Jirachai Chansivanon

Digital Specialist

24 January 2022
• Former Full-stack web developer
• Former Microsoft Learn Student Ambassador FY18-19
• Typescript / Javascript Lover ❤
• Coffee Driven Development person

Jirachai Chansivanon (Job)

Associate Cloud Solution Architect
Microsoft Thailand
• Former Full-stack web developer
• Former Microsoft Learn Student Ambassador FY18-19
• Typescript / Javascript Lover ❤
• Coffee Driven Development person

Jirachai Chansivanon (Job)

Digital Specialist
Microsoft
Overview
Azure Architecture Center
Governance
Sample Architectures
Real world architecture
 Hybrid & Multi cloud
Operationally empowered

Operational stores

Performance and scale Security

No limits Always a step ahead

Open Source Governance Analytics Intelligence

Collaborative innovation Intelligent by default
Azure Data & Analytics Products and Services
Operational stores Analytics Governance

SQL Server Azure SQL DB Azure Synapse Analytics Azure Purview

Azure SQL DB Azure Azure Azure Synapse Azure Data Azure Data
Edge Cosmos DB HDInsight Analytics Factory Share

Azure for Azure for MySQL Azure for Azure Data Azure Stream Azure
PostgreSQL MariaDB Explorer Analytics Databricks
 Operational stores Analytics Governance

SQL Server Azure SQL DB Azure Synapse Analytics Azure Purview

Azure SQL DB Azure Azure Azure SQL Data Azure Data Azure Data
Edge Cosmos DB HDInsight Warehouse Factory Share

Azure for Azure for MySQL Azure for Azure Data Azure Stream Azure Internal
PostgreSQL MariaDB Explorer Analytics Databricks Cosmos
Azure Synapse Analytics
Limitless analytics service with unmatched time to insight

Unified experience

Synapse Studio

Integration Management Monitoring Security

Analytics Runtimes

SQL

Azure Data Lake Storage

MICROSOFT CONFIDENTIAL
Azure Synapse Analytics
A single managed service for analytics over your lake, warehouse, or operational stores.

Limitless Scale Powerful Insights Unified Unmatched

Experience Security
Azure database services offer the best of the cloud
Managed cloud databases

Azure Azure Azure MySQL Azure Azure Cache

SQL Family PostgreSQL & MariaDB Cosmos DB for Redis

Fully managed Limitless scale Open and flexible Intelligent security

Focus on your applications, Build for future growth with Choose the engine, Develop secure apps in the
not your infrastructure with near-limitless, dynamic deployment, resources cloud with policy-based
fully managed and intelligent scaling plus guaranteed high languages and offers that security and compliance from
database services availability around the world. fit your needs. the world’s most trusted cloud.
Choose the Azure database service right for any scenario

Migrate Modernize Build new

Best TCO and price for Bring limitless scale and

Modernize .Net Applications with
performance while maximizing performance to modern applications
fully managed SQL database
current licenses with Azure Hybrid and support multi-tenant SaaS
with includes serverless compute,
Azure Benefits AI-powered features
applications
SQL Family

Achieve scale and performance for Highly available, secure, fully Build cloud native transactional
MySQL, PostgreSQL and Ocle with managed MySQL and PostgreSQL apps with AKS and PostgreSQL and
Azure Azure MySQL optimized TCO databases for enterprise-ready enable massive scale with Hyperscale
Java apps (Citus)
PostgreSQL & MariaDB

Cloud scale and full database Elasticity and agility to business- Enable real-time personalization
management to MongoDB, critical applications powered by and streaming telemetry at scale
Azure Cassandra, and Redis cache data non-relational data with cloud-native applications
Azure Cache
Cosmos DB for Redis
 INGEST STORE PREP & TRAIN MODEL & SERVE

Logs, files and media

(unstructured)

Azure Data Factory Azure Databricks

Azure Blob Storage
(Python, Scala, Spark SQL) Power BI

Polybase

Business/custom apps
(Structured) Azure SQL Data Azure Analysis
Warehouse Services

Azure also supports other Big Data services like Azure HDInsight and Azure Data Lake to allow customers to tailor the above architecture to meet their unique needs.
Synapse Reference
Architecture
Data Engineer / BI Developer / Analyst

Orchestrate
Synapse Pipelines
COMPUTE

Data Flow Transform Spark Pool

Code-Free Code-Free/Code-First Code-First
Apps
AKS
Inference

Clean & Bad data Clean data

Transform
Standardize
Data Scientist
Azure ML
Connectors Train

LANDING MALFORMED INTERIM CURATED

Azure Data Lake Storage (ADLS)

STORAGE Blob Store
Power BI
Data Analyst
Synapse SQL Pool Business User
Serverless/Dedicated

SOURCE PIPELINE SERVING

GOVERNANCE Azure Purview

Chief Data Officer

Data Discovery
Data Compliance
Data Security
Data Policy
Data Governance

MICROSOFT CONFIDENTIAL
A unified approach to data governance Roadmap

Unified Experience

Data Discovery Data Sharing Data Quality Master Data Data Use Data Privacy
Governance
Business Glossary Intra Assessment Ref. Data Mgmt Data Policy Privacy Operations
Data Catalog Inter Cleaning Master record mgmt. Access Governance Risk Assessment
Loss Prevention

Publish, Discover & Curate

Unified Platform
“Data Map” = Data Assets | Lineage | Classifications | …

MICROSOFT CONFIDENTIAL
Enterprise-grade security
 Category Feature

Synapse: Complete Data Protection

Data in transit
Data encryption at rest
!
!

data protection Data discovery and classification !

Object level security (tables/views) !
Row level security !
Access Control Column level security !
Best-in-class Security Dynamic data masking !
Column level encryption !
SQL login !
Customer & System Managed Keys
Authentication Azure active directory !

All data encrypted by default Multi-factor authentication !

Managed virtual network !
Up to 3x levels of data encryption at rest Custom virtual network !
Network Security Firewall !
Democratize data at scale with fine-grained ACL
Azure ExpressRoute !

Proactive protection Azure Private Link !

Threat detection !
Comprehensive Compliance Threat protection Auditing !
Vulnerability assessment !
Dedicated metadata store !
Isolation
Hosted in customer tenant !
SQL threat detection
Detect and investigate anomalous database activity

ü Detects potential SQL injection

attacks

(2) Possible threat to ü Detects unusual access & data

access / breach data
exfiltration activities

ü Actionable alerts to investigate &

remediate

ü View alerts for your entire Azure

Apps Azure Synapse Analytics
tenant using Azure Security Center

Audit Log Threat Detection

(1) Turn on Threat Detection
(3) Real-time actionable alerts
SQL Data Discovery & Classification
Discover, classify, protect and track access to sensitive data

ü Automatic discovery of columns with

sensitive data

ü Add persistent sensitive data labels

ü Audit and detect access to the sensitive data

ü Manage labels for your entire Azure tenant

using Azure Security Center
SQL Data Discovery & Classification - setup
Step 1: Enable Advanced Data Security Step 2: Use recommendations and/or manual classification to
on the logical SQL Server classify all the sensitive columns in your tables
 Backend App

Azure IoT Central

Devices

Azure IoT Hub

(Integrated)

Stream Analytics

Devices Field
Cloud
Gateway
Gateway
Storage Account Hot Path Notification Hub ML Studio
Analytics

Databricks