The page has been translated by Gen AI.

Microsoft SQL Server(DBaaS) Server Connection

Scenario Overview

Microsoft SQL Server(DBaaS) server connection scenario involves creating a Bastion host (Virtual Server) and a Database service, and accessing the DB service through the Bastion host. To reliably connect to Microsoft SQL Server(DBaaS) in the Samsung Cloud Platform environment, you need to create a Bastion host and establish network connectivity through it. To maintain stability and a high level of security, it is recommended to configure the Database service in a Private Subnet environment and place the Bastion host in a restricted Public Subnet environment.

This scenario primarily describes creating a Bastion host and a Database service, configuring the network environment for Bastion host and Database access, and connecting through a DB client.

Architecture — Figure. Microsoft SQL Server(DBaaS) server connection architecture

Scenario components

You can build the scenario using the following services.

Service group	service	Detailed description
Networking	VPC	A service that provides an isolated virtual network in a cloud environment
Networking	VPC > Subnet	A service that lets users subdivide the network within a VPC to match their purpose and scale.
Networking	VPC > Public IP	Service that reserves a public IP and allocates and releases it to Compute resources
Networking	VPC > Internet Gateway	A service that connects VPC resources to the Internet
Networking	Security Group	Virtual firewall that controls server traffic
Database	Microsoft SQL Server(DBaaS)	A service that easily creates and manages Microsoft SQL Server in a web environment
Compute	Virtual Server	Virtual server optimized for cloud computing
Compute	Virtual Server > Keypair	Encryption file used to connect to the Virtual Server

Table. Scenario component list

Note

Since the default policy of a Security Group is Deny All, you must register only the IPs that are allowed.
In/Outbound’s All Open(Any IP, Any Port) policy can expose cloud resources directly to external threats.
- By specifying the required IP and port and setting a policy, you can strengthen security.

Scenario setup method

Create the services required to compose the scenario by following the steps below.

Set up the network

Describes the process of configuring the network environment for accessing the Bastion Host and Database services.

1-1. Create VPC

For detailed creation steps, refer to the Networking > VPC > How-to guides guide.

Click the All Services > Networking > VPC menu. You will be taken to the VPC Service Home page.
Click the VPC Creation button on the Service Home page. You will be taken to the VPC Creation page.
On the VPC Creation page, enter the information required to create the service.
- Enter the IP range as 192.168.x.0/16.
Summary Check the detailed information and estimated billing amount generated in the panel, and click the Complete button.
- When creation is complete, check the created resources on the VPC List page.

1-2. Create Subnet

For detailed creation instructions, see the Networking > VPC > How-to guides > Subnet guide.

Click the All Services > Networking > VPC menu. You will be taken to the VPC Service Home page.
On the Service Home page, click the Subnet menu. You will be taken to the Subnet List page.
Click the Create Subnet button. You will be taken to the Create Subnet page.
On the Subnet Creation page, enter the information required to create the service.
- Select the Subnet type as General.
- Select a pre‑created VPC.
- Enter the IP range as 192.168.x.0/24.
Summary Check the detailed information and estimated billing amount generated in the panel, and click the Complete button.
- After creation is complete, check the created resources on the Subnet list page.

1-3. Create Internet Gateway

For detailed creation instructions, refer to the Networking > VPC > How-to guides > Internet Gateway guide.

Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.
On the Service Home page, click the Internet Gateway menu. You will be taken to the Internet Gateway List page.
Click the Create Internet Gateway button. Navigate to the Create Internet Gateway page.
Internet Gateway Creation page, enter the required information for creating the service.
- Select a pre‑created VPC.
- In the Firewall usage option, select Use.
In the Summary panel, verify the detailed information and estimated billing amount, and click the Complete button.
- Once creation is complete, verify the created resource on the Internet Gateway List page.

1-4. Create Public IP

For detailed creation steps, refer to the Networking > VPC > How-to guides > Public IP guide.

Click the All Services > Networking > VPC menu. Navigate to the VPC Service Home page.
Click the Public IP menu on the Service Home page. You will be taken to the Public IP List page.
Click the Public IP Reservation button. You will be taken to the Public IP Reservation page.
On the Public IP reservation page, enter the required information needed to reserve the service.
In the Summary panel, verify the detailed information and estimated billing amount, then click the Complete button.
- When creation is complete, check the created resources on the Public IP list page.

1-5. Create Security Group

For detailed creation instructions, refer to the Networking > Security Group > How-to guides guide.

Click the All Services > Networking > Security Group menu. Navigate to the Service Home page of Security Group.
Click the Create Security Group button on the Service Home page. You will be taken to the Create Security Group page.
On the Security Group creation page, enter the required information needed to create the service.
Check the input information and click the Complete button.
- When creation is complete, check the created resources on the Security Group list page.

Create Bastion host

Describes the process of configuring a Bastion Host that requires the database client to be installed.

2-1. Create Server Keypair

For detailed creation instructions, refer to the Compute > Virtual Server > How-to guides > Keypair guide.

Click the All Services > Compute > Virtual Server menu. Navigate to the Service Home page of Virtual Server.
On the Service Home page, click the Keypair menu. You will be taken to the Keypair List page.
Click the Create Keypair button. You will be taken to the Create Keypair page.
Enter the required information for creating a service on the Keypair creation page.
Verify the creation information and click the Complete button.
- The key can be downloaded only on the first attempt, and reissuance is not available.
- Please store the downloaded key in a secure location.

2-2. Create Bastion host

For detailed creation steps, refer to the Compute > Virtual Server > How-to guides guide.

Click the All Services > Compute > Virtual Server menu. Navigate to the Service Home page of Virtual Server.
On the Service Home page, click the Create Virtual Server button. You will be taken to the Create Virtual Server page.
On the Virtual Server Creation page, enter the required information to create the service.
- Select Windows for the image.
- Select the pre-created VPC and Subnet.
- Click Use NAT, then select the reserved Public IP from 1-4. Create Public IP.
- Connect the Keypair created in 2-1. 서버 Keypair 생성하기.
In the Summary panel, verify the detailed information and estimated billing amount, then click the Complete button.
- When creation is complete, check the created resources on the Virtual Server List page.

2-3. Verify Bastion host login ID and PW

Click the All Services > Compute > Virtual Server menu. Navigate to the Service Home page of Virtual Server.
On the Service Home page, click the Virtual Server menu. You will be taken to the Virtual Server List page.
On the Virtual Serve List page, click the resource you created in 2-2. Bastion host Create. You will be taken to the detailed information page for that resource.
On the detail information page, click the RDP password view button in the Keypair name field. The RDP password view popup window opens.
In the popup window, perform RDP password lookup, and attach the keypair file downloaded from 2-1. Create Server Keypair.
After attaching, click the Password Check button. The ID and Password for accessing the resource are displayed.
- The ID and password will later be used as credentials to connect to the Bastion host in 5-1. Bastion host Connecting.

Create Database

Describes the process of creating a Database service.

3-1. Microsoft SQL Server(DBaaS) Create Service

For detailed creation instructions, refer to the Database > Microsoft SQL Server(DBaaS) > How-to guides guide.

Click the All Services > Database > Microsoft SQL Server(DBaaS) menu. Go to the Service Home page of Microsoft SQL Server(DBaaS).
On the Service Home page, click the Create Microsoft SQL Server (DBaaS) button. Navigate to the Create Microsoft SQL Server (DBaaS) page.
On the Microsoft SQL Server(DBaaS) Creation page, enter the required information to create the service.
- Select the pre‑created VPC and Subnet and connect them.
- Enter database-related creation details on the required information input screen.
- Add the Bastion host IP in the IP access control settings.
- The database port defaults to 2866, but users can also specify it.
Summary Check the detailed information and estimated billing amount generated in the panel, and click the Complete button.
- After creation is complete, check the created resource on the Microsoft SQL Server(DBaaS) list page.

Configuring Rules

It explains the process of configuring rules for a user to connect to the Bastion host and rules for connecting to the Database from the Bastion host.

4-1. Adding security rules to Security Group

For detailed creation steps, see the Networking > Security Group > How-to guides guide.

Click the All Services > Networking > Security Group menu. Go to the Service Home page of Security Group.
Click the Security Group menu on the Service Home page. You will be taken to the Security Group List page.
1-5. Creating a Security Group Select the Security Group resource you created. Navigate to the detailed information page for that resource.
Click the Rules tab on the detail page. You will be taken to the Rules tab.
On the Rules tab, click the Add Rule button. It takes you to the Add Rule popup.
Add Rule In the popup window, enter the rule below, and click the Confirm button.
direction remote target address Protocol Port Explanation
Inbound CIDR User PC IP TCP 3389 (RDP) Bastion client PC → Bastion host
Outbound CIDR DB IP TCP Database Port (manual entry) Bastion host → Database
Table. Security Group rules that need to be added

direction	remote	target address	Protocol	Port	Explanation
Inbound	CIDR	User PC IP	TCP	3389 (RDP)	Bastion client PC → Bastion host
Outbound	CIDR	DB IP	TCP	Database Port (manual entry)	Bastion host → Database

4-2. Add IGW Firewall rule

For detailed creation instructions, see the Networking > Firewall > How-to guides guide.

All Services > Networking > Firewall Click the menu. Then navigate to the Service Home page of Firewall.
From the Service Home page, click the Firewall menu. You will be taken to the Firewall List page.
On the Firewall List page, select the Internet Gateway resource name created in 1-3. Create Internet Gateway. You will be taken to the detailed information page of that resource.
Click the Rules tab on the detail information page. You will be taken to the Rules tab.
Click the Add Rule button on the Rules tab. It navigates to the Add Rule popup.
Add Rule In the popup window, enter the rule below, and click the Confirm button.
origin address Destination address Protocol Port operation direction Explanation
Bastion connection PC IP Bastion host IP TCP 3389(RDP) Allow Inbound User PC → Bastion host
Table. Internet Gateway Firewall rules that need to be added

origin address	Destination address	Protocol	Port	operation	direction	Explanation
Bastion connection PC IP	Bastion host IP	TCP	3389(RDP)	Allow	Inbound	User PC → Bastion host

Connect to Database

Describes the process of a user accessing the database via a DB client program.

This guide explains how to connect using SSMS(Microsoft SQL Server Management Studio). Since there are various database client programs and CLI utilities, you may install and use the tool that best fits your needs.

5-1. Connect to Bastion host

In the Windows environment of the PC that will connect to the Bastion host, run Remote Desktop Connection, then enter the NAT IP of the Bastion Host and click the Connect button.
When the remote desktop connection succeeds, the user credential input window opens. Enter the ID and Password verified in 2-3. Check Bastion host login ID and PW and click the Confirm button.

5-2. Install the DB client program (SSMS) on the Bastion host

Go to the official Microsoft SQL Server page and download the SSMS program.
- SSMS program download URL: https://learn.microsoft.com/en-us/ssms/download-sql-server-management-studio-ssms
Connect the user’s PC hard drive to upload the file to the Bastion host.
In the Remote Desktop Connection’s Local Resources tab, click the Details button for the Local Devices and Resources item.
Select the local disk of the location where the file was downloaded on the drive, and click the OK button.
Copy the downloaded file, upload it to the Bastion Host, and click the SSMS (Microsoft SQL Server Management Studio) installation file to install.

5-3. Connect to the Database using the DB client program (SSMS)

Run SSMS (Microsoft SQL Server Management Studio). A Connect to Server popup will appear.

Connect to Server In the popup window, enter the Database server information created in 3-1. Microsoft SQL Server(DBaaS) 서비스 생성하기 and click the Connect button.

Required input field	input value
Server type	Database Engine
Server name	Database server IP, Database Port (ex. 192.168.10.1,2866)
Authentication	SQL Server Authentication
Login	Database username
Password	Database password
Encryption	Optional

Table.DB connection client program input fields

Once the connection is established, the database will be accessed. After connecting, you can execute simple queries, among other tasks.

Secondary Add

Release Note