Azure SQL Server Change Tracking (Edge)

Azure SQL Server Change Tracking (Edge) Setup Guide

Azure SQL Server Database is an intelligent, scalable, and relational database service built for the cloud. It can automate your database management and maintenance, including routine updates, backups, and security, enabling you to focus on working with your data.

You can ingest data from your Azure SQL Server database using Hevo Pipelines and replicate it to a Destination of your choice.

Getting Started

Setup

Prerequisites

The Azure SQL Server version is 2022 or higher.
Change Tracking is enabled for the database and table.
The public endpoint is enabled for the SQL Managed Instance.
Hevo’s IP address(es) for your region is added to the Azure SQL Server database IP Allowlist.
The SELECT and VIEW CHANGE TRACKING privileges are granted to the database user.

Note: We recommend that you create a database user for configuring your Azure SQL Server Change Tracking Source in Hevo. If you already have a database user, grant the required privileges.
The database hostname and port number of the SQL managed instance are available.

Perform the following steps to configure your Azure SQL Server Change Tracking Source:

Enable Change Tracking

The Change Tracking mechanism captures changes made to a database. To enable change tracking, connect to your SQL Server database as a user with ALTER DATABASE privilege using any SQL client tool, such as sqlcmd, and enter the following commands:

Note: Replace the placeholder values in the commands below with your own. For example, <database_name> with demo.

Enable change tracking at the database level:
```
ALTER DATABASE <database_name> SET CHANGE_TRACKING = ON 
(CHANGE_RETENTION = 3 DAYS, AUTO_CLEANUP = ON)
```
The CHANGE_RETENTION value specifies the duration for which change tracking information is retained. You can use AUTO_CLEANUP to enable or disable the cleanup task that removes old change tracking information. Read Enable Change Tracking for a Database.

Note: Hevo recommends that you set the CHANGE_RETENTION value to 3 DAYS. This reduces the risk of log expiry in the case of Pipelines having a low sync frequency. For example, 24 hours.
Enable change tracking for each table that you want to replicate:
```
 ALTER TABLE <schema_name>.<table_name> ENABLE CHANGE_TRACKING
```
Repeat this step for each table you want to replicate using Change Tracking. Read Enable Change Tracking for a Table.

Note: If the Schema Evolution Policy for your Pipeline is set to Allow all changes and a new table is created in your schema after the Pipeline creation, you need to enable change tracking for the new table. After that, refresh the schema so that Hevo can begin ingesting data from it. If change tracking is not enabled, Hevo marks the object as inaccessible and does not ingest any data from it.

Enable Public Endpoint for SQL Managed Instance

You need to enable the public endpoint for your SQL managed instance to allow connections to your Azure SQL Server database over the internet. To keep your database secure, you can control access by allowlisting only trusted IP addresses, such as Hevo’s. This ensures that only authorized connections can access your database.

Perform the following steps to enable the public endpoint for your SQL managed instance:

Log in to the Azure Portal.
Under Azure services, select More services.
On the All services page, search and select All resources.
On the All resources page, click the database you want to connect to Hevo.
In the right pane of <Your Database Name> page, Essentials section, click the link text under Managed instance.
In the left navigation pane, click Security, and then click Networking.
On the Networking page, enable the Public endpoint (data), and then click Save.

After saving the changes, the status of Public endpoint (data) displays as Enable.

Allowlist Hevo IP addresses for your region

You need to allowlist the Hevo IP addresses for your region to enable Hevo to connect to your Azure SQL Server database. This can be done by creating inbound security rules in the network security group associated with your SQL managed instance.

Perform the following steps to allowlist the Hevo IP addresses for your region:

Log in to the Azure Portal.
Under Azure services, select More services.
On the All services page, search and select All resources.
On the All resources page, click the database you want to connect to Hevo.
In the right pane of <Your Database Name> page, Essentials section, click the link text under Managed instance.
In the right pane of <Your SQL managed instance Name> page, Essentials section, click the link text under Virtual network / subnet.
In the left navigation pane, click Subnets.
On the Subnets page, click the link text under Security group column corresponding to your SQL managed instance.
In the left navigation pane, click Settings, and then click Inbound security rules.
On the Inbound security rules page, click +Add.
In the Add inbound security rule slide-in page, do the following:
1. Source: Select IP Addresses from the drop-down.
2. Source IP addresses/CIDR ranges: Enter Hevo’s IP addresses for your region. You can enter multiple addresses, separating them with commas.
3. Destination port ranges: Enter 3342.
4. Protocol: Select TCP.
5. Priority: Enter a priority number between 100 and 4095 as per your requirement.
  
  Azure processes security rules in order of priority, with lower numbers taking precedence over higher numbers.
  
  Note: Ensure that the security rule for allowlisting Hevo’s IP addresses has a higher priority than any existing restrictive rules, such as the deny_all_inbound rule. This ensures that connection to Hevo is allowed before any restrictive rules are applied.
6. Name: Specify your rule name.
7. Click Add to save the rule.

You can now view the new security rule on the Inbound security rules page of your network security group.

Create a Database User and Grant Privileges

1. Create a database user (Optional)

Note: Skip to the Grant privileges to the user section if you are using an existing database user.

Perform the following steps to create a database user in your Azure SQL Server database:

Connect to your Azure SQL Server database as a masteruser with any SQL client tool, such as sqlcmd.

Run the following commands:

# Select a database
USE <database_name>;
    
# Create a login and a database user
CREATE LOGIN <login_username> WITH PASSWORD = '<password>';
CREATE USER <database_username> FOR LOGIN <login_username>;

Note: Replace the placeholder values in the commands above with your own. For example, <login_username> with hevouser.

2. Grant privileges to the user

The database user for Hevo requires the following privileges to connect to and ingest data from your Azure SQL Server database:

Privilege	Grants access to
SELECT	Retrieve rows from the database tables.
VIEW CHANGE TRACKING	View changes made to tables or schemas for which with the Change Tracking feature is enabled.

Connect to your Azure SQL Server database as a masteruser with any SQL client tool, such as sqlcmd, and run the following script:

# Grant SELECT privilege at the database level
GRANT SELECT ON DATABASE::<database_name> TO <database_username>;

# Grant SELECT privilege at the schema level
GRANT SELECT ON SCHEMA::<schema_name> TO <database_username>;

# Grant VIEW CHANGE TRACKING privilege at the schema level
GRANT VIEW CHANGE TRACKING ON SCHEMA::<schema_name> TO <database_username>;

# Grant VIEW CHANGE TRACKING privilege at the table level
GRANT VIEW CHANGE TRACKING ON OBJECT::<schema_name>.<table_name> TO <database_username>;

Note: Replace the placeholder values in the commands above with your own. For example, <database_username> with hevo.

Retrieve the Database Hostname and Port Number (Optional)

Note: The Azure SQL Server hostnames begin with your database name and end with database.windows.net. For example, azure-sql-server.xxxxxxxxx.database.windows.net.

Perform the following steps to obtain the configuration details required to create your Hevo Pipeline:

Log in to the Azure Portal.
Under Azure services, select More services.
On the All services page, search and select All resources.
On the All resources page, click the database you want to connect to Hevo.
In the right pane of <Your Database Name> page, Essentials section, click the link text under Managed instance.
In the left navigation pane, click Security, and then click Networking.
On the Networking page, under Endpoint, click the copy icon.

The endpoint consists of the database host, followed by a comma and the port number. Remove the comma, and then save the database host and port number separately.

For example, if exampledatabase.abc123xyz789.database.windows.net,3342 is the endpoint, use exampledatabase.abc123xyz789.database.windows.net as the database host and 3342 as the port number while configuring your Azure SQL Server Change Tracking Source in Hevo.

Configure Azure SQL Server Change Tracking as a Source in your Pipeline

Perform the following steps to configure your Azure SQL Server Change Tracking Source:

Click PIPELINES in the Navigation Bar.
Click + CREATE PIPELINE in the Pipelines List View.
On the Select Source Type page, under All Sources, click Edge, and then select Azure SQL Server Change Tracking.
In the Azure SQL Server Change Tracking screen, specify the following:
- Source Name: A unique name for your Source, not exceeding 255 characters. For example, Azure SQL Server Change Tracking.
- In the Connect to your SQL Server section:
  - Database Host: The Azure SQL Server host’s IP address or DNS. This is the database host that you obtained in the Retrieve the Database Hostname and Port Number (Optional) step of the Getting Started section.
  - Database Port: The port on which your Azure SQL Server listens for connections. This is the port number that you obtained in the Retrieve the Database Hostname and Port Number (Optional) step of the Getting Started section. Default value: 1433.
  - Database User: The authenticated user who has the permissions to read tables in your database. This user can be the login user you created in the Create a database user (optional) step of the Getting Started section. For example, hevouser.
  - Database Password: The password for your database user.
  - Database Name: The database from where you want to replicate data. For example, demo.
  - Schema Name: The schema that holds the tables to be replicated. Default value: dbo.
- In the Additional Settings section:
  - Use SSH: Enable this option to connect to Hevo using an SSH tunnel instead of directly connecting your Azure SQL Server database host to Hevo. This provides an additional level of security to your database by not exposing your Azure SQL Server setup to the public.
    
    If this option is turned off, you must configure your Source to accept connections from Hevo’s IP address.
  - Use SSL: Enable this option to use an SSL-encrypted connection. Specify the following:
    - CA File: The file containing the SSL server certificate authority (CA).
    - Client Certificate: The client’s public key certificate file.
    - Client Key: The client’s private key file.
Click TEST & CONTINUE to test the connection to your Azure SQL Server Change Tracking Source. Once the test is successful, you can proceed to set up your Destination.

Additional Information

Read the detailed Hevo documentation for the following related topics:

Data Type Mapping

Hevo maps the SQL Server Source data type internally to a unified data type, referred to as the Hevo Data Type, in the table below. This data type is used to represent the Source data from all supported data types in a lossless manner.

The following table lists the supported SQL Server data types and the corresponding Hevo data type to which they are mapped:

SQL Server Data Type	Hevo Data Type
- CHAR - VARCHAR - TEXT - NCHAR - NVARCHAR - NTEXT - XML - UNIQUEIDENTIFIER - GEOMETRY - GEOGRAPHY - HIERARCHYID - SQL_VARIANT	VARCHAR
- DATETIMEOFFSET	TIMESTAMPTZ
- DATETIME - SMALLDATETIME - DATETIME2	TIMESTAMP
- TIME	TIME
- TINYINT - SMALLINT	SHORT
- BIGINT	LONG
- INT	INTEGER
- REAL	FLOAT
- FLOAT	DOUBLE
- NUMERIC - DECIMAL - MONEY - SMALLMONEY	DECIMAL
- DATE	DATE
- BINARY - VARBINARY - IMAGE - TIMESTAMP	BYTEARRAY
- BIT	BOOLEAN

At this time, the following SQL Server data types are not supported by Hevo:

CURSOR
VECTOR
ROWVERSION
TABLE
Any other data type not listed in the table above.

Note: If any of the Source objects contain data types that are not supported by Hevo, they are marked as unsupported during object configuration in the Pipeline.

Source Considerations

When a record is updated multiple times between two consecutive data ingestion runs, Change Tracking provides only the latest update made to the record. As a result, Hevo ingests only the latest record at the time of ingestion, which can lead to the loss of any updates that occurred between the previous ingestion and the current one.

Limitations

Hevo does not support data replication from temporary tables and views.
Hevo does not set the metadata column __hevo__marked_deleted to True for data deleted from the Source table using the TRUNCATE command. This action could result in a data mismatch between the Source and Destination tables.

Last updated on Apr 10, 2025