Azure SQL Database Models and pricing

Azure single SQL database is great if we don’t want to build and maintain datacenter infrastructure; management and patching overhead is completely owned by the vendor. This helps the organization and application owners concentrate on just the design-and-usage of the database.

Azure SQL Cost

This is divided into two models;

Azure SQL Deployment models

Azure SQL deployment models determine how to structure the “SQL Server” and its database;

Azure SQL Database and Azure SQL Manage instance are manage service instances.

SQL Server on Azure VMs gives you full control over the SQL Server instance.

Azure SQL Pricing models

Depending on deployment model, there are two purchasing options;

vCore based purchasing model is available for both Azure SQL and SQL Manage instance.

The DTU-based purchasing model is available for Azure SQL database.

To better understand, use Azure pricing calculator.

https://azure.microsoft.com/en-us/pricing/calculator/

Azure SQL Service Tiers

There are two service tiers used by Azure SQL, each with a different architectural model;

A general-purpose tier for common workloads

A business-critical tier for high throughput OLTP applications requiring low latency and high resilience.

A Hyperscale tier for very large OLTP systems with faster auto-scaling, backup and restore support.

Azure SQL Compute Tiers

Under Azure SQL Database deployment option, under the vCore pricing model with General purpose storage, you will see two options;

Provisioned = Azure SQL provides Azure resources that run your database with a fixed amount of compute resources for a fixed hourly price.

Serverless = The database is provisioned as a serverless component with auto-scaling compute and billing for use per second.

Azure SQL VM Cost (IaaS model)

These are dev pricing and Windows Standard, SQL Server (both included)

8 vCPUs, 32GB RAM, 64 GB Temporary storage, $0.384/hour (With standard support = 380.32/month)

Azure SQL Managed instance cost (PaaS model)

Instance = vCore-4, 20GB memory, 736/moth license included

The only difference between these two options is administration and patch management.

Managed Instances have several key features that do not exist in Azure SQL Database most notably among these are:

Cross Database Queries and Transactions;

CLR;

SQL Server Agent, and Database Mail;

Linked Servers;

Service Broker (within the instance);

Multiple Database file groups and files;

Native Azure vNet deployment; and,

Azure Active Directory Integration;

Keep in mind that Azure SQL Managed instance does not offer SQL Server integration services and Reporting Services. You would have to provision Azure Data Factory for SQL Server integration services and Power BI for reporting.

Azure VM for development seems to be cheaper than Azure managed instance by 40%. Choice is yours.

Azure Security and Encryption

Azure Active Directory is used for access controls. Azure AD can be used stand-alone. It offers Single sign-on, MFA, providing identities to services.

Encryption is the process of making data unreadable and unusable to unauthorized viewers. To read encrypted data, it must be decrypted, which requires the use of a secret key. There are two top-level types of encryption: symmetric and asymmetric. Symmetric encryption uses the same key to encrypt and decrypt the data.

Asymmetric encryption uses a public key and private key pair. Either key can encrypt but a single key can’t decrypt its own encrypted data. To decrypt, you need the paired key. Asymmetric encryption is used for things like Transport Layer Security (TLS), used in HTTPS.

By default, Azure encrypt/decrypt file storage data. It’s transparent to the user. Azure SQL Database used Transparent data encryption. It performs real-time encryption/decryption of the database at rest without requiring changes to the application. It’s enabled by default. TDE uses symmetric key called database encryption key. By default, Azure provides a unique encryption key per logical SQL server instance and handles all the details.

Azure key vault is used to keep application secrets.

Azure Security Monitor. Monitoring service that provides threat protection across all of your services. Azure Security Center is offered on Standard tier subscription. It’s $15 per node per month.

Does Azure commercial follow FEDRAMP guidelines?

This is the first question that will always be asked if you are setting up Azure for a client that works with government.

Both Azure and Azure Government uses same security controls. They are accessed and authorized at the FedRAMP high impact level. Azure Government provides an additional layer of protection to customers to screened US persons. This is used to store and process data subject to US export control regulation’s such as EAR, ITAR, and DoE 10 CFR Part 810.

Refer to this Microsoft article for details;

https://azure.microsoft.com/en-us/blog/all-us-azure-regions-now-approved-for-fedramp-high-impact-level/

Take time to see which environments meet your needs.  Many people are surprised at how robust the Azure [commercial] compliance space is.  https://www.microsoft.com/en-us/trustcenter/compliance/complianceofferings

Resources;

Choosing the right Azure Environment – Should I use the Public or the Government Cloud?

Check and change PHP version in Azure WordPress App service

I am running WordPress as Azure App service. My current configuration for the technology stack is;

I did a Site health check on WordPress dashboard; Tools->Site Health, WordPress site health status shows that I am running an older version of PHP.

I figured I should be changing my Stack settings from .NET to PHP.  I made the change hoping it wouldn’t break the application;

Technology stack is changed from .NET to PHP without any issues.

I went back to WordPress dashboard and ran Site Health. PHP version issue solved.

If someone is running WordPress on Linux, this is a good reference;

Check and Change PHP Version in Azure WordPress on Linux