Azure SQL Database (SQL DB) is a database-as-a-service (DBaaS) that provides nearly full T-SQL compatibility so you can gain tons of benefits for new databases or by moving your existing databases to the cloud. Those benefits include provisioning in minutes, built-in high availability and disaster recovery, predictable performance levels, instant scaling, and reduced overhead. And gone will be the days of getting a call at 3am because of a hardware failure. If you want to make your life easier, this is the presentation for you.
2. About Me
Microsoft, Big Data Evangelist
In IT for 30 years, worked on many BI and DW projects
Worked as desktop/web/database developer, DBA, BI and DW architect and developer, MDM
architect, PDW/APS developer
Been perm employee, contractor, consultant, business owner
Presenter at PASS Business Analytics Conference, PASS Summit, Enterprise Data World conference
Certifications: MCSE: Data Platform, Business Intelligence; MS: Architecting Microsoft Azure
Solutions, Design and Implement Big Data Analytics Solutions, Design and Implement Cloud Data
Platform Solutions
Blog at JamesSerra.com
Former SQL Server MVP
Author of book “Reporting with Microsoft SQL Server 2012”
3. Azure SQL Database benefits
*Data source & customer quotes: The Business Value of Microsoft Azure SQL Database Services, IDC, March 2015
“Now, those people can do
development and create more
revenue opportunities for us.”
Increased productivity
47% staff hours
reclaimed for other
tasks
“We can get things out faster with
Azure SQL Database”
Faster time to market
75% faster
app deployment cycles
“To be able to do what we’re
doing in Azure, we’d need an
investment of millions.”
Lower TCO
53% less expensive
than on-prem/hosted
“The last time we had downtime, a
half a day probably lost us $100k”
Reduced risks
71% fewer cases of
unplanned downtime
Other
Azure SQL
Database
DB management hours
4. Key benefits
The intelligent cloud database
Differentiating proof
Learns and adapts
Scales on the fly
Manages 1000s, like one
Works in your environment
Secures & protects
Self-tuning performance with Index Advisor
and real-time Threat Detection
One click scaling, over 11 performance tiers
with zero downtime
Tenant isolation and automatic management of
compute and storage with Elastic Pools
Popular platforms & languages, from Python
to Ruby to Java to C# to .NET
Built-in HA and data protection with 99.99% SLA,
Geo-Replication, & Point-in-time-Restore
5. Azure SQL Database
The developer’s intelligent cloud-database service
• Built for application developers
• Lets you focus on your business application
• Accelerates your time to market
• Built-in advisors learn your app’s unique
characteristics; adapts to maximize
performance, reliability, and data protection
• Helps you build secure apps and connect
to your database by supporting the languages
and platforms that you prefer
6. Data platform continuum
Hybrid Cloud
On premises
Shared
Lower cost
Dedicated
Higher cost
Higher administration Lower administration
Off premises
7. How is it different from VMs?
Best for…
TCO
benefits
SQL Server in a VM Azure SQL Database
Scalability
Resources
8. Learns and adapts
Intelligent capabilities
• Suggests actions for how to
optimize your database
performance
• Automatically implements
solutions that adapt to the
app’s needs
• Ultimately gives you time back
to focus on your business
9. • Built-in performance monitoring
with intelligent advisors helps reduce
troubleshooting time
• The Azure management portal
exposes real-time metrics
• Azure SQL Database includes
Intelligent advisors:
o Database Advisor
o Query Performance Insight
o Query Store
Intelligent capabilities
10. Database Advisor
• Index tuning recommendations tailored to each DB
• Recommendations are based on the observed usage,
and evolve as the DB workload changes
• Support for CREATE and DROP index
• Intelligent service for implementing and validating the
index recommendations
• Full-auto mode – service takes full care of the indexes
for your DB
• Manual “review and apply” mode for full control
• Report + visualization of index impact
• Parameterize query recommendations
• Fix schema issues recommendations
SQL Database
Index
Advisor
Tuning
Models
Azure Cloud
Improve the database with recommendations
11. Query Performance Insight
See the most CPU-intensive queries:
• Customize your view by selecting
observation interval, number of queries,
and aggregation type
• View aggregated statistics about your
workload: total duration and number
of executions
Drill down to a specific query:
• Get granular view on query execution intervals
• View query text
See how database resources are being consumed
12. Query Store
Comprehensive query-performance information when you need it most
Queries
Workload-data recorder for
your database:
• Queries, plans, and compilation and runtime
statistics available at your fingertips
• Allows you to easily identify and fix
performance issues in the minutes
Enables the following scenarios:
• Finding regressed queries
• Identifying top resource consuming queries
• Ad-hoc workload optimization
• Smooth application upgrades
?
SQL Database
Query Store
Deeper Insight
13. Scale on the fly
• Predictable performance
• Scales performance
• No app downtime
• Pay for what you need
• In-Memory & Real-time
operational analytics
14. Designed for predictable performance
Across Basic, Standard, and Premium, each performance level is
assigned a defined level of throughput
Introducing the Database Transaction Unit (DTU) which
represents database power and replaces hardware specs
Redefined
Measure of
power
% CPU
% read % write
% memory
Basic — 5 DTU S0 — 10 DTU
S1 — 20 DTU
S2 — 50 DTU
S3 — 100 DTU
DTU is defined by the bounding box for the
resources required by a database workload and
measures power across the six performance levels.
P1 — 125 DTU
P2 — 250 DTU
P4 — 500 DTU
P6 — 1,000 DTU
P11 — 1,750 DTU
P15 — 4,000 DTU
15. SQL Database service tiers (single DB model)
*The 99.99% availability SLA does not apply to the existing Web and Business editions, which will continue to be supported at 99.9% availability.
Built For
Available SLA
Max Storage
Business Continuity
Security
Performance Objectives
Database Transaction
Units (DTUs)
Available Tiers
($/Month) and GA Price
Point-in-time Restore
(“oops” Recovery)
BASIC PREMIUMSTANDARD
P1S0
Light transactional workloads Medium transactional workloads Heavy Transactional Workloads
99.99%*
2 GB 250 GB 500 GB
Any point within 7 days Any point within 14 days Any point within 35 days
Geo-restore, Active geo-replication, up to four readable
secondary backups
Always Encrypted, Transparent Data Encryption, Azure Active Directory authentication,
Auditing, row-level security, dynamic data masking
Transactions per hour Transactions per minute Transactions per second
5
$4.99
S1 S2 S3 P2 P4 P6 P11
10 20 50 100
$15 $30 $75 $150
125 250 500 1,000 1,750
$465 $930 $1,860 $3,720 $7,001
1 TB
18. Dashboard views of metrics
Get in-depth views via Portal and APIs.Monitor
19. In-Memory technology for real-time performance
In-Memory
Analytics
In-Memory OLTP Breakthrough Performance
Real-time Operational Analytics
Real-time business insight
based on operational data
Expedite query and transaction processing speed
Up to
30x
faster transactions
100x
performance gains
20. Multitenant efficiency
• Maximize efficiency with elastic
database pools
• Manage and monitor growth
without the administrative
overhead of managing each
database
Build multitenant apps
with isolation and
efficiency
21. Elastic Database
Shares Elastic Database Transaction Units (eDTUs) across many databases
Customer 1 Customer NCustomer 3Customer 2
Elastic Database auto-scales
eDTUs as needed
Auto-scaling you control.
• Pools automatically scale
performance and storage
capacity for elastic
databases on the fly.
• You can control the
performance assigned to a
pool, add or remove elastic
databases on demand, and
define performance of
elastic databases without
affecting the overall cost of
the pool.
• Don’t worry about
managing the usage needs
of individual databases.
22. Auto-scale up to
5 eDTUs per database
Auto-scale up to
100 eDTUs per database
Auto-scale up to
1,000 eDTUs per database
Basic Standard Premium
Elastic Pools
Buy fixed number of eDTUs, share the compute across many databases
Customer 1 Customer NCustomer 2 Customer 3 …
23. SQL Database service tiers (elastic DB model)
Built For
Available SLA
eDTU range per pool
Business Continuity
Security
Available Tiers ($/Month)
and GA Price
Basic Pool Premium PoolStandard Pool
Light transactional workloads Medium transactional workloads Heavy Transactional Workloads
99.99%*
100-1,200 100-1,200 125-1,500
Always Encrypted, Transparent Data Encryption, Azure Active Directory authentication,
Auditing, row-level security, dynamic data masking
Any point within 7 days Any point within 35 days Any point within 35 days
Max # of DBs/Pool
Point-in-time Restore
(“Oops” Recovery)
Performance Objectives
400 400 50
Geo-restore, restore to any Azure region & Active geo-replication, up to four online
(readable) secondary backups
Transactions per hour Transactions per minute Transactions per second
$149–$1,800/month $223–$2,701/month $697–$8,370/month
*The 99.99% availability SLA does not apply to the existing Web and Business editions, which will continue to be supported at 99.9% availability.
24. Elastic Tools
Elastic database jobs
Elastic database queries
Elastic database transactions
Support management and increased
efficiency for multi-database environments
manage operational activities across multiple databases
25. Protects and secures
your app data
• Built-in protection and security
• Meets stringent regulatory-
compliance requirements
• Minimal custom coding
• Advanced encryption technologies
• Powerful business-continuity features
26. Reads are completed at the primary
Writes are replicated to secondaries
Single logical database
Write
Write Ack
Ack
Read
value write
Ack
Critical capabilities:
Create new replica
Synchronize data
Stay consistent
Detect failures
Failover
99.99% availability
High-availability platform
27. Protect from data loss or corruption
Automatic backups
Self-service restore
Tiered retention policy
– 7 days Basic
– 35 days Standard*, Premium
Restore from backup
SQL Database
Backups
sabcp01bl21
Azure Storage
sabcp01bl21
Restore to point-in-time or to point-of-deletion
*new
28. Restore from geo-redundant
backups maintained in Azure
Storage
Restore to any Azure region
Built-in disaster recovery capability available for every database
Geo-restore protects from disaster
SQL Database
Backups
sabcp01bl21
Azure Storage
sabcp01bl21
Restore to any
Azure region
Geo-redundant
29. Active geo-replication
Mission critical business continuity
Up to 4 secondaries
Service levels Basic, Standard and
Premium
Self Service
Readable Secondaries Up to 4
Regions available Any Azure region
Replication Automatic,
Asynchronous
Manageability tools REST API, PowerShell
or Azure Portal
Recovery Time
Objective (RTO)
<1 hour
Recovery Point
Objective
<5 mins
Failover On Demand
31. Most secure database
Surrounded by layers of protection
Mostsecuredatabase
Secure Code
• Secure development lifecycle
• Least vulnerable last 6 years
Identity
• Windows authentication
• Azure Active Directory auth.
NEW
Monitor activity
• SQL threat analytics
• SQL auditing
NEW
Control access
• Row-level security
• Dynamic data masking
NEW
NEW
Protect data
• Always encrypted
• Transparent data encryption
NEW
32. Azure Active Directory authentication
Manage user identities in one location.
Use Azure Active Directory user identities
and groups to enable access to Azure SQL
Database and other Microsoft services.
Benefits include:
• Limit proliferation of user identities
• Allow password rotation in one place
• Eliminate password storing
Azure SQL Database
Customer 1
Customer 2
Customer 3
33. Give users access only the rows
applicable to their role
Simplify the design and coding of
security in your apps
Administer with SQL Server Management
Studio or SQL Server Data Tools
Protect data privacy by ensuring the right access across rows
SQL Database
Customer 1
Customer 2
Customer 3
Row-level security
34. • Auto-discovery of potentially
sensitive data to mask
• Configurable masking policy
from the Azure portal or via
DDL in the server
• On-the-fly obfuscation of data in
query results
• Flexibility to define a set of
privileged users for un-masked
data access
Limit the exposure of sensitive data by hiding it from users
Azure SQL
Database
Table.PhoneNo
+1-313-555-5796
+972-4-777-1978
+1-248-666-6550
On-the-fly masking of sensitive
data in query results
Dynamic data masking
PhoneNum
XXX-XXX-5796
XXX-XXX-1978
35. Encryption type Type Customer value
Encryption-in-transit Transport Layer Security (TLS) from the
client to the server
Protects data between the client and the server against snooping and
man-in-the-middle attacks. Azure SQL Database is phasing out Secure Sockets Layer
(SSL) 3.0 and TLS 1.0 in favor of TLS 1.2.
Encryption-at-rest Transparent Data Encryption (TDE) for
Azure SQL Database
Protects data on the disk. Key management is done by Azure, which makes it easier to
obtain compliance.
Encryption-end-to-end Always Encrypted for client-side
column encryption
Data is protected end-to-end, but the application is aware of encrypted columns. This is
used in the absence of data masking and TDE for compliance-related scenarios.
Database files,
backups, Tx log,
TempDB
Customer data
In-transit At-rest
End-to-end
Azure SQL Database encryption: overview
37. Threat
Detection
Azure
SQL
Database
Malicious insider
External attacker
• Retain an audit trail of selected events
and activities
• Report on database activity—
preconfigured reports and a dashboard
help get you started quickly
• Analyze reports to find suspicious
events, unusual activities, and trends
• Receive proactive alerts about activities
that might indicate potential security
threats using the new Threat
Detection feature
Gain real-time insights and streamline compliance-related tasks
Auditing
Audit log
Azure Storage
Auditing and Threat Detection
38. • Configure Threat Detection
policy in the Azure portal
• Receive alerts from multiple
database-threat detectors that
identify anomalous activities
• Explore the audit log around
the time of an event
Detects anomalous database activities that could indicate a potential threat
Threat Detection
Azure SQL
Database
Threat
Detection
ALERTS
Malicious insider
External attacker
Web app
Alert
39. Compliance
SOC 1 Type 2 and
SOC 2 Type 2
ISO/IEC 27001 FedRAMP/FISMA
HIPAA
business associate
agreement (BAA)
PCI DSS Level 1
EU Model Clauses
40. Microsoft-backed
Built-in regional database replicas
for additional protection
Uptime SLA of 99.99%*
Single support vendor across
Azure cloud services
Peace of mind over your cloud investments
*Web & Business tiers remain backed by 99.9% uptime SLA.
42. Familiar
Choice of management tools; APIs, Azure Management Portal
with HTML5 support, or SQL Server Management Studio.
Leverage SQL Server skills across on-premises and cloud
environments with a familiar relational foundation and T-SQL
functions, including spatial data support for location-based apps.
Tools
Compatible
Support seamless development on or offline and across on-
premises and cloud-designed apps with Visual Studio. Extend
existing applications to the cloud with DAC framework support.
Flexible dev
43. Near-complete SQL compat; more performance
Online index rebuild capability for clustered and non-
clustered indices for greater availability.
Build highly optimized schemas to improve query
processing with table partitioning support.
Access Common Language Runtime (CLR) and define
CLR Types, aggregates, functions and procedures
written in C#.
Support for additional Dynamic Management Views
(DMVs) for deeper insight into application health.
In preview: Extended Events
New features come to SQL Database first!
Broader SQL Server support for improved compatibility on Azure
44. Self-managed continuity
Remove virtually all infrastructure maintenance
through automatic software patching.
Built-in system replicas and automatic failover
help protect data and uptime.
Built-in
Maintenance
Fault
Tolerance
45. Flexibility to work your way
Platforms
Tools
Azure management portal with HTML5 support, Windows PowerShell,
REST APIs, SQL Server Management Studio, and Visual Studio
Languages
Frameworks
Your Azure solution
Build secure apps that connect with the
languages and platforms that you prefer
48. SQL Server Management Studio
(SSMS)
SQL Azure Migration Wizard
(SAMW)
SQL Server Data Tools in Visual
Studio
SQL Server 2016 Upgrade Advisor
Preview
Migration tools
My blog:
Migrate from on-prem SQL server to Azure
SQL Database
49. Azure SQL Database Transact-SQL differences
Server-level activities
Features that relate to high availability which is managed through your Microsoft Azure account:
backup, restore, AlwaysOn, database mirroring, log shipping, recovery modes
Features that rely upon the log reader: Replication, Change Data Capture
FILESTREAM
Global temporary tables
Hardware related server settings: memory, worker threads, CPU affinity, trace flags, etc. Use service
levels instead
Linked servers, OPENQUERY, OPENROWSET, OPENDATASOURCE, BULK INSERT, 3 and 4 part names
.NET Framework CLR integration with SQL Server
Resource governor
Semantic search
SQL Server Profiler
Transact-SQL debugging
Triggers: Server-scoped or logon triggers
USE statement
https://azure.microsoft.com/en-us/documentation/articles/sql-database-transact-sql-information/
50. Azure getting started
• Free Azure account, $200 in credit, https://azure.microsoft.com/en-us/free/
• Startups: BizSpark, $750/month free Azure, BizSpark Plus - $120k/year free Azure,
https://www.microsoft.com/bizspark/
• MSDN subscription, $150/month free Azure, https://azure.microsoft.com/en-us/pricing/member-
offers/msdn-benefits/
• Microsoft Educator Grant Program, faculty - $250/month free Azure for a year, students -
$100/month free Azure for 6 months, https://azure.microsoft.com/en-us/pricing/member-
offers/msdn-benefits/
• Microsoft Azure for Research Grant, http://research.microsoft.com/en-
us/projects/azure/default.aspx
• DreamSpark for students, https://www.dreamspark.com/Student/Default.aspx
• DreamSpark for academic institutions: https://www.dreamspark.com/Institution/Subscription.aspx
• Various Microsoft funds
51. Q & A ?
James Serra, Big Data Evangelist
Email me at: JamesSerra3@gmail.com
Follow me at: @JamesSerra
Link to me at: www.linkedin.com/in/JamesSerra
Visit my blog at: JamesSerra.com (where this slide deck will be posted)
Notas do Editor
So you have been running on-prem SQL Server for a while now. Maybe you have taken the step to move it from bare metal to a VM, and have seen some nice benefits. Ready to see a TON more benefits? If you said “YES!”, then this is the session for you as I will go over the many benefits gained by moving your on-prem SQL Server to an Azure VM (IaaS). Then I will really blow your mind by showing you even more benefits by moving to Azure SQL Database (PaaS/DBaaS). And for those of you with a large data warehouse, I also got you covered with Azure SQL Data Warehouse. Along the way I will talk about the many hybrid approaches so you can take a gradual approve to moving to the cloud. If you are interested in cost savings, additional features, ease of use, quick scaling, improved reliability and ending the days of upgrading hardware, this is the session for you!
Fluff, but point is I bring real work experience to the session
One of the first things to understand in any discussion of Azure versus on-premises SQL Server databases is that you can use it all. Microsoft’s Data Platform leverages SQL Server technology and makes it available across physical on-premises machines, private cloud environments, third party hosted private cloud environments, and public cloud. This enables you to meet unique and diverse business needs through a combination of on-premises and cloud-hosted deployments, while using the same set of server products, development tools, and expertise across these environments.
As seen in the diagram, each offering can be characterized by the level of administration you have over the infrastructure (on the X axis), and by the degree of cost efficiency achieved by database level consolidation and automation (on the Y axis).
When designing an application, four basic options are available for hosting the SQL Server part of the application:
SQL Server on nonvirtualized physical machines
SQL Server in on-premises virtualized machines (private cloud)
SQL Server in Azure Virtual Machine (public cloud)
Azure SQL Database (public cloud)
The SQL Database service was designed to build cloud designed applications. What do I mean when I say cloud-designed? I am talking about applications that can scale dynamically across multiple nodes during peak demand and have the ability to scale down to fewer nodes during normal demand, dynamically. SQL Database service is a scale out relational database and ideal for cloud applications, where demand often times in not predictable. It offers the ability to architect your database application to use database sharding for dynamic scalability across multiple nodes. This is a unique design point that lets customers gain the full benefits of cloud scalability. 3M did just that by building Visual Attention Service (VAS) software, which measures marketing effectiveness of products, on SQL Database service. This VAS application has seen over 400x growth in demand and SQL Database was able to scale out to meet demand without problem and reduce in capacity during nominal demand. 3M not only realized infrastructure and data platform management cost saving, but also 50% revenue growth by being able to scale dynamically to capture all demand. They view SQL Database as a providing cost effective scalability and with an SLA for the infrastructure and the database, it less they have to manage and worry about, as they highlight in their quote. This all adds up to faster time to market for 3M’s VAS software.
http://www.microsoft.com/casestudies/Windows-Azure/3M-Informatics/3M-Unit-Boosts-Revenue-by-50-Percent-with-Choice-of-Cloud-Service/710000002636
You can also use the SQL Database service to create hybrid applications like BetonSoft has done. Betonsoft is an online gambling company that wanted to build a highly resilient gaming platform, so the implement SQL Server AlwaysOn on-premises for synchronous replication and used the asynchronous replicas for off loading BI and reporting. To ensure even higher resiliency they decided to move gaming platform error reporting and metric monitoring system off-premises to Microsoft Azure SQL Database so that if there is an issue with the gaming engine the errors and metric can easily recovered from Microsoft Azure. They also decided to move their application marketing engine that needs dynamic scalability during viral marketing pushes to SQL Database as it offered the dynamic scalability they were looking for so they did have to build infrastructure for peak demand. In addition by taking advantage of the many Microsoft Azure data centers they were able to improve their global reach and performance of their marketing applications that promote their gambling platform to users worldwide.
http://www.microsoft.com/casestudies/Microsoft-SQL-Server-2012-Enterprise/BetOnSoft/Online-Gaming-Firm-Implements-Real-Time-Analytics-and-Scales-for-Planned-Growth/710000000130
Situation:
BetOnSoft develops and manages more than 110 online casino games, played every day by thousands of players worldwide. The company needed to ensure that its games are highly available, and the company wanted to prepare for business growth by scaling its database without impacting application responsiveness.
Solution:
The company deployed a hybrid application solution that takes advantage of the high-availability features in Microsoft SQL Server 2012 AlwaysOn and runs several critical services on Microsoft Azure SQL Database for its high availability and fast provisioning. For example, BetOnSoft maintains its error-reporting service in the Microsoft Azure cloud with data stored in Microsoft Azure SQL Database.
Benefits:
The solution helps BetOnSoft enhance the services it provides to the operators that run the company’s games. Using the monitoring service in SQL Database, the company says it can see where the problems are and if there are certain trends, enabling them to use these metrics to enhance services and improve the overall user experience.
The company is also seeing dramatically improved availability and scalability—its infrastructure can exceed 10 times its previous peak loads while running intensive real-time data analytics.
BetOnSoft also says the solution helps simplify administration for BetOnSoft database administrators, with the ability to check the database frequently and easily, as well as offload reporting, helping to reduce time and effort.
Resource & tenant administration. With Elastic Database Pools, you gain automatic management and administration of compute and storage across an unlimited number of databases – helping cap your spending, maximize utilization, and effectively scale multitenant apps.
By storing your data in Azure SQL Database, you take advantage of many fault tolerance and secure infrastructure capabilities that you would otherwise have to design, acquire, implement, and manage. Azure SQL Database has a built-in high availability subsystem that protects your database from failures of individual servers and devices in a datacenter. Azure SQL Database maintains multiple copies of all data in different physical nodes located across fully independent physical sub-systems to mitigate outages due to failures of individual server components, such as hard drives, network interface adapters, or even entire servers. At any one time, three database replicas are running—one primary and two or more replicas. Data is written to the primary and one secondary replica using a quorum based commit scheme before the transaction is considered committed. If the hardware fails on the primary replica, Azure SQL Database detects the failure and fails over to the secondary replica. In case of a physical loss of a replica, a new replica is automatically created. So there are always at minimum two physical, transactionally consistent copies of your data in the datacenter.
Azure Active Directory authentication is a mechanism for connecting to Microsoft Azure SQL Database by using identities in Azure Active Directory. With Azure Active Directory authentication, you can centrally manage the identities of database users and other Microsoft services in a single location. Central identity management provides a single place to manage Azure SQL Database users and simplifies permission management. Benefits include:
An alternative to SQL Server authentication
Help in stopping the proliferation of user identities across database servers
The ability to perform password rotation in a single place
Management of database permissions using external Azure Active Directory groups
Elimination of the need to store passwords: it enables integrated Windows authentication and other forms of authentication supported by Azure Active Directory
Azure Active Directory authentication uses contained database users to authenticate identities at the database level.
Azure Active Directory members created in the managed domain or with a federated domain can be provisioned in Azure SQL Database.
Limitations:
Microsoft accounts (for example outlook.com, hotmail.com, live.com) or other guest accounts (for example gmail.com, yahoo.com) are not supported.
Only one Azure Active Directory administrator (a user or group) can be configured for an Azure SQL Database at any time.
Only an Azure Active Directory administrator can initially connect to the Azure SQL Database using an Azure Active Directory account. The Azure Active Directory administrator can configure subsequent Azure Active Directory database users.
Some tools like BI and Excel are not supported.
Azure Active Directory authentication only supports the .NET Framework Data Provider for SQL Server (at least version in .NET Framework version 4.6). Therefore SQL Server Management Studio (available with SQL Server 2016) and data-tier applications (DAC and .bacpac) can connect, but sqlcmd.exe cannot connect because sqlcmd uses the ODBC provider.
Two-factor authentication or other forms of interactive authentication are not supported.
Row-Level Security is a programmability security feature that can be implemented on databases to enable fine-grained access to rows of data in a table for greater control over which users can access which data. This allows for more flexibility and data protection when multiple logins need to access various records in a database and can help organizations more easily support organizational or industry compliance policies. Row-Level Security is managed at the database level and requires SQL Server Management Studio (SSMS) or SQL Server Data Tools (SSDT) to implement and manage.
Generally, any application which has multiple users accessing various data records can benefit from Row-Level Security; here are a few key examples:
A hospital or medical clinic could implement a security policy that allows nurses and doctors to only see data rows for their own patients.
A bank might implement a security policy to restrict access to financial data rows based on the employee's business division or based on her role within the company.
A multi-tenant application might store multiple customer records within a single database to achieve cost efficiencies. To ensure greater data security and isolation, a security policy can be implemented to further create a logical separation of each tenant's data rows from other tenant's rows.
Dynamic Data Masking is a Security service of Azure SQL Database that enables Azure Administrators to restrict access to sensitive data on productive databases. The sensitive data is persisted in the database in its original format. Based on a Data Masking policy, mask function (full mask / partial mask) is applied on specific fields.
You may use either the Azure Management Portal, the new Azure Portal, PowerShell or REST API to configure data masking. For the Azure Management Portal, the configuration is under the Auditing & Security Section. For the new Azure Portal there is a dedicated section in the Database Tile.
Dynamic Data masking is supported across the V12 versions of the Basic, Standard and Premium tiers and is included at no extra cost.
Transparent Data Encryption leverages the long-time trusted encryption technology found in SQL Server and brings it to SQL Database V12 databases for encrypting a customer’s database at rest to help further protect against the threat of malicious activity. Transparent data encryption (TDE) performs real-time I/O encryption and decryption of the database, associated backups, and transaction log files. We have leveraged the latest hardware technology in the V12 service architecture to help minimize any performance impact TDE may impose on a customer’s database.
It is very similar to TDE for SQL Server in that encryption/decryption is completely transparent and requires no changes to an application using a database that is protected by TDE.
Unlike TDE for SQL Server, the first version of TDE for SQL DB is completely “service-managed” meaning TDE is on by default and all keys incl. rotation, backups are managed by the service. TDE for SQL DB currently does not offer an EKM option which will be provided in version 2 (see below).
Currently, TDE uses a database encryption key (DEK) protected by a TDE certificate. The certificate is stored in the SQL Database service on separate physical hardware for availability during recovery. We will explore additional key storage options at a future date.
Always Encrypted is a feature designed to protect and extra measure of protection to sensitive data, such as credit card numbers or national identification numbers (e.g. U.S. social security numbers), stored in SQL Server databases and in Azure SQL Database. This feature protects data while it is most vulnerable: while it is being used.
Always Encrypted allows clients to encrypt sensitive data inside client applications and never reveal the encryption keys to SQL Server. As a result, Always Encrypted provides a separation between those who own the data (and can view it) and those who manage the data (but should have no access). By ensuring on-premises database administrators, cloud database operators, or other high-privileged, but unauthorized users, cannot access the encrypted data, Always Encrypted enables customers to confidently store sensitive data outside of their direct control. This allows organizations to encrypt data at rest and in use for storage in Azure, to enable delegation of on-premises database administration to third parties, or to reduce security clearance requirements for their own DBA staff.
Always Encrypted makes encryption transparent to applications. An Always Encrypted-enabled driver installed on the client computer achieves this by automatically encrypting and decrypting sensitive data in the SQL Server client application. The driver encrypts the data in sensitive columns before passing the data to SQL Server, and automatically rewrites queries so that the semantics to the application are preserved. Similarly, the driver transparently decrypts data, stored in encrypted database columns, contained in query results. Data is thus encrypted even during transactions and computations.
https://azure.microsoft.com/en-us/documentation/articles/sql-database-get-started-sql-data-sync/
https://www.mssqltips.com/sqlservertip/3062/understanding-sql-data-sync-for-sql-server/
https://msdn.microsoft.com/en-us/library/hh868047.aspx
Compare SQL Data Sync to Active Geo-Replication
Based on customer feedback, Azure SQL Database is introducing new service tiers to help customers more easily innovate with cloud-designed database workloads. At the heart of this change, the new tiers deliver predictable performance across a spectrum of six performance levels for light- to heavy-weight transactional application demands. Additionally, the new tiers offer a spectrum of business-continuity features, a stronger uptime SLA, larger database sizes for less money, and an improved billing experience.
Migration tools
Tools used include SQL Server Management Studio (SSMS), the SQL Server tooling in Visual Studio, and the SQL Azure Migration Wizard (SAMW), as well the preview of the new Azure management portal. Be sure to install the latest versions of the client tools as earlier versions are not compatible with the preview of the latest SQL Database Update. The role of each tool is summarized below together with a link for installing/accessing the latest version.
Preview Azure Management Portal
The preview Azure management portal (http://portal.azure.com) is required to create servers using the latest SQL Database Update or to migrate existing servers and databases. You can find out more about migrating existing servers here: http://azure.microsoft.com/en-us/documentation/articles/sql-database-preview-upgrade/.
SQL Server Management Studio (SSMS)
SSMS can be used to deploy a compatible database directly to Azure SQL Database or to export a logical backup of the database as a BACPAC, which can then be imported, still using SSMS, to create a new Azure SQL Database. You cannot use the preview portal to import a BACPAC yet.
You must use the latest version of SSMS to work with the preview of Azure SQL Database Latest Update which is available in CU5 of SQL Server 2014 or by downloading the latest version of the tools from http://msdn.microsoft.com/en-us/evalcenter/dn434042.aspx.
SQL Azure Migration Wizard (SAMW)
SAMW can be used to analyze the schema of an existing database for compatibility with Azure SQL Database, and in many cases can be used to generate and then deploy a T-SQL script containing schema and data. The wizard will report errors during the transformation if it encounters schema content that it cannot transform. If this occurs, the generated script will require further editing before it can be deployed successfully. SAMW will process the body of functions or stored procedures which is normally excluded from validation performed by the SQL Server tooling in Visual Studio (see below) so may find issues that might not otherwise be reported by validation in Visual Studio alone. Combining use of SAMW with the SQL Server tooling in Visual Studio can substantially reduce the amount of work required to migrate a complex schema.
Be sure to use the latest version of the SQL Azure Migration Wizard from CodePlex at http://sqlazuremw.codeplex.com/.
SQL Server tooling in Visual Studio
The SQL Server tooling in Visual Studio can be used to create and manage a database project comprising a set of T-SQL files for each object in the schema. The project can be imported from a database or from a script file. Once created, the project can be targeted at the latest preview of Azure SQL Database; building the project then validates schema compatibility. Clicking on an error opens the corresponding T-SQL file allowing it to be edited and the error corrected. Once all the errors are fixed the project can be published, either directly to SQL Database to create an empty database or back to (a copy of) the original SQL Server database to update its schema, which allows the database to be deployed with its data using SSMS as above.
You must install and use the preview of the SQL Server database tooling for Visual Studio with support for the preview of Azure SQL Database Latest Update V12. Make sure you have Visual Studio 2013 with Update 4 installed first. See this blog post for more details of this preview release and how to install it: http://blogs.msdn.com/b/ssdt/archive/2014/12/18/sql-server-database-tooling-preview-release-for-the-latest-azure-sql-database-update-v12-preview.aspx.
You can keep track of updates to this software on the team blog at http://blogs.msdn.com/b/ssdt/.