1.
SQL Server in Azure IaaS,
Paas, on-Prem
Planning and Business Continuity
or more like
Take the Red or the Blue Pill
Lars Platzdasch
MCT,MCSE SQL, MCSE SharePoint

2.
Sprecher:
Lars Platzdasch
Twitter
@LarsPlatzdasch
Xing
/Lars_Platzdasch
LinkedIn
LarsPlatzdasch
Web
www.platzdasch.de
www.3perspektiven.de
MCT: SQL, SharePoint, .net
MCSE: SQL Server Data Platform
MCSE: SharePoint
MCITP: SharePoint 2010, Administrator
MCITP: SharePoint 2010, Developer
Microsoft Certified Application Developer: .NET
Certified Ethical Hacker (CEH) - EC-Council
platzdasch netConsult GmbH & Co. KG | ISV
24/7 Support für SQL / SharePoint
3 Perspektiven GmbH | MBS
22 IT, 21 Jahre SQL Server, 14 Jahre SharePoint
Gold

3.
About the Audience
• DBAs
• Developers
• SQL AlwaysOn Availability Groups
Experience?
• System Administrators
• Azure Lovers ;-)
• and …

4.
The Plan
1. High Level Comparison to SQL Server
2. Most Important Slide about the differences
3. Drill into random interesting capabilities
4. Securing
5. Some demos
6. Tips for Iaas

5.
Hosting Choices for SQL

6.
Azure SQL DB is SQL Server Except…
Common SQL Server
“Just change the
connection
string…”
https://azure.microsoft.com/en-us/documentation/articles/sql-database-transact-sql-information/
Additional information on Differences:
Azure SQL DB

7.
Demos
• Demo: Meet the Portal (portal.azure.com)
• Demo: Create a SQL Database
.

8.
What’s the Same
1. Team
2. Core Code Base
3. Transact-SQL
▪ Yes, full support
▪ https://feedback.azure.com/
4. Most of the features
5. Mature
.

9.
What’s Missing (or is it?) in Azure SQL DB
Category 1: Takes a Different Approach
▪ Example: SQL Agent
Category 2: On the way
▪ Network Support
▪ But in the works…
Category 3: No plan (?)
https://feedback.azure.com/
.

10.
You access a DB
DB is fully managed: High Availability, Backups,
Patching
Runs latest SQL Server version, based on Enterprise ed.
New paradigm of databases and modern app
building
Different DB sizes: Basic (2GB, 5DTUs) to Premium
(1TB, 4000DTUs
DB availability SLA: 99.99% 4000DTUs .. Premium)
Azure SQL Database SQL Server in Azure VM
You access a VM with SQL Server
You manage SQL Server and Windows: High
Availability, Backups, Patching (automation
available)
You can run any SQL Server version and edition
Full on-premises compatibility
Different VM sizes: A0 (1 core, 1GB mem, 100GB)
to G5 ( .. )
VM availability SLA: 99.95%: In practice SQL
AlwaysOn provides higher availability (~99.99%)
Reuse on-premises infrastructure (e.g. Active
Directory)
Differences :

11.
SQL Server View on ‘Managed’
Azure SQL Database
Low Control | Low Maintenance
Shared
Lowercost
Dedicated
Highercost
High Control | High Maintenance
Hybrid
Physical
Virtual
PaaS
SaaS
IaaS
On premises
Off premises
SQL Server
Physical Machines
SQL Server Private Cloud
Virtualized Machines
SQL Server in Azure VM
Virtualized Machines
Virtualized Databases
Cloud

12.
Manageability ( Azure SQL DB )
1. Server Management so easy - not available!
▪ You control schema, indexes, users, etc. as usual
▪ PaaS model
2. 99.95% uptime SLA (one instance)
3. Geo-DR/FO/BC (Active/Passive)
4. Geo-Replication (Active/Active RO)
5. Backups, PiTR
.

13.
DMV Views
(https://azure.microsoft.com/en-us/documentation/articles/sql-database-monitoring-with-dmvs/ )
DTU (https://docs.microsoft.com/de-de/azure/sql-database/sql-database-what-is-a-dtu )
eDTU ( elastic Pool DTU)
Performance ( Azure DB )
.
Data Throughput Unit

14.
Data Throughput Unit
▪ http://dtucalculator.azurewebsites.net/
▪ Demo: DTU definition
https://azure.microsoft.com/en-
us/documentation/articles/sql-database-service-
tiers/#understanding-dtus

15.
SQL / Space / DTU
Pools
Geo Repl
Pricing ( Azure DB )

16.
Pricing in Tiers and Pools
▪ Demo: Pricing options
https://azure.microsoft.com/en-us/pricing/
▪ https://azure.microsoft.com/en-
us/documentation/articles/sql-database-
service-tiers/

17.
Securing SQL Azure
“[Cloud security] is a shared
responsibility between the customer
and the cloud vendor.”
Mark Russinovich, Microsoft Azure CTO
https://www.rsaconference.com/writable/presentations/file_upload/exp-w01_assume-
breach-an-inside-look-at-cloud-service-provider-security.pdf

18.
A Cautionary Tale: Code SpaceS
1. DDoS
2. Ransom demand
3. Security breach noticed
4. Fighting back
5. Malicious destruction
of assets
6. Security & Business #fail
“Code Spaces has a
full recovery plan that
has been proven to
work and is, in fact,
practiced.”
Data plane (data access)
vs. mgmt/control
plane (Portal, APIs,
PowerShell)ELAPSEDTIME:
12HOURShttp://arstechnica.com/security/2014/06/aws-console-breach-leads-to-demise-of-service-with-proven-backup-plan/

19.
Risk Mitigation
Internet Exposed RDP or SSH Endpoints Network ACLs or Host-based Firewall; Strong passwords; VPN or SSH
Tunnels
Virtual Machine Missing Security Patches Keep Automatic Updates Enabled;
Web Application Vulnerability Securing Azure Web Applications; Vulnerability scan/penetration test
Weak Admin/Co-Admin Credentials Azure Multi-Factor Authentication; Subscription Management Certificate
Unrestricted SQL Endpoint Azure SQL Firewall
Storage Key Disclosure Manage Access to Storage Resources
Insufficient Security Monitoring Azure Security and Log Management;
Top Azure Risks Leading to Tenant
Breach
https://www.rsaconference.com/writable/presentations/file_upload/exp-w01_assume-
breach-an-inside-look-at-cloud-service-provider-security.pdf

20.
SSO for Built-In Services
Use same AAD where makes sense across
• Azure
• Office 365
• Visual Studio Team Services
• Windows 10 (Intune)
• Azure SQL Database (!)

21.
Prefer RBAC to Co-Admin
• Co-Admin only option on Classic Portal
• RBAC only available on portal.azure.com
• New portal support not 100%
• https://azure.microsoft.com/en-us/documentation/articles/role-based-access-built-in-
roles/
• https://azure.microsoft.com/en-us/documentation/articles/role-based-access-control-
configure/
RBAC : Role Based Access Control ( IAM )

22.
1. Always Encrypted
2. TDE, CLE
3. Data Masking
4. Auditing
5. Firewall
Protecting Your SQL Database ( Demo )

23.
Firewalls
• SQL DB Server
• Database Level: sp_set_firewall_rule
• Or SSMS beim Login

24.
Data Masking
• Dynamic Data Masking:
• https://azure.microsoft.com/en-us/documentation/articles/sql-database-dynamic-data-masking-
get-started/
• Server-side

25.
SQL DB Data Encryption Always Encrypted
• Transparent Data Encryption
• Server-side
• Always Encrypted:
https://azure.microsoft.com/en-
us/updates/public-preview-always-encrypted-
for-azure-sql-database/
• Client-side

26.
• GEO-REPL
Backup / Point In Time Recovery
Disaster Recovery and Business Continuity

27.
SQL Server Iaas

28.
Some Best Practices (Azure Iaas)
• Start the deployment with Lower Specification.
• Use DS Series VMs and User Premium storage for higher
throughput
• Disable geo-redundant storage on the storage accounts.
• Enable read caching on the disks hosting the data files and
TempDB.
• Disable caching on the logs disk.
• Strip multiple disks to achieve higher IOPs.
• Move all databases to separate disks. (Not in OS disks)
• Disable autogrow
• Enable instant file initialization for data files.

29.
•
•
•
•
Blue or Red?
Azure SQL Database SQL Server in Azure VM

30.
Resources
• Pass or Iaas
https://docs.microsoft.com/en-us/azure/sql-
database/sql-database-paas-vs-sql-server-iaas

31.
Q & A
Vielen Dank für eure
Zeit.
@LarsPlatzdasch
http://blog.platzdasch.de