RE: Hosting SQL Instance(s) – SQLServerCentral

Old Hand

Points: 391

March 8, 2017 at 2:58 am

#1932235

bmg002 - Tuesday, March 7, 2017 10:23 AM
That is a big chunk to bite off.
First, I would determine if you want to host the SQL yourself or cloud hosting. Depending on the required uptime (which I think in your case would be 99.99999% or higher), I would be looking at cloud hosting.
Microsoft Azure has some stuff that is pre-configured and ready to rock. But it is not a free solution; I imagine you will have a hard time finding free cloud hosting of SQL server.
I am assuming you want free/cheap as you are using SQL Express. Are you aware of the limitations of SQL express though? I think if you are moving from client-hosted to cloud hosted, you are going to want to upgrade to at least SQL Standard if not enterprise.
As for security measures, that is something that you, your company and your customers must agree on. As this would have tons of different clients, getting AD authentication will be tricky and I imagine you will be using SQL Authentication. You might be able to get by having 1 instance with multiple databases (1 per customer), but there is risk with that. The alternate solution is to have 1 instance per customer, but then you are limited in the number of customers you can have as each one would need its own TCP/IP port.
For backups, that is more up to you. How much data are you willing to lose in an emergency event such as the cloud host goes offline permanently without notice? I would recommend having some offsite storage for your backups that is hosted on a different cloud or 2. Depending on how much data you are OK with losing will determine how frequently you do backups.
Hosting things locally puts the control into your hands, but has the higher costs as you need to set up windows failover clustering and some flavor of HA/DR in SQL. If you aren't running SQL Server Enterprise, you are very limited in any HA/DR solutions. DH2i offers one solution that I have used and recommend, but I am sure there are others.
Something to keep in mind though is that some companies who use your software might not like their data existing in the cloud and it adds alot of responsibility onto you both on the technical side and on the legal side. Hypothetically, what would you do if somebody hacked your database and got all of the data for all of your customers and leaked it publicly? What if something happens to your cloud server and you have unexpected downtime? Would all of your customers accept 24 hours of downtime in which you can do nothing but sit and wait to hear back from the server hosts?
If this is the path you wish to go, I would first figure out your budget, do a little bit of research into what you can all afford to purchase with that budget, and then figure out what liability you would be accountable for. Then I would double the budget (as budgets can explode unexpectedly) and I would highly recommend hiring in a consultant to help with this.
I think the biggest take-away from this is get a consultant. That is a HUGE project and if you have no subject matter experts on site, a consultant would be the best use of the money. I expect this to be VERY expensive and VERY time consuming to complete.

Hi bmg002,

Thank you for the quick response I can confirm that you are correct that we would require 99.99% uptime so cloud hosting is something that we can definitely consider.

I have briefly looked around at suppliers and are prepared to pay for hosting! - In terms of SQL Express limitations, yes I was aware that it had limitations but never delve into what they where specifically, and when it comes to separating out customers and instances then I agree that it would be best to have an instance per customer as it would get extremely messy having multiple ports!

When it comes to backups we are not talking massive amounts of data (although the data is crucial) a typical customer backup will be anywhere from 5MB - 100MB (depending on the size of the client and how long the system runs for will dictate this, I believe the biggest backup to date is around 900MB but it has been running for a good 5-6 years and we do not have many of those. Ideally for those customers we would force the client's hand to have it stored on their own servers so for this aspect I would say the biggest backup we will come across is only likely to be 100MB (and that's far fetched!) for maybe up to a total of 5 customers max.

For the client in mind hosting data in the cloud will not be an issue (permitting the data is secure) - when it comes to the legal side of things I'm currently stumped - would this not sit with the cloud provider for whom we choose to go with?

In terms of budget I can't say we have anything allocated yet, we have spoken with a few providers both local to us in location and online providers and understanding what it is they are laying out in their quotes differ and the pricing varies dramatically!

jasona.work - Tuesday, March 7, 2017 1:11 PM
First, I would agree with bmg002 on getting a consultant in, you're looking at a very large project.
However, I would also strongly, strongly, strongly recommend against just forwarding port 1433 through your firewalls. Truthfully, I wouldn't forward anything through your firewall if you can help it, instead you'd be better served (from a security standpoint) by looking at configuring some sort of VPN between the clients and you. If you forward 1433, you're basically opening up your SQL Server to anyone on the Internet who wants to take a stab at logging into it, and rest assured, someone *will* succeed.

Thanks for the reply Jasona I guess reasons behind forwarding through the firewalls is to make it as simplistic for our client(s) as we can (as we all know how tedious it can be to get them to action simple tasks!) with the idea is our application sits on there desktop, they double click it and away they go!