Use SQL databases on Microsoft Azure Stack

Applies to: Azure Stack integrated systems and Azure Stack Development Kit

Use the SQL Server resource provider adapter to expose SQL databases as a service of Azure Stack. After you install the resource provider and connect it to one or more SQL Server instances, you and your users can create:

  • databases for cloud-native apps
  • websites that are based on SQL
  • workloads that are based on SQL You don't have to provision a virtual machine (VM) that hosts SQL Server each time.

The resource provider does not support all the database management capabilities of Azure SQL Database. For example, elastic database pools and the ability to dial database performance up and down automatically aren't available. However, the resource provider does support similar create, read, update, and delete (CRUD) operations. The API is not compatible with SQL DB.

SQL Server Resource Provider Adapter architecture

The resource provider is made up of three components:

  • The SQL resource provider adapter VM, which is a Windows virtual machine running the provider services.
  • The resource provider itself, which processes provisioning requests and exposes database resources.
  • Servers that host SQL Server, which provide capacity for databases, called Hosting Servers.

You must create one (or more) SQL servers and/or provide access to external SQL instances.

Deploy the resource provider

  1. If you have not already done so, register your development kit and download the Windows Server 2016 Datacenter Core image downloadable through Marketplace Management. You must use a Windows Server 2016 Core image. You can also use a script to create a Windows Server 2016 image - be sure to select the core option. The .NET 3.5 runtime is no longer required.

  2. Sign in to a host that can access the Privileged Endpoint VM.

    a. On Azure Stack Development Kit (ASDK) installations, sign in to the physical host.

    b. On multi-node systems, the host must be a system that can access the Privileged Endpoint.

  3. Download the SQL resource provider binaries file and execute the self-extractor to extract the contents to a temporary directory.

  4. The Azure Stack root certificate is retrieved from the Privileged Endpoint. For ASDK, a self-signed certificate is created as part of this process. For multi-node, you must provide an appropriate certificate.

    If you need to provide your own certificate, you need the following certificate:

    A wildcard certificate for *.dbadapter.<region>.<external fqdn>. This certificate must be trusted, such as would be issued by a certificate authority. That is, the chain of trust must exist without requiring intermediate certificates. A single site certificate can be used with the explicit VM name [sqladapter] used during install.

  5. Open a new elevated (administrative) PowerShell console and change to the directory where you extracted the files. Use a new window to avoid problems that may arise from incorrect PowerShell modules already loaded on the system.

  6. Install Azure PowerShell version 1.2.11.

  7. Run the DeploySqlProvider.ps1 script with the parameters listed below.

The script performs these steps:

  • Upload the certificates and other artifacts to a storage account on your Azure Stack.
  • Publish gallery packages so that you can deploy SQL databases through the gallery.
  • Publish a gallery package for deploying Hosting Servers
  • Deploy a VM using the Windows Server 2016 image created in step 1 and install the resource provider.
  • Register a local DNS record that maps to your resource provider VM.
  • Register your resource provider with the local Azure Resource Manager (user and admin).


If the installation takes more than 90 minutes, it may fail and you see a failure message on the screen and in the log file, but the deployment is retried from the failing step. Systems that do not meet the recommended memory and vCPU specifications may not be able to deploy the SQL RP.

Here's an example you can run from the PowerShell prompt (but change the account information and passwords as needed):

# Install the AzureRM.Bootstrapper module, set the profile, and install AzureRM and AzureStack modules
Install-Module -Name AzureRm.BootStrapper -Force
Use-AzureRmProfile -Profile 2017-03-09-profile
Install-Module -Name AzureStack -RequiredVersion 1.2.11 -Force

# Use the NetBIOS name for the Azure Stack domain. On ASDK, the default is AzureStack
$domain = "AzureStack"
# Point to the directory where the RP installation files were extracted
$tempDir = 'C:\TEMP\SQLRP'

# The service admin account (can be AAD or ADFS)
$serviceAdmin = ""
$AdminPass = ConvertTo-SecureString "P@ssw0rd1" -AsPlainText -Force
$AdminCreds = New-Object System.Management.Automation.PSCredential ($serviceAdmin, $AdminPass)

# Set the credentials for the Resource Provider VM
$vmLocalAdminPass = ConvertTo-SecureString "P@ssw0rd1" -AsPlainText -Force
$vmLocalAdminCreds = New-Object System.Management.Automation.PSCredential ("sqlrpadmin", $vmLocalAdminPass)

# and the cloudadmin credential required for Privileged Endpoint access
$CloudAdminPass = ConvertTo-SecureString "P@ssw0rd1" -AsPlainText -Force
$CloudAdminCreds = New-Object System.Management.Automation.PSCredential ("$domain\cloudadmin", $CloudAdminPass)

# change the following as appropriate
$PfxPass = ConvertTo-SecureString "P@ssw0rd1" -AsPlainText -Force

# Change directory to the folder where you extracted the installation files
# and adjust the endpoints
.$tempDir\DeploySQLProvider.ps1 -AzCredential $AdminCreds -VMLocalCredential $vmLocalAdminCreds -CloudAdminCredential $cloudAdminCreds -PrivilegedEndpoint '' -DefaultSSLCertificatePassword $PfxPass -DependencyFilesLocalPath $tempDir\cert

DeploySqlProvider.ps1 parameters

You can specify these parameters in the command line. If you do not, or any parameter validation fails, you are prompted to provide the required ones.

Parameter Name Description Comment or Default Value
CloudAdminCredential The credential for the cloud administrator, necessary for accessing the Privileged Endpoint. required
AzCredential Provide the credentials for the Azure Stack Service Admin account. Use the same credentials as you used for deploying Azure Stack). required
VMLocalCredential Define the credentials for the local administrator account of the SQL resource provider VM. required
PrivilegedEndpoint Provide the IP address or DNS Name of the Privleged Endpoint. required
DependencyFilesLocalPath Your certificate PFX file must be placed in this directory as well. optional (mandatory for multi-node)
DefaultSSLCertificatePassword The password for the .pfx certificate required
MaxRetryCount Define how many times you want to retry each operation if there is a failure. 2
RetryDuration Define the timeout between retries, in seconds. 120
Uninstall Remove the resource provider and all associated resources (see notes below) No
DebugMode Prevents automatic cleanup on failure No

Verify the deployment using the Azure Stack Portal


After the installation script completes, you will need to refresh the portal to see the admin blade.

  1. Sign in to the admin portal as the service administrator.

  2. Verify that the deployment succeeded. Browse for Resource Groups >, click on the system.<location>.sqladapter resource group and verify that all four deployments succeeded.

    Verify Deployment of the SQL RP

Removing the SQL Adapter Resource Provider

In order to remove the resource provider, it is essential to first remove any dependencies.

  1. Ensure you have the original deployment package that you downloaded for this version of the Resource Provider.

  2. All user databases must be deleted from the resource provider (this doesn't delete the data). This should be performed by the users themselves.

  3. Administrator must delete the hosting servers from the SQL Adapter

  4. Administrator must delete any plans that reference the SQL Adapter.

  5. Administrator must delete any SKUs and quotas associated to the SQL Adapter.

  6. Rerun the deployment script with the -Uninstall parameter, Azure Resource Manager endpoints, DirectoryTenantID, and credentials for the service administrator account.

Next steps

Try other PaaS services like the MySQL Server resource provider and the App Services resource provider.