W H I T E P A P E R
www.persistent.com
© 2017 Persistent Systems Ltd. All rights reserved.
• Finally, customers can isolate logically the Azure cloud resources of their subscription through Azure
virtual networks (VNets) –these resources include IaaS VMs and PaaS role instances (windows servers
in web or worker roles). On VNets, customers can fully control the IP address blocks, DNS settings,
security policies, and route tables, and connect the virtual network to their on-premises network, allowing
to build hybrid cloud applications.
On the SQL Server management side, IT administrators must directly manage the following areas:
• Connectivity: public over the internet, within virtual network, inside VM only.
• Authentication and security: managing accounts, using network security groups, consider using Azure
virtual networks, enable encrypted connections, restricting access to VMs to certain IP addresses or
subnets, etc.
• Backups: Reasons for enabling backup no longer include protection against media or hardware failures,
as the IaaS VM service provides this already. Users can disable backups, or enable them to provide
protection against user errors, or for archival purposes or regulatory reasons. In addition, they can
configure retention period and backup encryption key if desired, as well as location: Azure blobs, a disk
or tape device, or on an on-premises instance.
• High availability: beyond hosting two or more VMs in an availability set, administrators should understand
the tradeoffs of the existing options (Availability Groups and Failover Cluster Instances) in SQL Server
and configure one of these, which allows to achieve over 99.99% database availability.
• Disaster recovery: Understand the tradeoffs between existing options (cross-region availability groups,
database mirroring, backup and restore to Azure Blob Service storage), and configure and manage
them.
• Patching schedules and maximum time allotted for patching for SQL Server and Windows,
• Best practices for best performance from SQL Server running on an Azure VM: right-sizing VMs,
configuring storage and following guidelines to improve IO (when to cache, to compress, etc).
• Encryption: decide which encryption features to use (file level, column level and backup encryption), all
managed through cryptographic keys. A companion service, the Azure Key Vault service, is designed to
improve the security and management of these keys in a secure and highly available location.
• Finally, as in an on-premises deployment, IT administrators must use monitoring tools to assess the
availability, performance, security and functionality of the database. Traditional SQL Server tools, logs,
SDKs and 3rd party tools allow to monitor performance metrics, query performance, and system activity
through extended events.
10 Appendix 3 – Main cloud service provider competitors
10.1 Google Cloud Platform
10.1.1 Overview
Google Cloud Platform (GCP) is a cloud computing service by Google that offers hosting on the same supporting
infrastructure that Google uses internally for end-user products like Google Search and YouTube. It is a part of a
suite of enterprise services from Google Cloud and provides a set of modular cloud-based services with a host of
development tools. It provides developer products to build a range of programs from simple websites to complex
applications.
27