Introducing Azure SQL Database

Running Azure SQL

Your browser needs to be JavaScript capable to view this video

Try reloading this page, or reviewing your browser settings

This video segment details optimization steps to follow once your database is running in Azure SQL.

Keyword

  • Azure SQL optimize performance scale

About this video

Author(s)
Peter De Tender
First online
09 August 2019
DOI
https://doi.org/10.1007/978-1-4842-5276-5_5
Online ISBN
978-1-4842-5276-5
Publisher
Apress
Copyright information
© Peter De Tender 2019

Video Transcript

Hey there. Welcome back in this Azure SQL course, where this section is all about running and optimizing your Azure SQL instances. This video specifically is going to cover the following topics. I start with highlighting several of the key features of Azure SQL and then moving over to discussing the SQL PaaS security enhancements, ending this section with another few demos about the discussed topics.

Now, besides running your business workflow database, Azure SQL has a lot of nice features built in that I would like to describe as the “key features” or even “killing features,” if you want. Now, several of those are specific to Azure SQL. It could be beneficial for your organization, comparing them to running SQL databases inside Azure VMs or maybe in your on-prem environment.

Now, first of all, security, which obviously is pretty important when using public cloud, is a built-in given, obviously, on the physical layer of the Azure fabric, where all traffic is encrypted. Now, next, looking at it from an authentication/authorization perspective, Azure SQL behaves similar to the traditional SQL Server setup, where you need permissions to manage and even connect to your database. Even as a full Azure subscription admin, your access is blocked by design.

Azure SQL also comes with different high availability features, as well as migration tools. Now, talking from a high availability perspective, you can build out multiple replicas in the same Azure region or even across multiple Azure regions.

And then lastly, from a database performance perspective, you get performance insights, Automated Database Tuning, as well as Adaptive Query Processing– so a lot of nice tools helping you in running your Azure SQL instance, relying on the security from the public cloud, making the migration a lot more straightforward, providing you high availability and a lot of nice performance capabilities.

Now, zooming in on some specific security bullet points from the previous slide, there are quite a few interesting capabilities here. The first one I should mention is an integration with firewall and virtual network security. So although, again, Azure SQL runs as a PaaS service, you are in control, defining who can connect to your database from a network connectivity perspective.

And it shouldn’t be a surprise, but by default, all communication to your database is getting blocked. As mentioned already, an Azure subscription admin is denied from accessing the Azure SQL database. And this is also a default behavior.

Next, let’s talk about encryption. Data in flight during a migration, during running update queries whatsoever, or data addressed is all being encrypted. On top of that, you’ve got extensive auditing. If you want to find out who’s targeting your database or what database operations have been running, Azure auditing is available for you.

And then lastly to Azure SQL specific features, helping optimize security of your data stored within the database is Azure SQL Threat Detection and Dynamic Data Masking. Threat Detection blocks suspicious activity against your database, where Dynamic Data Masking allows you to hide confidential information– like, for example, personal information or credit card details– from your SQL DBA– so quite a lot of nice things around security.

So why not jumping over to another demo and walking you through some of those characteristics? So let me start with my SQL Server object, where I’m going to use my portal-based one. But it’s the same for the other ones, as well, obviously.

So from here, one of the first options that I’m not really going to configure in my environment but just highlighting is Active Directory admin. So what you can do is instead of logging on with your trusted on-prem Active Directory credentials is integrating with Azure Active Directory.

Now, if you’re using an Azure environment, most probably, you’re going to use Azure Active Directory for authentication and authorization, anyway. So why not integrating that same security identity object for managing your SQL instance?

The Advanced Data Security option here is what I talked about in my presentation, highlighting threat protection. And in the meantime, there are a couple more around vulnerability assessment and running Data Discovery.

And then the other interesting one I talked about at the beginning is the firewalling and virtual network. So what I can do from here is adding my client IP, where I’m going to add my public IP here, which allows me to connect to my database server from my SQL Management Studio later on.

Now, besides exposing or integrating and allow activity from a public IP, you could also integrate with your existing Azure v nets. So within my subscription, if I want, I can create a new v net or reuse an existing one in establishing that connectivity. So think back about one of the diagrams in a previous section in the course, where I had my web app connecting to my SQL Database. So that would be a perfect example.

And then lastly, the data encryption, where in the meantime, besides using the built-in Microsoft encryption key, if you’re using a service like Azure Key Vault, then that would be, I would say, my preference for storing your secrets and allowing that encryption of your database and the data within your database itself.

And that’s pretty much what I wanted to cover in this section of the course, where you learn about some key features of Azure SQL, as well as understanding several built-in security enhancements specific to Azure SQL– so even a couple of those are not existing in SQL virtual machines– and then lastly, walk you through a quick demo, highlighting where to find those settings in the Azure Portal, SQL Azure Blade.

Hope to see you again in one of the next videos on Azure SQL Management. Thank you for now, and have a nice day.