Sunday, November 12, 2017

Azure SQL Database

Azure SQL Database is a fully-managed relational cloud database service using the Microsoft SQL Server Engine which supports structures such as relational data, JSON, spatial, and XML.
Azure SQL Database is a managed database service to take care of scalability, backup, and high availability of the database. It is differ from AWS RDS which is a container service.
We know that SQL Database is a high-performance, reliable, and secure database which can be used to build data-driven applications and websites in the programming language of our choice, without needing to manage infrastructure. 
SQL Database delivers predictable performance at multiple service levels which provides the following with near-zero administration -
1.       Dynamic scalability with no downtime
2.      Built-in intelligent optimization
3.      Global scalability and availability
4.      Advanced security options  
Azure SQL Databases is currently in 38 data centers around the world, with more data centers coming online regularly, which enable us to run our database in a data center near us.
Scalable performance and pools
With Azure SQL Database, each database is isolated from each other and portable, each with its own service tier with a guaranteed performance level. SQL Database provides different performance levels for different needs, and enables databases to be pooled to maximize the use of resources and save money. Basically, it offers four service tiers to support lightweight to heavyweight database workloads such as Basic, Standard, Premium, and Premium RS. In this way, we have an option to adjust performance without downtime to our application or to our customers. So, dynamic scalability enables our database to transparently respond to rapidly changing resource requirements and enables us to only pay for the resources that we need when you need them.
Built-in intelligence 
We have stated that Azure SQL database is built-in intelligence to protect and optimize our database to help us dramatically reduce the costs of running and managing databases and maximizes both performance and security of your application. Running n number of customer workloads around-the-clock, SQL Database collects and processes a massive amount of telemetry data, while also fully respecting customer privacy behind the scenes. Apart from this, various algorithms are continuously evaluating the telemetry data so that the service can learn and adapt with our application.

Availability capabilities
Azure's industry leading 99.99% availability service level agreement (SLA), powered by a global network of Microsoft-managed datacenters, helps keep our app running 24/7. In addition, SQL Database provides built-in business continuity and global scalability features, including Automatic backups, Point-in-time restores, Active geo-replication and Failover groups.
Advanced security and compliance
Azure SQL Database provides a range of built-in security and compliance features to help our application meet various security and compliance requirements such as –
1.  Data encryption at rest - all newly created Azure SQL databases are automatically protected with transparent data encryption which  is SQL’s proven encryption-at-rest technology that is required by many compliance standards to protect against theft of storage media
2. Auditing for compliance and security – with the help of Azure SQL Database Auditing tracks database events, writes them to an audit log in our Azure storage account. In this way, auditing can help us to maintain regulatory compliance, understand database activity, and gain insight into discrepancies and anomalies that could indicate business concerns or suspected security violations.
3. Dynamic data masking - it limits sensitive data exposure by masking it to non-privileged users and helps prevent unauthorized access to sensitive data by enabling customers to designate how much of the sensitive data to reveal with minimal impact on the application layer. It’s a policy-based security feature that hides the sensitive data in the result set of a query over designated database fields, while the data in the database is not changed.
4.  Row-level security – It enables customers to control access to rows in a database table based on the characteristics of the user executing a query (such as by group membership or execution context). Row-level security (RLS) simplifies the design and coding of security in your application. 

Questions & Answers
How to secure data and prevent employees to share it with other companies ?
In general, the best way is to protect the data either through encryption (e.g., Always Encrypted) and limit access to the key; or use data masking/row-level security to limit the data employees can access in a db and to obfuscate those data values they can query and access.

How to properly restrict access to Azure SQL to specific Azure Web Site?

There are two scenarios here: 1. If you use Azure SQL Database Managed Instance, you can use VNETs/Subnets to restrict access to your SQL databases to only those Web apps that are in the same VNET or in a subnet in the same VNET. 2. If you use singleton/pools where we don't have VNET/Subnet support yet, you can use AAD with conditional access to limit the users/principles who can access databases (incl. the devices from where they connect).

Conclusion –
Azure SQL Database includes built-in intelligence that learns app patterns and adapts to maximize performance, reliability, and data protection. It enables us to centrally manage identities of database user and other Microsoft services with Azure Active Directory integration. Azure SQL Database participates in regular audits and has been certified against several compliance standards. It supports building applications with Python, Java, Node.js, PHP, Ruby, and .NET on the Mac OS, Linux, and Windows. 



  1. Evolution of DevOps: As organizations look at new technologies to enhance their business agility, speed and competitive edge, they also face new challenges that can't be merely met with traditional, out-of-date and on-premise monitoring tools.Data Analytics Courses

  2. Acquire specialised skills with the Certification Programme in Digital Marketing. Learn how to improve the effectiveness of marketing activities and drive greater value for marketing in your organisation.

  3. This would regularly be the obligation of the DBA and on the off chance that your task has the advantage of an information draftsman and a DBA it will be the DBA who introduces the databases.

  4. The focal point of the database overseer is generally speaking strength of the database and the information it contains, including database accessibility, execution, and access.