Versions Compared

Old Version 1

changes.mady.by.user Jon Hickam

Saved on

compared with

New Version 2

changes.mady.by.user Jon Hickam

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • In the Azure portal, search for the “Azure SQL” resource.  Create a new one and choose SQL virtual machine, select the free SQL Developer option. We suggest an initial size of  B4ms for the server.
  • Under SQL Server settings enable SQL Authentication and choose a username and password or use the integrated AD security. Unlike the virtualized databasesvirtualized databases, in sandbox mode the Integrated Security method will work fine, the SQL Server Authentication will not be needed.
  • Once it is built, open the resource. Go to networking, add 3 inbound security rules where the Service is HTTP, HTTPS, and MS SQL.
  • Go to properties and select the IP address under “Public IP address/DNS name label”

...

  • Remote Desktop (RDP) into the server.
  • Consider installing Notepad ++
  • Go to “Add features” for the server and enable Web Server (IIS).
  • Create a new under c:\inetpub\Ed-Fi.
  • Copy "iisstart.htm" and "iisstart.png" from c:\inetpub\wwwroot to this new folder
  • Open IIS, create a new site “Ed-Fi.” Attach it to the new directory you just created.
  • Add a binding to the Ed-Fi site for port 80 (HTTP) using the DNS name that was just created.
  • Test that the server is externally accessible by putting the DNS name with http:// in a different machine’s browser. You should end up with the IIS landing page and a message about it being insecure.
  • Install an SSL certificate that is from a trusted provider. You can get one for free from Lets Encrypt using these instructions:
    https://docs.google.com/document/d/1OBETP6lSVh35iCxZVYQhx9YeWXpOxk1NTqCCItvae0o/edit
  • In IIS, Bind HTTPS to the Ed-Fi site (win acme does this automatically)
  • Test it again from an outside computer using https. Now you should get the same landing page without the security error.
  • In the Azure portal you can delete the HTTP inbound rule. It is just needed for the “Lets Encrypt” free SSL.
  • Open up WIndows Defender Firewall (just search for “Firewall”), go to advanced settings, add inbound port rule.
  • Add a rule that allows all TCP 1433 through. This will allow SSMS connections to the database which is useful for querying the data that is being submitted. You can potentially limit access to your company’s external facing IP address(s).

...