Data modernization is a journey for many Enterprises - their data exists in siloed, disparate system and critical for their business. They want the ability to use all their data assets in cohesive manner, harness it and apply intelligence to make better decisions to transform their business. To respond to dynamic environments they need an integrated data platform which adapts to their needs with hybrid and multi-cloud capabilities.
To address this challenge, back in July, 2021, we announced general availability of the set of technologies that extend Azure cloud innovations and benefits to any infrastructure running Kubernetes, called Azure Arc-enabled SQL MI General Purpose tier. That allowed customers to run most common applications and data workloads in production but within resource constraints and a level of availability that may not meet the requirements for mission critical workloads. At Microsoft Build 2022, we announced the general availability of Azure Arc-enabled SQL MI Business critical (BC) tieras a component of the Intelligent Data platform, to run most demanding mission critical data workloads in hybrid and multicloud environments. This robust, secure and reliable hybrid data platform can be used to deploy Azure SQL Managed Instance (SQL MI) databases and run their mission critical workloads
- with no limitations on resources – compute, storage and memory
- to deliver a highly available data service that is resilient to failures
- while using the full feature set of SQL Enterprise edition
With the new launch, customers not only use the new BC tier but can also get improvements in the General purpose tier that will improve reliability and security of the platform. In this blog, we will do a tour of these new improvements and benefits of the Business critical tier and General purpose tier.
Innovation through a robust, secure DBaaS
With these Business critical capabilities, Azure Arc-enabled SQL MI has given Royal Bank of Canada (RBC) a new way to think about its operational and data landscape. Azure Arc–enabled data services are powering a faster app pipeline and helping RBC to deliver on a long-desired IT promise—on-premises database as a service (DBaaS). RBC has one of the largest SQL server footprint making it easier to migrate to a known engine, SQL MI as core of their DBaaS. For RBC, security is an important factor to choose the technology stack. It includes being compliant with RBC security standards, data protection, scanning, encryption, data recovery, and also integrated identity and access management controls. The business critical tier provided this out of the box.
The features available in the solution made it possible to set the data platform for hybrid multi-cloud financial services. Vinh Tran, Head of cloud engineering at RBC, says “Building capabilities around disaster recovery, high availability, and self-serve integrations in this short time is pretty exceptional for us.”
You can learn more about how RBC used Azure Arc-enabled SQL MI to provide their customers Database as a service (DBaaS) -Microsoft Customer Story-Royal Bank of Canada speeds innovation on-premises with DBaaS based on Azure Arc-enabled data servic...
What’s new in the Business Critical tier?
Businesses who have mission critical workloads have been using SQL Server Enterprise Edition for many years. They want to run their databases without limiting the available resources and get the advantage of cloud like elasticity. They have a need for the application and databases to quickly scale up and down and be available all the time. The business critical tier is the best suited for those customers. Furthermore, they get all the benefits of SQL Enterprise SKU. Below is a table to show key differences between the two service tiers. Cost conscious customers can use the General purpose tier which we will continue to improve.
SQL Server Enterprise Edition
SQL Server Standard edition
Up to 24 cores
Up to 128 GB
Contained availability groups over Kubernetes
Single instance w/Kubernetes redeploy + Shared storage
Read scale out
Available via Failover Groups
Available via Failover Groups
We have also bundled a few additional features that were not in the original General purpose GA in June 2021, but now released for both tiers such as
- Scale up/down (for Business Critical only)
- Point in time restore
- Disaster recovery
- Active directory authentication
Now let us understand these new features in detail broadly grouped into these themes:
- Business continuity
- Multi-layer security
- Non-disruptive upgrade
Business continuity for critical data
One of the major themes of the latest release is Business continuity. The features delivered under this theme allows businesses to recover and continue operating in the event of disruptions with minimal downtime. The enhancements underthis theme are:
- Point in time restore (PITR)
- High availability
- Disaster recovery
Point in time restore
Point in time restore is available as a built-in capability and is achieved via automatic backups of all user databases. The backup service performs full, differential and transactional log backups for all user databases. The backups are kept until the duration of the configured retention period. This allows customers to restore to any point in time within the available restorable window and the built-in service figures out the required sequence of backups that need to be restored to recover the database to the specified point in time. This functionality is automated in the product.
Azure Arc-enabled SQL Managed Instance is deployed on Kubernetes and uses stateful sets and persistent storage which take advantage of the built in mechanisms of failover and recovery provided by Kubernetes. For increased reliability, Arc-enabled data services can deploy extra replicas in high availability configuration when deployed in the Business Critical service tier. It simplifies setting up availability groups, configures database mirroring endpoints, adds databases to availability groups and automates failover and upgrade. This functionality is also useful when upgrades are done seamlessly without downtime to the service. This is an important capability that allows IT organizations to deliver Database as a service with cloud-like availability and automated recovery.
In Business critical service tier, a higher level of availability can be achieved by deploying the Arc enabled SQL managed instance in a multi-replica mode. You can specify either 2 or 3 replicas during the deployment. This creates multiple replicas and all the replicas are kept in synchronous replication mode (configurable). In the event of a disruption such as a pod crash, kubernetes tries to spin up a new pod on the same node. If it is unable to do so, a pod is spun up in another node, the storage is re-attached and the configured memory/CPU is allocated. In parallel, the High availability orchestrator pod within the deployment recognizes that the primary instance is down and promotes one of the secondary replicas to primary and re-directs all connections to the new primary. This entire operation is transparent to the applications connecting to the Arc SQL MI. The application connects to the new primary resulting in very minimal downtime. When the new pod comes up, its added back into the Availability Group, and data is synchronized so its up to date.
For those databases that are mission critical, disaster recovery can be setup using Instance Failover Groups to replicate data from the geo-primary data center to the geo-secondary data center. The technology behind Instance Failover Groups is the Distributed Availability Groups that has already been supported in SQL Server.
Data is asynchronously replicated to the geo-secondary instance and when you need to failover, you can run az/T-SQL commands to initiate a manual failover.
Azure Arc-enabled data services has multi-layer security that can give the assurance to run the most business critical workloads without data leakage. It starts by the design principles of the hybrid data platform on security first:
- Secure by default configuration
- Deployment supports configuration that allows granular resource management
- Protection of data assets in rest and in motion.
Roles based access
Arc-enabled data services runs on any compliant Kubernetes platform. Hence it uses cluster roles created once per Kubernetes cluster at the time of deployment. Role bindings are used in the namespace (custom location) managed by the data controller to assign users/groups.
Identity and access management (IAM)
IAM an important aspect of any enterprise application. One of the most used identity platforms for SQL Server is Active directory. The Azure Arc-enabled data services can be configured to use an on-premises Active Directory domain for authentication. For setting up authentication, it uses keytab files that contain service principal names, account names and hostnames. In this release we added support for Customer Managed Keytab (CMK) files.
Secure data transport –
All internal communication between the pods that host the data controller, metrics and logs etc is done via secure channels. Azure Arc-enabled SQL MI supports the tabular data stream (TDS) protocol, which requires the database to be accessible over only the default port of TCP/1433.
To protect customer data and provide strong security features that customers expect from an enterprise database service, Azure Arc enabled SQL MI supports Transparent Data Encryption (TDE) in Customer Managed Key mode
With these multi-layered security implementations, businesses can trust Azure Arc-enabled data services to keep their data secure.
Upgrade with minimal disruptions
Many enterprises find upgrades as a disruptive yet necessary process to make sure the latest security patches and features are being deployed on a regular basis. Upgrades involve downtime or potential errors that end up being costly and sometimes requiring rollback. Using Automated upgrade, customers get the benefit of Evergreen SQL as available in Azure public cloud. There is no need to worry about major upgrades or end of support dates. Monthly releases including security fixes, bug fixes and new features are all part of the same release, and can be automatically applied. The latest release also allows a preconfigured maintenance window to schedule the upgrades.
The upgrade process for Business critical tier will ensure that the data services has near zero downtime as we perform a rolling upgrade when there are multiple replicas deployed as part of the SQL MI deployment, whereas the General purpose Tier will have some limited downtime as the container images are swapped out.
Explore more about the new business critical services
Business Critical tier is delivering much awaited features that customers have been looking for to move their applications and data to newer containerized platforms. This release gives them a comprehensive set of capabilities that is necessary to address data latency, data availability, data compliance and data sovereignty. Get started with Arc-enabled SQL MI here - Azure Arc Jumpstart for Arc-enabled data services. For more information about the features please refer to What are Azure Arc-enabled data services - Azure Arc | Microsoft Docs.
New product features and capabilities will be rolled out on a continuous basis, and customers will be able to opt-in to preview additional Azure Arc-enabled data services, and easily integrate as they become generally available. Additionally, customers will have the opportunity to test out future road map preview features and provide early feedback.
To know more sign up for the Azure Hybrid, Multicloud, and Edge Day digital event to learn about the latest innovation from Azure Arc: https://AzureHybridDigitalEvent.eventcore.com?ocid=AID3047548_QSG_591240