SQL Server on Google Cloud is a little different from on-premises, AWS and Microsoft Azure-based services.
The following instructions provide guidance on configuring a new SQL Server database on Google Cloud for use with Invantive Cloud. Please contact your local DBA to optimize costs and performance, as well as adequately secure your configuration.
Create SQL Server Database on Google Cloud
First create a database, here called “test”, on Google Cloud with result:
When no public IP address is listed in the highlighted area on the “Overview”, please make sure that a public IP address is requested in the “Networking” tab :
Also make sure to whitelist the IP addresses in the “Networking” tab for connectivity from your Invantive Cloud services as shown on Open Firewall (whitelist) for Invantive Cloud Connections as shown above.
Next make sure all traffic is encrypted using TLS by changing the SSL mode in the “Security” tab to “Allow only SSL connections”:
When needed, create a SQL Server instance user such as “test”:
Finally create a SQL Server database such as “test”:
Log on Using SQL Server Management Studio
Start SQL Server Management Studio and enter the credentials:
An error may occur:
A connection was successfully established with the server, but then an error occurred during the login process.
provider: SSL Provider
error: 0
The certificate chain was granted by a untrusted instance.
The SQL Server uses a certificate whose certification chain does not match the local device certificates. Google Cloud typically requires you to install a custom certificate (without shared master certificates it seems), but Invantive Cloud provides currently no support for this.
To simulate Invantive Cloud, configure SQL Server to accept any server certificate. This still enforces encryption, but allows for a man in the middle attack:
Create Database or Data Container for SQL Server using Google Cloud
Execute the following steps to create a database or data container for SQL Server:
- Go to “Databases”.
- Choose “New”.
- Choose “Microsoft SQL Server”.
- Enter the credentials (IP address as host, database name, user and password).
When the following error occurs, make sure to disable the certificate check:
itgenspr136
The database ‘Invantive Cloud - Test SqlServer’ could not be opened.
A connection was successfully established with the server, but then an error occurred during the login process.
(provider: SSL Provider, error: 0 - De certificaatketen is verleend door een niet-vertrouwde instantie.)
The certificate check can be disabled using the transport encryption setting:
as described in Optional reduction of transport encryption for SQL Server, PostgreSQL and MySQL.