Author: Josh Achtemeier

A perfectly scalable, streamlined paradise is on the horizon for your organization’s SQL Server environment if you’re pursuing containerization. This innovative technology promises unparalleled flexibility, portability, and never-before-achieved levels of resource/server utilization. While there are a lot of organizations diving head over heels into SQL Server containers, thousands of other organizations hold some serious reservations surrounding the idea.

So, why the hesitation to adopt technology that has proven itself an unambiguously positive enhancement to IT environments globally? 

It’s less a hesitation, and more so a realistic look at the hurdles that stand between your organization and the end goal of stateful SQL Server containers in production. It can be a long and seemingly insurmountable list. 

The Obstacles 

Many different barriers stand in the way of a successful container adoption initiative like: 

Skill Gap

Learning your way around container orchestration technologies like Kubernetes can be an incredibly foreign and complexity-riddled experience for even the most season IT pros, especially in organizations that have never delved into containerization before. 

Legacy Systems

SQL Server often powers complex and powerful applications that make up the backbone of your business, business tools that have been built from the ground up with all their unique dependencies, custom configurations, and compatibility issues. 

Stateful Nature

Containerizing stateful applications comes with the inherent complications of ensuring data persistence and having safe and efficient backup/recovery solutions in place. 

Stringent Performance Requirements

Databases require incredibly consistent performance, and the introduction of container orchestration technology can have an unfavorable impact on performance if not done with great care and attention to detail.

Licensing Costs

If not managed closely, SQL Server licensing can be incredibly convoluted when you introduce containers into the typical physical or virtual core licensing framework and lead to unexpected costs. 

Security Concerns

Database workloads necessitate an intense commitment to security as they often house sensitive information. Ensuring proper isolation and access controls with containerized SQL Server can be challenging. 

DH2i’s Path to Enablement 

Ever since Microsoft’s first dive into Linux and containers with SQL Server 2017, DH2i’s DxEnterprise Smart High Availability Clustering software has remained at the forefront of this technology providing all the high availability capabilities that organizations needed to integrate containers into their SQL Server environments such as: 

• Fully automatic failover for SQL Server AGs in K8s to ensure minimum downtime 
• The ability to create mixed SQL Server clusters containing instances and containers 
• Infrastructure agnostic ZTNA tunnels to securely connect any native or containerized workloads 

DH2i DxEnterprise allows organizations to unify all of their SQL Server on Windows, Linux, and Kubernetes side-by-side in the same highly available cluster.

However, after identifying the slew of hurdles preventing organizations from making the move to SQL Server container modernization, it became abundantly clear that DH2i’s efforts also needed to be directed to streamlining/enabling the adoption of container technology, not just optimizing the high availability and management experience. 

The release of DxOperator by DH2i entirely changed the game in February of 2024. This technology is an included feature of DxEnterprise software and has earned the title of Microsoft’s preferred SQL Server Operator for Kubernetes (check out this MS tutorial for AKS deployment). When paired with other technologies like Rancher Prime by SUSE, this solution stack has unequivocally paved the most straightforward and efficient path to SQL Server Availability Group deployments in Kubernetes, helping mitigate many of the obstacles listed above.  

Overcoming Deployment Obstacles 

Skill Gap 

DxOperator by DH2i and Rancher Prime by SUSE work together seamlessly to create a drastically simplified deployment and management experience for IT pros without previous Kubernetes experience. 

Rancher Prime is a comprehensive management platform that provides an intuitive point and click UI that makes it easy to view custom parameter descriptions and make modifications, rather than having to learn the ins and outs of a totally foreign Kubernetes command-line and make manipulations directly. Rancher Prime also provides unified policy, security, and user management to simplify the orchestration of increasingly complex clusters. 

DxOperator by DH2i is deployable straight from the Rancher Application Catalog and totally automates the deployment of your SQL Server AG in Kubernetes. Deployment becomes as simple as specifying your desired cluster characteristic (# of replicas, async or sync, built-in load-balancer, etc.) and executing a short, minutes-long deployment. 

Legacy Systems  

DH2i DxEnterprise software makes migrating from legacy SQL Server systems to new systems as easy and quick as a failover.  DxEnterprise is able to do this because it is the only “Smart” HA clustering solution that can support mixed clusters containing Windows, Linux and containers, independent of the infrastructure those systems are running on. 

Stateful Nature  

DH2i software integrates containerized SQL Server workloads into the DxEnterprise HA clustering framework which supports any storage that is SCSI-3 Persistent Reservation compliant. From there, ensuring data persistence is a simple task, and DxEnterprise clusters can be easily stretch to provide dependable disaster recovery automation across different availability zones, subnets, and regions. 

Stringent Performance Requirements 

DH2i’s DxEnterprise doesn’t just function as an HA solution to failover workloads when their host server goes down. Users of the software can easily set specific performance thresholds at the workload level to ensure applications are always running in their best execution venues. If another host OS provides a better option to keep the workload performant and meet SLAs, the instance or container can be easily failed over in seconds at the speed of an application stop-start. 

Licensing Costs 

DH2i’s high availability clustering framework allows organizations to safely and sustainably stack multiple containerized SQL Server instances and containers on servers to maximize resource utilization. DH2i customers have often been able to save up to 60% in licensing costs (inclusive of DxEnterprise cost) and reduce OS counts by 8-15x through consolidation initiatives. In-turn, the reduction in server overhead contributes to additional savings in the form of maintenance/management costs.  

Security Concerns 

Rancher Prime’s built-in security functionality is further bolstered by integration with other infrastructure agnostic software solutions like NeuVector Prime for full container lifecycle security. Combined with the application-level zero trust network access tunnels of DH2i, containerized deployments can be protected with the same mission-critical attention to security afforded in traditional SQL Server deployments. 

DH2i’s built in software-defined perimeter capability allows users to securely connect any server, anywhere, with application-level ZTNA tunnels.

Conclusion 

DH2i has supported SQL Server containers in Linux for years at this point—providing all the necessary capabilities to ensure nearest-to-zero downtime and facilitate high availability management once you’ve deployed SQL Server containers within your organization. 

The release of DxOperator by DH2i represents an added focus to enabling organizations to actually adopt SQL Server containers in the first place. This SQL Server Operator for Kubernetes from DH2i, along with powerful integrations with solutions like Rancher Prime by SUSE, have combined to systematically overcome the challenges of stateful container deployment at your organization. Incredibly easy, UI-based management and advanced automation have paved the easiest path ever into container deployment, and DH2i’s clustering framework ensures the industry’s lowest possible downtime for SQL Server containers. 

Want to try it out yourself? Just fill out this form to receive a free software license and head to the DxOperator Quick Start Guide 

Facing the Cybersecurity Challenge of Proactive VPN Replacement 

Whether in a high-profile breach in the news or our own environments, most of us have witnessed the vulnerabilities of virtual private networks (VPN), and we know it’s time to start evaluating more secure networking alternatives.  

This aged technology: 

• Was never designed for hybrid and multi-cloud cybersecurity 
• Is a single point-of-entry that can lead to holistic network compromise 
• Relies on physical router boxes, adding unnecessary potential points of failure 

We’ve had surveys professionally conducted by 3rd party organizations to get a pulse on the industry’s feelings towards the technology as well, and they’ve confirmed a growing trend of IT pros looking for cybersecurity alternatives to VPN. 

However, the reality for many organizations that haven’t experienced a catastrophic breach of their own (that they know of) is that VPN is “good enough” right now. “If it ain’t broke, don’t fix it” comes to mind as a common mantra. However unfortunate, this mentality is understandable, especially when talking about replacing something as fundamental as network security infrastructure. IT decision makers are programmed to greet any cybersecurity project with skepticism surrounding implementation complexity, and the associated price tag.  

There is a difference in attitude for a company forced to acknowledge the vulnerability of its VPN(s) due to a critical breach or other disastrous cybersecurity events. If your current networking technology has been exploited, adopting a new network security solution, regardless of the associated expense, is a no-brainer. For the organizations that have managed to get this far without experiencing a debilitating VPN breach, proactively selling the decision-making hierarchy on a new technology is close to impossible. For those forward-thinking IT pros attempting the feat anyway, we salute you.

DH2i equates these uncompromised VPNs to somewhat of a ticking time bomb in the cybersecurity solution stack. We empathize greatly with IT pros who are caught in the position of recognizing the critical threat that an outdated VPN poses to their organization, but who haven’t been introduced to a solution with the feature set and cost savings potential needed to get traction with organizational decision makers. 

Redefining the SDP Paradigm: From Mandatory Cybersecurity Upgrade to Immediate Cost-Savings 

We want to provide the IT pros working to inspire proactive cybersecurity investment at their organization with the value story they need to get it done. It’s hard to say anything else about the “invisible” threat of VPN vulnerability that we haven’t already. However, DH2i can also tackle the notion that a network security upgrade is inevitably going to be accompanied by high costs and a high degree of deployment complexity. In this new software-defined cybersecurity era, that is simply not true… 

Fast and Easy Implementation on Any Infrastructure

You won’t find a more easily implemented secure networking solution than DxOdyssey Software-Defined Perimeter (SDP). DH2i has maintained a 14-year commitment to creating infrastructure agnostic software solutions, and this SDP solution is no different—easily layering over ANY existing infrastructure. 

Implementation is as simple as distributing the lightweight (less than 6MB) install package to the members of your team who you’d like to utilize it, or personally installing on the server hosts you’d like to connect. Installation is completed with just a few clicks on Windows or Linux and takes less than a minute to complete in most cases. 

Once DxOdyssey (DxO) has been installed on the desired endpoints, setting up secure zero trust network access (ZTNA) tunnels is a straightforward process as well. Upon completion of this step, you have implemented a fully standalone, software-defined perimeter solution that can replace or enhance any existing networking solution you have in place (like VPN). No infrastructure modifications required, just a fast point-and-click implementation on top of your existing infrastructure—Windows or Linux, any OS, any server, and any cloud. 

Eliminate Labor-Intensive Maintenance and Reduce Operating Costs

Implementation of DxOdyssey as your standalone networking solution also leads to an instantaneous simplification in ongoing maintenance. As a software-defined solution, DxO allows you to immediately phase out any of your physical appliances associated with networking technologies like VPN. 

This means the always-welcome removal of a potential point of failure within your network infrastructure, but also the elimination of all ongoing maintenance of those physical boxes. This can culminate in a significant reimbursement of cost and labor resources that can be allocated elsewhere to help your organization innovate and optimize other facets of your cybersecurity strategy. In some cases, the cost reduction is even enough to cover the entirety of the cost of DxOdyssey deployment. 

Operationally, adopting an SDP approach like DxO helps your organization flex with the ebbs and flows of business more efficiently as well. Standing up new tunnels or decommissioning unneeded connections can be easily accomplished with a few clicks, and it allows your organization to adapt network capacity in real time. 

The Biggest Functionality Differentiators of DxOdyssey

Along with a nearly effortless installation and low-to-no additional cost implementation. DxOdyssey packs a punch of powerful differentiators from other SDP solutions on the market. Some of these proprietary features and characteristics include: 

• All tunnels leverage DH2i’s patented, hybrid TCP-UDP data transport technology which unlocks up to a 40% increase in network throughput performance 
• Maximum data privacy – All data paths are direct. No “middleman.” Your data is only ever seen by the servers and clients that you specify.  
• Discreet invisibility with no open ports and full DTLS encryption for uncrackable network data security 
• Highly available ZTNA tunnels with fully automatic failover in the case of outages 

Benefits like highly available network connections cannot go overstated, as this presents a massive advantage over the single point of failure represented by the router in VPN setups. 

The added ability of SDP solutions like DxOdyssey to drastically reduce attack surface is an invaluable capability as well. Whereas VPN’s grant access to an entire network (you have access to any listener on the entire target subnet), SDP limits the access to a single application-level connection in which you can access one IP address on a single port only. 

The Hurdles Have Been Removed to Proactive Cybersecurity Enhancements 

In this 2024 report released by Keeper Security, 73% of over 800 survey respondents report having experienced a cyber-attack that resulted in monetary loss for their organization.  

If you’re looking for a superior software-defined perimeter solution to protect you against modern cyber threats and lock down your infrastructure, DxOdyssey is as simple as it gets. Fast and easy implementation without making modifications to your infrastructure, and an immediate cost-savings kickback with the elimination of expensive-to-maintain technologies like VPN. 

The traditional hurdles to network security upgrades have been removed because software-defined solutions have ushered in an era of infrastructure-agnostic, deployment simplicity. Your organization can achieve a drastically higher level of security with SDP technology at a low or no net cost increase, so the decision to pursue proactive cybersecurity technology upgrades is an easier decision than it’s ever been. 

Reach out to DH2i for a DxOdyssey demo today and we can start working up your organization’s personal TCO and ROI story as we put your company on the path to a more secure future.