Se ha denunciado esta presentación.
Se está descargando tu SlideShare. ×

Introducing Azure SQL Database

Cargando en…3

Eche un vistazo a continuación

1 de 51 Anuncio

Introducing Azure SQL Database

Descargar para leer sin conexión

Azure SQL Database (SQL DB) is a database-as-a-service (DBaaS) that provides nearly full T-SQL compatibility so you can gain tons of benefits for new databases or by moving your existing databases to the cloud. Those benefits include provisioning in minutes, built-in high availability and disaster recovery, predictable performance levels, instant scaling, and reduced overhead. And gone will be the days of getting a call at 3am because of a hardware failure. If you want to make your life easier, this is the presentation for you.

Azure SQL Database (SQL DB) is a database-as-a-service (DBaaS) that provides nearly full T-SQL compatibility so you can gain tons of benefits for new databases or by moving your existing databases to the cloud. Those benefits include provisioning in minutes, built-in high availability and disaster recovery, predictable performance levels, instant scaling, and reduced overhead. And gone will be the days of getting a call at 3am because of a hardware failure. If you want to make your life easier, this is the presentation for you.


Más Contenido Relacionado

Presentaciones para usted (20)

A los espectadores también les gustó (20)


Similares a Introducing Azure SQL Database (20)

Más de James Serra (19)


Más reciente (20)

Introducing Azure SQL Database

  1. 1. Introducing Azure SQL Database James Serra Big Data Evangelist Microsoft
  2. 2. About Me  Microsoft, Big Data Evangelist  In IT for 30 years, worked on many BI and DW projects  Worked as desktop/web/database developer, DBA, BI and DW architect and developer, MDM architect, PDW/APS developer  Been perm employee, contractor, consultant, business owner  Presenter at PASS Business Analytics Conference, PASS Summit, Enterprise Data World conference  Certifications: MCSE: Data Platform, Business Intelligence; MS: Architecting Microsoft Azure Solutions, Design and Implement Big Data Analytics Solutions, Design and Implement Cloud Data Platform Solutions  Blog at  Former SQL Server MVP  Author of book “Reporting with Microsoft SQL Server 2012”
  3. 3. Azure SQL Database benefits *Data source & customer quotes: The Business Value of Microsoft Azure SQL Database Services, IDC, March 2015 “Now, those people can do development and create more revenue opportunities for us.” Increased productivity 47% staff hours reclaimed for other tasks “We can get things out faster with Azure SQL Database” Faster time to market 75% faster app deployment cycles “To be able to do what we’re doing in Azure, we’d need an investment of millions.” Lower TCO 53% less expensive than on-prem/hosted “The last time we had downtime, a half a day probably lost us $100k” Reduced risks 71% fewer cases of unplanned downtime Other Azure SQL Database DB management hours
  4. 4. Key benefits The intelligent cloud database Differentiating proof Learns and adapts Scales on the fly Manages 1000s, like one Works in your environment Secures & protects Self-tuning performance with Index Advisor and real-time Threat Detection One click scaling, over 11 performance tiers with zero downtime Tenant isolation and automatic management of compute and storage with Elastic Pools Popular platforms & languages, from Python to Ruby to Java to C# to .NET Built-in HA and data protection with 99.99% SLA, Geo-Replication, & Point-in-time-Restore
  5. 5. Azure SQL Database The developer’s intelligent cloud-database service • Built for application developers • Lets you focus on your business application • Accelerates your time to market • Built-in advisors learn your app’s unique characteristics; adapts to maximize performance, reliability, and data protection • Helps you build secure apps and connect to your database by supporting the languages and platforms that you prefer
  6. 6. Data platform continuum Hybrid Cloud On premises Shared Lower cost Dedicated Higher cost Higher administration Lower administration Off premises
  7. 7. How is it different from VMs? Best for… TCO benefits SQL Server in a VM Azure SQL Database Scalability Resources
  8. 8. Learns and adapts Intelligent capabilities • Suggests actions for how to optimize your database performance • Automatically implements solutions that adapt to the app’s needs • Ultimately gives you time back to focus on your business
  9. 9. • Built-in performance monitoring with intelligent advisors helps reduce troubleshooting time • The Azure management portal exposes real-time metrics • Azure SQL Database includes Intelligent advisors: o Database Advisor o Query Performance Insight o Query Store Intelligent capabilities
  10. 10. Database Advisor • Index tuning recommendations tailored to each DB • Recommendations are based on the observed usage, and evolve as the DB workload changes • Support for CREATE and DROP index • Intelligent service for implementing and validating the index recommendations • Full-auto mode – service takes full care of the indexes for your DB • Manual “review and apply” mode for full control • Report + visualization of index impact • Parameterize query recommendations • Fix schema issues recommendations SQL Database Index Advisor Tuning Models Azure Cloud Improve the database with recommendations
  11. 11. Query Performance Insight See the most CPU-intensive queries: • Customize your view by selecting observation interval, number of queries, and aggregation type • View aggregated statistics about your workload: total duration and number of executions Drill down to a specific query: • Get granular view on query execution intervals • View query text See how database resources are being consumed
  12. 12. Query Store Comprehensive query-performance information when you need it most Queries Workload-data recorder for your database: • Queries, plans, and compilation and runtime statistics available at your fingertips • Allows you to easily identify and fix performance issues in the minutes Enables the following scenarios: • Finding regressed queries • Identifying top resource consuming queries • Ad-hoc workload optimization • Smooth application upgrades ? SQL Database Query Store Deeper Insight
  13. 13. Scale on the fly • Predictable performance • Scales performance • No app downtime • Pay for what you need • In-Memory & Real-time operational analytics
  14. 14. Designed for predictable performance Across Basic, Standard, and Premium, each performance level is assigned a defined level of throughput Introducing the Database Transaction Unit (DTU) which represents database power and replaces hardware specs Redefined Measure of power % CPU % read % write % memory Basic — 5 DTU S0 — 10 DTU S1 — 20 DTU S2 — 50 DTU S3 — 100 DTU DTU is defined by the bounding box for the resources required by a database workload and measures power across the six performance levels. P1 — 125 DTU P2 — 250 DTU P4 — 500 DTU P6 — 1,000 DTU P11 — 1,750 DTU P15 — 4,000 DTU
  15. 15. SQL Database service tiers (single DB model) *The 99.99% availability SLA does not apply to the existing Web and Business editions, which will continue to be supported at 99.9% availability. Built For Available SLA Max Storage Business Continuity Security Performance Objectives Database Transaction Units (DTUs) Available Tiers ($/Month) and GA Price Point-in-time Restore (“oops” Recovery) BASIC PREMIUMSTANDARD P1S0 Light transactional workloads Medium transactional workloads Heavy Transactional Workloads 99.99%* 2 GB 250 GB 500 GB Any point within 7 days Any point within 14 days Any point within 35 days Geo-restore, Active geo-replication, up to four readable secondary backups Always Encrypted, Transparent Data Encryption, Azure Active Directory authentication, Auditing, row-level security, dynamic data masking Transactions per hour Transactions per minute Transactions per second 5 $4.99 S1 S2 S3 P2 P4 P6 P11 10 20 50 100 $15 $30 $75 $150 125 250 500 1,000 1,750 $465 $930 $1,860 $3,720 $7,001 1 TB
  16. 16. Scale DTU’s
  17. 17. Dashboard views of metrics Get in-depth views via Portal and APIs.Monitor
  18. 18. In-Memory technology for real-time performance In-Memory Analytics In-Memory OLTP Breakthrough Performance Real-time Operational Analytics Real-time business insight based on operational data Expedite query and transaction processing speed Up to 30x faster transactions 100x performance gains
  19. 19. Multitenant efficiency • Maximize efficiency with elastic database pools • Manage and monitor growth without the administrative overhead of managing each database Build multitenant apps with isolation and efficiency
  20. 20. Elastic Database Shares Elastic Database Transaction Units (eDTUs) across many databases Customer 1 Customer NCustomer 3Customer 2 Elastic Database auto-scales eDTUs as needed Auto-scaling you control. • Pools automatically scale performance and storage capacity for elastic databases on the fly. • You can control the performance assigned to a pool, add or remove elastic databases on demand, and define performance of elastic databases without affecting the overall cost of the pool. • Don’t worry about managing the usage needs of individual databases.
  21. 21. Auto-scale up to 5 eDTUs per database Auto-scale up to 100 eDTUs per database Auto-scale up to 1,000 eDTUs per database Basic Standard Premium Elastic Pools Buy fixed number of eDTUs, share the compute across many databases Customer 1 Customer NCustomer 2 Customer 3 …
  22. 22. SQL Database service tiers (elastic DB model) Built For Available SLA eDTU range per pool Business Continuity Security Available Tiers ($/Month) and GA Price Basic Pool Premium PoolStandard Pool Light transactional workloads Medium transactional workloads Heavy Transactional Workloads 99.99%* 100-1,200 100-1,200 125-1,500 Always Encrypted, Transparent Data Encryption, Azure Active Directory authentication, Auditing, row-level security, dynamic data masking Any point within 7 days Any point within 35 days Any point within 35 days Max # of DBs/Pool Point-in-time Restore (“Oops” Recovery) Performance Objectives 400 400 50 Geo-restore, restore to any Azure region & Active geo-replication, up to four online (readable) secondary backups Transactions per hour Transactions per minute Transactions per second $149–$1,800/month $223–$2,701/month $697–$8,370/month *The 99.99% availability SLA does not apply to the existing Web and Business editions, which will continue to be supported at 99.9% availability.
  23. 23. Elastic Tools Elastic database jobs Elastic database queries Elastic database transactions Support management and increased efficiency for multi-database environments manage operational activities across multiple databases
  24. 24. Protects and secures your app data • Built-in protection and security • Meets stringent regulatory- compliance requirements • Minimal custom coding • Advanced encryption technologies • Powerful business-continuity features
  25. 25. Reads are completed at the primary Writes are replicated to secondaries Single logical database Write Write Ack Ack Read value write Ack Critical capabilities:  Create new replica  Synchronize data  Stay consistent  Detect failures  Failover  99.99% availability High-availability platform
  26. 26. Protect from data loss or corruption Automatic backups Self-service restore Tiered retention policy – 7 days Basic – 35 days Standard*, Premium Restore from backup SQL Database Backups sabcp01bl21 Azure Storage sabcp01bl21 Restore to point-in-time or to point-of-deletion *new
  27. 27. Restore from geo-redundant backups maintained in Azure Storage Restore to any Azure region Built-in disaster recovery capability available for every database Geo-restore protects from disaster SQL Database Backups sabcp01bl21 Azure Storage sabcp01bl21 Restore to any Azure region Geo-redundant
  28. 28. Active geo-replication Mission critical business continuity Up to 4 secondaries Service levels Basic, Standard and Premium Self Service Readable Secondaries Up to 4 Regions available Any Azure region Replication Automatic, Asynchronous Manageability tools REST API, PowerShell or Azure Portal Recovery Time Objective (RTO) <1 hour Recovery Point Objective <5 mins Failover On Demand
  29. 29. Setup Disaster Recovery
  30. 30. Most secure database Surrounded by layers of protection Mostsecuredatabase Secure Code • Secure development lifecycle • Least vulnerable last 6 years Identity • Windows authentication • Azure Active Directory auth. NEW Monitor activity • SQL threat analytics • SQL auditing NEW Control access • Row-level security • Dynamic data masking NEW NEW Protect data • Always encrypted • Transparent data encryption NEW
  31. 31. Azure Active Directory authentication Manage user identities in one location. Use Azure Active Directory user identities and groups to enable access to Azure SQL Database and other Microsoft services. Benefits include: • Limit proliferation of user identities • Allow password rotation in one place • Eliminate password storing Azure SQL Database Customer 1 Customer 2 Customer 3
  32. 32. Give users access only the rows applicable to their role Simplify the design and coding of security in your apps Administer with SQL Server Management Studio or SQL Server Data Tools Protect data privacy by ensuring the right access across rows SQL Database Customer 1 Customer 2 Customer 3 Row-level security
  33. 33. • Auto-discovery of potentially sensitive data to mask • Configurable masking policy from the Azure portal or via DDL in the server • On-the-fly obfuscation of data in query results • Flexibility to define a set of privileged users for un-masked data access Limit the exposure of sensitive data by hiding it from users Azure SQL Database Table.PhoneNo +1-313-555-5796 +972-4-777-1978 +1-248-666-6550 On-the-fly masking of sensitive data in query results Dynamic data masking PhoneNum XXX-XXX-5796 XXX-XXX-1978
  34. 34. Encryption type Type Customer value Encryption-in-transit Transport Layer Security (TLS) from the client to the server Protects data between the client and the server against snooping and man-in-the-middle attacks. Azure SQL Database is phasing out Secure Sockets Layer (SSL) 3.0 and TLS 1.0 in favor of TLS 1.2. Encryption-at-rest Transparent Data Encryption (TDE) for Azure SQL Database Protects data on the disk. Key management is done by Azure, which makes it easier to obtain compliance. Encryption-end-to-end Always Encrypted for client-side column encryption Data is protected end-to-end, but the application is aware of encrypted columns. This is used in the absence of data masking and TDE for compliance-related scenarios. Database files, backups, Tx log, TempDB Customer data In-transit At-rest End-to-end Azure SQL Database encryption: overview
  35. 35. Encryption Overview SQL Database
  36. 36. Threat Detection Azure SQL Database Malicious insider External attacker • Retain an audit trail of selected events and activities • Report on database activity— preconfigured reports and a dashboard help get you started quickly • Analyze reports to find suspicious events, unusual activities, and trends • Receive proactive alerts about activities that might indicate potential security threats using the new Threat Detection feature Gain real-time insights and streamline compliance-related tasks Auditing Audit log Azure Storage Auditing and Threat Detection
  37. 37. • Configure Threat Detection policy in the Azure portal • Receive alerts from multiple database-threat detectors that identify anomalous activities • Explore the audit log around the time of an event Detects anomalous database activities that could indicate a potential threat Threat Detection Azure SQL Database Threat Detection ALERTS Malicious insider External attacker Web app Alert
  38. 38. Compliance SOC 1 Type 2 and SOC 2 Type 2 ISO/IEC 27001 FedRAMP/FISMA HIPAA business associate agreement (BAA) PCI DSS Level 1 EU Model Clauses
  39. 39. Microsoft-backed Built-in regional database replicas for additional protection Uptime SLA of 99.99%* Single support vendor across Azure cloud services Peace of mind over your cloud investments *Web & Business tiers remain backed by 99.9% uptime SLA.
  40. 40. Familiar & self-managed Remove virtually all infrastructure maintenance with SQL Database which provides automatic software patching as part of the service
  41. 41. Familiar Choice of management tools; APIs, Azure Management Portal with HTML5 support, or SQL Server Management Studio. Leverage SQL Server skills across on-premises and cloud environments with a familiar relational foundation and T-SQL functions, including spatial data support for location-based apps. Tools Compatible Support seamless development on or offline and across on- premises and cloud-designed apps with Visual Studio. Extend existing applications to the cloud with DAC framework support. Flexible dev
  42. 42. Near-complete SQL compat; more performance Online index rebuild capability for clustered and non- clustered indices for greater availability. Build highly optimized schemas to improve query processing with table partitioning support. Access Common Language Runtime (CLR) and define CLR Types, aggregates, functions and procedures written in C#. Support for additional Dynamic Management Views (DMVs) for deeper insight into application health. In preview: Extended Events New features come to SQL Database first! Broader SQL Server support for improved compatibility on Azure
  43. 43. Self-managed continuity Remove virtually all infrastructure maintenance through automatic software patching. Built-in system replicas and automatic failover help protect data and uptime. Built-in Maintenance Fault Tolerance
  44. 44. Flexibility to work your way Platforms Tools Azure management portal with HTML5 support, Windows PowerShell, REST APIs, SQL Server Management Studio, and Visual Studio Languages Frameworks Your Azure solution Build secure apps that connect with the languages and platforms that you prefer
  45. 45. T-SQL Editor in the Portal
  46. 46. Azure SQL Database service tiers
  47. 47. SQL Server Management Studio (SSMS) SQL Azure Migration Wizard (SAMW) SQL Server Data Tools in Visual Studio SQL Server 2016 Upgrade Advisor Preview Migration tools My blog: Migrate from on-prem SQL server to Azure SQL Database
  48. 48. Azure SQL Database Transact-SQL differences  Server-level activities  Features that relate to high availability which is managed through your Microsoft Azure account: backup, restore, AlwaysOn, database mirroring, log shipping, recovery modes  Features that rely upon the log reader: Replication, Change Data Capture  FILESTREAM  Global temporary tables  Hardware related server settings: memory, worker threads, CPU affinity, trace flags, etc. Use service levels instead  Linked servers, OPENQUERY, OPENROWSET, OPENDATASOURCE, BULK INSERT, 3 and 4 part names  .NET Framework CLR integration with SQL Server  Resource governor  Semantic search  SQL Server Profiler  Transact-SQL debugging  Triggers: Server-scoped or logon triggers  USE statement 
  49. 49. Azure getting started • Free Azure account, $200 in credit, • Startups: BizSpark, $750/month free Azure, BizSpark Plus - $120k/year free Azure, • MSDN subscription, $150/month free Azure, offers/msdn-benefits/ • Microsoft Educator Grant Program, faculty - $250/month free Azure for a year, students - $100/month free Azure for 6 months, offers/msdn-benefits/ • Microsoft Azure for Research Grant, us/projects/azure/default.aspx • DreamSpark for students, • DreamSpark for academic institutions: • Various Microsoft funds
  50. 50. Q & A ? James Serra, Big Data Evangelist Email me at: Follow me at: @JamesSerra Link to me at: Visit my blog at: (where this slide deck will be posted)

Notas del editor

  • So you have been running on-prem SQL Server for a while now.  Maybe you have taken the step to move it from bare metal to a VM, and have seen some nice benefits.  Ready to see a TON more benefits?  If you said “YES!”, then this is the session for you as I will go over the many benefits gained by moving your on-prem SQL Server to an Azure VM (IaaS).  Then I will really blow your mind by showing you even more benefits by moving to Azure SQL Database (PaaS/DBaaS).  And for those of you with a large data warehouse, I also got you covered with Azure SQL Data Warehouse.  Along the way I will talk about the many hybrid approaches so you can take a gradual approve to moving to the cloud.  If you are interested in cost savings, additional features, ease of use, quick scaling, improved reliability and ending the days of upgrading hardware, this is the session for you!
  • Fluff, but point is I bring real work experience to the session
  • One of the first things to understand in any discussion of Azure versus on-premises SQL Server databases is that you can use it all. Microsoft’s Data Platform leverages SQL Server technology and makes it available across physical on-premises machines, private cloud environments, third party hosted private cloud environments, and public cloud. This enables you to meet unique and diverse business needs through a combination of on-premises and cloud-hosted deployments, while using the same set of server products, development tools, and expertise across these environments.

    As seen in the diagram, each offering can be characterized by the level of administration you have over the infrastructure (on the X axis), and by the degree of cost efficiency achieved by database level consolidation and automation (on the Y axis).
    When designing an application, four basic options are available for hosting the SQL Server part of the application:
    SQL Server on nonvirtualized physical machines
    SQL Server in on-premises virtualized machines (private cloud)
    SQL Server in Azure Virtual Machine (public cloud)
    Azure SQL Database (public cloud)
  • The SQL Database service was designed to build cloud designed applications. What do I mean when I say cloud-designed? I am talking about applications that can scale dynamically across multiple nodes during peak demand and have the ability to scale down to fewer nodes during normal demand, dynamically. SQL Database service is a scale out relational database and ideal for cloud applications, where demand often times in not predictable. It offers the ability to architect your database application to use database sharding for dynamic scalability across multiple nodes. This is a unique design point that lets customers gain the full benefits of cloud scalability. 3M did just that by building Visual Attention Service (VAS) software, which measures marketing effectiveness of products, on SQL Database service. This VAS application has seen over 400x growth in demand and SQL Database was able to scale out to meet demand without problem and reduce in capacity during nominal demand. 3M not only realized infrastructure and data platform management cost saving, but also 50% revenue growth by being able to scale dynamically to capture all demand. They view SQL Database as a providing cost effective scalability and with an SLA for the infrastructure and the database, it less they have to manage and worry about, as they highlight in their quote. This all adds up to faster time to market for 3M’s VAS software.

  • You can also use the SQL Database service to create hybrid applications like BetonSoft has done. Betonsoft is an online gambling company that wanted to build a highly resilient gaming platform, so the implement SQL Server AlwaysOn on-premises for synchronous replication and used the asynchronous replicas for off loading BI and reporting. To ensure even higher resiliency they decided to move gaming platform error reporting and metric monitoring system off-premises to Microsoft Azure SQL Database so that if there is an issue with the gaming engine the errors and metric can easily recovered from Microsoft Azure. They also decided to move their application marketing engine that needs dynamic scalability during viral marketing pushes to SQL Database as it offered the dynamic scalability they were looking for so they did have to build infrastructure for peak demand. In addition by taking advantage of the many Microsoft Azure data centers they were able to improve their global reach and performance of their marketing applications that promote their gambling platform to users worldwide.

    BetOnSoft develops and manages more than 110 online casino games, played every day by thousands of players worldwide. The company needed to ensure that its games are highly available, and the company wanted to prepare for business growth by scaling its database without impacting application responsiveness.

    The company deployed a hybrid application solution that takes advantage of the high-availability features in Microsoft SQL Server 2012 AlwaysOn and runs several critical services on Microsoft Azure SQL Database for its high availability and fast provisioning. For example, BetOnSoft maintains its error-reporting service in the Microsoft Azure cloud with data stored in Microsoft Azure SQL Database.

    The solution helps BetOnSoft enhance the services it provides to the operators that run the company’s games. Using the monitoring service in SQL Database, the company says it can see where the problems are and if there are certain trends, enabling them to use these metrics to enhance services and improve the overall user experience.
    The company is also seeing dramatically improved availability and scalability—its infrastructure can exceed 10 times its previous peak loads while running intensive real-time data analytics.
    BetOnSoft also says the solution helps simplify administration for BetOnSoft database administrators, with the ability to check the database frequently and easily, as well as offload reporting, helping to reduce time and effort.
  • Resource & tenant administration. With Elastic Database Pools, you gain automatic management and administration of compute and storage across an unlimited number of databases – helping cap your spending, maximize utilization, and effectively scale multitenant apps.
  • By storing your data in Azure SQL Database, you take advantage of many fault tolerance and secure infrastructure capabilities that you would otherwise have to design, acquire, implement, and manage. Azure SQL Database has a built-in high availability subsystem that protects your database from failures of individual servers and devices in a datacenter. Azure SQL Database maintains multiple copies of all data in different physical nodes located across fully independent physical sub-systems to mitigate outages due to failures of individual server components, such as hard drives, network interface adapters, or even entire servers. At any one time, three database replicas are running—one primary and two or more replicas. Data is written to the primary and one secondary replica using a quorum based commit scheme before the transaction is considered committed. If the hardware fails on the primary replica, Azure SQL Database detects the failure and fails over to the secondary replica. In case of a physical loss of a replica, a new replica is automatically created. So there are always at minimum two physical, transactionally consistent copies of your data in the datacenter.
  • Azure Active Directory authentication is a mechanism for connecting to Microsoft Azure SQL Database by using identities in Azure Active Directory. With Azure Active Directory authentication, you can centrally manage the identities of database users and other Microsoft services in a single location. Central identity management provides a single place to manage Azure SQL Database users and simplifies permission management. Benefits include:
    An alternative to SQL Server authentication
    Help in stopping the proliferation of user identities across database servers
    The ability to perform password rotation in a single place
    Management of database permissions using external Azure Active Directory groups
    Elimination of the need to store passwords: it enables integrated Windows authentication and other forms of authentication supported by Azure Active Directory

    Azure Active Directory authentication uses contained database users to authenticate identities at the database level.

    Azure Active Directory members created in the managed domain or with a federated domain can be provisioned in Azure SQL Database.

    Microsoft accounts (for example,, or other guest accounts (for example, are not supported.
    Only one Azure Active Directory administrator (a user or group) can be configured for an Azure SQL Database at any time.
    Only an Azure Active Directory administrator can initially connect to the Azure SQL Database using an Azure Active Directory account. The Azure Active Directory administrator can configure subsequent Azure Active Directory database users.
    Some tools like BI and Excel are not supported.
    Azure Active Directory authentication only supports the .NET Framework Data Provider for SQL Server (at least version in .NET Framework version 4.6). Therefore SQL Server Management Studio (available with SQL Server 2016) and data-tier applications (DAC and .bacpac) can connect, but sqlcmd.exe cannot connect because sqlcmd uses the ODBC provider.
    Two-factor authentication or other forms of interactive authentication are not supported.
  • Row-Level Security is a programmability security feature that can be implemented on databases to enable fine-grained access to rows of data in a table for greater control over which users can access which data. This allows for more flexibility and data protection when multiple logins need to access various records in a database and can help organizations more easily support organizational or industry compliance policies. Row-Level Security is managed at the database level and requires SQL Server Management Studio (SSMS) or SQL Server Data Tools (SSDT) to implement and manage.

    Generally, any application which has multiple users accessing various data records can benefit from Row-Level Security; here are a few key examples:
    A hospital or medical clinic could implement a security policy that allows nurses and doctors to only see data rows for their own patients.
    A bank might implement a security policy to restrict access to financial data rows based on the employee's business division or based on her role within the company.
    A multi-tenant application might store multiple customer records within a single database to achieve cost efficiencies. To ensure greater data security and isolation, a security policy can be implemented to further create a logical separation of each tenant's data rows from other tenant's rows.
  • Dynamic Data Masking is a Security service of Azure SQL Database that enables Azure Administrators to restrict access to sensitive data on productive databases. The sensitive data is persisted in the database in its original format. Based on a Data Masking policy, mask function (full mask / partial mask) is applied on specific fields.

    You may use either the Azure Management Portal, the new Azure Portal, PowerShell or REST API to configure data masking. For the Azure Management Portal, the configuration is under the Auditing & Security Section. For the new Azure Portal there is a dedicated section in the Database Tile.

    Dynamic Data masking is supported across the V12 versions of the Basic, Standard and Premium tiers and is included at no extra cost.
  • Transparent Data Encryption leverages the long-time trusted encryption technology found in SQL Server and brings it to SQL Database V12 databases for encrypting a customer’s database at rest to help further protect against the threat of malicious activity. Transparent data encryption (TDE) performs real-time I/O encryption and decryption of the database, associated backups, and transaction log files. We have leveraged the latest hardware technology in the V12 service architecture to help minimize any performance impact TDE may impose on a customer’s database.

    It is very similar to TDE for SQL Server in that encryption/decryption is completely transparent and requires no changes to an application using a database that is protected by TDE.
    Unlike TDE for SQL Server, the first version of TDE for SQL DB is completely “service-managed” meaning TDE is on by default and all keys incl. rotation, backups are managed by the service. TDE for SQL DB currently does not offer an EKM option which will be provided in version 2 (see below).

    Currently, TDE uses a database encryption key (DEK) protected by a TDE certificate. The certificate is stored in the SQL Database service on separate physical hardware for availability during recovery. We will explore additional key storage options at a future date.
  • Always Encrypted is a feature designed to protect and extra measure of protection to sensitive data, such as credit card numbers or national identification numbers (e.g. U.S. social security numbers), stored in SQL Server databases and in Azure SQL Database. This feature protects data while it is most vulnerable: while it is being used.
    Always Encrypted allows clients to encrypt sensitive data inside client applications and never reveal the encryption keys to SQL Server. As a result, Always Encrypted provides a separation between those who own the data (and can view it) and those who manage the data (but should have no access). By ensuring on-premises database administrators, cloud database operators, or other high-privileged, but unauthorized users, cannot access the encrypted data, Always Encrypted enables customers to confidently store sensitive data outside of their direct control. This allows organizations to encrypt data at rest and in use for storage in Azure, to enable delegation of on-premises database administration to third parties, or to reduce security clearance requirements for their own DBA staff.
    Always Encrypted makes encryption transparent to applications. An Always Encrypted-enabled driver installed on the client computer achieves this by automatically encrypting and decrypting sensitive data in the SQL Server client application. The driver encrypts the data in sensitive columns before passing the data to SQL Server, and automatically rewrites queries so that the semantics to the application are preserved. Similarly, the driver transparently decrypts data, stored in encrypted database columns, contained in query results. Data is thus encrypted even during transactions and computations.

    Compare SQL Data Sync to Active Geo-Replication
  • Based on customer feedback, Azure SQL Database is introducing new service tiers to help customers more easily innovate with cloud-designed database workloads. At the heart of this change, the new tiers deliver predictable performance across a spectrum of six performance levels for light- to heavy-weight transactional application demands. Additionally, the new tiers offer a spectrum of business-continuity features, a stronger uptime SLA, larger database sizes for less money, and an improved billing experience.
  • Migration tools
    Tools used include SQL Server Management Studio (SSMS), the SQL Server tooling in Visual Studio, and the SQL Azure Migration Wizard (SAMW), as well the preview of the new Azure management portal. Be sure to install the latest versions of the client tools as earlier versions are not compatible with the preview of the latest SQL Database Update. The role of each tool is summarized below together with a link for installing/accessing the latest version.
    Preview Azure Management Portal
    The preview Azure management portal ( is required to create servers using the latest SQL Database Update or to migrate existing servers and databases. You can find out more about migrating existing servers here:
    SQL Server Management Studio (SSMS)
    SSMS can be used to deploy a compatible database directly to Azure SQL Database or to export a logical backup of the database as a BACPAC, which can then be imported, still using SSMS, to create a new Azure SQL Database. You cannot use the preview portal to import a BACPAC yet.
    You must use the latest version of SSMS to work with the preview of Azure SQL Database Latest Update which is available in CU5 of SQL Server 2014 or by downloading the latest version of the tools from
    SQL Azure Migration Wizard (SAMW)
    SAMW can be used to analyze the schema of an existing database for compatibility with Azure SQL Database, and in many cases can be used to generate and then deploy a T-SQL script containing schema and data. The wizard will report errors during the transformation if it encounters schema content that it cannot transform. If this occurs, the generated script will require further editing before it can be deployed successfully. SAMW will process the body of functions or stored procedures which is normally excluded from validation performed by the SQL Server tooling in Visual Studio (see below) so may find issues that might not otherwise be reported by validation in Visual Studio alone. Combining use of SAMW with the SQL Server tooling in Visual Studio can substantially reduce the amount of work required to migrate a complex schema.
    Be sure to use the latest version of the SQL Azure Migration Wizard from CodePlex at
    SQL Server tooling in Visual Studio
    The SQL Server tooling in Visual Studio can be used to create and manage a database project comprising a set of T-SQL files for each object in the schema. The project can be imported from a database or from a script file. Once created, the project can be targeted at the latest preview of Azure SQL Database; building the project then validates schema compatibility. Clicking on an error opens the corresponding T-SQL file allowing it to be edited and the error corrected. Once all the errors are fixed the project can be published, either directly to SQL Database to create an empty database or back to (a copy of) the original SQL Server database to update its schema, which allows the database to be deployed with its data using SSMS as above.
    You must install and use the preview of the SQL Server database tooling for Visual Studio with support for the preview of Azure SQL Database Latest Update V12. Make sure you have Visual Studio 2013 with Update 4 installed first. See this blog post for more details of this preview release and how to install it:
    You can keep track of updates to this software on the team blog at