Departmental ServerLocal Server – SQL CE, Express, etc.Enterprise Server – add SSIS, SSRS, etc. Around SQL 2000
Get SSMS 2008 R2 at http://www.microsoft.com/express/Database/InstallOptions.aspx
Rather than using a REST API like the other Azure storage services, SQL Azure is accessed via Tabular Data Stream (TDS), the 同じ protocol used by Microsoft SQL Server (operating over port TCP/1433). To help protect thedata, the SQL Azure firewall prevents all access to your SQL Azure server until you specify which computers have permission. The firewall grants access based on the originating IP address of each request. Initially, all access to your SQL Azure server is blocked by the SQL Azure firewall; connection attempts originating from the Internet or Windows Azure will not be able to reach your SQL Azure server. In order to begin using your SQL Azure server, you must go to the SQL Azure Portal and specify one or more firewall settings that enable access to your SQL Azure server. Use the firewall settings to specify which IP address ranges from the Internet are allowed, and whether or not Windows Azure applications can attempt to connect to your SQL Azure server.
This slide shows the some of thesimilarities and differences between the SQL Server and the Azure SQL security capabilities.While Microsoft SQL Server supports Windows Integrated authentication, using Active Directory credentials for user login, SQL Azure Database supports only SQL Server Authentication. Windows Authentication (integrated security) is not supported. Both Microsoft SQL Server and SQL Azure use the 同じ authorization model, with users and roles created in each database and associated to the user logins. Microsoft SQL Server has fixed server-wide roles such as serveradmin, securityadmin and dbcreator. These roles do not exist in SQL Azure. Instead SQL Azure has a loginmanager role for creating logins and dbmanager role for creating and manage databases. These roles can only be assigned to users in the master database. Access to both SQL Server and SQL Azure happens on the wire using the 同じ Tabular Data Stream (TDS) application layer protocol, protected using the Secure Sockets Layer (SSL) protocol, over TCP port 1433. Use of SSL is optional for Microsoft SQL Server and mandatory for SQL Azure.In SQL Server any IP address-based access control needs to be done at the host or network level, using a host firewall or a network firewall. SQL Azure has a built-infirewall that prevents all access to your SQL Azure server until the customer specifies which computers have permission. The firewall grants access based on the originating IP address of each request. SQL Server provides realtime encryption of the stored data at page level, using its Transparent Data Encryption (TDE) feature. Native encryption is currently not available for SQL Azure.
Key point – SQL Azure uses the 同じ familiar, proven authentication and authorization model used by Microsoft SQL server.Many databases contain sensitive data, so it is essential to carefully control access. This is especially important in a multi-tenant application that involves users from different customers who must be isolated from each other. SQL Azure provides the 同じ set of security principals that are available in SQL Server with SQL Server Authentication. You can use these to authorize access and secure your data:SQL Server Logins: Used to authenticate access to SQL Azure at the server level.Database Users: Used to grant access to SQL Azure at the database level.Database Roles: Used to group users and grant access to SQL Azure at the database level.
Managing security at the database-level in SQL Azure is almost identical to Microsoft SQL Server, with differences only in the parameters available.The database-level permission model in SQL Azure is 同じ as an on-premise instance of SQL Server:Logins associated to users in databases. Users may be part of one or more database roles.Permissions granted to roles or directly to users.Auditing feature is not supported in the current version of SQL Azure. SQL Azure does not currently support the Transparente Data Encryption (TDE) feature available in Microsoft SQL Server.SQL Azure forces SSL encryption with all client connections and hence data is secured over the wire. When defining the connection string to SQL Azure, developers should use the following parameters:Encrypt=True specifies that SSL must be used in the connection.TrustServerCertificate specifies whether encryption occurs if there is no verifiable server certificate. Setting the value to False forces the client to verify the validity of the certificate presented by SQL Azure.
承認、監査、暗号化のサポート<br />SQL Azureは、オンプレミスのSQL Serverと同じデータベースレベルの権限モデル<br />Logins associated to users in databases<br />Users may be part of one or more database roles<br />Permissions granted to roles or directly to users<br />現在のバージョンのSQL Azureでは、監査は未サポート<br />まだ標準で暗号化(TDE)をサポートしていない<br />Azureは SSL暗号化と接続文字列での証明書チェックのオプション<br />Encrypt=True;TrustServerCertificate=False<br />
Database Copy<br />データベースを同じサーバか別のサーバのデータベースへトランザクションコピー<br />コピー元のデータベースのダウンタイムは無し<br />Transactional equivalent at the END of the copy<br />同じデータセンター のみ動作<br />同じサーバの認証情報が必要<br />元DBのdb_owner権限と転送先のdbmanager権限が必要<br />
Database Copy<br />CREATE DATABASE destination_database_name AS COPY OF [source_server_name.]source_database_name<br />進捗状況の確認:<br />SELECT * FROM sys.dm_database_copies<br />