W H I T E P A P E R

www.persistent.com

© 2017 Persistent Systems Ltd. All rights reserved.

• Finally, customers can isolate logically the Azure cloud resources of their subscription through Azure

virtual networks (VNets) –these resources include IaaS VMs and PaaS role instances (windows servers

in web or worker roles). On VNets, customers can fully control the IP address blocks, DNS settings,

security policies, and route tables, and connect the virtual network to their on-premises network, allowing

to build hybrid cloud applications.

On the SQL Server management side, IT administrators must directly manage the following areas:

• Connectivity: public over the internet, within virtual network, inside VM only.

• Authentication and security: managing accounts, using network security groups, consider using Azure

virtual networks, enable encrypted connections, restricting access to VMs to certain IP addresses or

subnets, etc.

• Backups: Reasons for enabling backup no longer include protection against media or hardware failures,

as the IaaS VM service provides this already. Users can disable backups, or enable them to provide

protection against user errors, or for archival purposes or regulatory reasons. In addition, they can

configure retention period and backup encryption key if desired, as well as location: Azure blobs, a disk

or tape device, or on an on-premises instance.

• High availability: beyond hosting two or more VMs in an availability set, administrators should understand

the tradeoffs of the existing options (Availability Groups and Failover Cluster Instances) in SQL Server

and configure one of these, which allows to achieve over 99.99% database availability.

• Disaster recovery: Understand the tradeoffs between existing options (cross-region availability groups,

database mirroring, backup and restore to Azure Blob Service storage), and configure and manage

them.

• Patching schedules and maximum time allotted for patching for SQL Server and Windows,

• Best practices for best performance from SQL Server running on an Azure VM: right-sizing VMs,

configuring storage and following guidelines to improve IO (when to cache, to compress, etc).

• Encryption: decide which encryption features to use (file level, column level and backup encryption), all

managed through cryptographic keys. A companion service, the Azure Key Vault service, is designed to

improve the security and management of these keys in a secure and highly available location.

• Finally, as in an on-premises deployment, IT administrators must use monitoring tools to assess the

availability, performance, security and functionality of the database. Traditional SQL Server tools, logs,

SDKs and 3rd party tools allow to monitor performance metrics, query performance, and system activity

through extended events.

10 Appendix 3 – Main cloud service provider competitors

10.1 Google Cloud Platform

10.1.1 Overview

Google Cloud Platform (GCP) is a cloud computing service by Google that offers hosting on the same supporting

infrastructure that Google uses internally for end-user products like Google Search and YouTube. It is a part of a

suite of enterprise services from Google Cloud and provides a set of modular cloud-based services with a host of

development tools. It provides developer products to build a range of programs from simple websites to complex

applications.

27