Azure SQL Design Decisions Part 2

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

14 hours 28 minutes
Video Transcription
Hello, Siberians. Welcome to Lesson 3.5. Off Monetary Off discussed stated Microsoft Azure Arctic design
so we'll continue from where we left off in the last video.
Well, carry on Talking about sequel in Hajer. But from a performance perspective and this goes beyond just as juicy Quote Database will actually be covering the different sequel options in Hajar from a performance perspective.
Then we'll cover just sequel from a security perspective
and finally will cover as a sequel for me. Cost perspective.
Let's get into this. Let's talk about sequel in Hajer design decisions as it relates to performance on in this particular slight I won't just be covering as your sequel. I'll also be extending that this discussion to seek well in a virtual machine in Hajer because they're set in
concentrations that we have tohave when it comes to performance.
When it comes to, I just seek well, and I just think we'll manage instance. We want to select the right steer fire workload. So you know how we have the different T has the pendant
on the deployment model that you have. You have different tiers where we have the general propose you have the business critical. And then you have the iPods killed, just insured. I used to like the right city, every walk look.
Also, it's a good practice to deploy year database workload as close as possible to the application on the client that uses it. This is to avoid as much as possible network latency
when it comes to Sequel seven Measure of virtual Machines.
Just continue to use the same database performance tune in options that I play cable to see course ever in an on premises environment on. By the way, this is not just only for sick, well seven Nigel Virtual machines. This also applies to Azure sequel Best practices When it comes to performance, tune in for sick or still applies.
So factors such as the size of the veteran machine that you're deploying I'm sequel to the configuration off the data disk. Whether you're using standard disco premium discs, definitely have an IMP activation sequel. Sava in Nigel Virtual Machine.
One of the things that I want to call out when it's related to the data disks off the veteran mission that's running sequel in Hajer East that you can configure cash in for the disks. Now he has the best practice. Read only cash in configured on disks that old Austin your data
and when it comes to the disc that Austin your logs enable no cash in. In other words, there's no cash in for discussed in the logs. Read Only cash in for Disco Austin The data. This would give you the best performance for sequel server in Nigel Virtual machines.
Now let's talk about security. So when it comes to security there multiple, Leah's the friends, and that is always a good strategy.
And that is what is covered in this light. You have security as it relates to identity and access security at it as it relates to data protection, network security, monitoring and logging, which we talked about in the previous video on then other things like security management and ensuring that you have visibility into what's going on.
I'll just emphasize some key best practices in the upcoming slight
as it comes in network security. You want to use I P Firewall rolls off Vinod service endpoint to restrict network access
as you're sick. Whoa! Unlike Jessica, managed instance, is not applied within a virtual network, which means that it can be reached directly over the Internet. Now we can use something called under the firewall and virtual Networks configuration of that service
we can restrict with I P addresses can connect to our just sequel
over the network on. We can also use something called Vinet service endpoint to ensure that connective it can only be made to the platform. Sequel from Service is off resources that are running within an isolated network.
Hi p Firewall votes can become figured at a server level. Are the data base level. In some cases,
when it comes to access management, you want to use robots access control to restrict management access. So if you think about it, for example, you want to be ableto restrict was ableto get to the service and make configuration changes.
Also, when it comes to the databases that are running within the server
data basis, the supports two types of authentication sequel authentication, which is the default on as your 80 authentication. So we can actually integrate as your Haiti directly with a sequel databases so that we manage identity from a central point that also as the added advantage of being able to use face like
multi factor authentication.
Database. Auto Physician can be a signed using transact sequel
when it comes to a data protection. Transparent data encryption is enabled by default, so that means you're dead eyes encrypted at rest.
Now we can and as the encryption by using our own case.
The defaulting prefer that enabled The keys are automatically managed when Microsoft, but maybe for complaints reasons. Who wants to bid? Once managing the key, we can griet and integrate key votes that we talked about in previous lessons. We can integrate key vote with just sequel on Be able to use our keys
as it relates to trade protection. This is talking about identifying the different attacks or different anomalies that may be going on within sicko so we can enable a service called Advance Straight Protection, which is gonna analyze the sequel logs and look for anomalies or indicators off compromise or indicators of attacks.
It's gonna help us to detect unusual behavior and potentially harmful attempt, tow, exploit our data basis.
It's concentrated protection mentioned this earlier. Transparent Did. Our encryption is enabled by default on. We can announce it is in our own keys
when it comes to cost
with just a quote design.
We need to understand what exactly are we charged for when we use this service? So here's what we attach for were charged for the computer, and I includes the memory that we're using would pay for that when we select the different service tear that we want to use.
We also charge for the stoppage, which, in the case, off using the vehicle approaches and model. We have more flexibility in controlling that.
We chat for the back off storage. So if we're gonna be doing back after the back of that a start, there's gonna be a cost to that. And then we also charge for long time backup retention strategy that's going to be starting a Nigel storage account. And that's gonna in Kiersten and costs,
as we've discussed earlier there to protest in models the vehicle based on the ditty you based model.
When it comes to building option, we can either pay us you go. In other words, you just paper how for what you're using or, in the case off, several issue even paying per second,
we can do something called a reserved instance, so reserved instance means, if you know that this is a database walker that's not going anywhere, it's a database workload that's gonna be online for a long period. You probably wants to pay for it or agree to reserve it upfront, and that's going to give you
potentially up to 28% savings. If you reserved for
after three years,
pay as you go your paper. How are for the computer you're using one year or three years reserved Mr Paper year with 18% or 20% savings now makes of us has introduced more flexibility to where you can reserve the instances but pay monthly. So that's good.
If you're isn't Vic approaches and model, we have the option off using hybrid benefit, which allows us to be able to use our sequel. Several licenses in Hajer on that's gonna result in significant savings also,
So if we want to get up to 86% cost savings, we can use a combination of what I bred benefit regions in our existence. Sicko. Several licenses which reserved instances and that can result in significant cost savings.
So that's it for this particular lesson. I hope you've enjoyed it, and I'll see you in the next lesson
Up Next