1. Overview of Azure SQL
Database
Marcin Policht
MCSE: Cloud Platform and Infrastructure
https://www.linkedin.com/in/marcin-policht-857b013
2. Agenda
• Common Business and Technical Differentiators between Azure SQL Database and SQL Server in an Azure VM
• Azure SQL Servers and Databases
• Performance
• Database Transaction Unit (DTU)
• Database-level Service Tiers
• Elastic Database Pools
• Elastic Database Pool-level Service Tiers
• Management and Development
• Business Continuity
• Disaster Recovery
• Backups, Long-Term Backup Retention, and Restores
• Security and Compliance
• Authentication and Authorization
• Encryption
• Row-Level Security
• Dynamic Data Masking
• Auditing and Threat Detection
• Temporal Tables
• Monitoring
• Query Performance Insights
• Database Advisor
3. Azure SQL Database
Azure SQL Database
is a cloud-based
relational database
service, built on the
Microsoft SQL Server
engine designed to
deliver predictable
performance and
scalability, with
virtually no downtime
and near-zero server-
level administration.
4. Common Business Differentiators
Azure SQL Database
• You’re building new cloud-based
applications to take advantage of
cost savings and performance.
• You need agility and scalability.
• You want databases replicated in
different regions of the world for
disaster recovery.
• You want to minimize server-level
management overhead.
SQL Server in an Azure VM
• You want to build enterprise
applications with OLTP databases
larger than 4 TB.
• You have existing IT resources
and can maintain stewardship
over backups, high availability
and disaster recovery.
5. Common Technical Differentiators
Azure SQL Database SQL Server in an Azure VM
• AlwaysOn Availability Groups/Database
mirroring/Failover Clustering
• Active Directory authentication
• SQL Server Agent
• Cross-database queries
• Integration Services
• Analysis Services
• Database snapshots
• Reporting Services
• Profiler
• Data Quality Services
• Direct Azure VNet connectivity
• Service Broker
• Resource Governor
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-features
• Active Geo-Replication
• Azure Active Directory authentication
• SSMS MFA
• Autoscaling
• Elastic pools
• Elastic jobs
• Elastic queries
• Azure Data Factory
• Azure Analysis Services
• Server and database-level firewall
• Elastic database tools
• Threat detection
• Database Advisor
6. Azure SQL Servers and Databases
Servers
• Logical constructs
• Host databases
• Designate:
• an Azure region
• resource group
• Serve as
• security boundaries:
• logins
• server-level firewalls
• connection endpoints:
• auto-generated FQDN
• xxxx.database.windows.net
Databases
• Share logical server settings
• Have individually assigned:
• Service tier:
• Basic
• Standard
• Premium
• Premium RS (preview)
• Performance level
• Expressed in DTUs
• Provide additional security:
• users (including contained users)
• database-level firewalls
7. Database Transaction Unit (DTU)
.
• A unit of measurement of platform resources guaranteed
to be available to an Azure SQL database
• CPU
• Memory
• I/O (data and transaction log)
• Based on an OLTP benchmark workload
• For details, refer to SQL Database benchmark overview
• Directly proportional to database performance
• e.g. a database with 1750 DTUs will have 350x more compute
power than a database with 5 DTUs
Intended for performance-based sizing of Azure SQL Database
8. Database-level Service Tiers
.
• Represent performance and capacity:
• Max DTUs (up to 4,000)
• Max database size (up to 4 TB)
• Max in-memory OLTP storage (up to 32 GB)
• Max concurrent workers (up to 6,400)
• Max concurrent logins (up to 6,400)
• Max concurrent sessions (up to 30,000)
• Backup retention period (up to 35 days)
• Availability SLA
• 99.99% - Basic, Standard, Premium
• 99.9% - Premium RS
• Further divided into performance
levels:
• Standard: S0, S1, S2, S3
• Premium: P1, P2, P4, P6, P11, P15
• Premium RS: PRS1, PRS2, PRS4, PRS6
• Shared max database size
• Different performance characteristics
Basic, Standard, Premium, Premium RS (preview)
9. Management
In majority of cases, working with Azure SQL Database data is
the same as working with SQL Server data.
• Rich and up-to-date transact-
SQL (T-SQL) support
• A few differences in DDL and DML(*)
• Stored procedures, user-defined
functions, triggers, and views
• Newest features from SQL Server
2016
• The same tools:
• SSMS, Visual Studio
• Automation via PowerShell,
Azure CLI, REST API
(*) https://docs.microsoft.com/en-us/azure/sql-database/sql-database-transact-sql-information
10. Developing Solutions
Azure SQL Database tasks, scripts,
methods, functions and processes can
be created and managed in Visual
Studio using SQL Server Data Tools.
Azure SQL Database lets you parse and
query data represented in JSON
format, and export your relational data
as JSON text.
Connection libraries (on Windows,
Linux, and Mac) for:
• ADO.NET
• Java
• PHP (Windows only)
• Node.js
• Python
• Ruby
• C/C++ (Windows and Linux)
11. Elastic Database Pools
• A set number of eDTUs for a set price:
• Predictable cost
• Individual databases within the pool
can autoscale:
• Autoscaling boundaries determined
by the min eDTU and max eDTU per
database
• min eDTU and max eDTU are pool
level settings
• Size limited by the smaller of the
database service tier and remaining
pool storage
• Performance expressed in eDTUs
• eDTU = DTU
Cost effective solution to manage multiple databases with
different usage patterns
12. Elastic Database Pool-level Service Tiers
.
• Represent performance and capacity (per
pool):
• Max number of databases (up to 500)
• Max eDTUs (up to 4,000)
• Max data storage (up to 750 GB)
• Max in-memory OLTP storage (up to 12 GB)
• Max concurrent workers (up to 2,400)
• Max concurrent logins (up to 2,400)
• Max concurrent sessions (up to 30,000)
• Min eDTU per database (down to 0)
• Max eDTU per database (up to 4,000)
• Divided into performance levels:
• Based on total eDTUs per pool
• Varying max data per pool size and
performance characteristics
• Each database in a pool has performance
characteristics determined by the matching
single database service tier
• The min and max eDTU per database are
determined by the pool performance level
Basic, Standard, Premium, and Premium RS (preview)
13. Disaster Recovery
• Asynchronous replication of committed
transactions
• Available for all service tiers
• Source and target can be standalone or
pooled
• Up to 4 readable secondaries:
• can be located in any Azure region (requires
a server at that location)
• must use the same service tier
• performance level can differ
• Manual failover and failback
• ERT < 30s, RPO < 5s
• Replication reestablished automatically
Built-in support offering minimal RTO and RPO
14. Backups
• Read Access Geo-Redundant (RA-GRS)
• Retention service tier-dependent:
• Basic: 7 days
• Standard and Premium: 35 days
• Frequency:
• Transaction log: 5-10 minutes
• Differential: every few hours
• Full: weekly, starting immediately after db creation
Automatic backup capabilities
15. Long-Term Backup Retention (preview)
• Requires an Azure Recovery vault:
• Assigned on the server level
• LRS or GRS (you decide)
• Once configured, automatically copies full backups to the vault
• Preserves encryption (TDE)
• Configurable retention period (between 1 week and 10 years)
• Cost according to the Azure Backup service pricing rates
Supplements built-in backup capabilities beyond service tier-
specific retention period
16. Restores
• Point-in-time
• in the same region
• within the service tier-specific
retention period
• Long-term
• Within up to 10 years (when using long
term retention with Azure Recovery
Services vault)
• Results in creation of a new
database:
• to any server in any region
• within the same subscription
• geo-restore uses full and differential
backups
(up to an hour of RPO)
Point-in-time and long-term restore capabilities
17. Authentication and Authorization
• Authentication
• SQL Server principals
• logins:
• one or more defined in master
• users:
• master – manage server-wide roles
• user databases - include contained database users
• Azure AD security principals
• login:
• defined in master
• the server-level Azure AD Admin (privileges
equivalent to the server admin)
• users
• user databases - Azure AD contained database
users
• Authorization
• Role membership
• Object-level permissions
Support for two types of identities
18. Security
• Encryption
• Transparent Data Encryption
• Always Encrypted
• Column/cell-level encryption
• Row-level security
• Dynamic data masking
• Auditing
• Threat detection
• Firewall rules
• Server-level
• Database-level
Includes the latest features of SQL Server 2016.
19. Encryption
Support for “always encrypted” and “transparent” encryption of
the database, backups, transaction log files, and secondaries (DR)
• Always encrypted
• Data encrypted and decrypted within
client apps
• Always Encrypted-enabled driver
• Transparent Data Encryption
• Encryption via a symmetric key
• The symmetric key protected by a built-in server-specific
certificate
• Certificates managed by Microsoft
20. Row-level security
• Based on characteristics of
user or app executing queries:
• group membership
• execution context
• Simplifies the design and
coding of security in your
application
• Logic is located in the
database tier
Azure SQL Database supports row-level security making it easy
to partition query results based on a user or an app
21. Dynamic Data Masking
• Policy-based
• Based on masking rules and masking
functions (e.g. credit card, email, etc.)
• Supports user-based exclusions
• A set of SQL users or AAD identities
• Admin users always excluded
• Hides sensitive data in the result set of a
query targeting designated fields
• Created and managed:
• In the Azure Portal
• Programmatically via SDKs and services
• Scripting and T-SQL commands
Dynamic data masking prevents unauthorized access to
sensitive data by “masking” fields based on roles or permissions.
22. Auditing and Threat Detection (preview)
Capabilities
• Retain an audit trail of selected
event categories
• Track database activity using
preconfigured reports
• Receive email alerts in response to
suspicious events, unusual activity,
and trends.
Audited actions
• Data access
• DML – data changes
• DCL – logins, users, roles and
permissions
• DDL – schema changes
• Security exceptions
23. Temporal Tables
Temporal Tables provide
administrators and
developers the ability to
track and analyze
historical changes in
data, similar to concepts
of versioning, and even
allow retention polices,
similar to a document
management system.
24. Query Performance Insight
• Deeper insight into your
databases resource
consumption
• The ability to drill down into
the details of a query, view its
text and history of resource
utilization
• Performance tuning
annotations that show actions
performed by SQL Azure
Database Advisor
• Relies on Query Store
Makes it easy to troubleshoot Azure SQL Database performance
25. Database Advisor
• Three impact-based categories:
• High impact recommendations should
provide the most significant performance
impact.
• Medium impact recommendations should
improve performance, but not substantially.
• Low impact recommendations should
provide better performance than without,
but improvements might not be significant.
• Recommendations:
• Create index
• Drop index
• Parameterize queries
• Fix schema issues
Recommendations to improve query performance