Overview of SQL Server deployment

This document describes how to deploy SQL Server systems using the Guided Deployment Automation tool in Workload Manager.

Configuration process

When you configure your SQL Server deployment, the Guided Deployment Automation tool collects the required information and specifications. Workload Manager recommends values for some of the settings, but you can modify these defaults as needed. The available values for each field are chosen to ensure that your configuration follows best practices for running SQL Server on Google Cloud.

In Preview, Workload Manager doesn't support modification of all fields or advanced customization. If you need to change any of these fields, you can generate and export Terraform and PowerShell Desired State Configuration (DSC) scripts for further customization. This is recommended only for advanced users as customizations or changes can cause issues with the deployment process or cause your system to deviate from best practices.

Generation of Terraform and PowerShell DSC files

The Guided Deployment Automation tool automatically converts your chosen settings and configurations into Terraform and PowerShell DSC files. You can choose to deploy the generated files directly from the Google Cloud console or by export the files and deploy on your own.

Deployment from the Google Cloud console

If you choose to deploy the system automatically, Workload Manager deploys the workload and runs the Terraform and PowerShell DSC files. You will have access to all underlying files used during the deployment process.

Cloud Build is used to initiate Terraform and it stores the Terraform files and the Terraform state file in a Cloud Storage bucket, which users with project-wide roles for Cloud Storage can access. All the required resources, such as VMs and disks, are configured and provisioned using Terraform.

In addition to Compute Engine resources required for your SQL Server workload, Terraform also configures PowerShell DSC using the sysprep-specialize-script-ps1 startup script. PowerShell DSC is responsible for further configuration of the deployed infrastructure, including OS configuration, high availability (HA) cluster configuration, and orchestration of SQL Server installation and configuration.

Export and deploy

After you configure the deployment, you can download the Terraform folder that contains all the files required for the deployment, in addition to a variable file which is pre-configured based on your inputs in the configuration process.

You can customize the Terraform files or deploy them as they are. For more information on how to manage and deploy Terraform on your own, see the Terraform on Google Cloud documentation.

If you modify the Terraform or Ansible file after exporting your configuration, it might cause issues during the deployment process, or make your configuration no longer follow best practices and recommendations.

Workload Manager doesn't register or list workloads deployed on your own using Terraform. Additionally, troubleshooting and post-deployment steps can be referenced, but they cannot be applied to workloads deployed outside of Workload Manager. For these reasons, we recommend that only advanced users use the export option.

Security considerations

The following sections describe how Workload Manager secures your deployments.

Service Accounts

Workload Manager uses the service account attached to your deployment to call other APIs and services for creating resources required for the deployment.

When you configure the deployment, you can either attach an existing service account or create a service account. Depending on your application and configuration, Workload Manager might prompt you to grant any missing roles to your service account.

SQL Server Credentials

Secret Manager is used to store credentials that are used during the SQL Server deployment process. During the configuration process, you select a secret during the Active Directory and Database configuration steps.

Google Cloud APIs

A SQL Server workload on Google Cloud uses various products and services. The deployment process requires the following APIs that are enabled automatically if needed. The usage of these APIs is subject to the terms of service of each API and may incur additional associated charges.

  • Service Usage API
  • Cloud Config Manager API
  • Cloud DNS API
  • Compute Engine API
  • Cloud Storage API
  • Cloud Resource Manager API
  • Identity and Access Management API
  • IAM Service Account Credentials API
  • Cloud Logging API
  • Cloud Build API
  • Workload Manager API
  • Secret Manager API

Pricing

Guided Deployment Automation is available at no cost. You might incur a charge for any resources used during the deployment process, such as VMs, persistent disks, and licenses. You might also be charged for the necessary APIs or other services.

In Preview, cost estimates for the chosen deployment are not available in the tool. Contact your Google account team or price information, including any relevant discounts or credits.

What's next