The developers want a linked server from our on-prem server to our Azure SQL Db (DBaaS) in order to complete a nightly data pull into our data warehouse.
I'd much rather go the route of SSIS but don't have the time to properly develop the package or teach them how to support it.
My main concern at this point is ensuring the data is encrypted in transit.
Once the linked server is in place along with a corresponding Agent job, my options appear to be:
-
sqlcmd (with the -N switch, "…used by the client to request an encrypted connection."
-
Invoke-SQLcmd Azure PowerShell cmdlet (with the -EncryptConnection switch)
-
OR… Azure SQL Data Sync (Hub to Member), which as of this writing is still in preview but looks promising!
Are there any gotchas or special considerations for these methods that I should be aware of?
Best Answer
The main difference between this answer and the previous one offered is the (what I find to be incredibly important) acknowledgement of MitM attacks rather than a blanket statement which overlooks caveats.
For posterity, from Securing your SQL Database in the documentation: