Azure SQL database configuration

Firewall rules
• Azure SQL database includes a firewall where you can configure

• IP rules - The firewall grants access to databases based on the originating IP address of
each request.

• Virtual network rules are based on virtual network service end points

• Rules for Azure SQL databases can be defined at two levels

• Server level firewall rules - These rules enable clients to access your entire Azure SQL
server, that is, all the databases within the same logical server. These rules are stored in the
master database. Server-level firewall rules can be configured by using the portal or by using
Transact-SQL statements

• Database-level firewall rules - These rules enable clients to access certain (secure)
databases within the same logical server. You can create these rules for each database
(including the master database) and they are stored in the individual databases
Geo-Replication

• Active geo-replication is designed as a business continuity solution that allows the application to
perform quick disaster recovery of individual databases in case of a regional disaster or large
scale outage.
Traffic
manager
User machine

Ingress LB Primary logical Secondary Ingress LB

server logical server

Application
(Read-Write &
Read only)
Application
(Read-Write)

Application
(Read only)

Primary region Secondary region

Failover groups

• Auto-failover groups is a SQL Database feature that allows you to manage replication and failover
of a group of databases on a logical server or all databases in a Managed Instance to another
region.

• You can initiate failover manually or you can delegate it to the SQL Database service based on a
user-defined policy. When you are using auto-failover groups with automatic failover policy, any
outage that impacts one or several of the databases in the group results in automatic failover.

• Failover group read-write listener - A DNS CNAME record formed that points to the current
primary's URL. It allows the read-write SQL applications to transparently reconnect to the primary
database when the primary changes after failover.
Database backups

• SQL Database uses SQL Server technology to create full, differential, and transaction log backups
for the purposes of Point-in-time restore (PITR). The transaction log backups generally occur
every 5 - 10 minutes and differential backups generally occur every 12 hours, with the frequency
based on the compute size and amount of database activity.

• Each SQL Database has a default backup retention period between 7 and 35 days that depends
on the purchasing model and service tier

• Long-term backup retention (LTR) leverages the full database backups that are automatically
created to enable point-time restore (PITR). These backups are copied to different storage blobs if
LTR policy is configured. You can configure a LTR policy for each SQL database and specify how
frequently you need to copy the backups to the long-term storage blobs.