Dylan Iqbal

Dylan Iqbal

1651646759

Azure Database for MySQL: Networking and Security

Networking and Security | Azure Database for MySQL - Beginners Series

In this video, let's understand networking & connectivity options and the enterprise-grade security & compliance in Azure Database for MySQL - Flexible Server.

00:00 - Introduction
00:43 - Networking Options
01:08 - Public Access
01:34 - Private Access (VNet Integration)
03:16 - Demo: Public and Private Access
06:26 - TLS & SSL encryption
06:56 - Enterprise-level security & compliance

#azure #database #mysql

What is GEEK

Buddha Community

Azure Database for MySQL: Networking and Security
Joe Hoppe

Joe Hoppe

1595905879

Best MySQL DigitalOcean Performance – ScaleGrid vs. DigitalOcean Managed Databases

HTML to Markdown

MySQL is the all-time number one open source database in the world, and a staple in RDBMS space. DigitalOcean is quickly building its reputation as the developers cloud by providing an affordable, flexible and easy to use cloud platform for developers to work with. MySQL on DigitalOcean is a natural fit, but what’s the best way to deploy your cloud database? In this post, we are going to compare the top two providers, DigitalOcean Managed Databases for MySQL vs. ScaleGrid MySQL hosting on DigitalOcean.

At a glance – TLDR
ScaleGrid Blog - At a glance overview - 1st pointCompare Throughput
ScaleGrid averages almost 40% higher throughput over DigitalOcean for MySQL, with up to 46% higher throughput in write-intensive workloads. Read now

ScaleGrid Blog - At a glance overview - 2nd pointCompare Latency
On average, ScaleGrid achieves almost 30% lower latency over DigitalOcean for the same deployment configurations. Read now

ScaleGrid Blog - At a glance overview - 3rd pointCompare Pricing
ScaleGrid provides 30% more storage on average vs. DigitalOcean for MySQL at the same affordable price. Read now

MySQL DigitalOcean Performance Benchmark
In this benchmark, we compare equivalent plan sizes between ScaleGrid MySQL on DigitalOcean and DigitalOcean Managed Databases for MySQL. We are going to use a common, popular plan size using the below configurations for this performance benchmark:

Comparison Overview
ScaleGridDigitalOceanInstance TypeMedium: 4 vCPUsMedium: 4 vCPUsMySQL Version8.0.208.0.20RAM8GB8GBSSD140GB115GBDeployment TypeStandaloneStandaloneRegionSF03SF03SupportIncludedBusiness-level support included with account sizes over $500/monthMonthly Price$120$120

As you can see above, ScaleGrid and DigitalOcean offer the same plan configurations across this plan size, apart from SSD where ScaleGrid provides over 20% more storage for the same price.

To ensure the most accurate results in our performance tests, we run the benchmark four times for each comparison to find the average performance across throughput and latency over read-intensive workloads, balanced workloads, and write-intensive workloads.

Throughput
In this benchmark, we measure MySQL throughput in terms of queries per second (QPS) to measure our query efficiency. To quickly summarize the results, we display read-intensive, write-intensive and balanced workload averages below for 150 threads for ScaleGrid vs. DigitalOcean MySQL:

ScaleGrid MySQL vs DigitalOcean Managed Databases - Throughput Performance Graph

For the common 150 thread comparison, ScaleGrid averages almost 40% higher throughput over DigitalOcean for MySQL, with up to 46% higher throughput in write-intensive workloads.

#cloud #database #developer #digital ocean #mysql #performance #scalegrid #95th percentile latency #balanced workloads #developers cloud #digitalocean droplet #digitalocean managed databases #digitalocean performance #digitalocean pricing #higher throughput #latency benchmark #lower latency #mysql benchmark setup #mysql client threads #mysql configuration #mysql digitalocean #mysql latency #mysql on digitalocean #mysql throughput #performance benchmark #queries per second #read-intensive #scalegrid mysql #scalegrid vs. digitalocean #throughput benchmark #write-intensive

Ruth Nabimanya

Ruth Nabimanya

1620693780

A Database Security Checklist

Table of Contents

  • Introduction
  • Acknowledging Risk
  • Understanding the principal of low hanging fruit
  • Creating a security policy
  • Server Security
  • Email attackers
  • User Roles and Permissions
  • Data Sanitizing
  • Request Throttling
  • Physical Security to Augment Digital Steps
  • Self Reflection

Introduction

Hi, my name is Kirk. I’m a full stack software developer working on the .NET ecosystem and managing a large SQL Server database. I wrote this post to try to answer some of my own questions about what modern database security in 2021 looks like, especially if you’re in the tech field and looking into creating or supporting your own database management system.

While the scenarios discussed can be applicable to a wide variety of domains and specialities, most of the examples will pertain to web, web accessible applications, and those with self-hosted servers.

At the time of writing this (early 2021), the COVID-19 pandemic has decimated most of the world’s ability to freely travel, and thus there’s been a sharp up-tick in the creation and desire for online solutions.

Developers has mobilized to create a variety of web stores, app portals, and even SMS-based platforms to meet the needs of clients without requiring them to visit in person stores.

But with a rise in both product and service availability online, and demand from consumers, we should also expert a rise in malicious actors willing to exploit the system for personal gain.

Cyber crime is on the rise. The year 2020 saw a marked increase in online criminal activity in the order of billions of dollars in costs to businesses, not to mention the consequences of serious data breaches for consumers.

So let’s dive right in.

#security #databases #sysadmin #networking #database-security #good-company #hackernoon-top-story #how-to-secure-your-database

Ruth Nabimanya

Ruth Nabimanya

1621188840

A Database Security Checklist

Table of Contents

  • Introduction
  • Acknowledging Risk
  • Understanding the principal of low hanging fruit
  • Creating a security policy
  • Server Security
  • Email attackers
  • User Roles and Permissions
  • Data Sanitizing
  • Request Throttling
  • Physical Security to Augment Digital Steps
  • Self Reflection

Introduction

Hi, my name is Kirk. I’m a full stack software developer working on the .NET ecosystem and managing a large SQL Server database. I wrote this post to try to answer some of my own questions about what modern database security in 2021 looks like, especially if you’re in the tech field and looking into creating or supporting your own database management system.

While the scenarios discussed can be applicable to a wide variety of domains and specialities, most of the examples will pertain to web, web accessible applications, and those with self-hosted servers.

At the time of writing this (early 2021), the COVID-19 pandemic has decimated most of the world’s ability to freely travel, and thus there’s been a sharp up-tick in the creation and desire for online solutions.

Developers has mobilized to create a variety of web stores, app portals, and even SMS-based platforms to meet the needs of clients without requiring them to visit in person stores.

But with a rise in both product and service availability online, and demand from consumers, we should also expert a rise in malicious actors willing to exploit the system for personal gain.

Cyber crime is on the rise. The year 2020 saw a marked increase in online criminal activity in the order of billions of dollars in costs to businesses, not to mention the consequences of serious data breaches for consumers.

So let’s dive right in.

#security #databases #sysadmin #networking #database-security #good-company #hackernoon-top-story #how-to-secure-your-database

Alisha Larkin

Alisha Larkin

1624724700

Configure PMM2 For Azure MySQL Database With SSL

Registering AzureDB without SSL in PMM

If you are registering a normal MySQL database you will run the below command & it will be registered.

server=db-server.mysql.database.azure.com
monitoruser=monitor_mysql@db-server
monitorpwd=xxxxxxxx
server_name=MyProdDB1pmm-admin add mysql --username=$monitoruser --password=$monitorpwd --host=$server --service-name=$server_name --query-source=perfschema

SQLCopy

DB connectivity with SSL

As per the link provided below you can download the generic certificate to connect to the Azure database. Using that you can connect to MySQL even with verify_ca mode too.

Successful connection with SSL
mysql --user=$monitoruser --password=$monitorpwd --host=$serverUnsuccessful connection with verify ca SSLmysql --user=$monitoruser --password=$monitorpwd --host=$server --ssl-mode=VERIFY_CA
ERROR 2026 (HY000): SSL connection error: CA certificate is required if ssl-mode is VERIFY_CA or VERIFY_IDENTITYSuccessful connection with verify ca SSL
mysql --user=$monitoruser --password=$monitorpwd --host=$server --ssl-mode=VERIFY_CA --ssl-ca=azure-ca.crt

SQLCopy

Error Registering SSL DB

For SSL you need to supply the parameter -tls, however, that also throws an error.

Error trying to connect without SSL
pmm-admin add mysql --username=$monitoruser --password=$monitorpwd --host=$server --service-name=$server_name --query-source=perfschemaConnection check failed: Error 9002: SSL connection is required. Please specify SSL options and retry..Error trying to connect with SSL
pmm-admin add mysql --username=$monitoruser --password=$monitorpwd --host=$server --service-name=$server_name --query-source=perfschema -tlsTLS is on. You must also define tls-ca, tls-cert and tls-key flags.Error trying to connect with SSL & azure provided certificate
pmm-admin add mysql --username=$monitoruser --password=$monitorpwd --host=$server --service-name=$server_name --query-source=perfschema -tls --tls-ca=azure-ca.crtTLS is on. You must also define tls-ca, tls-cert and tls-key flags.

SQLCopy

Generate new SSL

Based on the bug raised, I found that we need SSL client key & client certificate generated separately. I used the below command to generate new files. I have highlighted the one I used later.

mysql_ssl_rsa_setup --datadir ssl/
ls ssl/
-rw------- 1 nirav nirav 1679 Jun 17 14:52 ca-key.pem
-rw-r--r-- 1 nirav nirav 1107 Jun 17 14:52 ca.pem
-rw-r--r-- 1 nirav nirav 1107 Jun 17 14:52 client-cert.pem
-rw------- 1 nirav nirav 1679 Jun 17 14:52 client-key.pem
-rw------- 1 nirav nirav 1675 Jun 17 14:52 private_key.pem
-rw-r--r-- 1 nirav nirav  451 Jun 17 14:52 public_key.pem
-rw-r--r-- 1 nirav nirav 1107 Jun 17 14:52 server-cert.pem
-rw------- 1 nirav nirav 1679 Jun 17 14:52 server-key.pem

#azure mysql #ssl #azure #mysql #configure #azure mysql database with ssl

Fanny Considine

Fanny Considine

1624614600

Azure Series #1: Security Layer — 2. Network — Protection

Protection:

Web Application Firewall:

Azure Web Application Firewall (WAF) provides centralized protection on the Azure Application gateway. The attackers who try to get into the web servers and tries to disrupt the services are protected via WAF. The attacks and vulnerabilities include SQL Injection, cross-site scripting, etc. The interesting part is, WAF automatically updates to include protection against any new vulnerabilities with no configuration needed at all.

Key Benefits:

  1. Protection
  2. Monitoring
  3. Customization

Key Features:

  • Vulnerabilities / Attacks: SQL-Injection protection & Cross-site protection, HTTP request smuggling, HTTP response splitting and remote file inclusion, HTTP Protocol violations, HTTP protocol anomalies, crawlers, and scanners.
  • Mis-Config: Protection against misconfiguration in web servers, incorrect size limits.
  • Filters: Geo-filter traffic, block or open certain countries/regions for your organization’s applications.
  • Rules: create WAF policies to enable WAF for your application.

Azure Firewall:

While WAF is for Application security, you need a security and protection layer that is for the Network, which is taken care of by Azure Firewall — it is a cloud-based network security service that protects your organization’s Azure Virtual Network Resources. It is fully stateful in the sense that inbound requests trace outbound responses. Across your organization’s subscription and virtual networks, you can enforce, create and log application and network connectivity policies. It uses Static IP for your virtual network sources allowing outside firewalls to identify traffic from the virtual network and is fully integrated for Azure monitor for logging and analytics.

#azure-interview #azure-security #azure series #azure #network #protection