Customers experience an increasing demand for highly secure and compliant solutions as they face data breaches along with requests from governments to access online customer information. New regulatory requirements such as the General Data Protection Regulation (GDPR), which governs the collection and use of individuals’ data, makes selecting cloud services that help customers achieve trust, transparency, security, and compliance essential. To help customers achieve compliance with national, regional, and industry specific regulations and requirements Azure Database for PostgreSQL and Azure Database for MySQL build upon Microsoft Azure’s compliance offerings to provide the most rigorous compliance certifications to customers at service general availability.
Microsoft Azure has over 50 national, regional, and industry specific compliance offering that Azure Database for PostgreSQL and Azure Database for MySQL leverage as part of Microsoft’s Trusted Cloud foundation of security, privacy, compliance, and transparency. To learn more and access additional resources, visit the Microsoft Trust Center.
What are the compliance offerings for Azure Database for PostgreSQL and Azure Database for MySQL and what do they mean for customers?
Azure Database for PostgreSQL and Azure Database for MySQL are certified compliant for:
Today, I am excited to announce the general availability (GA) of Azure Database for MySQL and Azure Database for PostgreSQL. The GA milestone means that, starting today, these services are bringing the community versions of MySQL and PostgreSQL with built-in high availability, a 99.99% availability SLA, elastic scaling for performance, and industry leading security and compliance to Azure.
Since we started the preview of MySQL and PostgreSQL on Azure in May 2017, we have accomplished a lot, increasing compute scale up to 32 vCores, offering a new Memory Optimized tier, ability to scale storage on-line independent of compute without impact to application performance, allowing greater flexibility in backup storage options, and achieving industry compliance with ISO, SOC, and HIPAA. We will be compliant with the General Data Protection Regulation (GDPR) when enforcement begins on May 25, 2018. In addition, with availability in 22 regions worldwide, these services are truly global. The reach of the services remains a key focus for us, and we continue to work on providing availability across all 40+ Azure regions, which we expect to deliver in coming months. In the video below, my colleague Sunil Kamath shares some of the key benefits of adopting Azure database
Selecting a secure cloud services provider is one of the most fundamentally important decisions customers make. Customers must build their applications and services upon a secure trusted foundation. Azure Database for PostgreSQL and Azure Database for MySQL inherit the fundamentally proven trusted security architecture from Microsoft Azure. Azure has over 50 national, regional and industry specific compliance offering that Azure Database for PostgreSQL and Azure Database for MySQL leverage as part of Microsoft’s Trusted Cloud foundation of security, privacy, compliance, and transparency. To learn more and access additional resources, visit the Microsoft Trust Center. Azure Database for PostgreSQL and Azure Database for MySQL protection starts with Azure network security. Azure networking provides Distributed Denial of Service (DDoS) protection at the network edge for all Azure services and all network traffic between Azure datacenters that stays on Azure’s global network and does not travel over the Internet. To learn more please read Yousef Khalidi’s blog post on Azure network security.
Security for Azure Database for PostgreSQL and Azure Database for MySQL is built into the service as depicted above. Azure Database for PostgreSQL and Azure Database for MySQL share a common layered security model. Neither database service node is exposed
As we know, the index is one of the most powerful tools for optimizing database performance. As you insert, update, and delete rows, indexes become more fragmented and less effective. Because of this, DBAs regularly do index rebuild operations.
With the growing sizes of databases, index rebuilds can take a very long time. Combine that with the business needs for your applications to be always available and performant and this can be an issue. Big OLTP environments with busy workloads often have very short maintenance windows with some too short to execute large index rebuild operations.
Fit rebuild operations into limited maintenance windows
With ROIR (Resumable Online Index Rebuild), you can configure a rebuild to execute only during a maintenance window of defined length. Previously, if an index operation ran longer than the maintenance window the DBA would have to abort the index operation and run it again from the start later. If an index operation regularly took longer than the desired maintenance window there was no way to work around this. With ROIR, the user can simply define a max duration for the rebuild according to the maintenance window.
ALTER INDEX [ix_CustomerIDs] ON [ContosoSales].[ConstosoTransactionData] REBUILD WITH (ONLINE =
We are delighted to announce the public preview of SQL Information Protection, introducing advanced capabilities built into Azure SQL Database for discovering, classifying, labeling, and protecting the sensitive data in your databases. Similar capabilities are also being introduced for on-premises SQL Server via SQL Server Management Studio.
Discovering and classifying your most sensitive data, including business, financial, healthcare, and PII, can play a pivotal role in your organizational information protection stature. It can serve as infrastructure for:
Helping meet data privacy standards and regulatory compliance requirements, such as GDPR. Data-centric security scenarios, such as monitoring (auditing) and alerting on anomalous access to sensitive data. Controlling access to and hardening the security of databases containing highly sensitive data. What is SQL Information Protection?
SQL Information Protection (SQL IP) introduces a set of advanced services and new SQL capabilities, forming a new information protection paradigm in SQL aimed at protecting the data, not just the database:
Discovery and recommendations – The classification engine scans your database and identifies columns containing potentially sensitive data. It then provides you an easy way to review and apply the appropriate classification recommendations via the Azure portal. Labeling – Sensitivity classification labels can be persistently tagged on
Azure SQL Database Premium tier supports multiple redundant replicas for each database that are automatically provisioned in the same datacenter within a region. This design leverages the SQL Server AlwaysON technology and provides resilience to server failures with 99.99% availability SLA and RPO=0. With the introduction of Azure Availability Zones, we are happy to announce that the SQL Database now offers built-in support of the Availability Zones in its Premium service tier. By placing the individual database replicas to different availability zones, it makes the Premium databases resilient to the much larger set of failures, including catastrophic datacenter outages. The built-in support of Availability Zones further enhances the High Availability (HA) solutions in Azure SQL Database. For more information see High-availability and Azure SQL Database.
To take advantage of this capability, you simply select the zone redundant option during the database or elastic pool creation. You can also enable it for existing databases or pools. If the availability zones are supported in the region where your database or pool is deployed, Azure SQL will automatically reconfigure it without any downtime.
You can use the Azure portal to enable zone redundant database configuration as illustrated on the following diagram.
The confluence of cloud, data and AI is driving unprecedented change. The ability to utilize data and turn it into breakthrough actions and experiences, is foundational to innovation today. Organizations are using cloud technologies to accelerate the innovation that drives their business—migrating applications and data to the cloud is a key initiative within this strategy.
Only Microsoft delivers a consistent and global platform optimized for hybrid cloud for all applications and data. Microsoft provides the flexibility to maintain consistent hybrid cloud environments, while also providing rich choice of migration and modernization options. This consistency enables you to distribute your applications and data workloads on your terms, without the complexity of having to maintain different skillsets, systems, and tools while extracting the insights from data to drive innovation.
Today, we are excited to announce investments that dramatically expand the choice and ROI of moving your SQL Server and open source applications to Azure. SQL Server customers can now try the preview for SQL Database Managed Instance, Azure Hybrid Benefit for SQL Server license benefit which can help customers save up to 30%*, and Azure Database Migration Service preview for Managed Instance. Additionally, we are excited to announce the preview for
This blog post was co-authored by Eric Hudson, Senior Product Marketing Manager, CADD & AI.
We’re excited to announce the preview of Azure SQL Database Managed Instance, a new deployment option in SQL Database that streamlines the migration of SQL Server workloads to a fully managed database service. This new Managed Instance deployment option provides full SQL Server engine compatibility and native virtual network (VNET) support.
“SQL Managed Instance is that happy medium we were looking for. We needed the power and compatibility of SQL Server, but without the management overhead and cost that comes with running VMs 24×7. Not only will we get that power and ease of management, we’ll also be able to use the Azure Hybrid Benefit, which allows us to use our existing SQL Server licensing through Software Assurance. Developing, deploying, and managing our application is getting a whole lot easier and cheaper with Azure and SQL Managed Instance.”
Robert Shurbet, Senior Software Development Professional, Pivot Technology Solutions
Migrate your databases to a fully-managed service
Azure SQL Database is a fully-managed database service, which means that Microsoft operates SQL Server for you and ensures its availability and performance. SQL Database also includes innovative
Azure database services for MySQL and PostgreSQL are fully managed, enterprise-ready services built using community version of MySQL and PostgreSQL database engines respectively. These services come with built-in high availability and ability to elastically scale compute and storage independently in seconds, helping you to easily adjust resources and respond faster to market and customer demands. Additionally, you benefit from unparalleled security and compliance, Azure IP advantage, as well as Azure’s industry leading global reach.
Since we announced these services in preview last year, users have been providing feedback helping drive product improvements and new features. As part of executing on customer feedback, I am really excited to announce the changes to the pricing model that will provide customers with more flexibility and help optimize costs.
Since the preview launch, we have been offering the Basic and Standard pricing tiers. We are continuing with the Basic tier, re-naming Standard to General Purpose and introducing a new premium tier called Memory Optimized to cater to workloads requiring faster in-memory performance. For more information about the General Purpose and Memory Optimized tiers, and when to use them, visit MySQL and PostgreSQL documentation.
Changing from “compute units” to vCores
Beginning today you
This blog post was co-authored by Anitha Adusumilli, Principal Program Manager, Azure Networking.
We are excited to announce the general availability of Virtual Network (VNet) Service Endpoints for Azure SQL Database in all Azure regions. This ability allows you to isolate connectivity to your logical server from only a given subnet or set of subnets within your virtual network. The traffic to Azure SQL Database from your VNet will always stay within the Azure backbone network. This direct route will be preferred over any specific routes that take Internet traffic through virtual appliances or on-premises.
There is no additional billing for virtual network access through service endpoints. Current pricing model for Azure SQL DB applies as is.
VNet service endpoints for SQL Data Warehouse (DW) continues to be in public preview, for all Azure regions.
Firewall rules and VNet Service Endpoints can be used together
Turning on VNet Service Endpoints does not override Firewall rules that you have provisioned on your SQL Server or Database. Both continue to be applicable.
VNet Service Endpoints don’t extend to on-premises. To allow access from on-premises, Firewall rules can be used to limit connectivity only to your public (NAT) IPs.
To enable VNet