1 of 1

SQL Server - Features

Architecture

Topologies

Two topologies are available:

Standalone Instance
Always On Cluster

Always On - Topology

The Always On cluster configuration is based on a 3-node topology:

Active Nodes

Two nodes located on the same site.
These nodes are configured to share the load or automatically failover in case of a failure.
An anti-affinity rule ensures that the active nodes do not coexist on the same hypervisor host, thus enhancing resilience.

Passive Node

Located on a secondary site to ensure disaster recovery (DR).
This node does not handle any active requests and is reserved exclusively for failover in the event of active node failure.

Rules and Restrictions for the Passive Node

The passive node is subject to strict restrictions to comply with Microsoft License Mobility with Failover Rights:

No active workload: The passive node cannot execute SQL queries, reports, or user workloads.
Allowed operations:
- Database consistency checks.
- Full backups and transaction log backups.

Benefits of Always On

Fault tolerance: Synchronous replication ensures that data is available in real-time on active nodes.
Disaster recovery: Deploying a passive node on a secondary site enhances security and business continuity.
Simplified maintenance: Planned failovers allow updates or technical interventions without service interruption.

Monitoring and Compliance

Specific monitoring tailored for the Always On cluster is in place to:

Ensure compliance with restrictions related to the passive node.
Monitor performance and automatic failovers.
Prevent risks of non-compliance with licensing rules.

Regions

SQL Server is available on both cegedim.cloud's data centers:

EB4 - Boulogne-Billancourt, France
ET1 - Labège, France

As part of the Always On topology, an inactive node is automatically deployed in a nearby secondary site to enhance the resilience of the cluster:

EB5 (Magny-les-Hameaux, France)
ET2 (Balma, France)

Hosting and Versions

Hosting type

SQL Server version

Operating System

SQL Server edition

File system

Filesystem layout:

Drive

Label

Default size

Description

Virtual machine name restriction

Due to prefixes applied to Active Directory objects, the name of the virtual machine provisioned is restricted to 13 characters maximum for a cegedim.cloud PaaS SQL Server.

Ports

Ports listing:

Port

Description

Protocol

Only the SQL Server listener and SQL Server Browser ports are opened inbound in the Windows Firewall by default and enforced through a GPO on the Organization unit.

Modules installed

List of modules installed by default during provisioning:

Database engine
Replication
Full-text Search
Client tools connectivity

Features

This section is to list which feature / capabilities are available to customer, and how to request / perform them:

Features

Self Service

On Request

Comments

Security

System login

The SQL Server PaaS runs exclusively in a Windows environment. The standard system login method is RDP (Remote Desktop Protocol).

In order to connect to the virtual machine, you need to have the required privileges either at the domain level or at the local machine level.

Instance login

Authentication is configured by default in mixed mode which provides two login types:

SQL Server login: instance level
Active directory user: domain level - Embedded Windows authentication

Instance login is available locally or remotely:

Locally: once connected in RDP, launch the local SQL Server Management Studio
Remotely: launch the SQL Server Management Studio and specify the target instance

Locally

SSMS can use the Windows user credentials you're already logged with through RDP to login to the SQL Server instance.

Authentication with an SQL login is also possible locally.

Remotely

Specify a target instance in the server name field enforcing the tcp protocol: tcp:HOSTNAME\INSTANCENAME

Just select "SQL Server Authentication" and provide the SQL Login with the associated password.

Authorizations

Authorizations for cegedim.cloud teams are managed by GPO.

Authorization and passwords

This section list the password management for the SQL Server PaaS:

Password

Stored by cegedim.cloud

Stored by Customer

Enforced

Customers

Authorizations for customers are managed by the customers itself.

The customer that request a SQL Server instance through ITCare will be automatically granted to connect on the instance. He can grant access to any Active Directory user or group afterwards.

Patching

Patchs are installed during "Patch parties" managed by cegedim.cloud every quarter.

An instance can be patched manually exceptionally if security or bug fixes requires it.

Data location

Datas for cegedim.cloud's SQL Server PaaS are stored on the dedicated virtual machines created upon requesting a PaaS.

These virtual machines and the storage associated are hosted and managed in cegedim.cloud's own data centers.

SQL Server - Features

Architecture

Topologies

Two topologies are available:

Standalone Instance
Always On Cluster

Always On - Topology

The Always On cluster configuration is based on a 3-node topology:

Active Nodes

Two nodes located on the same site.
These nodes are configured to share the load or automatically failover in case of a failure.
An anti-affinity rule ensures that the active nodes do not coexist on the same hypervisor host, thus enhancing resilience.

Passive Node

Located on a secondary site to ensure disaster recovery (DR).
This node does not handle any active requests and is reserved exclusively for failover in the event of active node failure.

Rules and Restrictions for the Passive Node

The passive node is subject to strict restrictions to comply with Microsoft License Mobility with Failover Rights:

No active workload: The passive node cannot execute SQL queries, reports, or user workloads.
Allowed operations:
- Database consistency checks.
- Full backups and transaction log backups.

Benefits of Always On

Fault tolerance: Synchronous replication ensures that data is available in real-time on active nodes.
Disaster recovery: Deploying a passive node on a secondary site enhances security and business continuity.
Simplified maintenance: Planned failovers allow updates or technical interventions without service interruption.

Monitoring and Compliance

Specific monitoring tailored for the Always On cluster is in place to:

Ensure compliance with restrictions related to the passive node.
Monitor performance and automatic failovers.
Prevent risks of non-compliance with licensing rules.

Regions

SQL Server is available on both cegedim.cloud's data centers:

EB4 - Boulogne-Billancourt, France
ET1 - Labège, France

As part of the Always On topology, an inactive node is automatically deployed in a nearby secondary site to enhance the resilience of the cluster:

EB5 (Magny-les-Hameaux, France)
ET2 (Balma, France)

Hosting and Versions

Hosting type

SQL Server version

Operating System

SQL Server edition

File system

Filesystem layout:

Drive

Label

Default size

Description

Virtual machine name restriction

Due to prefixes applied to Active Directory objects, the name of the virtual machine provisioned is restricted to 13 characters maximum for a cegedim.cloud PaaS SQL Server.

Ports

Ports listing:

Port

Description

Protocol

Only the SQL Server listener and SQL Server Browser ports are opened inbound in the Windows Firewall by default and enforced through a GPO on the Organization unit.

Modules installed

List of modules installed by default during provisioning:

Database engine
Replication
Full-text Search
Client tools connectivity

Features

This section is to list which feature / capabilities are available to customer, and how to request / perform them:

Features

Self Service

On Request

Comments

Security

System login

The SQL Server PaaS runs exclusively in a Windows environment. The standard system login method is RDP (Remote Desktop Protocol).

In order to connect to the virtual machine, you need to have the required privileges either at the domain level or at the local machine level.

Instance login

Authentication is configured by default in mixed mode which provides two login types:

SQL Server login: instance level
Active directory user: domain level - Embedded Windows authentication

Instance login is available locally or remotely:

Locally: once connected in RDP, launch the local SQL Server Management Studio
Remotely: launch the SQL Server Management Studio and specify the target instance

Locally

SSMS can use the Windows user credentials you're already logged with through RDP to login to the SQL Server instance.

Authentication with an SQL login is also possible locally.

Remotely

Specify a target instance in the server name field enforcing the tcp protocol: tcp:HOSTNAME\INSTANCENAME

Just select "SQL Server Authentication" and provide the SQL Login with the associated password.

Authorizations

Authorizations for cegedim.cloud teams are managed by GPO.

Authorization and passwords

This section list the password management for the SQL Server PaaS:

Password

Stored by cegedim.cloud

Stored by Customer

Enforced

Customers

Authorizations for customers are managed by the customers itself.

The customer that request a SQL Server instance through ITCare will be automatically granted to connect on the instance. He can grant access to any Active Directory user or group afterwards.

Patching

Patchs are installed during "Patch parties" managed by cegedim.cloud every quarter.

An instance can be patched manually exceptionally if security or bug fixes requires it.

Data location

Datas for cegedim.cloud's SQL Server PaaS are stored on the dedicated virtual machines created upon requesting a PaaS.

These virtual machines and the storage associated are hosted and managed in cegedim.cloud's own data centers.