Trap missing IP Address for SQL Database Server Firewall Rule

As I work on my second blog piece for the “Getting Ready with Windows Azure SQL Database Server PowerShell and SMO Part – 2/2“, I came up with a way to trap the current IP Address with PowerShell scripting.  When using the Portal for creating your SQL Database Server, it will ask you if you want to create the Firewall rule for you.  But you may want to automate this step using PowerShell and there’s no cmdlet to identify  the “current” IP Address of your Windows Azure connection.

Here’s an example of how the Portal message when is asking for the current IP Address to be added to the Firewall rules:

WindowsAzure2SQLdb

WindowsAzureMissingIPrule

I’m going right to the point with this small blog piece.  Basically,  I’m trapping the error message from the “New-AzureSqlDatabaseServerContext” which will fail to connect to your Azure SQL Database. Then, I’m dissecting the string to get the IP Address in error.  This is my way of trapping the IP address.  I know there might be a better way but for now it works.

I’m assuming the connection to Windows Azure has already been established and you are trying to use the “New-AzureSqlDatabaseServerContext” for connecting to the database.  If you haven’t created the rule then it won’t connect.

Note: Again, stay tuned for the next “Windows Azure SQL Database Server with PowerShell and SMO” blog part 2/2.

In the “New-AzureSqlDatabaseServerContext” I’m including the following two parameters: -ErrorAction ‘SilentlyContinue’ and -ErrorVariable errConn.  The “ErrorAction” results in not displaying the message.  The “ErrorVariable” define the PowerShell variable you will be storing the error message.  Notice the “ErrorVariable” name doesn’t include a “$” but its needed to view it (ie. $errConn).

[sourcecode language=”powershell”]
## – Storing error value:
$azConn = New-AzureSqlDatabaseServerContext  `
-ServerName $azServerName -Credential $azCredential `
-ErrorAction ‘SilentlyContinue’ -ErrorVariable errConn;
[/sourcecode]

The additional script code shown next will dissect the error message string from $errConn variable. It will take the string to create an array which will help identify the element position where the IP Address is stored.  In this case I’m assuming the error message will not change so the IP Address will always be located in the same place (Right!).  So the first time this code execute, it will find the IP Address in element #18.

Note: Please run first the code to identify the element position in case the “Culture” settings might change the location of the IP Address.

[sourcecode language=”powershell”]
## – Extract information from the ErrorVariable:
$getIPforFW = ([string] $ErrConn[0]).split(" ‘");

## – Display all variable stored in the array and identify where the IP address is stored:
$global:x = 0;
$getIPforFW | Select-Object @{label=’element’;Expression={"[$($Global:x)]"; $Global:x++}}, `
@{label = ‘Array’;Expression={[string] $($_);}};

## – Run once to confirm IP value is stored in element #18:
$getIPforFW[18].Trim();
[/sourcecode]

TrappingIPfromError

The rest is easy.  After extracting the IP value then you can use the “New-AzureSqlDatabaseServerFirewallRule” to create the firewall rule to include the current IP Address.

[sourcecode language=”powershell”]
## – Get current IP and added it to the SQL Database Firewall Rule:
New-AzureSqlDatabaseServerFirewallRule `
-ServerName "YourServerName" -RuleName "YourClientIPAddressRule" `
-StartIPAddress $getIPforFW[18].Trim() -EndIPAddress $getIPforFW[18].Trim();
[/sourcecode]

CreateFilewallfromIPfound

You can refine this script code to suit your need.  Just make sure to test a few times and verify you are getting the results you need.

Here’s a few more commands you could use to work with these rules.  The “Remove-AzureSqlDatabaseServerFirewallRule” to remove any existing rule(s) and the “Get-AzureSqlDatabaseServerFirewallRule” to list them all.

[sourcecode language=”powershell”]
## – List all your SQL Database Firewall Rules:
Get-AzureSqlDatabaseServerFirewallRule -ServerName "YourServerName";

## – Removing existing SQL Database Firewall Rule:
Remove-AzureSqlDatabaseServerFirewallRule `
-ServerName "YourServerName" -RuleName "YourClientIPAddressRule"";
[/sourcecode]

So, at the end, you will have the ability to automate the process without the need of using the Portal.  Most can be done using PowerShell scripting.

Stay tuned for more Windows Azure SQL Database Server.

That’s it for now!

Maximo Trinidad
Mr. PowerShell
🙂

Getting Ready with “Windows Azure SQL Database Server” PowerShell and SMO Part – 1/2

But before we start using PowerShell with “Windows Azure SQL Database Server” there a few more steps we need to be completed after you have started your subscription:

  1. Installing the most recent Windows PowerShell Azure module
  2. Rename Subscription name (Optional)
  3. Create the Certificate Key

These three items are important before connecting Windows Azure.  Then, will be using 3 PowerShell Azure cmdlets to connect to your subscription.

WindowsAzurePortal

Installing the recent PowerShell Azure module

I recently finish updating my new Windows 8.1 (booth-VHD) and loaded all my tools. So when I started to install Windows Azure PowerShell, I was expecting it won’t work with PowerShell 4.0.  Well, Good Job Microsoft!  It did installed and I got my Windows Azure PowerShell working with PowerShell 4.0.

The latest revision, dated July 31st 2013, will let you install Windows Azure PowerShell on you Windows 8.1 preview. This is exciting Good News.  A couple of months ago I try it on my Windows 8 but the installation failed because of PowerShell 3.0.

Before you start working with your Windows Azure subscription(s) with PowerShell, you need to download the most recent “Windows Azure PowerShell – July 31, 2013 edition”.  At the same time you may want to pick the “Windows Azure SDK for .NET”.  Go to the following link: http://www.windowsazure.com/EN-US/downloads/?sdk=net

Rename Subscription name

For renaming your subscription is better to use the Portal.  It make sense to change your subscription name from “Windows Azure MSDN – Visual Studio xxxxx” to something meaningful like, for example: “MyWindowsAzureSubscription30DaysLimit“.

Note: It is not required to change the subscription name.

If you want to change the name then there’s two ways to do it. Go to the Windows Azure main page and Click on “Account”: https://www.windowsazure.com/en-us/

WindowsAzureGoAcct

Or, at the Portal you can change it by clicking on the UserID, then “View my bill”.  This  will require to login again.

WindowsAzurePortalAcct

Finally, click on the “Edit subscription details” to change the name.

WindowsAzureAccessSubst

WindowsAzureEditSubst

WindowsAzureRenameSubst

For more information on the following link:

Creating the Certificate Key

Next, to create the Certificate key or you won’t be able to use PowerShell to connect to your Windows Azure. This is mandatory as is part of your Azure credentials.  You can find documentation on this topic at following links:

Tip: You need to have installed You could use Visual Studio in order to run the “Makecert.exe” command from the Visual Studio command shell. Or, download the “Windows Software Development Kit (SDK) for Windows 8” to get the “Makecert.exe”.

After creating the certificate key use PowerShell (non-Azure) commands to check its properties.  Here’s an example script lines to look at your existing Certificate keys:

Get-ChildItem cert:\\CurrentUser\My;

Or, to display more information:

Get-ChildItem cert:\\CurrentUser\My | Format-List;

PowerShellCertKey2

Finally, we need to upload the certificate key to Windows Azure.  On the Portal, go to the “Setting” option and add the Certificate key. Follow the screenshots:

WindowsAzureAddCertKey

WindowsAzureUpCert2

Now everything is set to use PowerShell with Windows Azure. There’s no need (for now) to use the Portal web GUI.

PowerShell connecting to Windows Azure

In the following script need to include the Certificate key information as this is part of the Windows Azure credential to connect to your subscription. This is why using the previously shown “Get-ChildItem cert:\\CurrentUser\My | Format-List;” one-liner help you understand about the Certificate(s) in your system.

First, need to prepare the Certificate key use in Windows Azure:

PSCercode

Here’s the list of the 3 Azure commands to connect to your Windows Azure:

PSAzureConnect

Note: Import-Module Azure is optional if working with PowerShell 3.0 or 4.0.

After verifying connectivity to Windows Azure was successful then we can process to build VM’s, SQL Databases, and more using PowerShell.

In my next blog I will be showing how to use PowerShell Azure commands to build a Windows Azure SQL Database, and use SMO with it.