Microsoft Enables Transparent Encryption on Azure SQL Cloud Databases

The company's Transparent Data Encryption option, borrowed from SQL Server, is now generally available as part of numerous upgrades to its cloud database platform.

Azure SQL Cloud Database

Microsoft's cloud customers can now more easily encrypt their databases with this week's release of the new Azure SQL Database Transparent Data Encryption (TDE) feature.

TDE enables customers "to protect your data and help you meet compliance requirements by encrypting your database, associated backups, and transaction log files at rest without requiring changes to your application," said Jack Richins, principal program manager of Microsoft Azure SQL Database, in an Oct. 14 announcement. TDE hails from the Transparent Data Feature used by Microsoft SQL Server since 2008, he revealed. In its cloud-based implementation, his group added support for Intel's AES-NI (Advanced Encryption Standard New Instructions) hardware-based acceleration, reducing computational overhead and improving performance.

TDE encrypts the entirety of a database's storage using an AES-256 symmetric key, explained Richins. "SQL Database protects this database encryption key with a service-managed certificate," he said. Certificates are automatically rotated at least every 90 days, according Microsoft's online documentation.

Switching the feature on can be accomplished with just a few clicks. "All key management for database copying, Geo-Replication, and database restores anywhere in SQL Database is handled by the service—just enable it on your database with two clicks on the Azure Preview Portal: click ON, then click Save, and you're done," Richins said.

Azure customers can also now enable cloud-based disaster recovery for SQL Server-based applications, Microsoft announced this week.

The company is currently previewing SQL AlwaysOn integration with Azure Site Recovery (ASR), Microsoft's cloud-based disaster recovery service. SQL AlwaysOn is a set of high availability and disaster recovery technologies found in Microsoft SQL Server.

"SQL Availability Groups can now be added to ASR Recovery plans along with virtual machines," stated Prateek Sharma, a Microsoft Cloud and Enterprise senior program manager, in a blog post. "All capabilities of ASR Recovery plans such as sequencing, scripting and manual actions can be leveraged to orchestrate the failover of a multi-tier application that uses a SQL database, configured with AlwaysOn replication, as backend."

The offering also helps streamline IT operations, by removing "the need to write and manage the scripts required for failover of SQL AlwaysOn Availability Groups. This solution is currently supported only for System Center Virtual Machine Manager managed environments," noted Sharma.

Finally, Microsoft has added cross-database query support to Azure SQL's elastic database query feature, essentially allowing multiple databases to contribute rows into a single result.

"This makes possible common cross-database querying tasks like selecting from a remote table into a local table," noted Microsoft Principal Program Manager Lead Torsten Grabs in a statement. "It also allows for richer remote database querying topologies."

Customers can also now access the elastic database query feature in Azure SQL's Standard performance tier, announced Grabs. "This significantly lowers the cost of entry for cross-database querying and partitioning scenarios in Azure SQL Database," he said.

Users may notice somewhat of a delay, warned Grabs. "Due to the smaller DTU [Database Transaction Unit] limits in the Standard tier, it can take up to one minute to initialize elastic database query when you run your first remote database query." Microsoft is working on improving the feature's initiation latency, he said.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...