Database Reference
In-Depth Information
•
Disaster-recovery server
. Purchase similar hardware and configure it at a disaster-
recovery site.
•
Replication topology
. Create a mechanism to transfer the data from the primary
site to the secondary site using log shipping, replication, disk-level replication, or
another technique, depending on your needs.
•
Database tuning
. In larger systems, tuning SQL Server for high performance can
be very difficult and involves CPU and I/O affinitization, degree of parallelism,
and many other considerations.
Testing
. Plan and execute a disaster-recovery plan once a year, to make sure it's
working as intended.
And of course, you must consider the costs associated with all these activities, the time it takes to
plan and execute such a project, and the specialized resources needed to implement a highly available
database environment.
By now, you can see that although SQL Azure falls short in certain areas of security, it excels in
others, especially its availability model. Deploying a highly available SQL Azure database is quick and
extremely simple.
•
Securing Your Data
Let's dive into some specifics and code examples to show how to secure your data in SQL Azure. You
may need to secure specific columns in your database that contain sensitive information, such as Social
Security numbers or credit card numbers. Certain applications store patient data, which can fall under
compliance review, and as such may need to be encrypted as well. As hinted previously, not all security
mechanisms are currently available, so this section focuses on what SQL Azure provides and on ways to
mitigate the missing features. Regarding data encryption, because SQL Azure provides none, you see
how to implement your own security classes to simplify data encryption in your projects.
Note
The examples that follow use a database script called
Security.sql
and a Visual Studio 2008 project
called
SQLAzureSecurity.sln
. You can run the SQL script on your local SQL Server database if you don't have a
Windows Azure account yet.
This chapter uses a few classes and methods to demonstrate how to use encryption, hashing, and
other techniques. Figure 4-2 shows the objects being used. The
Encryption
class performs the actual
encryption and returns a
CipherText
structure; the
UserProperties
class uses extension methods from
the
Extensions
class and a helper method in the
Util
class. The
CDatabase
class returns the database
connection string.
