Introducing Azure confidential computing

Azure confidential computing allows you to take the security of your applications to the next level by protecting data while being processed.

#azure #programming

What is GEEK

Buddha Community

Introducing Azure confidential computing
Eric  Bukenya

Eric Bukenya

1624713540

Learn NoSQL in Azure: Diving Deeper into Azure Cosmos DB

This article is a part of the series – Learn NoSQL in Azure where we explore Azure Cosmos DB as a part of the non-relational database system used widely for a variety of applications. Azure Cosmos DB is a part of Microsoft’s serverless databases on Azure which is highly scalable and distributed across all locations that run on Azure. It is offered as a platform as a service (PAAS) from Azure and you can develop databases that have a very high throughput and very low latency. Using Azure Cosmos DB, customers can replicate their data across multiple locations across the globe and also across multiple locations within the same region. This makes Cosmos DB a highly available database service with almost 99.999% availability for reads and writes for multi-region modes and almost 99.99% availability for single-region modes.

In this article, we will focus more on how Azure Cosmos DB works behind the scenes and how can you get started with it using the Azure Portal. We will also explore how Cosmos DB is priced and understand the pricing model in detail.

How Azure Cosmos DB works

As already mentioned, Azure Cosmos DB is a multi-modal NoSQL database service that is geographically distributed across multiple Azure locations. This helps customers to deploy the databases across multiple locations around the globe. This is beneficial as it helps to reduce the read latency when the users use the application.

As you can see in the figure above, Azure Cosmos DB is distributed across the globe. Let’s suppose you have a web application that is hosted in India. In that case, the NoSQL database in India will be considered as the master database for writes and all the other databases can be considered as a read replicas. Whenever new data is generated, it is written to the database in India first and then it is synchronized with the other databases.

Consistency Levels

While maintaining data over multiple regions, the most common challenge is the latency as when the data is made available to the other databases. For example, when data is written to the database in India, users from India will be able to see that data sooner than users from the US. This is due to the latency in synchronization between the two regions. In order to overcome this, there are a few modes that customers can choose from and define how often or how soon they want their data to be made available in the other regions. Azure Cosmos DB offers five levels of consistency which are as follows:

  • Strong
  • Bounded staleness
  • Session
  • Consistent prefix
  • Eventual

In most common NoSQL databases, there are only two levels – Strong and EventualStrong being the most consistent level while Eventual is the least. However, as we move from Strong to Eventual, consistency decreases but availability and throughput increase. This is a trade-off that customers need to decide based on the criticality of their applications. If you want to read in more detail about the consistency levels, the official guide from Microsoft is the easiest to understand. You can refer to it here.

Azure Cosmos DB Pricing Model

Now that we have some idea about working with the NoSQL database – Azure Cosmos DB on Azure, let us try to understand how the database is priced. In order to work with any cloud-based services, it is essential that you have a sound knowledge of how the services are charged, otherwise, you might end up paying something much higher than your expectations.

If you browse to the pricing page of Azure Cosmos DB, you can see that there are two modes in which the database services are billed.

  • Database Operations – Whenever you execute or run queries against your NoSQL database, there are some resources being used. Azure terms these usages in terms of Request Units or RU. The amount of RU consumed per second is aggregated and billed
  • Consumed Storage – As you start storing data in your database, it will take up some space in order to store that data. This storage is billed per the standard SSD-based storage across any Azure locations globally

Let’s learn about this in more detail.

#azure #azure cosmos db #nosql #azure #nosql in azure #azure cosmos db

Ruthie  Bugala

Ruthie Bugala

1620435660

How to set up Azure Data Sync between Azure SQL databases and on-premises SQL Server

In this article, you learn how to set up Azure Data Sync services. In addition, you will also learn how to create and set up a data sync group between Azure SQL database and on-premises SQL Server.

In this article, you will see:

  • Overview of Azure SQL Data Sync feature
  • Discuss key components
  • Comparison between Azure SQL Data sync with the other Azure Data option
  • Setup Azure SQL Data Sync
  • More…

Azure Data Sync

Azure Data Sync —a synchronization service set up on an Azure SQL Database. This service synchronizes the data across multiple SQL databases. You can set up bi-directional data synchronization where data ingest and egest process happens between the SQL databases—It can be between Azure SQL database and on-premises and/or within the cloud Azure SQL database. At this moment, the only limitation is that it will not support Azure SQL Managed Instance.

#azure #sql azure #azure sql #azure data sync #azure sql #sql server

Tamale  Moses

Tamale Moses

1624875420

Azure and AMD announce landmark in confidential computing evolution

The pandemic has accelerated digital transformation globally and the scalability and security advantages offered by Microsoft Azure have helped many customers move forward. One key tenet we have in Azure is that your data is your data.

In Azure, we take your data security seriously and have built numerous controls around data at rest and data at flight. As a founding member of the Confidential Computing Consortium, we are also an innovator in confidential computing which extends those protections to data running on the processor itself. For more than 3 years financial services, governments, health care providers, and even messaging companies have been using Azure confidential computing to unlock new scenarios like multi-party machine learning and move their more sensitive applications to the cloud.

Today, I am announcing that we are further broadening the confidential computing options available to Azure customers through our technology partnership with AMD, specifically by being the first major cloud provider to offer confidential virtual machines on the new AMD EPYC™ 7003 series processors. This new approach complements existing Azure confidential computing solutions such as confidential containers for Azure Kubernetes Service and opens the possibility to create new confidential applications without requiring code modifications which in turn substantially simplifies the process of creating confidential applications.

Key technology enablers to the AMD-centered solution include the advanced security feature called Secure Encrypted Virtualization-Secure Nested Paging, or SEV-SNP. SEV-SNP enables protection of virtual machines by creating a trusted execution environment and has been substantially enhanced in the 3rd Gen AMD EPYC processor.

These AMD EPYC-CPU powered Azure VMs are fully encrypted at runtime, fulfilling the promise of confidential computing by protecting your data even when it is in use. The encryption keys used for VM encryption are generated, and safeguarded, by a dedicated secure processor on the EPYC CPU. This helps ensure that no one, even cloud administrators—and by extension the workloads, apps, or data in the VMs—have access to these encryption keys.

Beyond the hardware, Azure provides a set of important services, including the Azure Attestation service and trusted launch, to further help our customers. The Azure Attestation service collects evidence that the hardware environment is correct and then provides a cryptographic signal to Azure Key Vault to securely release the decryption key for the virtual machine image only if the environment is in a known good state. Subsequently, the decrypted virtual machine boot process is subjected to trusted launch to defend against bootkits, rootkits, and kernel-level malware. In this step, trusted launch measures the integrity of the virtual machine image against information stored in the vTPM before continuing boot processes.

#cloud strategy #amd #azure #azure and amd #confidential computing evolution

Ron  Cartwright

Ron Cartwright

1600624800

Getting Started With Azure Event Grid Viewer

In the last article, we had a look at how to start with Azure DevOps: Getting Started With Audit Streaming With Event Grid

In the article, we will go to the next step to create a subscription and use webhook event handlers to view those logs in our Azure web application.

#cloud #tutorial #azure #event driven architecture #realtime #signalr #webhook #azure web services #azure event grid #azure #azure event grid #serverless architecture #application integration

Aisu  Joesph

Aisu Joesph

1626490533

Azure Series #2: Single Server Deployment (Output)

No organization that is on the growth path or intending to have a more customer base and new entry into the market will restrict its infrastructure and design for one Database option. There are two levels of Database selection

  • a.  **The needs assessment **
  • **b. Selecting the kind of database **
  • c. Selection of Queues for communication
  • d. Selecting the technology player

Options to choose from:

  1. Transactional Databases:
    • Azure selection — Data Factory, Redis, CosmosDB, Azure SQL, Postgres SQL, MySQL, MariaDB, SQL Database, Maria DB, Managed Server
  2. Data warehousing:
    • Azure selection — CosmosDB
    • Delta Lake — Data Brick’s Lakehouse Architecture.
  3. Non-Relational Database:
  4. _- _Azure selection — CosmosDB
  5. Data Lake:
    • Azure Data Lake
    • Delta Lake — Data Bricks.
  6. Big Data and Analytics:
    • Data Bricks
    • Azure — HDInsights, Azure Synapse Analytics, Event Hubs, Data Lake Storage gen1, Azure Data Explorer Clusters, Data Factories, Azure Data Bricks, Analytics Services, Stream Analytics, Website UI, Cognitive Search, PowerBI, Queries, Reports.
  7. Machine Learning:
    • Azure — Azure Synapse Analytics, Machine Learning, Genomics accounts, Bot Services, Machine Learning Studio, Cognitive Services, Bonsai.

Key Data platform services would like to highlight

  • 1. Azure Data Factory (ADF)
  • 2. Azure Synapse Analytics
  • 3. Azure Stream Analytics
  • 4. Azure Databricks
  • 5. Azure Cognitive Services
  • 6. Azure Data Lake Storage
  • 7. Azure HDInsight
  • 8. Azure CosmosDB
  • 9. Azure SQL Database

#azure-databricks #azure #microsoft-azure-analytics #azure-data-factory #azure series