Profile Applicability:
- Level 1
Description:
The user connections database flag should be configured to ensure it does not impose an unnecessary limit on the number of simultaneous connections for Cloud SQL SQL Server instances. This flag controls the maximum number of concurrent user connections allowed. By default, it is set to 0, which permits the SQL Server to dynamically allocate up to the maximum of 32,767 connections. Setting a limiting value may result in service disruptions when the connection limit is reached.
Rationale:
The user connections option is a self-configuring value that dynamically adjusts based on demand, allowing SQL Server to handle up to 32,767 connections. Limiting this value unnecessarily can result in dropped connection requests, potentially causing application outages or data loss. Ensuring this flag is set to 0 allows SQL Server to manage connections efficiently without imposing artificial restrictions.
Impact:
Setting a restrictive value for user connections may limit the number of allowed connections, potentially leading to service disruptions.
Modifying flags via the command line will overwrite previously configured flags, so all required flags should be included in a single command.
Updates to this flag may restart the database, causing temporary unavailability. It is recommended to apply changes during periods of low usage.
Default Value:
The default value for user connections is 0, which does not limit the number of connections, allowing SQL Server to dynamically manage up to 32,767 connections.
Audit Steps:
Using Google Cloud Console:
Navigate to the Cloud SQL Instances page.
Select the SQL Server instance to view its Instance Overview page.
Under the Database flags section, verify that the user connections flag is set to 0.
Using Google Cloud CLI:
Run the following command to check the value of the user connections flag:
gcloud sql instances describe <INSTANCE_NAME> --format=json | jq '.settings.databaseFlags[] | select(.name=="user connections")|.value'Ensure the returned value is 0.
Remediation Steps:
Using Google Cloud Console:
Navigate to the Cloud SQL Instances page.
Select the SQL Server instance where the flag needs to be modified.
Click Edit.
Scroll to the Flags section.
Add or modify the user connections flag and set its value to 0.
Click Save to apply the changes.
Confirm the changes under the Flags section on the Overview page.
Using Google Cloud CLI:
Configure the user connections database flag using the following command:
gcloud sql instances patch <INSTANCE_NAME> --database-flags "user connections=0"Ensure the instance reflects the updated configuration.
Backout Plan:
Step 1: Restore the user connections Flag If Needed
If setting user connections=0 causes performance issues, restore a controlled limit:
gcloud sql instances patch <INSTANCE_NAME> --database-flags "user connections=500"
Step 2: Notify Stakeholders
Inform database administrators before making connection limit changes
Step 3: Restore from Backup (If Necessary)
If modifying user connections causes failures, restore the SQL instance from a backup.
Step 4: Validate Rollback Success
Run the audit steps again to confirm that the new user connections setting is applied.
References:
Additional Information:
Changes to database flags may require the instance to restart. Check the list of flags requiring restarts at Cloud SQL SQL Server Flags Documentation.
Avoid setting unnecessarily restrictive limits on connections, as this may impact application performance.
Ensure that all required flags are included when updating the configuration to prevent unintended changes.
CIS Controls: