data disk containing the logs : None
Note: Do not enable caching on disks hosting the log file. Important: Stop the SQL server service when changing the cache settings for an Azure VM disk
data disk containing the data : ReadOnly
Note: Enable read caching on the disks hosting the data files and TempDB data files.
SQL Database dynamic data masking limits sensitive data exposure by masking it to non-privileged users.
Virtual Network service endpoints extend your virtual network private address space and the identify of your VNET to the Azure services, over a direct connection. Endpoints allow you to secure your critical Azure service resources to only your virtual networks.
Traffic from your VNET to the Azure Service always remains on the Microsoft Azure Backbone network.
Azure Service Health is the service that should be used.
Log Analytics to get event data from virtual machines.
The Log Analytics workspace can also retain data indefinitely.
Log Analytics can collect events from the windows event logs or linux syslog and performance counters that you specify for longer term analysis and reporting, and take action when a particular condition is detected.
Azure Data Factory for hosting the packages.
Architecture of SSIS on Azure:
what is the difference b/w SSIS ON prem and SSIS on Azure ?
The most significant difference is the separation of storage from runtime. Azure Data Factory hosts the runtime engine for SSIS packages on Azure.
The runtime engine is called the Azure-SSIS Integration Runtime ( Azure-SSIS IR ).
Federation is a collection of domains that have established trust. The level of trust may vary, but typically includes authentication and almost always includes authorization.
A typical federation might include a number of organizations that have established trust for shared access to a set of resources.
you can federate your on-prem environment with Azure AD and use this federation for authentication and authorization.
This sign-in method ensures that all user authentication occurs on-premises. This method allows administrators to implement more rigorous levels of access control.
Federation with AD FS and PingFederate is available.
Azure Active Directory protection provides all the security features for your Azure Active Directory entities.
Identity protection is a tool that allows organizations to accomplish three key tasks:
1) Automate the detection and remediation of identity based risks.
2) Investigate risks using data in the portal.
3) Export risk detection data to third party utilities for further analysis.
Identity protection uses the learning Microsoft has acquired from their position in organizations with Azure AD, the consumer space with Microsoft Accounts, and in gaming with Xbox to protect your users. Microsoft analyses 6.5 trillion signals per day to identify and protect customers from threats.
The signals generated by and fed to identity protection can be further fed into tools like conditional access to make access decisions or fed back to a security information and event management ( SIEM ) tool for further investigations based on your organisations enforced policies.
Smart Detection in Application Insights.
Smart Detection automatically warns you of potential performance problems and failure anomalies in your web application. It performs proactively analysis of the telemetry that your app sends to Application Insights.
If there is a sudden rise in failure rates or abnormal patterns in client or server performance, you get an alert. This feature needs no configuration. It operates if your application sends enough telemetry.
First and foremost need to install the Azure Site Recovery agent on each node.
How to download and install the provider ?
For migrating Hyper-V VMs, Azure Migrate: Server Migration installs software providers ( Microsoft Azure Site Recovery provider and Microsoft Azure Recovery Service Agent) on Hyper-V Hosts or cluster nodes.
Note: Azure Migrate appliance is not used for Hyper-V migration.
Plan to assess and migrate the virtual machines by using the Azure Migrate service.
One Azure Migrate Appliance support up to 5,000 Hyper-V VMs.
Overview of Azure Migrate:
1) Azure Migrate: Server Assessment uses a lightweight Azure Migrate Appliance.
The appliance performs VM discovery and sends VM metadata and performance data to Azure Migrate.
The appliance can be setup in a number of ways.
Set up on a Hyper-V VM using a downloaded Hyper-V VHD. This is the method.
Set up on a Hyper-V VM or physical machine with a powershell installer script. This method should be used if you can't set up a VM using the VHD, or if you're in Azure Government.
A BACPAC is a Windows file with a .bacpac extension that encapsulates a database's schema and data. The primary use case for a BACPAC is to move a database from one server to another or to migrate a database from a local server to the cloud - and archiving an existing database in an open format.
A BACPAC on the other hand, is focused on capturing schema and data supporting two main operations:
1) Export : The user can export the schema and the data of a database to a BACPAC.
2) Import: The user can import the schema and the data into a new database in the host server.
https://docs.microsoft.com/en-us/sql/relational-databases/data-tier-applications/data-tier-applications?view=sql-server-ver15#bacpac
When you have existing Microsoft Licenses with Software Assurance, they can opt for a hybrid model in which they can benefit from huge discounts.
Azure Hybrid Benefit:
In the provisioned computer tier of the vCore-based purchasing model, you can exchange your existing licenses for discounted rates on SQL Database using the Azure Hybrid Benefit for SQL Server. This Azure Benefit allows you to use your on-premises SQL Server Licenses to save up to 30% on Azure SQL Database using on-premises SQL Server licenses with Software Assurance.
You can protect the number of calls to the API by using rate limit ( throttling ).
The Azure Site Recovery service to ensure that you can failover your application to a secondary site.
This is a feature of Azure Monitor.
( Responding to critical situations : In addition to allowing you to interactively analyze monitoring data, an effective monitoring solution must be able to proactively respond to critical conditions identified in the data that it collects ).
Feature : Composite Application Map
This feature is part of the Application Insights tool.
You can see the full application topology across multiple levels of related application components.
( The app map finds components by following dependency calls made between servers with the Application Insights SDK installed ).
(Web application firewall for Azure Application Gateway)
Azure Application Gateway offers a web application firewall that provides centralized protection of your web applications from common exploits and vulnerabilities. Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities.
SQL injection and cross-site scripting are among the most common attacks.
Reference
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-rehydration?tabs=azure-portal
