Export (0) Print
Expand All

Data Security in SQL Data Sync

Updated: December 2, 2014

 

SQL Azure Data Sync Icon

Your data is important to you and the success of your business. Unfortunately, your data may also be important to someone else. You want to make sure that it is secure from unauthorized access. Therefore, it is prudent and reasonable for you to ask, “How does SQL Data Sync (Preview) help me keep my data secure?”

All client agent communications use SSL to help secure your data.

The Microsoft Azure SQL Data Sync plug-in on the Microsoft Azure Silverlight portal has been decommissioned. Going forward, use the Microsoft Azure Management portal, for Azure SQL Data Sync.

You access SQL Data Sync (Preview) via the SYNC tab under SQL Database at the Microsoft Azure Management portal. The SYNC tab is only available when you have one or more sync groups. See the topic How To: Create a Sync Group (SDS) for guidance on creating and modifying a sync group from this portal.

See the Navigation section below for links to topics you should read before you start and guidance on creating and modifying sync groups.

The SQL Data Sync (Preview) service encrypts all sensitive data that it stores, including:

  • SQL Data Sync (Preview) service credentials for the system databases in SQL Database.

  • SQL Data Sync (Preview) service credentials for the system storage in Azure.

  • User credentials for the user's SQL Database.

  • User credentials for the user's SQL Server database.

  • The configuration file for the SQL Data Sync (Preview) client agent.

The SQL Data Sync (Preview) service encrypts all connections between components, including:

  • The connections between the service and the system database in SQL Database.

  • The connections between the service and the system storage in Azure.

  • The connections between all components in the cloud-based service

  • The connection between the client agent and the cloud-based service.

  • The connection between the and the cloud-based service.

  • The client agent authenticates local users with Windows user security.

  • The client agent requires that anyone that installs or accesses the client agent UI supply admin credentials, though service log-in credentials supplied during the client agent install do not have to be admin credentials.

  • The cloud-based Data Sync service authenticates the client agent using a unique token or "agent key." The user generates the agent key in the and then installs the agent key in the client agent. The user can regenerate and reinstall an agent key at any time.

The on-premises SQL Server database authenticates the client agent using the connection string and credentials that the user provides.

The cloud-based Data Sync service authenticates connections between system components within the cloud service using certificates.

The authenticates users with Windows Live ID and the Azure subscription database. Users should follow good security procedures to protect their Windows Live IDs, including:

  • Keep your ID and password secure.

  • Do not check the "Remember my password" checkbox on the Windows Live sign in page.

  • Log out of your Windows Live session any time you are going to be away from your computer.

Suggestions for creating strong passwords and password security can be found at Create Strong Passwords. You can check the strength of a password by using the secure password checker at Password Checker. You can generate passwords with various levels of strengths at Strong Password Generator. This site also evaluates the strength of passwords.

noteNote
SQL Server supports both Windows Credentials and SQL Credentials. SQL Database supports only SQL Credentials.

Some of the actions you can take to increase your system’s security are:

  • Use the “In Private” browsing option if your browser supports it.

  • Have the SQL Server on one computer behind the firewall, the local agent on a public internet facing computer (since it needs to connect to the service) and the service itself as an entity.

  • Have the local agent service run as a min-privileged user instead of an admin account

SQL Data Sync (Preview) is a feature of SQL Database. From the Azure Management portal you can perform all tasks necessary to create, deploy, and modify a sync group.

 

Before you start

Before you begin to design and implement your synchronizations, you should be familiar with these topics.

How to create a sync group

There are six steps to creating a sync group from the Azure Management portal. Details on each step can be found by following these links.

  1. Sign in to the Azure SQL Database Management portal
    SQL Data Sync (Preview) is found as a tab under SQL Database only after you create a sync group.

  2. Install a SQL Data Sync Client Agent

  3. Register a SQL Server database with a Client Agent

  4. Create your sync group

  5. Define your data sync

  6. Configure your sync group (SDS)

 

How to modify a sync group

You can modify a sync group’s schema by adding/removing tables or columns in the sync group; or by altering a column’s width or data type. Details can be found by following the links.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft