Databases

SQL Server 2019 Web User Guide

| Product: SQL Server 2019 Web

Overview

This guide covers the deployment and configuration of SQL Server 2019 Web on Linux using cloudimg AMIs from the AWS Marketplace. SQL Server 2019 Web edition is designed specifically for web hosting providers and websites, offering a low cost database solution for web facing applications and services.

What's included in this AMI:

  • SQL Server 2019 Web edition installed at /opt/mssql
  • SQL Server database port 1433 preconfigured and listening on boot
  • SA (System Administrator) account with a randomly generated password
  • sqlcmd command line tool for database interaction
  • OS package update script for keeping the system current
  • AWS CLI v2 for AWS service integration
  • Systems Manager Agent (SSM) for remote management
  • CloudWatch Agent for monitoring
  • Latest security patches applied at build time
  • 24/7 cloudimg support with guaranteed 24 hour response SLA

Edition Notes: SQL Server 2019 Web is a low total cost of ownership option for web hosting providers and web application developers. It supports up to 64 GB of buffer pool memory and the lesser of 4 sockets or 16 cores. Web edition is licensed only for use as a backend database supporting public facing web services, websites, and web applications. It should not be used for internal line of business applications or general purpose database workloads. For those scenarios, consider Standard or Enterprise edition.

Prerequisites

Before launching this AMI, ensure you have:

  1. An active AWS account
  2. An active subscription to the SQL Server 2019 Web listing on AWS Marketplace
  3. An EC2 key pair for SSH access
  4. Familiarity with EC2 instance management and SSH

Recommended Instance Type: m5.large (2 vCPU, 8 GB RAM) or larger. Web edition workloads benefit from sufficient memory for caching frequently accessed data from web applications.

Minimum Requirements: 1 vCPU, 2 GB RAM, and 6 GB disk space.

Step 1: Launch the AMI

  1. Navigate to the AWS Marketplace and search for "SQL Server 2019 Web cloudimg"
  2. Click Continue to Subscribe, accept the terms, then Continue to Configuration
  3. Select your preferred Region and Software Version
  4. Click Continue to Launch
  5. Choose Launch through EC2 for full control over instance configuration
  6. Select your instance type (m5.large recommended)
  7. Configure storage: provision adequate gp3 volumes for your web database workloads
  8. Configure your Security Group with the following inbound rules:
Port Protocol Source Purpose
22 TCP Your IP SSH access
1433 TCP Application servers SQL Server database port

Important: Restrict port 1433 to your web application servers or VPC CIDR range only. The database server should never be directly accessible from the public internet. Place the SQL Server instance in a private subnet and allow connections only from your web tier.

  1. Select your EC2 key pair and launch the instance

Step 2: Connect via SSH

Once your instance is running and has passed both status checks (2/2), connect using SSH:

ssh -i your-key.pem ec2-user@<public-ip-address>

To switch to the root user:

sudo su -

Important: Wait for the EC2 instance to reach 2/2 successful status checks before connecting. Early connection attempts may produce "Permission denied" errors as the instance is still initialising.

Step 3: Retrieve the SA Password

The SA (System Administrator) password is randomly generated at build time and stored in a log file on the instance. Retrieve it by running:

cat /stage/scripts/mssql_admin_password.log

Save this password securely. You will need it to connect to SQL Server.

Step 4: Connect to SQL Server

Use the sqlcmd command line tool to connect to the local SQL Server instance:

sqlcmd -S localhost -U SA

Enter the SA password retrieved in Step 3 when prompted.

Expected output:

1>

You are now connected to SQL Server and can run T-SQL queries.

Step 5: Create a Database and Table

Create a new database:

CREATE DATABASE WebAppDB;
GO

Switch to the new database:

USE WebAppDB;
GO

Create a table:

CREATE TABLE Users (
    UserID INT IDENTITY(1,1) PRIMARY KEY,
    Name NVARCHAR(100),
    Email NVARCHAR(255),
    CreatedAt DATETIME DEFAULT GETDATE()
);
GO

Insert data:

INSERT INTO Users (Name, Email) VALUES ('John Doe', 'john@example.com');
GO

Query data:

SELECT * FROM Users;
GO

Type QUIT to exit the sqlcmd shell.

Server Components

Component Software Home
SQL Server 2019 Web /opt/mssql

Note: Component versions may be updated on first boot by the automatic OS package update script finding new versions in the system package repositories.

Filesystem Layout

Mount Point Size Description
/ 38 GB Root filesystem
/boot 2 GB Operating system kernel files
/opt/mssql 9.8 GB SQL Server installation directory

Managing the SQL Server Service

SQL Server is managed via systemd and starts automatically on boot.

Check service status:

systemctl status mssql-server

Stop SQL Server:

systemctl stop mssql-server

Start SQL Server:

systemctl start mssql-server

Restart SQL Server:

systemctl restart mssql-server

Scripts and Log Files

Script/Log Path Description
initial_boot_update.sh /stage/scripts Updates the OS with the latest packages on first boot
initial_boot_update.log /stage/scripts Output log for the boot update script
mssql_admin_password.log /stage/scripts Contains the randomly generated SA password

On Startup

An OS package update script runs on first boot to ensure the image is fully up to date. You can disable this by removing the script and its crontab entry:

rm -f /stage/scripts/initial_boot_update.sh

crontab -e
# Delete the following line, save and exit:
@reboot /stage/scripts/initial_boot_update.sh

Troubleshooting

Cannot connect via SSH

  1. Wait for the EC2 instance to reach 2/2 status checks
  2. Verify your security group allows port 22 from your IP
  3. Confirm you are using the correct key pair and connecting as ec2-user
  4. Check the instance system log in the AWS Console for boot errors

SQL Server service not running

  1. Check service status: systemctl status mssql-server
  2. Review the SQL Server error log: cat /var/opt/mssql/log/errorlog
  3. Verify sufficient disk space: df -h /opt/mssql
  4. Ensure the instance has at least 2 GB RAM

Cannot connect to SQL Server on port 1433

  1. Verify the service is running: systemctl status mssql-server
  2. Check the security group allows port 1433 from your application servers
  3. Test local connectivity: sqlcmd -S localhost -U SA
  4. Check SQL Server is listening: ss -tlnp | grep 1433

SA password not working

  1. Retrieve the password again: cat /stage/scripts/mssql_admin_password.log
  2. Ensure you are copying the entire password without extra whitespace
  3. If needed, reset the SA password using mssql-conf:
sudo systemctl stop mssql-server
sudo /opt/mssql/bin/mssql-conf set-sa-password
sudo systemctl start mssql-server

High memory usage

  1. SQL Server Web can use up to 64 GB of buffer pool memory by design
  2. Configure memory limits with mssql-conf:
sudo /opt/mssql/bin/mssql-conf set memory.memorylimitmb 2048
sudo systemctl restart mssql-server

Web application connection pooling issues

  1. Ensure your web application is using connection pooling to avoid exhausting connections
  2. Check active connections: sqlcmd -S localhost -U SA -Q "SELECT COUNT(*) FROM sys.dm_exec_connections"
  3. Review and optimise slow queries to free connections faster

Security Recommendations

  • Restrict port access: Only allow SQL Server port 1433 from web application servers within your VPC
  • Use private subnets: Place the SQL Server instance in a private subnet, accessible only from the web application tier
  • Change the SA password: Replace the default generated password with a strong, unique password after first login
  • Create application specific logins: Avoid using the SA account for web application connections; create dedicated logins with minimal required permissions
  • Enable encrypted connections: Configure SQL Server to use TLS/SSL for client connections
  • Keep SQL Server updated: Apply cumulative updates and security patches when available
  • Monitor access: Review SQL Server error logs regularly for failed login attempts
  • Parameterise queries: Ensure your web application uses parameterised queries to prevent SQL injection attacks
  • Use AWS security features: Leverage VPC security groups, NACLs, and private subnets to restrict network access
  • Secure the password file: After retrieving the SA password, consider removing or restricting access to /stage/scripts/mssql_admin_password.log

Support

If you encounter any issues with this product, contact cloudimg support:

  • Email: support@cloudimg.co.uk
  • Website: www.cloudimg.co.uk
  • Support hours: 24/7 with guaranteed 24 hour response SLA