Azure SQL Database and Data Warehouse offer encryption-at-rest by providing Transparent Data Encryption (TDE) for all data written to disk, including databases, log files and backups. This protects data in case of unauthorized access to hardware. TDE provides a TDE Protector that is used to encrypt the Database Encryption Key (DEK), which in turn is used to encrypt the data. With the TDE and Bring Your Own Key (BYOK) offering currently in preview, customers can take control of the TDE Protector in Azure Key Vault.
Taking advantage of TDE with BYOK for databases that are geo-replicated to maintain high availability requires to configure and test the scenario carefully. This post will go over the most common configuration options.
To avoid creating a single point of failure in active geo-replicated instances or SQL failover groups, it is required to configure redundant Azure Key Vaults. Each geo-replicated server requires a separate key vault, that must be co-located with the server in the same Azure region. Should a primary database become inaccessible due to an outage in one region and a failover is triggered, the secondary database is able to take over using the secondary key vault.
For Geo-Replicated Azure SQL databases, the
Azure SQL Data Warehouse recently announced the preview release of the Optimized for Compute performance tier providing customers with an enhanced offering of the service. With this major release, the service now has a 5X increase in compute scalability and unlimited storage for columnar data. Along with the increased capacity, customers are realizing an average increase of 5X in performance for query workloads. For existing Optimized for Elasticity customers wanting to capitalize on these benefits, there is now an option to seamlessly upgrade via the Azure Portal. The easy to use upgrade experience via the Azure Portal has no downtime associated with exporting and reimporting of the data.
Upgrade to optimize for performance
You can now upgrade to the latest performance tier within the Azure Portal. This will result in no change to your connection string details:
To learn more about the upgrade process, visit our upgrade documentation. If you need help for a POC, contact us directly. Stay up-to-date on the latest Azure SQL DW news and features by following us on Twitter @AzureSQLDW.
This blog post was co-authored by James Ashley, MR and AI Architect, Microsoft MVP.
Developers sometimes get anxious when it comes to hooking up a database for their apps. However, with Azure Database for MySQL and Azure Database for PostgreSQL, quickly propping up and accessing a relational database is a piece of cake. These lightweight, open source database services provide a great way to get small apps and prototypes started with very little effort. Without any extra work on your part, you can automatically take advantage of built-in security, fault tolerance, and data protection. You also can use point-in-time restore to recover a server to an earlier state—as far back as 35 days.
Azure Database for MySQL and Azure Database for PostgreSQL will work with whatever kind of project you are creating, whether it is a Linux app running in a Docker container orchestrated by Kubernetes, a computer vision service using Python, or a simple ASP.NET website to display travel photos. If your app needs a relational database, you can easily plug one in and start writing to it with guidance from these connect & query quickstarts:
Azure Database for MySQL
We have made some great improvements to the SQL elastic pool configuration experience in the Azure portal. These changes are released alongside the new vCore-based purchasing model for elastic pools and single databases. Our goal is to simplify your experience configuring elastic pools and ensure you are confident in your configuration choices.
Changing service tiers for existing pools
Existing elastic pools can now be scaled up and down between service tiers. You can easily move between service tiers and discover the one that best fits your business needs. You can also switch between the DTU-based and the new vCore-based service tiers. You can also scale down your pool outside of business hours to save cost.
Simplifying configuration of the pool and its databases
Elastic pools offer many settings for customers to customize. The new experience aims to separate and simplify each aspect of pool management, between the pool settings, database settings, and database management. This enables you to more easily reason over each of these aspects of the pool while being able to save all settings changes in one batch.
Understanding your bill with new cost summary
The preview for long-term backup retention in Azure SQL Database was announced in October 2016, providing you with a way to easily manage long-term retention for your databases – up to 10 years – with backups stored in your own Azure Backup Service Vault.
Based upon feedback gathered during the preview, we are happy to announce a set of major enhancements to the long-term backup retention solution. With this update we have eliminated the need for you to deploy and manage a separate Backup Service Vault. Instead, SQL Database will utilize Azure Blob Storage under the covers to store and manage your long-term backups. This new design will enable flexibility for your backup strategy, and overall more control over costs.
This update brings you the following additional benefits:
More regional support – Long-term retention will be supported in all Azure regions and national clouds. More flexible backup policies – You can customize the frequency of long-term backups for each database with policies covering weekly, monthly, yearly, and specific week-within-a-year backups. Management of individual backups – You can delete backups that are not critical for compliance. Streamlined configuration – No need to provision a separate backup service vault. What happens with
We’re excited to announce the preview of an additional purchasing model to the Azure SQL Database Elastic Pool and Single Database deployment options. Recently announced with SQL Database Managed Instance, the vCore-based model reflects our commitment to customer choice by providing flexibility, control, and transparency. As with Managed Instance, the vCore-based model makes the Elastic Pool and Single Database options eligible for up to 30 percent savings* with the Azure Hybrid Benefit for SQL Server.
Optimize flexibility and performance with two new service tiers
The new vCore-based model introduces two service tiers, General Purpose and Business Critical. These tiers let you independently define and control compute and storage configurations, and optimize them to exactly what your application requires. If you’re considering a move to the cloud, the new model also provides a straightforward way to translate on-premises workload requirements to the cloud. General Purpose is designed for most business workloads and offers budget-oriented, balanced, and scalable compute and storage options. Business Critical is designed for business applications with high IO requirements and offers the highest resilience to failures.
Choosing between DTU and vCore-based performance levels
You want the freedom to choose what’s right for your workloads and we’re committed
Azure SQL Database and Data Warehouse offer encryption-at-rest by providing Transparent Data Encryption (TDE) for all data written to disk, including databases, log files and backups. This protects data in case of unauthorized access to hardware. TDE provides a TDE Protector that is used to encrypt the Database Encryption Key (DEK), which in turn is used to encrypt the data. The TDE protector is by default managed by the service in a fully transparent fashion, rotated every 90 days and maintained in archive for access to backups. Optionally management of the TDE Protector can be assumed by the customer if more control is desired. This requires storing the TDE protector in a customer-owned Azure Key Vault. If this option is chosen, it is important to fully understand all TDE implications and carefully plan for ongoing key management.
Overview of TDE with customer managed keys and Azure Key Vault integration:
In this scenario, customers must maintain Azure Key Vault, control SQL Database permissions to Azure Key Vault and maintain access to all TDE Protectors to open or restore databases or backups and enable all other operations that require database access to the TDE Protector. The following checklist will help to
We are excited to announce the general availability of Azure SQL Data Warehouse in three additional regions— Japan West, Australia East, and India West. These additional locations bring the product worldwide availability count to all 33 regions – more than any other major cloud data warehouse provider. With general availability, you can now provision SQL Data Warehouse across 33 regions with financially backed SLA of 99.9 per cent availability.
SQL Data Warehouse is a high-performance, secure, and compliant SQL analytics platform offering you a SQL-based view across data and a fast, fully managed, petabyte-scale cloud solution. It is elastic, enabling you to provision in minutes and scale up to 60 times larger in seconds. It comes standard with Geo-Backups, which enable geo-resiliency of your data and allows your data warehouse to be restored to any region in Azure in the case of a region-wide failure.
Azure regions provide multiple, physically separated and isolated availability zones connected through low latency, high throughput, and highly redundant networking. Starting today, customers can leverage these advanced features across 33 regions.
Begin today and experience the speed, scale, elasticity, security, and ease of use of a cloud-based data warehouse for yourself. You can see
We are pleased to announce the general availability of Clustered and NonClustered Columnstore indexes for Standard databases in the S3 and above pricing tiers. These features will enable a number of new and valuable scenarios:
Functional dev/test for columnstore based applications, without needing to pay for Premium tier databases for testing purposes. (Of course performance testing should always be done at the target performance configuration.) Deploying applications with columnstore-based storage which do not have the mission critical performance and availability requirements found in Premium tier database requirements. Application vendors can now develop an application which leverages columnstore functionality and deploy it on both Standard and Premium performance tiers. Columnstore advantages
Columnstore indexes are designed to be extremely efficient for queries which do scans and aggregations across millions and billions of rows of data. They are fundamentally different structures, which physically group data by column, rather than by row. In OLTP-style workloads, queries typically access one, or a few rows at a time, making traditional index structures the most efficient access path. For analytic queries, organizing data by column means that we only need to read the data for those columns involved in a query, and other columns never need be
We are pleased to announce that firewall and reboot functions are now supported in all three Azure Redis Cache tiers. We have been making these previously premium-only features available to the basic and standard tiers at no additional cost. In addition, we are previewing the ability to pin your Redis instance to specific Availability Zone-enabled Azure regions.
Firewall provides added security for your Azure Redis deployment. It lets you restrict which clients can connect to your Redis cache based on their IP addresses. You can create a firewall rule for each IP address range that your Redis clients use. Once you enable firewall, by specifying at least one rule only those requests coming from IP addresses that fall into the defined IP range(s) will be accepted by Redis. Redis monitoring endpoints are excluded from firewall rules, however. This prevents accidental network disconnect due to firewall settings and ensures that monitoring will work uninterrupted.
Reboot allows you to restart one or more nodes in your Redis Cache. This function is useful particularly for simulating cache failures and testing how your application would react to them. It is a highly requested feature from User Voice. You can reboot any