How to provision a Windows SQL Server virtual machine in the Azure portal

This guide provides details on the different options available when you create a Windows SQL Server virtual machine in the Azure portal. This article covers more configuration options than the SQL Server VM quickstart, which goes more through one possible provisioning task.

Use this guide to create your own SQL Server VM. Or, use it as a reference for the available options in the Azure portal.

Tip

If you have questions about SQL Server virtual machines, see the Frequently Asked Questions.

If you don't have an Azure subscription, create a free account before you begin.

SQL Server virtual machine gallery images

When you create a SQL Server virtual machine, you can select one of several pre-configured images from the virtual machine gallery. The following steps demonstrate how to select one of the SQL Server 2017 images.

  1. Select Azure SQL in the left-hand menu of the Azure portal. If Azure SQL is not in the list, select All services, then type Azure SQL in the search box. (Optional) Select the star next to Azure SQL to favorite it and add it as an item in the left-hand navigation.

  2. Select + Add to open the Select SQL deployment option page. You can view additional information by selecting Show details.

  3. Type 2017 in the SQL Server image search box on the SQL virtual machines tile, and then select Free SQL Server License: SQL Server 2017 Developer on Windows Server 2016 from the drop-down.

    Select SQL VM image

    Tip

    The Developer edition is used in this walkthrough because it is a full-featured, free edition of SQL Server for development testing. You pay only for the cost of running the VM. However, you are free to choose any of the images to use in this walkthrough. For a description of available images, see the SQL Server Windows Virtual Machines overview.

    Tip

    Licensing costs for SQL Server are incorporated into the per-second pricing of the VM you create and varies by edition and cores. However, SQL Server Developer edition is free for development/testing (not production), and SQL Express is free for lightweight workloads (less than 1 GB of memory, less than 10 GB of storage). You can also bring-your-own-license (BYOL) and pay only for the VM. Those image names are prefixed with {BYOL}.

    For more information on these options, see Pricing guidance for SQL Server Azure VMs.

  4. Select Create.

1. Configure basic settings

On the Basics tab, provide the following information:

  • Under Project Details, make sure the correct subscription is selected.

  • In the Resource group section, either select an existing resource group from the list or choose Create new to create a new resource group. A resource group is a collection of related resources in Azure (virtual machines, storage accounts, virtual networks, etc.).

    Subscription

Note

Using a new resource group is helpful if you are just testing or learning about SQL Server deployments in Azure. After you finish with your test, delete the resource group to automatically delete the VM and all resources associated with that resource group. For more information about resource groups, see Azure Resource Manager Overview.

  • Under Instance details:

    1. Enter a unique Virtual machine name.
    2. Choose a location for your Region.
    3. For the purpose of this guide, leave Availability options set to No infrastructure redundancy required. To find out more information about availability options, see Availability.
    4. In the Image list, select Free SQL Server License: SQL Server 2017 Developer on Windows Server 2016.
    5. Choose to Change size for the Size of the virtual machine and select the A2 Basic offering. Be sure to clean up your resources once you're done with them to prevent any unexpected charges. For production workloads, see the recommended machine sizes and configuration in Performance best practices for SQL Server in Azure Virtual Machines.

    Instance details

Important

The estimated monthly cost displayed on the Choose a size window does not include SQL Server licensing costs. This estimate is the cost of the VM alone. For the Express and Developer editions of SQL Server, this estimate is the total estimated cost. For other editions, see the Windows Virtual Machines pricing page and select your target edition of SQL Server. Also see the Pricing guidance for SQL Server Azure VMs and Sizes for virtual machines.

  • Under Administrator account, provide a username and a password. The password must be at least 12 characters long and meet the defined complexity requirements.

    Administrator account

  • Under Inbound port rules, choose Allow selected ports and then select RDP (3389) from the drop-down.

    Inbound port rules

2. Configure optional features

Disks

On the Disks tab, configure your disk options.

  • Under OS disk type, select the type of disk you want for your OS from the drop-down. Premium is recommended for production systems but is not available for a Basic VM. To utilize Premium SSD, change the virtual machine size.

  • Under Advanced, select Yes under use Managed Disks.

    Note

    Microsoft recommends Managed Disks for SQL Server. Managed Disks handles storage behind the scenes. In addition, when virtual machines with Managed Disks are in the same availability set, Azure distributes the storage resources to provide appropriate redundancy. For more information, see Azure Managed Disks Overview. For specifics about managed disks in an availability set, see Use managed disks for VMs in availability set.

SQL VM Disk settings

Networking

On the Networking tab, configure your networking options.

  • Create a new virtual network, or use an existing vNet for your SQL Server VM. Designate a Subnet as well.

  • Under NIC network security group, select either a basic security group, or the advanced security group. Choosing the basic option allows you to select inbound ports for the SQL Server VM (the same values that were configured on the Basic tab). Selecting the advanced option allows you to choose an existing network security group, or create a new one.

  • You can make other changes to network settings, or keep the default values.

SQL VM Networking settings

Monitoring

On the Monitoring tab, configure monitoring and autoshutdown.

  • Azure enables Boot diagnostics by default with the same storage account designated for the VM. You can change these settings here, as well as enabling OS guest diagnostics.
  • You can enable System assigned managed identity and autoshutdown on this tab as well.

SQL VM management settings

3. Configure SQL Server settings

On the SQL Server settings tab, configure specific settings and optimizations for SQL Server. The settings that you can configure for SQL Server include the following:

Setting
Connectivity
Authentication
Azure Key Vault Integration
Storage configuration
Automated Patching
Automated Backup
Machine Learning Services

Connectivity

Under SQL connectivity, specify the type of access you want to the SQL Server instance on this VM. For the purposes of this walkthrough, select Public (internet) to allow connections to SQL Server from machines or services on the internet. With this option selected, Azure automatically configures the firewall and the network security group to allow traffic on the port selected.

Tip

By default, SQL Server listens on a well-known port, 1433. For increased security, change the port in the previous dialog to listen on a non-default port, such as 1401. If you change the port, you must connect using that port from any client tools, such as SSMS.

SQL VM Security

To connect to SQL Server via the internet, you also must enable SQL Server Authentication, which is described in the next section.

If you would prefer to not enable connections to the Database Engine via the internet, choose one of the following options:

  • Local (inside VM only) to allow connections to SQL Server only from within the VM.
  • Private (within Virtual Network) to allow connections to SQL Server from machines or services in the same virtual network.

In general, improve security by choosing the most restrictive connectivity that your scenario allows. But all the options are securable through Network Security Group rules and SQL/Windows Authentication. You can edit Network Security Group after the VM is created. For more information, see Security Considerations for SQL Server in Azure Virtual Machines.

Authentication

If you require SQL Server Authentication, click Enable under SQL authentication on the SQL Server settings tab.

SQL Server Authentication

Note

If you plan to access SQL Server over the internet (the Public connectivity option), you must enable SQL authentication here. Public access to the SQL Server requires the use of SQL Authentication.

If you enable SQL Server Authentication, specify a Login name and Password. This login name is configured as a SQL Server Authentication login and member of the sysadmin fixed server role. For more information about Authentication Modes, see Choose an Authentication Mode.

If you do not enable SQL Server Authentication, then you can use the local Administrator account on the VM to connect to the SQL Server instance.

Azure Key Vault integration

To store security secrets in Azure for encryption, select SQL Server settings, and scroll down to Azure key vault integration. Select Enable and fill in the requested information.

Azure Key Vault integration

The following table lists the parameters required to configure Azure Key Vault Integration.

PARAMETER DESCRIPTION EXAMPLE
Key Vault URL The location of the key vault. https://contosokeyvault.vault.azure.net/
Principal name Azure Active Directory service principal name. This name is also referred to as the Client ID. fde2b411-33d5-4e11-af04eb07b669ccf2
Principal secret Azure Active Directory service principal secret. This secret is also referred to as the Client Secret. 9VTJSQwzlFepD8XODnzy8n2V01Jd8dAjwm/azF1XDKM=
Credential name Credential name: AKV Integration creates a credential within SQL Server, allowing the VM to have access to the key vault. Choose a name for this credential. mycred1

For more information, see Configure Azure Key Vault Integration for SQL Server on Azure VMs.

Storage configuration

On the SQL Server settings tab, under Storage configuration, select Change configuration to open the Performance Optimized Storage Configuration page and specify the storage requirements.

SQL VM Storage configuration

Under Storage optimized for, select one of the following options:

  • General is the default setting and supports most workloads.
  • Transactional processing optimizes the storage for traditional database OLTP workloads.
  • Data warehousing optimizes the storage for analytic and reporting workloads.

SQL VM Storage configuration

You can choose to leave the values at default, or you can manually change the storage topology to suit your IOPS needs. For more information, see storage configuration.

SQL Server License

If you're a Software Assurance customer, you can utilize the Azure Hybrid Benefit to bring your own SQL Server license and save on resources.

SQL VM License

Automated patching

Automated patching is enabled by default. Automated patching allows Azure to automatically patch SQL Server and the operating system. Specify a day of the week, time, and duration for a maintenance window. Azure performs patching in this maintenance window. The maintenance window schedule uses the VM locale for time. If you do not want Azure to automatically patch SQL Server and the operating system, click Disable.

SQL VM automated patching

For more information, see Automated Patching for SQL Server in Azure Virtual Machines.

Automated backup

Enable automatic database backups for all databases under Automated backup. Automated backup is disabled by default.

When you enable SQL automated backup, you can configure the following settings:

  • Retention period (days) for backups
  • Storage account to use for backups
  • Encryption option and password for backups
  • Backup system databases
  • Configure backup schedule

To encrypt the backup, click Enable. Then specify the Password. Azure creates a certificate to encrypt the backups and uses the specified password to protect that certificate. By default the schedule is set automatically, but you can create a manual schedule by selecting Manual.

SQL VM automated backups

For more information, see Automated Backup for SQL Server in Azure Virtual Machines.

Machine Learning Services

You have the option to enable Machine Learning Services. This option enables you to use machine learning with Python and R in SQL Server 2017. Select Enable on the SQL Server Settings window.

4. Review + create

On the Review + create tab, review the summary, and select Create to create SQL Server, resource group, and resources specified for this VM.

You can monitor the deployment from the Azure portal. The Notifications button at the top of the screen shows basic status of the deployment.

Note

To provide you with an idea on deployment times, I deployed a SQL VM to the East US region with default settings. This test deployment took approximately 12 minutes to complete. But you might experience a faster or slower deployment time based on your region and selected settings.

Open the VM with Remote Desktop

Use the following steps to connect to the SQL Server virtual machine with Remote Desktop:

  1. After the Azure virtual machine is created and running, click the Virtual Machines icon in the Azure portal to view your VMs.

  2. Click the ellipsis, ..., for your new VM.

  3. Click Connect.

    Connect to VM in portal

  4. Open the RDP file that your browser downloads for the VM.

  5. The Remote Desktop Connection notifies you that the publisher of this remote connection cannot be identified. Click Connect to continue.

  6. In the Windows Security dialog, click Use a different account. You might have to click More choices to see this. Specify the user name and password that you configured when you created the VM. You must add a backslash before the user name.

    Remote desktop authentication

  7. Click OK to connect.

After you connect to the SQL Server virtual machine, you can launch SQL Server Management Studio and connect with Windows Authentication using your local administrator credentials. If you enabled SQL Server Authentication, you can also connect with SQL Authentication using the SQL login and password you configured during provisioning.

Access to the machine enables you to directly change machine and SQL Server settings based on your requirements. For example, you could configure the firewall settings or change SQL Server configuration settings.

Connect to SQL Server remotely

In this walkthrough, you selected Public access for the virtual machine and SQL Server Authentication. These settings automatically configured the virtual machine to allow SQL Server connections from any client over the internet (assuming they have the correct SQL login).

Note

If you did not select Public during provisioning, then you can change your SQL connectivity settings through the portal after provisioning. For more information, see Change your SQL connectivity settings.

The following sections show how to connect over the internet to your SQL Server VM instance.

Configure a DNS Label for the public IP address

To connect to the SQL Server Database Engine from the Internet, consider creating a DNS Label for your public IP address. You can connect by IP address, but the DNS Label creates an A Record that is easier to identify and abstracts the underlying public IP address.

Note

DNS Labels are not required if you plan to only connect to the SQL Server instance within the same Virtual Network or only locally.

To create a DNS Label, first select Virtual machines in the portal. Select your SQL Server VM to bring up its properties.

  1. In the virtual machine overview, select your Public IP address.

    public ip address

  2. In the properties for your Public IP address, expand Configuration.

  3. Enter a DNS Label name. This name is an A Record that can be used to connect to your SQL Server VM by name instead of by IP Address directly.

  4. Click the Save button.

    dns label

Connect to the Database Engine from another computer

  1. On a computer connected to the internet, open SQL Server Management Studio (SSMS). If you do not have SQL Server Management Studio, you can download it here.

  2. In the Connect to Server or Connect to Database Engine dialog box, edit the Server name value. Enter the IP address or full DNS name of the virtual machine (determined in the previous task). You can also add a comma and provide SQL Server's TCP port. For example, mysqlvmlabel.eastus.cloudapp.azure.com,1433.

  3. In the Authentication box, select SQL Server Authentication.

  4. In the Login box, type the name of a valid SQL login.

  5. In the Password box, type the password of the login.

  6. Click Connect.

    ssms connect

Note

This example uses the common port 1433. However, this value will need to be modified if a different port (such as 1401) was specified during the deployment of the SQL Server VM.

Next steps

For other information about using SQL Server in Azure, see SQL Server on Azure Virtual Machines and the Frequently Asked Questions.