The page has been translated by Gen AI.
Microsoft SQL Server(DBaaS) server connection
Scenario Overview
The Microsoft SQL Server(DBaaS) server connection scenario is a scenario where a Bastion host (Virtual Server) and a Database service are created, and the DB service is accessed through the Bastion host. To securely access Microsoft SQL Server (DBaaS) in the Samsung Cloud Platform environment, it is necessary to create a Bastion host and use it for network connection. To maintain a stable and high level of security, it is recommended to configure the Database service in a Private Subnet environment and configure the Bastion host in a limited Public Subnet environment.
This scenario largely describes the process of creating a Bastion host and Database service, and configuring the network environment for Bastion host and Database connection, and accessing it through a DB connection client.
Scenario Components
You can configure the scenario using the following services.
| Service Group | Service | Detailed Description | |
|---|---|---|---|
| Networking | VPC | A service that provides an independent virtual network in a cloud environment | |
| Networking | VPC > Subnet | A service that allows users to subdivide the network into smaller segments according to purpose/size within the VPC | |
| Networking | VPC > Public IP | A service that reserves public IP and assigns and returns it to Compute resources | |
| Networking | VPC > Internet Gateway | A service that connects VPC resources to the internet | |
| Networking | Security Group | A virtual firewall that controls the server’s traffic | |
| Database | Microsoft SQL Server(DBaaS) | A service that easily creates and manages Microsoft SQL Server in a web environment | |
| Compute | Virtual Server | Virtual server optimized for cloud computing | |
| Compute | Virtual Server > Keypair | Encryption file used to connect to the Virtual Server |
Table. Scenario Component List
Note
- The default policy of Security Group is Deny All, so only allowed IPs must be registered.
- In/Outbound’s All Open(Any IP, Any Port) policy can expose cloud resources to external threats.
- By specifying the necessary IP and Port to set the policy, you can enhance security.
Scenario composition method
To configure the scenario, create the necessary services through the following procedure.
1. Configuring the Network
This describes the process of configuring the network environment for connecting to the Bastion Host and Database services.
1-1. Creating a VPC
For detailed creation methods, please refer to the Networking > VPC > How-to guides guide.
- Click All services > Networking > VPC menu. It moves to the Service Home page of VPC.
- On the Service Home page, click the Create VPC button. It moves to the Create VPC page.
- VPC Creation page, please enter the information required for service creation.
- IP range should be entered as
192.168.x.0/16.
- IP range should be entered as
- In the Summary panel, review the detailed information and estimated charges, and click the Complete button.
- Once creation is complete, check the resource you created on the VPC list page.
1-2. Creating a Subnet
For detailed creation methods, please refer to the Networking > VPC > How-to guides > Subnet guide.
- Click All services > Networking > VPC menu. It moves to the Service Home page of VPC.
- Service Home page, click the Subnet menu. It moves to the Subnet list page.
- Click the Subnet Creation button. It moves to the Subnet Creation page.
- Subnet Creation page where you enter the information needed to create a service.
- Subnet type should be selected as General.
- Please select a pre-created VPC.
- IP range should be entered as
192.168.x.0/24.
- In the Summary panel, review the detailed information and estimated charges, and click the Complete button.
- Once creation is complete, check the created resource on the Subnet list page.
1-3. Creating an Internet Gateway
For detailed creation methods, please refer to the Networking > VPC > How-to guides > Internet Gateway guide.
- Click All services > Networking > VPC menu. It moves to the Service Home page of VPC.
- On the Service Home page, click the Internet Gateway menu. It moves to the Internet Gateway list page.
- Click the Create Internet Gateway button. It moves to the Create Internet Gateway page.
- Internet Gateway Creation page, please enter the required information necessary for service creation.
- Please select a pre-created VPC.
- Select Use in the Firewall usage item.
- In the Summary panel, review the detailed information and estimated charges, and then click the Complete button.
- Once the creation is complete, check the created resource on the Internet Gateway list page.
1-4. Creating a Public IP
For detailed creation methods, please refer to the Networking > VPC > How-to guides > Public IP guide.
- Click All services > Networking > VPC menu. It moves to the Service Home page of VPC.
- Service Home page, click the Public IP menu. It moves to the Public IP list page.
- Public IP Reservation button, click. Move to the Public IP Reservation page.
- Public IP Reservation page where you enter the required information necessary for service reservation.
- In the Summary panel, review the detailed information and estimated billing amount, and click the Complete button.
- Once creation is complete, check the created resource on the Public IP list page.
1-5. Creating a Security Group
For detailed creation methods, please refer to the Networking > Security Group > How-to guides guide.
- Click All services > Networking > Security Group menu. It moves to the Service Home page of Security Group.
- Service Home page, click the Create Security Group button. Move to the Create Security Group page.
- Security Group Creation page, please enter the required information necessary for service creation.
- Check the input information and click the Complete button.
- Once creation is complete, check the created resource on the Security Group list page
2. Creating a Bastion host
This describes the process of configuring the Bastion Host where the database connection client should be installed.
2-1. Creating Server Keypair
For detailed creation methods, please refer to the Compute > Virtual Server > How-to guides > Keypair guide.
- Click All Services > Compute > Virtual Server menu. It moves to the Service Home page of Virtual Server.
- Service Home page, click the Keypair menu. It moves to the Keypair list page.
- Create Keypair button will be clicked. It moves to the Create Keypair page.
- Keypair creation page where you enter the required information necessary for service creation.
- Check the creation information and click the Complete button.
- The key can only be downloaded for the first time, and re-issuance is not provided.
- Please make sure to store the downloaded key in a safe place.
2-2. Creating a Bastion Host
For detailed creation methods, please refer to the Compute > Virtual Server > How-to guides guide.
- Click All Services > Compute > Virtual Server menu. It moves to the Service Home page of Virtual Server.
- Service Home page, click the Virtual Server creation button. Move to the Virtual Server creation page.
- Virtual Server Creation page, please enter the required information necessary for service creation.
- Image is Windows, please select it.
- Please select a pre-created VPC and Subnet.
- Click NAT and select the Public IP reserved in 1-4. Public IP 생성하기.
- 2-1. Create Server Keypair and connect the Keypair created from there.
- Summary panel, check the detailed information generated and the expected billing amount, and click the Complete button.
- After creation is complete, check the created resource on the Virtual Server list page.
2-3. Check Bastion host connection ID and PW
- Click All Services > Compute > Virtual Server menu. It moves to the Service Home page of Virtual Server.
- Service Home page, click the Virtual Server menu. Move to the Virtual Server list page.
- Virtual Serve list page, click on the resource created in 2-2. Bastion host creation. It moves to the detailed information page of the corresponding resource.
- In the detailed information page, click the RDP password inquiry button in the Keypair name item. The RDP password inquiry pop-up window opens.
- RDP password inquiry popup window, attach the keypair file downloaded from 2-1. Server Keypair creation.
- After attaching, click the Password check button. The ID and password required to access the resource will be displayed.
- The ID and Password will be used as information to connect to the Bastion host later in 5-1. Connect to Bastion host.
3. Creating a Database
It describes the process of creating a Database service.
3-1. Creating Microsoft SQL Server (DBaaS) Service
For detailed creation methods, please refer to the Database > Microsoft SQL Server(DBaaS) > How-to guides guide.
- Click on the menu for all services > Database > Microsoft SQL Server(DBaaS). It moves to the Service Home page of Microsoft SQL Server(DBaaS).
- On the Service Home page, click the Create Microsoft SQL Server(DBaaS) button. It moves to the Create Microsoft SQL Server(DBaaS) page.
- Microsoft SQL Server(DBaaS) creation page, please enter the required information needed for service creation.
- Select and connect to the pre-created VPC and Subnet.
- Enter Database related creation information on the required information input screen.
- Add the Bastion host IP in the IP access control item.
- Database Port is 2866 by default, but users can also specify it.
- In the Summary panel, review the detailed information and estimated charges, and then click the Complete button.
- Once creation is complete, check the created resource from the Microsoft SQL Server(DBaaS) list page.
4. Setting Rules
This describes the process of setting rules for users to connect to the Bastion host and rules for the Bastion host to connect to the Database.
4-1. Security Group Add Security Rules
For detailed creation methods, please refer to the Networking > Security Group > How-to guides guide.
- Click All Services > Networking > Security Group menu. It moves to the Service Home page of Security Group.
- Service Home page, click the Security Group menu. Move to the Security Group list page.
- 1-5. Creating a Security Group Select the Security Group resource created from 1-5. Creating a Security Group. It moves to the detailed information page of the corresponding resource.
- Click the Rules tab on the detailed information page. It moves to the Rules tab.
- Rule tab where you click the Add Rule button. Move to the Add Rule popup window.
- In the Add Rule popup window, enter the rules below and click the OK button
| Direction | Remote | Destination Address | Protocol | Port | Description |
|---|---|---|---|---|---|
| Inbound | CIDR | User PC IP | TCP | 3389 (RDP) | Bastion connection PC → Bastion host |
| Outbound | CIDR | DB IP | TCP | Database Port (direct input) | Bastion host → Database |
Fig. Security Group security rules to be added
4-2. Adding IGW Firewall Rules
For detailed creation methods, please refer to the Networking > Firewall > How-to guides guide.
- Click All services > Networking > Firewall menu. It moves to the Service Home page of Firewall.
- Service Home page, click the Firewall menu. It moves to the Firewall list page.
- Firewall list page, select the Internet Gateway resource name created in 1-3. Creating Internet Gateway. It moves to the detailed information page of the corresponding resource.
- Click the Rules tab on the detailed information page. It moves to the Rules tab.
- Rule tab, click the Add Rule button. Move to the Add Rule popup window.
- Add Rule In the popup window, enter the following rules and click the OK button.
| Departure Address | Destination Address | Protocol | Port | Action | Direction | Description |
|---|---|---|---|---|---|---|
| Bastion connection PC IP | Bastion host IP | TCP | 3389(RDP) | Allow | Inbound | User PC → Bastion host |
Table. Internet Gateway Firewall rules to be added
5. Connect to Database
This describes the process of a user accessing the Database through a DB connection client program.
This guide provides instructions on how to connect using SSMS (Microsoft SQL Server Management Studio). Since there are various database client programs and CLI utilities, you can also install and use the tools that are suitable for you.
5-1. Connect to the Bastion host
- Run Remote Desktop Connection in the Windows environment of the PC that wants to access the Bastion host, enter the NAT IP of the Bastion Host, and click the Connect button.
- When the remote desktop connection is successful, the User Credential Input Window opens. Enter the ID and Password confirmed in 2-3. Check Bastion host access ID and PW and click the Confirm button.
5-2. Install DB connection client program (SSMS) on Bastion host
- Go to the official Microsoft SQL Server page and download the SSMS program.
- SSMS program download path: https://learn.microsoft.com/en-us/ssms/download-sql-server-management-studio-ssms
- Connect the hard drive of the user PC to upload the file to the Bastion host.
- Click the Details button for local devices and resources entries in the Local Resources tab of Remote Desktop Connection.
- Select the local disk where the file was downloaded to the drive and click the Confirm button.
- Download the file, copy it to the Bastion Host, and upload it, then click the SSMS (Microsoft SQL Server Management Studio) installation file to install it.
5-3. Using DB Connection Client Program (SSMS) to Connect to Database
- Run SSMS (Microsoft SQL Server Management Studio). The Connect to Server popup window will appear.
- Connect to Server popup window, enter the database server information created in 3-1. Microsoft SQL Server(DBaaS) service creation and click the Connect button.
Required Input Element Items Input Value Server type Database Engine Server name Database server IP, Database Port (ex. 192.168.10.1,2866) Authentication SQL Server Authentication Login Database username Password Database password Encryption Optional DB Connection Client Program Input Items - Once the connection is complete, the Database will be connected. After connection, you can try performing simple queries, etc.