Question

SQL Azure - Security options connecting from K2 Cloud

  • 21 February 2018
  • 3 replies
  • 32 views

Hi,

 

Is there a way to lock down access to an Azure Sql DB from K2 Cloud? I don't want to open up the Sql Server to all of the internet.

 

The reason: 

To allow using stored procedures to access and update multiple tables. These stored procedures might also have some calculations inside them to update other rows in the table.

 

I know I can lock it down to Azure Services access only, but wondering if there are any other options? Are there IP ranges that it will be called from? 

 

Thanks.

 

Azure Info:

https://docs.microsoft.com/en-us/azure/sql-database/sql-database-vnet-service-endpoint-rule-overview/

 


3 replies

Hi,


 


So from a K2 Cloud perspective, depending on whether you are using these stored procedures as SmartObjects or not -- you can place extra security by using the "SmartObject Security" tab in K2 Management. 

http://help.k2.com/onlinehelp/k2cloud/userguide/update_3/default.htm#k2_management_site/integration/smartobjectsecurity.htm

This prevents anyone from tampering with your smartobjects, and ultimately, anything created from your Azure Service Instances. 


 


However, if this is not what you're referring to -- and you just do not want users to create anything from the SQL service instance that is connected to your Azure db, then you will have to configure this in Azure. 

Thanks,

 

I found out that you are able to provide IP addresses and we can set these up in Azure to ensure that only requests from those IP Addresses are allowed. 

 

I didn't think it was possbile to provide us with IP addresses as its a scalable cloud platform but i have been told it is possible.

 

Lee

Sounds to me like you want to make use of your SQL Azure instance within K2 through he K2 SQL Service and is concerned about security between these two layers.

This security can be setup from SQL Azure side with the use of ACL (Access Control Lists) in which you will then only allow for instance the following
- Your company IP ranges
- K2 Cloud Instance IP

For this to work you will have to open a K2 ticket to ensure the instance has a Static IP, K2 can then give you the IP to add to the ACL on your Azure SQL instance.

https://social.technet.microsoft.com/wiki/contents/articles/1069.security-guidelines-for-azure-sql-database.aspx
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure

HTH
Vernon

Reply