Connecting to SQL Azure with Dynamic IP Addresses

SQL Azure does a good job of security by locking down access with a firewall by default. As more and more companies trust their data to the cloud, cloud based solutions will likely become a target more and more focused on by people attempting to steal data.

SQL Azure currently offers a free three month trial, and I would recommend all Web Developers who develop database-driven solutions to try it. More details can be found at: http://www.windowsazure.com/en-us/pricing/free-trial/

Whilst I've said what a good job of security SQL Azure does, anyone trialing SQL Azure may run into problems with the security settings. When creating a new SQL Azure instances, the setup wizard asks you to specify firewall rules:



As you can see, a firewall rule needs to be created that allows either 1 IP address or an IP address range to access the SQL Azure database. If you have a web application hosted on a server, then you can create a firewall rule for the IP address of that server - bingo, your application can access the database. Likewise if you have a static IP address at home and/or work you can create rules for those IP addresses too, to access the database when debugging or using SQL Management Studio.

The problem is where you have dynamic IP addresses, and this is not necessarily limited to home internet connections - several business broadband providers use dynamic IP addresses too. 

If you need to access your SQL Azure instance from a connection that has a dynamic IP address for debugging or using SQL Management Studio, you will need to create a firewall rule for the entire IP address range your ISP uses. As you can appreciate, this instantly this dilutes the security that comes with using SQL Azure.

If you do want to add the entire IP address range for your ISP, you will need to:

1. Go to http://whatsmyip.org to get your current IP address assigned by your ISP.
2. Lookup the IP address range assigned to your ISP by using https://apps.db.ripe.net/search/query.html and entering the IP address from step 1.
3. Create a firewall rule using the start IP address and the end IP address from step 2.

I do hope the Azure team will implement other firewall options in the future, such as DNS or MAC address based access rules.




Comments

Popular posts from this blog

HTML to PDF Conversion in MVC 4

WebAPI and Subscriber Authentication by Custom HTTP Headers