Created by:

Azure SQL Database

Robert Stewart

Last Updated:
August 16, 2020
Managed Database
Course:
SQL710
Azure SQL Database
PaaS
 • fully managed platform

• upgrading, patching, backups, and monitoring

o latest version of SQL Server

Azure
• 99.99% uptime
SQL Database o built-in high availability

• supports both relational and non relational structures

 • isolated database

• Similar to a “contained database”

o A database that is isolated from the instance of SQL Server

o Much of the metadata that describes a database is maintained in

the database. (In addition to, or instead of, maintaining metadata in
the master database.)

o All metadata are defined using the same collation.

o User authentication can be performed by the database, reducing

Azure the databases dependency on the logins of the instance of SQL
SQL Database Server.
Deployment
Models o The SQL Server environment (DMV's, XEvents, etc.) reports and can
Single Database
act upon containment information
 • Is a collection of Single Databases
o Shared set of resources
 CPU
 Memory

Azure • Single databases can be moved in and out of an

SQL Database
Deployment elastic pool
Models
Elastic Pool
 • Single Databases
o each database is isolated from others and is portable
o guaranteed amount of resources
 compute
 memory
 Storage
o dynamically scale resources up or down

Azure • Elastic Pools

SQL Database
Deployment
o can assign resources that are shared by all databases
Models
Scalability
 • Advanced monitoring and troubleshooting
• Query Store
o records the performance of your queries in real
time
o identifies potential performance issues
o identifies top resource consumers
o automatic tuning and recommendations
 apply recommendations manually or
Azure
SQL Database
automatically
Monitoring o test and verify that the fix provided benefits
 retain or revert changes
• can still use DMVs and/or Xevent
• cannot be disabled with Azure SQL Database
 •Automatic backups
o automatically performs full, differential, and transaction log backups of databases
o single databases and pooled databases, you can configure SQL Database to store
full database backups to Azure Storage for long-term backup retention
o managed instances, you can also perform copy-only backups for long-term backup
retention
o full backups done every week
o differential every 12-24 hours
o transaction log every 5-10 minutes
o times are based on compute size and database activity
o when restoring, the service will determine which backups need to be restored
• Point-in-time restores
o support recovery to any point in time within the automatic backup retention
period for any database
Azure o you cannot overwrite and existing database during restore
SQL Database o Create a new database on the same server, recovered to a specified point in time
High Availability
within the retention period
o Create a database on the same server, recovered to the deletion time for a
deleted database
o Create a new database on any server in the same region, recovered to the point
of the most recent backups
o Create a new database on any server in any other region, recovered to the point
of the most recent replicated backups
 • Active geo-replication
o allows you to create readable secondary databases of individual databases on a
server in the same or different data center (region)
o single database and pooled databases allow you to configure up to four readable
secondary databases in either the same or globally distributed Azure datacenters
o not supported with Azure Managed Instances
 use auto-failover groups instead
o is used to perform quick disaster recovery of individual databases in case of a
regional disaster or large scale outage
 failover must be initiated manually by the application or the user
• Auto-failover groups
o allows you to manage the replication and failover of a group of databases on a
server or all databases in a managed instance to another region
o enable high availability and load balancing at global scale
Azure o automatic or manual failover
SQL Database o support replication of all databases in the group to only one secondary server or
High Availability instance in a different region
 If you want multiple Azure SQL Database secondaries in the same or
different regions, use active geo-replication
• Zone-redundant databases
o provision Premium or Business Critical databases or elastic pools across multiple
availability zones
o placing these replicas into multiple availability zones provides higher resilience
 To achieve real business continuity, adding database redundancy between datacenters is
only part of the solution. Recovering an application (service) end-to-end after a
catastrophic failure requires recovery of all components that constitute the service and
any dependent services. Examples of these components include the client software (for
example, a browser with a custom JavaScript), web front ends, storage, and DNS. It is
critical that all components are resilient to the same failures and become available within
the recovery time objective (RTO) of your application. Therefore, you need to identify all
Azure
dependent services and understand the guarantees and capabilities they provide. Then,
SQL Database you must take adequate steps to ensure that your service functions during the failover of
High Availability the services on which it depends.

Designing Cloud Solutions for Disaster Recovery Using active geo-replication.

 • Data discovery and classification
o discovering, classifying, labeling, and protecting the sensitive data in your databases
o visibility into your database classification state, and tracks the access to sensitive data within
the database and beyond its borders
• Vulnerability assessment
o can discover, track, and help you remediate potential database vulnerabilities
o cover database-level issues and server-level security issues, like server firewall settings and
server-level permissions
• Threat detection
o detects anomalous activities that indicate unusual and potentially harmful attempts to access
Azure or exploit your database
SQL Database o continuously monitors your database for suspicious activities, and provides immediate
Threat security alerts on potential vulnerabilities, SQL injection attacks, and anomalous database
Protection access patterns
o alerts provide details of the suspicious activity, and recommend action on how to investigate
and mitigate the threat
 • For data in motion, it uses transport layer security

• For data at rest, it uses transparent data encryption

Azure • For data in use, it uses Always Encrypted

SQL Database
Encryption
 • SQL authentication
o user submits a user account name and associated password to
establish a connection
o This password is stored in the master database for user accounts
linked to a login or stored in the database containing the user
accounts not linked to a login
Azure
SQL Database
• Azure Active Directory Authentication
Authentication o user submits a user account name and requests that the service
use the credential information stored in Azure Active Directory
(Azure AD)