show it in this page.

The script

The script will set the parameters you give inside Azure portal and put them as variables.

Then it will download the MSI package

And push the install to the server.

Server side

So, now we have the all-mighty script and once you run it, magic will happen.

Give the code and login.

And the setup will progress and register that provider.

Once done, it will take about 5mins (it was 5min 15sec for me) so accurate!

And done!

How it looks like inside Azure ARC?

When you open the servers control plane in ARC, you will the server onboarded successfully.

How about inside the SQL setup?

Awesome, now we have a possibility to choose pay-as-you-go billing.

But you can also enter the product key if you want to be without the integration to Azure subscription model.

Quick tip! Did you know that you can use INI-file generated with the graphical config for deploying multiple servers silently?

See more information here.

Install SQL Server using a configuration file – SQL Server
You can use SQL Server Setup to generate a configuration file to deploy SQL Server across your organization using a uniform configuration.

Once you install SQL-server, you can go back to …

Azure ARC SQL-servers

And the your very own SQL-server inside Azure ARC portal.

When you dig deeper, you will see the PAYG licensing model.

And the databases it has.

Once you install either SMSS or Azure Data Studio or both, this is what you will see with the version.

Read more on Microsoft announcement.

SQL Server 2022 is now generally available – Microsoft SQL Server Blog
Today, we announced the general availability of SQL Server 2022, the most Azure-enabled release of SQL Server yet, with continued innovation across performance, security, and availability.

Closure

SQL-server keeps evolving also in price. If you need the product key based licensing for it, it will cost a lot more than PAYG model.

PAYG

EditionsMonthly rate (US dollar)Hourly rate
Standard per core$73$0.100
Enterprise per core$274$0.375

Old school licensing

EditionsOpen no-level price (US dollar)Licensing modelChannel availability
Enterprise$13,748[2]2 core packVolume licensing, hosting
Standard – per core$3,586[2]2 core packVolume licensing, hosting
Standard – server$899[2]Server[3]Volume licensing, hosting
Standard – CAL$209CALVolume licensing, hosting

There is also some other nice feature like Disaster recovery from and to Azure SQL Managed-Instance.

Restoring a SQL Managed Instance database backup to SQL Server 2022 now GA
Restoring a backup file is the easiest way to copy a database to another instance. We are excited to announce that you can now restore a copy-only full backup of an Azure SQL Managed Instance (SQL MI) database to an instance of SQL Server 2022 hosted anywhere. Now generally available, this capabil…
Author: Harri Jaakkonen

Leave a Reply

Your email address will not be published. Required fields are marked *