Section 2: SQL Server and Microsoft Azure VMs (IaaS)

Section 2: SQL Server and Microsoft Azure VMs (IaaS)
After this lesson, you will be able to: Understand different ways of hosting SQL Server in Azure IaaS Understand VM sizes available in Azure Why should you learn this material? The fist step of using SQL Server in Azure VM is to understand the different ways of hosting SQL Server in Azure VMs. This lesson will also discuss the different VM sizes available for deploying SQL Server in Azure. Lesson1: Deploying SQL Server in Azure VMs SQL Server in Azure VMs © 2015 Microsoft Corporation

How to View This Presentation
Switch to Notes Page view: Click View on the ribbon and select Notes Page Use page up or page down to navigate Zoom in or out as needed In the Notes Page view you can: Read any supporting text, now or after the delivery Add your own notes Take the presentation files home with you

Different ways of deploying SQL Server in Azure VM
Gallery Using images available in Azure Specialized images available Bring your Own Server/Virtual Hard Disk (VHD) Capture Cloud Images SQL Server licensing Pay by the hour or migrate your own license via Software Assurance* * Windows Azure Compute and Storage charges also apply © 2015 Microsoft Corporation

Azure VM Sizes © 2015 Microsoft Corporation
Virtual Machine and Cloud Service Sizes for Azure The following considerations might help you decide on a size: Instances can now be configured to use a D-series VM. These are designed to run applications that demand higher compute power and temporary disk performance. D-series VMs provide faster processors, a higher memory-to-core ratio, and a solid-state drive (SSD) for the temporary disk. For details, see the announcement on the Azure blog, New D-Series Virtual Machine Sizes. Web roles and worker roles require more temporary disk space than Azure Virtual Machines because of system requirements. The system files reserve 4 GB of space for the Windows page file, and 2 GB of space for the Windows dump file. The OS disk contains the Windows guest OS and includes the Program Files folder (including installations done via startup tasks unless you specify another disk), registry changes, the System32 folder, and the .NET framework. The local resource disk contains Azure logs and configuration files, Azure Diagnostics (which includes your IIS logs), and any local storage resources you define. The apps (application) disk is where your .cspkg is extracted and includes your website, binaries, role host process, startup tasks, web.config, and so on. The A8/A10 and A9/A11 virtual machine sizes have the same capacities. The A8 and A9 virtual machine instances include an additional network adapter that is connected to a remote direct memory access (RDMA) network for fast communication between virtual machines. The A8 and A9 instances are designed for high-performance computing applications that require constant and low-latency communication between nodes during execution, for example, applications that use the Message Passing Interface (MPI). The A10 and A11 virtual machine instances do not include the additional network adapter. A10 and A11 instances are designed for high-performance computing applications that do not require constant and low-latency communication between nodes, also known as parametric or embarrassingly parallel applications. © 2015 Microsoft Corporation

Using Gallery to host SQL Server in Azure VM
Supported SQL Server and Windows Server versions SQL Server 2008 R2 – Windows Server 2008 R2 SQL Server 2012 – Windows Server 2012 and Windows Server 2012 R2 SQL Server 2014 – Windows Server 2012 R2 Includes SQL Server Integration Services, Reporting Services, and Analysis Services Optimized images available for OLTP and Data Warehouse workloads This list is changing with each OS and SQL release. Review to Azure documents prior to presenting. Provide link here Add information about optimized images available for OLTP and Data Warehouse workloads © 2015 Microsoft Corporation

Bring your own image of SQL Server in Azure VM
Install Windows Server in a virtual machine (on-premises or in Azure) Run SQL Server setup to prepare an image-based installation /Action=PrepareImage In order to trigger completion of the setup once a new virtual machine based on the image is deployed /ACTION=CompleteImage in setupcomplete2.cmd file Execute the sysprep command line utility with the generalize and shutdown switches Capture the image and transfer it to Azure blob storage to be used as your personal template Use this custom image in Azure During its initialization this image will complete the SQL Server setup process in the desired manner In order to trigger completion of the setup once a new virtual machine based on the image is deployed, we will follow the approach referenced in MSDN that describes the process of installing SQL Server by using sysprep. This approach relies on the functionality inherent to the operating system, which automatically invokes execution of the file named SetupComplete2.cmd residing in the %WinDir%\OEM folder once the generalized image goes through the out-of-box experience (OOBE) stage. Reference: © 2015 Microsoft Corporation

Lesson Knowledge Check
Question: What are the different ways to deploy SQL Server in Azure VMs? Answer: Use Gallery images or BYOD Question: What versions of SQL Server can be created on Windows Azure ? Answer: SQL Server 2008 R2 and later 1 or 2 questions is fine. This is an animated slide where the answers appear in sequence after each click. © 2015 Microsoft Corporation

Lesson 2: New Deployment enhancements Deploy SQL Virtual Machine under Azure Resource Manager

Deployment Model Two Different deployment model for creating and managing resource Classic Resource Manager Microsoft recommends that you use Resource Manager for new resources, and, if possible, re-deploy existing resources through Resource Manager. The Resource Manager deployment model provides a new way to deploy and manage the services that make up your application. Many resources operate without issue in both the classic model and Resource Manager. These resources fully support Resource Manager even if created in the classic model. You can transition to Resource Manager without any concerns or extra effort. However, a few resource providers offer two versions of the resource (one for classic, and one for Resource Manager) because of the architectural differences between the models. © 2015 Microsoft Corporation

Classic Vs Resource Manager
A virtual machine depends on a specific storage account defined in the Storage resource provider to store its disks in blob storage A required storage account that stores the VHDs for a virtual machine, including the operating system, temporary, and additional data disks A virtual machine references a specific NIC defined in the Network resource provider and an availability set defined in the CRP (Computing Resource Provider) A required cloud service that acts as a container for hosting virtual machines (compute). Virtual machines are automatically provided with a network interface card (NIC) and an IP address assigned by Azure. A NIC references the virtual machine's assigned IP address the subnet of the virtual network for the virtual machine , and to a Network Security Group An optional virtual network that acts as an additional container, in which you can create a subnet and designate the subnet on which the virtual machine is located A subnet within a virtual network may references a Network Security Group VM can be protected by Endpoint (Cloud Service) or NSG Use Azure Portal Use Classic Portal or Specify Classic deployment in Azure portal The differences are covered in detail in Section 3. Hence hiding this slide © 2015 Microsoft Corporation

Deploy SQL VM

Deploy SQL VM – Basics and Sizes
Show all VM sizes © 2015 Microsoft Corporation

Deploy SQL VM – Features and Settings

SQL Server Setting – SQL Connectivity
Public :Allow connections to SQL Server from machines or services on the internet. Azure will automatically configure the firewall and the network security group to allow traffic on port 1433 Local : To allow connections to SQL Server only from within the VM. Private : To allow connections to SQL Server from machines or services in the same virtual network. Under SQL connectivity, specify Public (internet) to allow connections to SQL Server from machines or services on the internet. With this option selected, Azure will automatically configure the firewall and the network security group to allow traffic on port 1433.In order to connect to SQL Server via the internet, you will also need to enable SQL Server Authentication. If you would prefer to not enable connections to the Database Engine via the internet automatically choose one of the following options: - Local (inside VM only) to allow connections to SQL Server only from within the VM. - Private (within Virtual Network) to allow connections to SQL Server from machines or services in the same virtual network. © 2015 Microsoft Corporation

SQL Server Setting – SQL Port
Port : You can specify a different port number. It defaults to 1433. When using non-default port, specify Port Number in connection string Default "Server=sqlvmlabel.eastus.cloudapp.azure.com;Integrated Security=false;User ID=<login_name>;Password=<your_password> Non Default "Server=sqlvmlabel.eastus.cloudapp.azure.com,1500;Integrated Security=false;User ID=<login_name>;Password=<your_password> © 2015 Microsoft Corporation

SQL Server Setting – SQL Authentication
Enable/Disable SQL Authentication SQL Authentication: If you require SQL Authentication, enable this option. Also, specify a login name and password. The logion will be a SQL Authenticated sysadmin account. In order to connect to SQL Server via the internet, you will also need to enable SQL Server Authentication © 2015 Microsoft Corporation

SQL Server Setting – Storage Configuration
Storage optimized for: General is the default setting and supports most workloads. Transactional processing optimizes the storage for traditional database OLTP workloads. Data warehousing optimizes the storage for analytic and reporting workloads. Streamlines the storage configuration of the VM You can specify requirements as input/output operations per second (IOPs), throughput in MB/s, and total storage size. By default, Azure optimizes the storage for 5000 IOPs, 200 MBs, and 1 TB of storage space. Configure these by using the sliding scales. Under Storage optimized for, select one of the following General is the default setting and supports most workloads. Transactional processing optimizes the storage for traditional database OLTP workloads. Data warehousing optimizes the storage for analytic and reporting workloads. © 2015 Microsoft Corporation

SQL Server Setting – Automated Patching
Automated Patching is on by default Simplifies DBA maintenance activity Automated patching is enabled by default. Automated patching allows Azure to automatically patch SQL Server and the operating system. Specify a day of the week, time, and duration for a maintenance window. Azure will perform patching in the maintenance window. The maintenance window schedule uses the VM locale for time. If you do not want Azure to automatically patch SQL Server and the operating system click Disable. Simplify DBA maintenance activity The maintenance window schedule uses the VM locale for time. © 2015 Microsoft Corporation

SQL Server Setting – Automated Backup
Automated Backup is off by default Enable automatic database backups for all databases under SQL automated backup. When you enable SQL automated backup you can configure the following: Backup retention period in days What storage account to use for backups Whether or not to encrypt the backup. To encrypt the backup, click Enable. If the automated backups are encrypted, specify a password. Azure creates a certificate to encrypt the backups and uses the specified password to protect that certificate. © 2015 Microsoft Corporation

SQL Server Setting – Azure Vault Integration
Store security secrets in Azure for encryption Key Vault URL: The location of the key vault. AKV Principal Name: Azure Active Directory service principal name. This is also referred to as the Client ID. AKV Principal Secret: AKV Integration creates a credential within SQL Server, allowing the VM to have access to the key vault. Choose a name for this credential Credential name: Choose a name to identify this credential.

Demonstration: Provision SQL Server from Gallery
This demo refers to: Section 2 VM - Provision SQL Server VM from gallery.docx © 2015 Microsoft Corporation

Question: What is the risk of using public connectivity? Answer: DB Server is exposed via web server and it is only accessible through app/web server. Also, internet facing DB server will incur egress charges Question: What are the pre-requisites for configuring automated backup The database should be full recovery model A standard storage account should be provided © 2015 Microsoft Corporation

After this lesson, you will be able to: dev/test, Lift & Shift, Hybrid, extend OnPrem apps access SQL Server VM on Azure etc Why should you learn this material? This lesson will explain various popular ways of using SQL Server in Azure VMs. Lesson 3: Different scenarios for using SQL Server in Azure VM SQL Server Workloads © 2015 Microsoft Corporation

Develop and test new apps
Flexibility & Control Low TCO for Existing Apps Full SQL Server Capability Managed Infrastructure Test For develop and test in a Microsoft Azure VM you start by using the same on- premise SQL Server Data Tools that you are familiar to develop your application than you upload the database application to the Microsoft Azure Virtual Machine and deploy the VM to start testing the application. You can later decide to take the application back on premise without having to modify the application. Virtual Machine Develop Deploy SQL Server Data Tools On-Prem 27 © 2015 Microsoft Corporation

Develop and test new apps (contd.)
PROVISION DEVELOP DEPLOY MANAGE Provision new Microsoft Azure VM based on SQL Server template using Microsoft Azure Portal: Develop new applications using SQL Server Data Tools and Visual Studio Configure access using Microsoft Azure Portal and Windows Firewall in the VM Monitor application over time using Microsoft Azure Portal and SQL Server Management Studio Create deployment scripts using SQL Server Data Tools and Visual Studio Deploy and test package to Microsoft Azure VM using SQL Server Data Tools and Visual Studio 28 © 2015 Microsoft Corporation

Extend on-prem apps to Microsoft Azure Virtual Machine
SQL Server in VM Microsoft Azure Extend your datacenter Virtual Network makes it easy to extend your datacenter using Microsoft Azure much in the same way that you would set up and connect to a remote branch office. You retain control over the network topology and configuration, and manage it in the same way you would your on-premises infrastructure. Build distributed applications Virtual Network makes it easier to build cloud applications hosted in a hybrid environment, maintaining secure connections with on-premises infrastructure without the creation of custom codes. For example, a web application hosted in Microsoft Azure can securely access an on-premise SQL Server database server or authenticate users against an on-premise Active Directory service. SQL Server in VM Microsoft Azure Virtual Network ON-PREM Note : On-premises business application can access SQL Server instance deployed in Microsoft Azure VMs Connect Business App SQL Server © 2015 Microsoft Corporation

Demonstration: Connect an on-premises business app to SQL Server in Azure VM
This demo refers to Section 2 VM - Connecting to SQL.docx © 2015 Microsoft Corporation

Move SQL Server and App to Microsoft Azure VM
Resource Management Dynamic Scaling High Availability and Durability Target Scenarios High Available Services Resource Management- When you deploy your application and services to the cloud, Microsoft Azure provides the necessary virtual machines, network bandwidth, and other infrastructure resources. If machines go down for hardware updates or due to unexpected failures, new virtual machines are automatically located for your application. Because you only pay for what you use, you can start off with a smaller investment rather than incurring the typical upfront costs required for an on-premises deployment. This can be especially useful for small companies. In an on-premises scenario, these organizations might not have the data center space, IT skills, or hardware skills necessary to successfully deploy their applications. The automatic infrastructure services provided by Microsoft Azure offer a low barrier of entry for application deployment and management. Dynamic Scaling-Dynamic scaling refers to the capability to both scale out and scale back your application depending on resource requirements. This is also referred to as elastic scale. Before describing how this works, you should understand the basic architecture of a Microsoft Azure application. In Microsoft Azure, you create roles that work together to implement your application logic. For example, one web role could host the ASP.NET front-end of your application, and one or more worker roles could perform necessary background tasks. Each role is hosted on one or more virtual machines, called role instances, in the Microsoft Azure data center. Requests are load balanced across these instances. For more information about roles, see the paper The Microsoft Azure Programming Model. If resource demands increase, new role instances running your application code can be provisioned to handle the load. When demand decreases, these instances can be removed so that you don't have to pay for unnecessary computing power. This is much different from an on-premises deployment where hardware must be over-provisioned to anticipate peak demands. This scaling does not happen automatically, but it is easily achieved through either the web portal or the Service Management API. The paper Dynamically Scaling an Application demonstrates one way to automatically scale Microsoft Azure applications. There is also an Autoscaling Application Block created by the Microsoft Patterns and Practices team. High Availability and Durability- Microsoft Azure provides a platform for highly available applications that can reliably store and access backend data through storage services or Microsoft Azure SQL Database. First Microsoft Azure ensures high availability of your compute resources when you have multiple instances of each role. Role instances are automatically monitored, so it is able to respond quickly to hardware restarts or failures by automatically deploying a role to a new instance. Second, Microsoft Azure ensures high availability and durability for data stored through one of the storage services. Microsoft Azure storage services replicate all data to at least three different servers. Similarly, SQL Database replicates all data to guarantee availability and durability. Other Microsoft Azure services provide similar high availability guarantees. For more information, see the Microsoft Azure SLA. High Available Services- Microsoft Azure is well-suited to hosting highly available services. Consider an online store deployed in Microsoft Azure. Because an online store is a revenue generator, it is critical that it stay running. This is accomplished by the service monitoring and automatic instance management performed in the Microsoft Azure data center. The online store must also stay responsive to customer demand. This is accomplished by the elastic scaling ability of Microsoft Azure. During peak shopping times, new instances can come online to handle the increased usage. In addition, the online store must not lose orders or fail to completely process placed orders. Microsoft Azure storage and SQL Database both provide highly available and durable storage options to hold the order details and state throughout the order lifecycle. Periodic Workloads-Another good fit for Microsoft Azure is some form of an "on and off" workload. Some applications do not need to run continuously. One simple example of this is a demo or utility application that you want to make available only for several days or weeks. Microsoft Azure allows you to easily create, deploy, and share that application with the world. But once its purpose is accomplished, you can remove the application and you are only charged for the time it was deployed. Also consider a large company that runs complex data analysis of sales numbers at the end of each month. Although processing-intensive, the total time required to complete the analysis is at most two days. In an on-premises scenario, the servers required for this work would be underutilized for the majority of the month. In Microsoft Azure, the business would only pay for the time that the analysis application is running in the cloud. And assuming the architecture of the application is designed for parallel processing, the scale out features of Microsoft Azure could enable the company to create large numbers of worker role instances to complete more complex work in less time. In this example, you should use code or scripting to automatically deploy the application at the appropriate time each month. Unpredictable Growth-All businesses have a goal of rapid and sustainable growth. But growth is very hard to handle in the traditional on-premises model. If the expected growth does not materialize, you've spent money maintaining underutilized hardware and infrastructure. But if growth happens more quickly than expected, you might be unable to handle the load, resulting in lost business and poor customer experience. For small companies, there might not even be enough initial capital to prepare for or keep up with rapid growth Workload Spike-This is another workload pattern that requires elastic scale. Consider the previous example of a sports news web site. Even as their business is steadily growing, there is still the possibility of temporary spikes or bursts of activity. For example, if they are referenced by another popular news outlet, the numbers of visitors to their site could dramatically increase in a single day. In a more predictable scenario, major sporting events and sports championships will result in more activity on their site Infrastructure Offloading-As demonstrated in the previous examples, many of the most common cloud scenarios take advantage of the elastic scale of Microsoft Azure. However, even applications with steady workload patterns can realize cost savings in Microsoft Azure. It is expensive to manage your own data center, especially when you consider the cost of energy, people-skills, hardware, software licensing, and facilities. It is also hard to understand how costs are tied to individual applications. In Microsoft Azure, the goal is to reduce total costs as well as to make those costs more transparent. The paper, Cloud Optimization – Expanding Capabilities, while Aligning Computing and Business Needs, does a great job of explaining typical on-premises hosting costs and how these can be reduced with Microsoft Azure. Microsoft Azure also provides a pricing calculator for understanding specific costs and a TCO (Total Cost of Ownership) calculator for estimating the overall cost reduction that could occur by adopting Microsoft Azure. For links to these calculator tools and other pricing information, see the Microsoft Azure web site. Microsoft Azure Periodic Workloads Business App Connect Unpredictable Growth SQL Server in VM Workload Spikes Flexibility & Control Low TCO for Existing Apps Managed Infrastructure Full SQL Server Capability Infrastructure Offloading 31 © 2015 Microsoft Corporation

Question: Which feature in Azure helps in extending your datacenter into the cloud? Answer: Virtual Network Question: What does dynamic scaling mean? Answer: Capability to both scale out and scale back your application depending on resource requirements © 2015 Microsoft Corporation

After this lesson, you will be able to: dev/test, Lift & Shift, Hybrid, extend OnPrem apps access SQL Server VM on Azure etc Why should you learn this material? This lesson will explain various popular ways of using SQL Server in Azure VMs. Lesson 4: How to migrate on-premises SQL Server to Azure VM Different migration options © 2015 Microsoft Corporation

Backup and restore in cloud
Flexibility & Control Low TCO for Existing Apps Full SQL Server Capability Managed Infrastructure Restore in Azure Virtual Machine This feature released in SQL Server 2012 SP1 CU2, enables SQL Server backup and restore directly to the Microsoft Azure Blob service. This feature can be used to backup SQL Server databases on an on-premises instance or an instance of SQL Server running a hosted environment such as Microsoft Azure Virtual Machine. Backup to cloud offers benefits such as availability, limitless geo-replicated off-site storage, and ease of migration of data to and from the cloud. In this release, you can issue BACKUP or RESTORE statements by using tsql or SMO. Back up to or restore from the Microsoft Azure Blob storage service by using SQL Server Management Studio Backup or Restore Wizard is not available in this release. Microsoft Azure Direct URL Backup To Azure BLOB Storage SQL Server Management Studio SQL Server in VM On-Prem SQL Server Note : SQL Server 2005,2008/2008 R2 backup is done on file system and copied to Azure blob storage. Then the backup is restored within SQL Server instance on Microsoft Azure VM Backup restore will be covered in detail in a later module © 2015 Microsoft Corporation

Demonstration: Migrate existing SQL Database to Azure IaaS using backup/restore
This demo refers to FastStart_SQL_AzureIaaS_Migrate_To_Azure_Section 2.docx © 2015 Microsoft Corporation

Migrate using bacpac in SSMS
Provision a virtual machine with SQL Server 2012 and Windows Server 2012 (SQL Server 2012 SP1 Enterprise on WS 2012) Use Remote Desktop to start SQL Server Management Studio and import the bacpac file Configure Named Pipes on SQL Server Express 2012 Open port 1433 on the virtual machine to allow incoming connections to SQL Server 2012. Configure the Firewall to allow incoming connections Enable SQL Server Authentication and add a new login user Test the connectivity to the virtual machine using various tools Create a connection string that can be used to leverage the Windows Azure SQL Virtual Machine we create © 2015 Microsoft Corporation

Migrate using bacpac Steps for migration: Export on-premises database as bacpac to Azure blob storage using SSMS Create an Azure VM with SQL Server Import the bacpac file in Azure using SSMS © 2015 Microsoft Corporation

Physical to Virtual and Virtual to Virtual(P2V and V2V)
Flexibility & Control Low TCO for Existing Apps Full SQL Server Capability Managed Infrastructure In moving your existing applications, we recommend starting with your departmental Tier 2 and Tier 3 applications. If the application is not yet virtualized, you can use System Center 2012 to virtualize the applications to Windows Server Hyper-V .vhd format, alternatively if your application is already virtualized on another virtualization technology you can use System Center 2012 to convert the already virtualized application to Windows Server Hyper-V .vhd format. Either way System Center 2012 makes this process very easy for you. Once the application is in the proper format you can either transfer just the database to the Microsoft Azure Virtual Machine or alternatively move the entire on-premises VHD to the Microsoft Azure VM. Depending upon the size of the SQL Database, you also may need to place the data on a separate virtual disk and separately attach to the OS/Application vhd. Option 1 VHD Database Option 2 Virtual Machine P2V Windows Server Hyper-V VHD V2V Non-Virtualized Virtualized 39 © 2015 Microsoft Corporation

Question: From which release of SQL Server backups to Azure were introduced Answer: SQL Server 2012 SP1 CU2 Question: What options are available to move existing SQL Servers to Azure? Answer: the database to the Microsoft Azure Virtual Machine or alternatively move the entire on-premises VHD to the Microsoft Azure VM © 2015 Microsoft Corporation

After this lesson, you will be able to: dev/test, Lift & Shift, Hybrid, extend OnPrem apps access SQL Server VM on Azure etc Why should you learn this material? This lesson will explain various popular ways of using SQL Server in Azure VMs. Lesson 5: SQL Server and Microsoft Azure VMs (IaaS) Using on-premises SQL Server with Azure © 2015 Microsoft Corporation

Backup to URL and Restore from URL
Starting from SQL Server 2012 SP1 Cumulative Update 2 you can backup to URL and restore from URL Starting from SQL Server 2014 you can use UI in SSMS to perform these operations Prior to SQL Server 2012, you can use SQL Server Backup to Azure Tool. This tool can help to increase backup throughput using multiple backup stripe targets. © 2015 Microsoft Corporation

SQL Server data files in Azure - Advantages
Easy and fast database migration Easily move data between on-premises and cloud environments without any application changes Cost and limitless storage benefits High availability and Disaster recovery benefits If your server crashes you can re-create your database in a new machine quickly Security benefits Data file can be encrypted in Azure and can be decrypted only in your server Easy and fast migration benefits: This feature simplifies the migration process by moving one database at a time between machines in on-premises as well as between on-premises and cloud environments without any application changes. Therefore, it supports an incremental migration while maintaining your existing on-premises infrastructure in place. In addition, having access to a centralized data storage simplifies the application logic when an application needs to run in multiple locations in an on-premises environment. In some cases, you may need to rapidly setup computer centers in geographically dispersed locations, which gather data from many different sources. By using this new enhancement, instead of moving data from one location to another, you can store many databases as Microsoft Azure blobs, and then run Transact-SQL scripts to create databases on the local machines or virtual machines. Cost and limitless storage benefits: This feature enables you to have limitless off-site storage in Microsoft Azure while leveraging on-premises compute resources. When you use Microsoft Azure as a storage location, you can easily focus on the application logic without the overhead of hardware management. If you lose a computation node on-premises, you can set up a new one without any data movement. High availability and disaster recovery benefits: Using SQL Server Data Files in Microsoft Azure feature might simplify the high availability and disaster recovery solutions. For example, if a virtual machine in Microsoft Azure or an instance of SQL Server crashes, you can re-create your databases in a new machine by just re-establishing links to Microsoft Azure Blobs. Security benefits: This new enhancement allows you to separate a compute instance from a storage instance. You can have a fully encrypted database with decryption only occurring on compute instance but not in a storage instance. In other words, using this new enhancement, you can encrypt all data in public cloud using Transparent Data Encryption (TDE) certificates, which are physically separated from the data. The TDE keys can be stored in the master database, which is stored locally in your physically secure on-premises machine and backed up locally. You can use these local keys to encrypt the data, which resides in Microsoft Azure Storage. If your cloud storage account credentials are stolen, your data still stays secure as the TDE certificates always reside in on-premises. © 2015 Microsoft Corporation

Steps for placing SQL Server data files in Azure
Step 1: Create credential using following steps You must create a policy on a container and also generate a shared access signature (SAS) key. For each container used by a data or a log file, you must create a SQL Server Credential whose name matches the container path. You must store the information regarding Windows Azure Storage container, its associated policy name, and SAS key in the SQL Server credential store. -- Create a credential CREATE CREDENTIAL [ WITH IDENTITY='SHARED ACCESS SIGNATURE', SECRET = 'your SAS key' © 2015 Microsoft Corporation

Steps for placing SQL Server data files in Azure – contd.
Step 2: Create a database with data and log files in Azure container CREATE DATABASE TestDB1 ON (NAME = TestDB1_data, FILENAME = ' LOG ON (NAME = TestDB1_log, FILENAME = ' GO © 2015 Microsoft Corporation

SQL Server data files in Azure: Security
When creating a container set the access to private. In such cases, container and blob data can be read only by the Windows Azure account owner. By using a shared access signature, you enable SQL Server to access resources in your storage account without sharing your Windows Azure storage account key. In addition, continue implementing the traditional on-premises security practices for your databases. When creating a container for the Windows Azure Blob storage service, we recommend that you set the access to private. When you set the access to private, container and blob data can be read by the Windows Azure account owner only. When storing SQL Server database files in Windows Azure Storage, you need to use a shared access signature, a URI that grants restricted access rights to containers, blobs, queues, and tables. By using a shared access signature, you can enable SQL Server to access resources in your storage account without sharing your Windows Azure storage account key. In addition, we recommend that you continue implementing the traditional on-premises security practices for your databases. Reference: © 2015 Microsoft Corporation

Demonstration: Create database with data files in Azure
This demo refers to Section 2 VM - Create Database with data files in Azure.docx © 2015 Microsoft Corporation

Question: Which version of SQL Server supports creating database files on Azure Answer: SQL Server 2014 and above Question: What are the advantages of storing SQL Server data files in Azure Answer: Faster migration, cost and limitless storage, security benefits © 2015 Microsoft Corporation

Section 2: SQL Server and Microsoft Azure VMs (IaaS)

Similar presentations

Presentation on theme: "Section 2: SQL Server and Microsoft Azure VMs (IaaS)"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Section 2: SQL Server and Microsoft Azure VMs (IaaS)

Similar presentations

Presentation on theme: "Section 2: SQL Server and Microsoft Azure VMs (IaaS)"— Presentation transcript:

Similar presentations

About project

Feedback