Microservices is the today’s buzzword and the new world drivers such as Mobile Apps, Single Page Apps and IoT have proven a case for Microservices Architecture. Microservices are highly scalable and independently deployable services; it is an approach to developing an application as a cluster of services.
I have followed Azure Service Fabric curiously since it was in a private preview, Azure Service Fabric provides more granular control, distributed-state process (cache or data is co-located with the service process and distributed across all the nodes.). The Service Fabric provides agility and flexibility around complex and distributed enterprise scale Microservices implementation.
Envelope Encryption (or Digital Envelope) with Public Cloud Providers – Part 1, we have covered an overview, Key Management Service Solution, Key Encryption Key (Master Key) Best Practices. In this article we would be covering Data Key Solution, Payload Provider Encryption and Payload Consumer Decryption.
A service bus implements a messaging system or middleware between enterprise solution components. If an Azure Service Bus is crucial and mission-critical for your application, then it must be available continuously. An outage could be partial or absolute unavailability. There are many possible known or unknown reasons for the an outage to any persisted messaging service. However, Microsoft has explained some of them in their documentation.
Azure Service Bus replication or multi-region replication would protect your application from unforced downtime. We would discuss Active-Active Replication and Active-Passive Replication for Azure Service Bus, these replication patterns are cross-region implementation. We would also review Paired Namespace for scaled down scenarios.
An Envelope Encryption uses two layers of encryption, first data/encryption key and (strong) master key. Data Key is used for payload encryption, and the master key encrypts data key. Encrypted payload and encrypted data key sent to the consumer where consumer reverse the two-fold encryption.
Envelope Encryption is useful for stronger data privacy and data protection, and the pattern is recommended by PCI-DSS when encryption keys are used to protect card holder data.
Data Protection is always on high priority for serious businesses and government organisations. On the other hand, the existing and established data protection techniques are being constantly challenged by new public cloud topologies.
Always Encrypted enable SQL Database Engine to keep data encrypted all the time (At Rest, In Use and In Transit). That means SQL Server Database Engine would put an additional protection layer on your data and making sure that unauthorised person (including DBAs, Developers) cannot see plain text value. It is very beneficial from a security perspective as it reduces the attack surface area.
I came across an interesting Gist, the script to configure Azure VM Disk Encryption. A tidy script caught a thought worth off of a quick blog post.
The script configures prerequisites including Azure KeyVault instance, KeyVault access policy, Service Principal before enabling Disk Encryption.
A new update to Azure SQL Database, a new Database called Premium RS which is ideal for certain kinds of I/O intensive databases. New tiers P11 and P15 increased the storage option up to 4TB.
Microsoft Azure SQL team has recently announced Premium RS service tier, P11 and P15 instances would increase storage limit up to 4TB. Before, the announcement the storage limit was 500GB with P1-P6 and 250GB with S0-S3 instances.