Ensure that Microsoft Azure SQL database servers are using auto-failover groups in order to enable database replication and automatic failover. A Microsoft Azure SQL failover group is designed to automatically manage replication, connectivity, high availability and failover for a set of SQL databases.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
When auto-failover groups are used for your Azure SQL databases, any outage that impacts one or more SQL databases within the group results in an automatic failover. In addition, auto-failover groups provide read-write and read-only listener endpoints that remain unchanged during failovers. Whether you use manual or automatic failover activation, the failover process switches all secondary databases in the group to primary databases. After the failover is completed, the DNS record is automatically updated to redirect the endpoints to the new Azure region.
Audit
To determine if your Azure SQL database servers are configured to use auto-failover groups, perform the following actions:
Remediation / Resolution
To configure your Microsoft Azure SQL database servers to use auto-failover groups, perform the following actions:
References
- Azure Official Documentation
- Use auto-failover groups to enable transparent and coordinated failover of multiple databases
- Configure a failover group for Azure SQL Database
- Azure PowerShell Documentation
- az sql server list
- az sql failover-group list
- az sql server show
- az sql server create
- az sql failover-group create
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Enable Auto-Failover Groups
Risk Level: Medium