Embed Size (px)
Citation preview
DBI B306
•
•
•
• Built for SaaS and Enterprise applications
• Predictable performance & Pricing
• Elastic database pool for unpredictable SaaS workloads
• 99.99% availability built-in
• Geo-replication and restore services for data protection
• Secure and compliant for your sensitive data
• Fully compatible with SQL Server 2014 databases
Fully managed SQL database service so you can focus on your business
80 B / every day
Customer requests
processed
350 M /
every day
Logins
1.6 M / as of
today
Database in use
25 M / per day
Database hours
133countries
Use of Azure SQL DB
114 k
Single customer
application with DB
ISVs and SaaS Enterprise Apps
Serving Customer
Enterprise Apps
Serving Employees
快速开发部署移动App
Compute
Wri
tes R
ead
s
Memory
• Basic Standard Premium
B S0 S1
S2 S3
P2
P6
P1
常用数据库扩展形式
Azure SQL Database扩展选择方案
Vertical: Scale up or scale down
Horizontal: Scale out or scale in
Scale out/in
Sca
le u
p/d
ow
n
Premium
Basic
Standard
Basic Basic Basic
Premium
SQL DB
V12
FedRAMP, ISO, HIPPA, PCI, EU MC, UK G-Cloud
Encryption Type Type Customer Value
Encryption-In-Transit TLS from Client to Server
TLS = Transport Layer Security
Protects data between client and server against snooping & man-in-the-middle attacks.
SQL DB is phasing out SSL 3.0 and TLS 1.0 in favor of TLS 1.2.
Encryption-At-Rest TDE for SQL DB
TDE = Transparent Data Encryption
Protects data on disk. Key management done by Azure.
Makes it easier to obtain compliance.
Encryption-End-To-End Client-side column encryption for SQL
DB (library available for download)
Data protected end-to-end but application is aware of encrypted columns.
Used in the absence of data masking and TDE for compliance related scenarios.
Database Files,
Backups, Tx Log,
TempDB
Customer Data
In-Transit At-Rest End-To-End
数据加密
Encrypted at rest, in flight, and while in use
SQL Server does not have the keys (nor does it
need the keys)
Keep application changes to a minimum
Encryption/decryption of data done transparently in
TCE-enabled client driver
Support for equality operations (include joins) on
encrypted data
Azure manages encryption keys
All customer data encrypted at rest
SQL Database
Fine-grained access control over specific rows in a
database table
Help prevent unauthorized access when multiple users
share the same tables, or to implement connection
filtering in multitenant applications
Administer via SQL Server Management Studio or SQL
Server Data Tools
Enforcement logic inside the database and schema
bound to the table.
Protect data privacy by ensuring the right access across rows
Row-level security
SQL Database
Customer 1
Customer 2
Customer 3
Configuration made easy in the new Azure
portal
Policy-driven at the table and column level, for
a defined set of users
Data masking applied in real-time to query
results based on policy
Multiple masking functions available (e.g. full,
partial) for various sensitive data categories
(e.g. Credit Card Numbers, SSN, etc.)
Prevent the abuse of sensitive data by
hiding it from users
SQL Database
Table.CreditCardNo
4465-6571-7868-5796
4468-7746-3848-1978
4484-5434-6858-6550
Real-time data masking; partial masking
Geo-Restore Geo-Redundant
Backups RPO < 1 hour
Recovery Time
Minutes to Hours
Geo-Replication Asynchronous
Replication RPO < 5 seconds
Recovery Time
< 30 seconds
Point in time restore Continuous backup Restore to any-
point
Recovery Time
Minutes to Hours
Accidental Database
deletion Tail-end backup
Restore to point of
deletion
Recovery Time
Minutes to Hours
PREVIEW
• Elastic databases, Elastic database pools
• Pooled resources leveraged by many databases
• Standard elastic pool provides 100-1200* DTUs for up to 200* databases
• Elastic Standard databases can burst up to 100 DTUs (S3 level)
• Created/configure pool via portal, PowerShell, REST APIs
• Move databases in/out using portal, PowerShell, REST APIs, T-SQL
• Databases remain online throughout
• Monitoring and alerting is available on both pool and databases
*Additional pricing tiers may be introduced, and the ranges and limits may be increased during the preview
Max per-database burst level
https://channel9.msdn.com/Events/Ignite/Microsoft-Ignite-China-2015
http://aka.ms/IgniteChina2015
