Database Reference
In-Depth Information
hashing value of the altered password. In such a way, we can prevent hackers from altering sensitive
information. Windows Azure provides tools such as MD5 and SHA to carry out the hashing tasks.
Availability
: he availability of a cloud computing environment is usually good. Windows
Azure ofers 99.9% availability guarantee through its server level agreement. he redundancy pro-
vided by Windows Azure is adequate for most of the database systems. hree copies of a database
are stored on three diferent physical servers. One of them is used as the primary database and the
other two are used as standby. Windows Azure supports operations that require high scalability. It
can handle a large workload in a small time period.
Before implementing security measures to enhance conidentiality, integrity, and availability,
you need to create a security policy. Based on the security policy, the developers can select some of
the tools to implement their own measures. he policy will serve as a guideline on
◾
Data encryption and hashing
◾
Permissions on accessing database objects and on performing database operations at various
levels
◾
Remote access control
he policy should identify the content for encryption or hashing. Security requirements for
the data stored in a cloud database and for operations performed on database objects are diferent
depending on the types of users or schemas. he security policy should deine the needs of difer-
ent levels of users. It should also specify remote access control mechanisms and related network
security protocols used to protect remote login information.
12.3 Managing Windows Azure SQL Database
As the physical infrastructure of Windows Azure is managed by the cloud provider, which is
Microsoft, database administrators can focus their management efort on the management of their
databases. he main tasks for the database management are
◾
Remote access control with irewall
◾
User Account Management
Remote access control with irewall
: A irewall should be implemented to protect your server
and database hosted by Windows Azure. he server side irewall coniguration can be done in
Windows Azure when creating a database server. In the Windows Azure Management Portal, you
can create a list of IP addresses to be allowed to access the database server. For illustration pur-
poses, Figure 12.1 shows the irewall coniguration that allows a predetermined set of IP addresses
ranging from 10.1.1.1 to 10.1.1.255 to access the database server. In real life, your IP address
should be diferent from what is illustrated in Figure 12.1 since 10.x.x.x is not available on the
Internet. If the Windows Azure application needs to connect to SQL Database, the irewall should
also allow the IP address 0.0.0.0. he list of the approved IP addresses will be stored in the master
database. On local computers, the irewall should be conigured to allow network communication
through the port 1433, which is the port used by SQL Database.
Once a connection request arrives, Windows Azure checks the IP address. he request will be
rejected if the IP address is not on the allowed list. If the request is accepted, it will be routed to
the primary database server.
