Created by:
Azure SQL Database
 Robert Stewart
 Last Updated:
 August 16, 2020
Managed Database
 Course:
 SQL710
Azure SQL Database
 PaaS
 • fully managed platform
 • upgrading, patching, backups, and monitoring
 o latest version of SQL Server
Azure
 • 99.99% uptime
SQL Database o built-in high availability
 • supports both relational and non relational structures
 • isolated database
 • Similar to a “contained database”
 o A database that is isolated from the instance of SQL Server
 o Much of the metadata that describes a database is maintained in
 the database. (In addition to, or instead of, maintaining metadata in
 the master database.)
 o All metadata are defined using the same collation.
 o User authentication can be performed by the database, reducing
Azure the databases dependency on the logins of the instance of SQL
SQL Database Server.
Deployment
Models o The SQL Server environment (DMV's, XEvents, etc.) reports and can
Single Database
 act upon containment information
 • Is a collection of Single Databases
 o Shared set of resources
  CPU
  Memory
Azure • Single databases can be moved in and out of an
SQL Database
Deployment elastic pool
Models
Elastic Pool
 • Single Databases
 o each database is isolated from others and is portable
 o guaranteed amount of resources
  compute
  memory
  Storage
 o dynamically scale resources up or down
Azure • Elastic Pools
SQL Database
Deployment
 o can assign resources that are shared by all databases
Models
Scalability
 • Advanced monitoring and troubleshooting
 • Query Store
 o records the performance of your queries in real
 time
 o identifies potential performance issues
 o identifies top resource consumers
 o automatic tuning and recommendations
  apply recommendations manually or
Azure
SQL Database
 automatically
Monitoring o test and verify that the fix provided benefits
  retain or revert changes
 • can still use DMVs and/or Xevent
 • cannot be disabled with Azure SQL Database
 •Automatic backups
 o automatically performs full, differential, and transaction log backups of databases
 o single databases and pooled databases, you can configure SQL Database to store
 full database backups to Azure Storage for long-term backup retention
 o managed instances, you can also perform copy-only backups for long-term backup
 retention
 o full backups done every week
 o differential every 12-24 hours
 o transaction log every 5-10 minutes
 o times are based on compute size and database activity
 o when restoring, the service will determine which backups need to be restored
 • Point-in-time restores
 o support recovery to any point in time within the automatic backup retention
 period for any database
Azure o you cannot overwrite and existing database during restore
SQL Database o Create a new database on the same server, recovered to a specified point in time
High Availability
 within the retention period
 o Create a database on the same server, recovered to the deletion time for a
 deleted database
 o Create a new database on any server in the same region, recovered to the point
 of the most recent backups
 o Create a new database on any server in any other region, recovered to the point
 of the most recent replicated backups
 • Active geo-replication
 o allows you to create readable secondary databases of individual databases on a
 server in the same or different data center (region)
 o single database and pooled databases allow you to configure up to four readable
 secondary databases in either the same or globally distributed Azure datacenters
 o not supported with Azure Managed Instances
  use auto-failover groups instead
 o is used to perform quick disaster recovery of individual databases in case of a
 regional disaster or large scale outage
  failover must be initiated manually by the application or the user
 • Auto-failover groups
 o allows you to manage the replication and failover of a group of databases on a
 server or all databases in a managed instance to another region
 o enable high availability and load balancing at global scale
Azure o automatic or manual failover
SQL Database o support replication of all databases in the group to only one secondary server or
High Availability instance in a different region
  If you want multiple Azure SQL Database secondaries in the same or
 different regions, use active geo-replication
 • Zone-redundant databases
 o provision Premium or Business Critical databases or elastic pools across multiple
 availability zones
 o placing these replicas into multiple availability zones provides higher resilience
 To achieve real business continuity, adding database redundancy between datacenters is
 only part of the solution. Recovering an application (service) end-to-end after a
 catastrophic failure requires recovery of all components that constitute the service and
 any dependent services. Examples of these components include the client software (for
 example, a browser with a custom JavaScript), web front ends, storage, and DNS. It is
 critical that all components are resilient to the same failures and become available within
 the recovery time objective (RTO) of your application. Therefore, you need to identify all
Azure
 dependent services and understand the guarantees and capabilities they provide. Then,
SQL Database you must take adequate steps to ensure that your service functions during the failover of
High Availability the services on which it depends.
 Designing Cloud Solutions for Disaster Recovery Using active geo-replication.
 • Data discovery and classification
 o discovering, classifying, labeling, and protecting the sensitive data in your databases
 o visibility into your database classification state, and tracks the access to sensitive data within
 the database and beyond its borders
 • Vulnerability assessment
 o can discover, track, and help you remediate potential database vulnerabilities
 o cover database-level issues and server-level security issues, like server firewall settings and
 server-level permissions
 • Threat detection
 o detects anomalous activities that indicate unusual and potentially harmful attempts to access
Azure or exploit your database
SQL Database o continuously monitors your database for suspicious activities, and provides immediate
Threat security alerts on potential vulnerabilities, SQL injection attacks, and anomalous database
Protection access patterns
 o alerts provide details of the suspicious activity, and recommend action on how to investigate
 and mitigate the threat
 • For data in motion, it uses transport layer security
 • For data at rest, it uses transparent data encryption
Azure • For data in use, it uses Always Encrypted
SQL Database
Encryption
 • SQL authentication
 o user submits a user account name and associated password to
 establish a connection
 o This password is stored in the master database for user accounts
 linked to a login or stored in the database containing the user
 accounts not linked to a login
Azure
SQL Database
 • Azure Active Directory Authentication
Authentication o user submits a user account name and requests that the service
 use the credential information stored in Azure Active Directory
 (Azure AD)