Cloud SQL for SQL Server—now with Active Directory authentication

Windows Authentication is now supported on Cloud SQL for SQL Server. We’ve launched seamless integration with Google Cloud’s Managed Service for Microsoft Active Directory (AD), now in public preview. This capability is a critical requirement to simplify identity management and streamline the migration of existing SQL Server workloads that rely on AD for access control. This release is the latest milestone in Google Cloud’s ongoing commitment to enterprise customers to meet you where you are. We are focused on offering low-effort, highly compatible, lift-and-shift destinations in the cloud. Google Cloud provides a complete portfolio of services to support your organization’s Microsoft and .NET workloads, and the integration between these two services makes it simpler than ever to set up a compatible environment for your business-critical databases.  

Since its initial release just last year, Cloud SQL for SQL Server has provided a managed database solution that reduces customers’ operational toil and risk while maintaining compatibility and providing a flexible and high-performing platform. AD integration complements these benefits by ensuring continued security and compliance for your organization’s workloads. For customers utilizing AD on-premises, you can easily set up Google Cloud’s Managed Service for Microsoft Active Directory in a trust relationship with your existing AD deployment. This will allow you to continue using your existing identities for Cloud SQL for SQL Server as well as any workloads that may not yet be migrated to the cloud.

Setting up Windows Authentication

Getting started with a new Cloud SQL for SQL Server instance just takes a few quick steps, or you can enable Windows Authentication on any existing instances as well. Just make sure you meet the prerequisites outlined here, then proceed with the following steps.

1. Go to the Cloud SQL Instances page in the Google Cloud Console.

2. Click Create instance.

3. Click Choose SQL Server.

4. Enter a name for the instance. Do not include sensitive or personally identifiable information in your instance name; it is externally visible. You do not need to include the project ID in the instance name. This is created automatically where appropriate (for example, in the log files).

5. Enter the password for the 'sqlserver' user.

6. Set the region for your instance. See Best practices for integrating with Managed Microsoft AD.

7. Under Configuration options, set your desired options (but wait until the next step for the authentication options).

8. Click Authentication. The dropdown menu for joining a managed Active Directory domain lists any Managed Microsoft AD domains that previously were added in your project.

9. From the dropdown menu for joining a managed Active Directory domain, select a domain.

10. When you are finished selecting your configuration options, click Create. Cloud SQL automatically creates a Per-Product, Per-Project Service account for you. If the account doesn't have the appropriate role, you are prompted to grant the managedidentities.sqlintegrator role.

Getting started

Windows Authentication for Cloud SQL for SQL Server is available in preview for all customers today!  Learn more and get started.