Introductie van Micorosoft SQL Server 2016

58 C H A P T E R 4 | Improved database engine a significantly lower cost, plus enterprise-class security and near-zero management overhead. With Stretch Database, you can store cold, infrequently accessed data in Azure, usually with no changes to application code. All administration and security policies are still managed from the same local SQL Server database as before. Understanding Stretch Database architecture Enabling Stretch Database for a SQL Server 2016 table creates a new Stretch Database in Azure, an external data source in SQL Server, and a remote endpoint for the database, as shown in Figure 4-7. User logins query the stretch table in the local SQL Server database, and Stretch Database rewrites the query to run local and remote queries according to the locality of the data. Because only system processes can access the external data source and the remote endpoint, user queries cannot be issued directly against the remote database. Figure 4-7: Stretch Database architecture. Security and Stretch Database One of the biggest concerns about cloud computing is the security of data leaving an organization's data center. In addition to the world-class physical security provided at Azure data centers, Stretch Database includes several additional security measures. If required, you have the option to enable Transparent Data Encryption to provide encryption at rest. All traffic into and out of the remote database is encrypted and certificate validation is mandatory. This ensures that data never leaves SQL Server in plain text and the target in Azure is always verified. The external resource that references the Azure SQL Stretch Database can only be used by system processes and is not accessible by users. (See Figure 4-8.) Furthermore, it has no impact on the underlying security model of a stretch table.

