Skip to main content
All CollectionsEnterprise WorkloadsProtect Azure SQLBackup Azure SQL resources
Database discovery and authentication
Database discovery and authentication
Updated over a week ago

❗ Important

This feature has limited availability. To know more about limited availability and sign up for this feature, contact your Account Manager.

Discover databases

After onboarding Azure SQL subscriptions, we must first discover the SQL resources associated with those subscriptions. We support both, automatic and manual discovery of SQL resources within a subscription. The SQL managed instances and SQL servers are discovered automatically. You must perform manual discovery for SQL servers on Azure virtual machines for the first time. The SQL servers on Azure virtual machines and its resources will be auto discovered subsequently.

Note: Ensure that MSSQL Server service(s) are running on your servers.

Manually discover Azure SQL resources on Azure VM

You must perform manual discovery for SQL servers on Azure virtual machines for the first time. This is a two-step process:

  1. Discover SQL servers on virtual machines.

  2. Once the SQL servers are discovered, assign valid credentials to be able to discover databases on those servers.

After this, the SQL servers on Azure virtual machines and its resources will be discovered automatically.

Manual Discovery

Prerequisites

Ensure you complete the prerequisites before proceeding with manual discovery.

Procedure

  1. On the Management Console, from the left navigation pane, select your Azure subscription and click SQL.

  2. On the top right corner, click Discover Resources.

  3. On the Discover Resources window, select Azure VMs based on tags or VM Names for discovery.
    names.

  4. Click Run Discovery.

The SQL resources on the selected Azure VMs are discovered and displayed on the SQL resources listings page.

Note: It may take anywhere from 1 to 10 minutes to discover resources depending on environment size.

Automatic discovery

The SQL resources are periodically discovered via Automatic discovery. The automatic discovery does the following:

  • Runs every 6 hours to update all the resources on the subscription.

  • Automatically updates previously discovered SQL servers on Azure VM and its database information.

  • Only works for previously discovered SQL servers on Azure VM and its database resources

Ensure you meet the requirements mentioned here for automatic discovery.

Assign Authentication

After discovering the Azure SQL resources, to perform any operation on SQL databases, we must connect to the SQL server. This is achieved by authenticating users and entities connecting to the database. See the following procedure to assign authentication to the SQL server:

Procedure

  1. Log in to the Management Console.

  2. On the console, from the top menu, select Organization.

  3. Select Protect > Go to Azure > Azure.

  4. On the left navigation pane, select your Azure subscription and click SQL.

  5. Select the SQL resources you want to authenticate and click > Assign Authentication.

  6. On the Assign Authentication window, select one of the following authentication types and click Run Checks, and click Save.


    Note: We do not recommend changing authentication type after taking backup as it may lead to failure of backup of the restored database.

    1. Service Principal: For SQL Server on VMs, this authentication type applies only to SQL server versions 2022 and above. For assigning the authentication type Service Principal, you must first map the Service Principal to your SQL database in the Azure environment. This is a one-time activity that you must do for every organization. For more information, see How to map service principal in Azure.

    2. SQL Authentication: In this authentication type, you must provide a valid username and password to connect to the database. Druva maintains the credentials securely in its Credential Store. You can assign credentials to one or more servers seamlessly without having to input the credentials manually each time. For more information, see Credentials store. In addition, you can also create new credentials to connect to the database. For more information, see Add credentials.

How to map service principal in Azure

  1. Login to Azure Portal.

  2. Click Azure SQL and search for the SQL server instance for which you want to map Service principal.

  3. Right click on the SQL server instance.

  4. Click Settings > Microsoft Entra ID.

  5. In the Microsoft Entra ID window, select the admin based on your organization ID. The organization ID is the sited ID in the Management Console URL.

This sets the admin for the SQL server database.

Add credentials

You can define credentials and assign them to one or more servers seamlessly without having to input the credentials manually each time.

Procedure

  1. On the Database Authentication page, click New Credentials.

  2. On the Add Credentials page, provide the following details:

    • Label: Enter a label to uniquely identify a credential that you want to store with Druva.

    • Username: Enter the username of the credential you want to store with Druva. If your account uses a domain, enter the username as domain\username. For example, DruvaCorp\JohnDoe.

    • Password: Enter the password of the credential you want to store with Druva.

    • Confirm Password: Re-enter the password of the credential you want to store with Druva.

  3. Click Save.

Druva lists all the credentials on the Credentials Store page. To view the credentials, select an organization if the organization is enabled, and then click Settings > Credentials Store on the top menu.

Related Articles
Discover databases
About discovery on SQL Server
About data protection for Azure SQL
Roles and Permissions for Azure SQL
Pre-requisites for protecting Azure SQL resources
Did this answer your question?