Before getting into Azure SQL, let me give you an idea about cloud computing. In a simple example, we all use electricity in our day to day life but we do not worry about where it comes from, how it is transported or how it gets generated. We just pay the bill and utilize it. The idea behind cloud computing is somewhat similar. As a user, we will use the services provided by cloud service providers and utilize the computing power to fulfill our requirements.
Let's step back a little and see how we used to work before cloud computing came into the picture. In traditional data centers, we used to maintain the physical servers, cables, and switches. Once these components are setup, we configure the virtualization layer like Hyper-V or VMware which helps us to setup the virtual machines. Next comes the operating systems where we are responsible for patching and maintaining each VM. Along with it, we also had to manage networks and firewalls ensuring all the security best practices followed on regular basis . Then, we had to manage the applications and services also, which run on these setups. So we were responsible for pretty much everything starting from hardware until application.
Now, let's see how these operations are distributed in cloud computing. You might be familiar with terminologies like Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). These are the cloud computing models/offerings. I can think of SaaS as consuming something! I am just connecting and getting the data required. I am not worried who is behind it running the framework. PaaS, on other hand, is more developer oriented where if I want to build some application, OS required for it is taken care by someone else. I am not worrying about patching of the OS. And, IaaS is the kind of stuff where I need some control over virtual machines but not to worry about underlaying cables! In IaaS, I might be configuring virtual networks, firewalls, and managing storages.
Azure Subscriptions
This is what we really need to try our hand. This grants access to Azure services through Management portal.
Azure offers two management portals now.
- Service Management (Classic)
- Azure Resource Manager (ARM)
No matter which portal you use, there won't be any changes in the hardware. The changes only come in terms of way we deploy and manages the resources.
What is Azure Resource Manager?
ARM allows us to logically group the resources along with defining the resource dependencies. Let's take an example of resource: Virtual Machine. Virtual Machine is dependent on multiple resources like storage account, Load balancer, Network Interfaces, Virtual Network etc. Resource manager make sure to deploy these dependent resources in right order. One of the key advantage of resource manager is to support repeated deployments by using templates and also provide role based access control to the users to manage the resources. In classic portal there was a limitation that asynchronous deployments of resources are not supported. We had to wait until one deployment to complete before starting the next deployment of resources. In resource manager deployments are done simultaneously.
Service Level Agreement
The Service Level Agreement (SLA) describes Microsoft’s commitments for uptime and connectivity to all the Azure services. For virtual machines Microsoft provides 99.95% and 99.9% based on instance count , Availability set and storage types. When we deploy Virtual machines in to cloud, in order to get the SLA we need to have two or more instances of Virtual machines.
Let us understand the concept of Availability set. Suppose we are having SQL Server in a virtual machine and we want high availability of these SQL Servers, then we have to create 2 instances of Virtual machine and put them in the same Availability set. Availability set is a way of telling Azure that instances in this particular set cannot be taken down (offline) at the same time. Azure is smart enough to manage these virtual machines during host updates or software updates. At the time of patching/updates of host machines, Azure will make sure to keep one of the instances online. There are two concepts in Availability set. Fault domain and Update domain.
Fault domain and Update domain
Fault domain and Update domains are pretty important to understand when we are designing azure solutions. Virtual machines are installed on racks of a data center. Fault domain basically means a different hardware rack in the same data center. The solution will be deployed in two different hardware racks. Upgrade domain is same like fault domain but they support upgrades rather than failures.
There is detailed article in MSDN on fault domain and update domain - https://blogs.msdn.microsoft.com/plankytronixx/2015/05/01/azure-exam-prep-fault-domains-and-update-domains/
Azure SQL
Databases are an integral part of many applications. In this lesson let us understand how does SQL Server fit into Azure. SQL Server can be hosted in a virtual machine or hosted as a service. Hosting SQL Server in a Virtual machine will come under infrastructure as a service (IaaS) and hosting as a service can be considered as Platform as a service (PaaS).
Running SQL Server in our local environment (IaaS) is similar to running SQL Server in Azure VM but Microsoft provides the hardware and also provides SLA of 99.5 percent. In this case patching , Backup of the SQL server is our responsibility.
On the other hand, Azure SQL databases is a service (PaaS) which provides business continuity with no down time. More importantly it is scalable. It reduces the administrative tasks by providing built in backup and supports restore capabilities.
How it is secured?
Customers moving databases in to the cloud always be concerned about security. Keeping this in mind, Azure SQL introduced several security enhancements.
- Dynamic Data Masking
This limits the sensitive data exposure and help prevent unauthorized access to sensitive data. We can apply masking rules to particular column.
- Row Level Security
This controls the access to rows in a database table characteristics of the users executing a query.
- Always encrypted
This is a data encryption technology. The client applications that have access to the keys can access the data.
More info here,
- https://docs.microsoft.com/en-gb/azure/sql-database/sql-database-dynamic-data-masking-get-started
- https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine
- https://docs.microsoft.com/en-us/sql/relational-databases/security/row-level-security
How do we migrate on premise databases to Azure cloud?
Migrating on-premise databases to cloud is straight forward as long it is compatible to the target environment. Personally I prefer to use tools to find the compatibility issues. One of which is, Data Migration Assistance. This is a standalone tool which enables you to upgrade by detecting compatibility issues that impacts the database functionality.
Download link - https://www.microsoft.com/en-us/download/details.aspx?id=53595