Azure SQL Database Security

Azure enables a different level of security measures for their customers at both Server Level and Database Level.

Server Level means Azure SQL server level, not the subscription level, the security features it includes are:

· Access to the SQL database is restricted to certain user roles.

· Allows to set up Server firewall rules so that the users with certain IP addresses are permitted to access the database and allowed to manage the database.

· Azure SQL databases uses logins at the server level to authenticate user requests, it doesn't support windows integrated authentication.

· The master database roles have two roles: loginmanager role (has permissions to create and manage logins), dbmanager role (has permissions to create and manage databases).

At database level some of the security features are:

Extends access to client IP addresses by allowing to add additional firewall rules for individual databases.
GRANT, REVOKE, DENY statements can be executed to assign permissions to database objects for users and roles in the database.
Several database roles permissions are implemented at different levels, have a quick look at the above picture.

Comments

Geo-Replication in SQL Azure Database

Geo-Replication in SQL Azure Database Geo-Replication is one of the Azure SQL features which allows making 3 readable replicas to your database in same or different data centers. Geo-Replication option is available for all databases and service tiers in all region. If it is enabled, the application initiates to a secondary database. we will review how to set up Geo-Replication on Azure SQL databases. Geo-Replication is an Azure SQL database feature that allows you to create a readable secondary database in the same region or cross-region. We can failover to the secondary database in case of an outage for a long time on the primary database server. We can also use this feature to migrate a database from one server to another server in the same or cross region with minimal downtime. Geo-replication uses the Always-on feature to replicate committed transactions to the secondary database asynchronously. Select the database, Click on 'Geo Replication' in left hand...

Azure SQL Databases - Architecture

Azure SQL Databases - Architecture You 'll be having an Azure subscription as the top layer in which you have a resource group. Within the resource group, you'll be having the server instances and databases. On top of the SQL database server, it contains the master database and isolated users database. PowerShell commands The PowerShell commands to deploy the Azure SQL database are: To build a SQL server: $sqlServer = New-AzureRmSqlServer -ServerName $sqlServerName -SqlAdministratorCredentials $creds -Location $sqlServerLocation -ResourceGroupName $resourceGroupName -ServerVersion $sqlServerVersion To Create an empty database in the server: $CurrentDatabase = New-AzureRmSqlDatabase -ResourceGroupName $resourceGroupName -ServerName $sqlServerName -DatabaseName $databaseName -Edition $databaseEdition -RequestServiceObjectiveName $databaseServiceLevel Database Tiers There are different tiers in SQL Databases offere...

DTU and eDTU in Azure SQL

DTU and eDTU in Azure SQL The performance of SQL Database is based on DTU. According to Microsoft, a DTU is a unit of measure of the resources that are guaranteed to be available to a single Azure SQL Database at a specific performance level within a single database tier. A DTU combines CPU, memory, data I/O, and transaction I/O. Databases can be placed into an elastic pool on a SQL Database server that shares a pool of resources among those databases. The shared pool of resources are measured by elastic Database transition units (eDTU) . The advantages of an elastic pool are: They are scaled automatically. They provide predictable costs. They are widely used for varying and unpredictable usage patterns . Determining DTUs for Workloads · If you are planning to move your on-premises Databases to Azure SQL Database, Azure provides a DTU Calculator ...

Techno Rhythms

Search This Blog