Microsoft Assessment and Planning Toolkit doesn't discover MSSQL on Azure VMs - azure

I need to run discovery on many instances of SQL Server with 100s of databases running on Azure VMs.
Microsoft Assessment and Planning Toolkit seems a great tool for that and works fine with on-premises VMs, but doesn't discover MSSQL on Azure VMs. Azure VMs joined to local AD domain, DCs running in same VNet.
I tried AD discovery as well as manual ip range and computer name. It does detect the machines (with unknown host type), but gives empty results in SQL Server discovery - all objects counters (WMI, SQL, Registry) are zero. All ports are open inside VNet.
I can't find any source that explains about such limitation.

I was in the same situation and I can confirm that the Microsoft Assessment and Planning Toolkit still works as per May 2021.
The problem I had is that the user I was using for the discovery was part of the sysadmin role for some DOMAINS\ but not for all of them.
As result in some DOMAIN\ the MAP toolkit was returning plenty of them. In some DOMAIN\ nothing.
So basically the risk is:
If the user you are using has maximum privileges in that DOMAIN\ the MAP toolkit will discover everything
If the user you are using has some privileges in that DOMAIN\ the MAP toolkit will discover something here and there. For example will not have access to SQL Server instance that you cannot access.
If the user you are using has WMI access but no SQL access in that DOMAIN\ expect the MAP toolkit to enumerate the SQL Server instances but without meaningful information like database size, collation, SQL Server version, etc... (it can vary by the privilege)
But I confirm you that I'm using it to discover and assess a SQL Server estate on Azure VMs.
So discuss this with the AD manager.
I also wrote a post about it: https://www.jeeja.biz/2021/07/08/how-to-discover-sql-server-instances-on-azure-vms/

Related

Azure monitor external systems

I want to monitor external systems using azure monitor. Is it possible?
For example, I have on-prem Linux server with mysql DB, can I monitor the server and its DB like availability, errors,...?
Firstly, you can use “Azure Monitor agent” that is explained here. Would recommend you to use Azure Monitor Log Analytics agent as instructed here. The reason for it is “Azure Monitor Agent” as informed in this section, currently only Azure VMs are supported and on-premises VMs, virtual machine scale sets, Arc for Servers, Azure Kubernetes Service, and other compute resource types are currently not supported.
Next, If you have “Azure Monitor Log Analytics agent on Windows machine” then you may have to check below things:
As explained here, Change Tracking and Inventory requires linking a Log Analytics workspace to your Automation account so I recommend you to double check it. For a definitive list of supported regions, see Azure Workspace mappings. The region mappings don't affect the ability to manage VMs in a separate region from your Automation account.
Follow this troubleshooting steps in your case (i.e., if you don't see any Change Tracking and Inventory results for Windows machines that have been enabled for the feature).
As mentioned here, note that currently Change Tracking and Inventory currently is experiencing the following issue w.r.t Windows environment: Hotfix updates aren't collected on Windows Server 2016 Core RS3 machines.

Achieving MasterData deduplication on Azure

I am looking at achieving Master Data deduplication based on match percentages in AzureDB...was looking at something equivalent to Master Data Services/ DQS (Data Quality Services) in SQL Server2012
https://channel9.msdn.com/posts/SQL11UPD05-REC-06
Broadly looking for controls on match rules (exact, close match etc), handle dependencies and audit trail(undo capability etc)
I reckon this must be available in Azure cloud, if this is made available in SQL Server. Could you pls point me to how I get this done on AzureDB
Please note- I am NOT looking for data Sources like MelissaDAta, D&B that are listed on the Azure marketplace
Master Data Services is not just a database process: it also centrally involves a website component, which still (as of 2021) requires some Windows server running IIS.
This can be an Azure Virtual Machine (link to documentation) but there is no serverless offering for this at this time.
The database itself can be hosted on an Azure SQL Managed Instance (link to documentation) but not on a standalone Azure SQL DB, as far as I can tell. This is presumably because some of the essential components of MDS sit outside the database, much like other services like SSIS are more than just a database.
Data Quality Services is a similar story: it uses three databases (link to documentation) and seemingly some components outside the databases, so wouldn't be possible to deploy in standalone Azure SQL DBs. It may be possible to run on a Managed Instance, I couldn't find a clear answer to that. And again, there is no fully-serverless offering at this time.
Of course, all of this can easily be run via IaaS (Infrastructure as a Service) using an Azure virtual machine running SQL Server.

It is possible use the same sql azure instance from two different cloud service of two different subscription?

I have one Microsoft Azure subscription with one cloud service and one sql azure instance. Now I want create another cloud service with a different subscription (using a different microsoft account). With this second cloud service, can I use the same sql azure instance of the first subscription? (I need to share data between the two cloud service)
Or there may be performance issues?
Thanks in advance
Yes. Azure SQL DB instance can be accessed from different subscription as long as you have the connection string, username and password to the Azure SQL instance. As long as both the services are from the same region, there is no performance issue.
Yes, sure. From user perspective SQL Azure is mostly an ordinary SQL Server which you can access from anywhere in the world (given that the firewall rules allow that access) - from Azure services, from VMs in some other services hosted elsewhere, from your desktop, from servers in your company server room.
Network latency might kick in. Also more clients to the same instance mean more load. Also there's a limit on number of concurrent connections. Other than that - no problems.
You need to make sure are a member in each Azure instance to be able to use the others SQL DB

How to access sql server installed on Azure VM (VM Role ) outside of VM?

I am working on windows Azure VM Role, I am having sql server installed on Azure VM, now I want to connect to that sql server from outside, is it possible?
Please refer to this link to configure your VM Role; part of what you need is to open a firewall port that allows communication into your VM Role. http://social.msdn.microsoft.com/Forums/en-US/windowsazuremanagement/thread/b5f2967e-57e6-4099-9077-fb6d74897dbf - then you also need to enable TCP connections on your SQL Server instance.
But more importantly, are you aware that VM Roles do not have persistent storage capability? Refer to this link for an interesting discussion about that issue specifically: http://social.msdn.microsoft.com/Forums/en-US/windowsazuremanagement/thread/b5f2967e-57e6-4099-9077-fb6d74897dbf
Did you consider using SQL Azure instead?
Unfortunately the default SQL port is blocked on azure - see this thread for more details: Azure input endpoint using port 1433 is blocked?
To all of you who keep questioning his use of the VM Role instead of SQL Azure, I'm looking at the same possibility and there's no arguing the point. SQL Azure might as well be SQL Server Express because of all the limitiations it imposes. There is NO way I could reasonably develop/redevelop my app to run using SQL Azure. The persistent storage issue is definately the challenge, but far from a show stopper thanks to services like iSCSI and blob storage, but the same reasons MS suggests for using a VM Role (long running setup for example) are why I think this can be done successfully. What I'm yet to determine is the sort of resources the VM will get. I have a 20GB DB that really needs at least 8GB RAM (or the hosted equivalent) to do its job well.
Anyway, my point is that like me, I imagine he has he reasons and anyone that's made it into the VM Role beta is highly unlikely not to have heard of and researched SQL Azure so perhaps you're wasting your time and insulting him with these replies. Then again, he's asking a question that's addressed pretty well (firewall issues) so maybe I'm giving him too much credit. Either way, food for thought.

Minimize downtime in Azure

We are experiencing a very serious unscheduled downtime of our Azure application today for what is now coming up to 9 hours. We reported to Azure support and the ops team is actively trying to fix the problem and I do not doubt that. We managed to get our application running on another "test" hosted service that we have and redirected our CNAME to point at the instance so our customers are happy, but the "main" hosted service is still unavailable.
My own "finger in the air" instinct is that the issue is network related within our data center (west europe), and indeed, later on in the day the service dash board has gone red for that region with a message to that effect. (Our application is showing as "Healthy" in the portal, but is unreachable via our cloudapp.net URL. Additionally threads within our application are logging sql connection exceptions into our storage account as it cannot contact the DB)
What is very strange, though, is that the "test" instance I referred to above is also in the same data centre and has no issues contacting the DB and it's external endpoint is fully available.
I would like to ask the community if there is anything that I could have done better to avoid this downtime? I obeyed the guidance with respect to having at least 2 roles instances per role, yet I still got burned. Should I move to a more reliable data centre? Should I deploy my application to multiple data centres? How would I manage the fact that my SQL-Azure DB is in the same datacentre?
Any constructive guidance would be appreciated - being a techie, I've never had a more frustrating day being able to do nothing to help fix the issue.
There was an outage in the European data center today with respect to SQL Azure. Some of our clients got hit and had to move to another data center.
If you are running mission critical applications that cannot be down, I would deploy the application into multiple regions. DNS resolution is obviously a weak link right now in Azure, but can be worked around (if you only run a website it can be done very simply using Response.Redirects or similar)
Now, there is a data synchronization service from Microsoft that will sync up multiple SQL Azure databases. Check here. This way, you can have mirror sites up in different regions and have them be in sync with SQL Azure perspective
Also, be a good idea to employ a 3rd party monitoring service that would detect problems with your deployed instances externally. AzureWatch can notify or even deploy new nodes if you choose to, when some of the instances turn "Unresponsive"
Hope this helps
I can offer some guidance based on our experience:
Host your application in multiple data centers, complete with Sql Azure databases. You can connect each application to its data center specific Sql Server. You can also cache any external assets (images/JS/CSS) on the data center specific Windows Azure machine or leverage Azure Blog Storage. Note: Extra costs will be incurred.
Setup one-way SQL replication between your primary Sql Azure DB and the instance in the other data center. If you want to do bi-rectional replication, take a look at the MSDN site for guidance.
Leverage Azure Traffic Manager to route traffic to the data center closest to the user. It has geo-detection capabilities which will also improve the latency of your application. So you can redirect map http://myapp.com to the internal url of your data center and a user in Europe should automatically get redirected to the European data center and vice versa for USA. Note: At the time of writing this post, there is not a way to automatically detect and failover to a data center. Manual steps will be involved, once a failover is detected and failover is a complete set (i.e. you will failover both the Windows Azure AND Sql Azure instances). If you want micro-level failover, then I suggest putting all your config the in the service config file and encrypt the values so you can edit the connection string to connect instance X to DB Y.
You are all set now. I would create or install a local application to detect the availability of the site. A better solution would be to create a page to check for the availability of application specific components by writing a diagnostic page or web service and then poll it from a local computer.
HTH
As you're deploying to Azure you don't have much control about how SQL server is setup. MS have already set it up so that it is highly available.
Having said that, it seems that MS has been having some issues with SQL Azure over the last few days. We've been told that it only affected "a small number of users". At one point the service dashboard had 5 data centres affected by a problem. I had 3 databases in one of those data centres down twice for about an hour each time, but one database in another affected data centre that had no interruption.
If having a database connection is critical to your app, then the only way in the Azure environment to ensure against problems that MS haven't prepared against (this latest technical problem, earthquakes, meteor strikes) would be to co-locate your sql data in another data centre. At the moment the most practical way to do this is to use the synch framework. There is an ability to copy SQL Azure databases, but this only works within a data centre. With your data located elsewhere you could then point your app at the new database if the main one becomes unavailable.
While this looks good on paper though, this may not have helped you with the latest problem as it did affect multiple data centres. If you'd just been making database copies on a regular basis, that might have been enough to get you through. Or not.
(I would have posted this answer on server fault, but I couldn't find the question)
This is just about a programming/architecture issue, but you amy also want to ask the question on webmasters.stackexchange.com
You need to find out the root cause before drawing any conclusions.
However. my guess one of two things was the problem
The ISP connectivity differs for the test system and your production system. Either they use different ISPs, or different lines from the same ISP. When I worked in a hosting company we made sure that ou IP connectivity went through at least two different ISPS who did not share fibre to our premises (and where we could, they had different physical routes to the building - the homing ability of backhoes when there's a critical piece of fibre to dig up is well proven
Your datacentre had an issue with some shared production infrastructure. These might be edge routers, firewalls, load balancers, intrusion detection systems, traffic shapers etc. These typically are also often only installed on production systems. Defences here involve understanding the architecture and making sure the provider has a (tested!) DR plan for restoring SOME service when things go pair shaped. Neatest hack I saw here was persuading an IPS (intrusion prevention system) that its own management servers were malicious. And so you couldn't reconfigure it at all.
Just a thought - your DC doesn't host any of the Wikileaks mirrors, or Paypal/Mastercard/Amazon (who are getting DDOS'd by wikileaks supporters at the moment)?

Resources