Azure Migration & Security Training Guide
Uploaded by
vinaknktAzure Migration & Security Training Guide
Uploaded by
vinaknkt© Copyright Microsoft Corporation. All rights reserved.
FOR USE ONLY AS PART OF MICROSOFT VIRTUAL TRAINING DAYS PROGRAM. THESE MATERIALS ARE NOT AUTHORIZED
FOR DISTRIBUTION, REPRODUCTION OR OTHER USE BY NON-MICROSOFT PARTIES.
Classified as Microsoft Confidential
Microsoft Azure Virtual Training
Day: Migrate and Secure Windows
Server and SQL Server Workloads
Classified as Microsoft Confidential
Migrate on-premises workloads to Azure
Classified as Microsoft Confidential
Plan your migration
Perform server assessment
Migrate on-premises servers to Azure
Learning Objectives
Migrate on-premises VMware workloads to
Azure
Containerize and migrate [Link] apps to
Azure
Classified as Microsoft Confidential
Learning Objective: Plan your migration
Classified as Microsoft Confidential
Key drivers leading to migration
App
On-premises
Migration & Modernization Innovate/Cloud-native SaaS
Data
Rehost Refactor Rearchitect Rebuild/New Replace
Infrastructure
Infrastructure-oriented migration triggers App-oriented modernization triggers
(driven by timelines) (driven by app prioritization)
Rehost (‘lift-optimize-shift’) Refactor | Rearchitect | Rebuild
(Use reliable Azure infrastructure, save $$ with hybrid /EOS (Use innovative Container/PaaS/Serverless
offers & rightsizing, stay secure/compliant) technologies in Azure)
Classified as Microsoft Confidential
Cloud Adoption Framework (CAF)
Define strategy Plan Ready Adopt
Understand motivations Digital estate Azure setup guide • Azure migration guide • Azure innovation guide
Business outcomes Initial organization First landing zone • Migration scenarios • Innovation scenarios
Business justification alignment Expand the landing zone • Best practices • Best practices
Prioritize project Skills readiness plan Best practices • Process improvements • Process improvements
Cloud adoption plan
Govern Manage
Methodology Business commitments
Benchmark Operations baseline
Initial best practice Operations maturity
Governance maturity
Classified as Microsoft Confidential
CAF: accelerate migration
The Cloud Adoption Framework has the following strategy advice
to accelerate migration:
1. Document business strategy 7. Deploy and align a landing zone
2. Align partner support 8. Migrate your first 10 workloads
3. Gather data and analyze assets and 9. Hand off production workloads to
workloads cloud governance
4. Make a business case 10. Hand off production workloads to
5. Create a migration plan cloud operations
6. Build a skills readiness plan
Classified as Microsoft Confidential
CAF: Azure landing zone
Design area Objective
Enterprise enrolment Ensures that enterprise customers with multiple tenants have those tenants created correctly
Identity A consistent identity infrastructure allowing identity and access management to be implemented
Network topology and
Network and connectivity is configured appropriately for workloads
connectivity
Resource organization Appropriate subscription and management design
Governance disciplines Automate auditing and enforcement of security, governance, and compliance policies
Operations baseline Inventory, monitoring, update management, and resource configuration compliance
Business Continuity/ Backup and recovery to protect data and workloads. High availability to ensure business continuity
Disaster Recovery during outages
Deployment options Ensure that the appropriate tools and templates are used to deploy landing zones
Classified as Microsoft Confidential
Migration goals
VM VM
On-Premises Datacenter
Hardware obsolescence cycle Enable disaster recovery
Pay only for needed capacity Modernize legacy applications
Lack of IT agility Shorter development times
Refocus core competencies Proprietary architectures
Expense of global operations
Classified as Microsoft Confidential
Comparing different migration strategies
Lift and shift
Quick and easy way to migrate to cloud
with no changes to code Azure VMware
Solution
Run native VMware workloads on Azure
bare-metal hardware Azure Virtual
machines
Manage VMs using VMware vSphere
Refactor/rearchitect/rebuild
Optimize applications for a cloud-native
environment
Azure Virtual App Service
AKS
Take advantage of cloud-native features: Desktop
scalability, elasticity, fault tolerance
Classified as Microsoft Confidential
Use cases for Azure IaaS VMs
“Optimization” services for Management, Monitoring, Security, BCDR
securing and managing
Infrastructure at scale
WS VM WS VM Linux VM
VMs with an operating system,
hosting apps and databases
Hardware with power for compute,
storage, and networking
Core Compute, Storage, and Networking
Classified as Microsoft Confidential
Migration tools: Azure Migrate
Simplify migration and
optimization with
Azure Migrate
Components include:
Unified migration platform
Assessment and migration tools
Assessment and migration of
different workloads
Classified as Microsoft Confidential
Understand the migration process
With Azure Migrate:
Catalog your software and
workloads
Categorize applications and 1. Prerequisites 2. Azure Migrate 3. Discover VMs 4. Review
workloads setup assessment
Identify the destination(s) for
each of your workloads
Move your resources to Azure
5. Replicate VMs 6. Test migration 7. Migrate to
production
Classified as Microsoft Confidential
Demo Source environment for migration
Classified as Microsoft Confidential
Learning Objective: Perform server assessment
Classified as Microsoft Confidential
Azure Migrate: Server Assessment
Create up an Azure Migrate project
Discovery and assessment tool is
added by default
A server assessment consists of the
following steps:
Discover machines
Create assessments
Classified as Microsoft Confidential
Discover machines
Azure Migrate: Server Assessment tool
Perform an agentless discovery
Tool guides you through process to
download a lightweight collector
appliance
After downloading the appliance:
Import and start the collector appliance
Complete its configuration
Connect it to your Azure Migrate project
Classified as Microsoft Confidential
Create an assessment
After completing the discovery
and data collection phase:
Azure Migrate assesses your
environment’s migration readiness
Azure creates an assessment
using default settings
Change these settings later by
editing the assessment’s properties
Classified as Microsoft Confidential
Review Azure readiness
Explore further for detailed
breakdown
Specs and sizing
recommendations
Location of CPU and memory
utilization
Disk metrics for size,
performance and throughput
Monthly cost estimate
Classified as Microsoft Confidential
Grouping VMs for assessment
Create a group of machines manually for assessment
If you need deeper profiling:
Create dependency visualizations
View network dependencies
Ensures you migrate all
required machines
Classified as Microsoft Confidential
Visualize dependencies
View dependencies across VMs
Ports and IP addresses that communicate with
your VM
All TCP/IP traffic between resources
Process level detail for each dependency
Migrate dependent resources to ensure
apps will work post-migration
Classified as Microsoft Confidential
Demo Create a Server assessment
Classified as Microsoft Confidential
Learning Objective: Migrate on-premises
servers to Azure
Classified as Microsoft Confidential
Azure Migrate: Server Migration
Steps in the migration phase:
1. Prepare Azure for the
Azure Migrate: Server Migration tool
2. Prepare on-premises VMs
for replication
3. Replicate the on-premises VMs
4. Migrate the VMs
Classified as Microsoft Confidential
Hyper-V migration process
Agent-based
and Agentless
options
Host-based 443 (HTTPS)
Data Channel
Public Internet or ExpressRoute Microsoft Azure
with Public Peering
Source: Hyper-V
Microsoft Azure
Recovery Services Agent
Replicates data to Azure
Classified as Microsoft Confidential
Agent-based migration architecture
Replication
appliance 443 (HTTPS)
Config
Server
Configuration server Process
Server
9443 (HTTPS)
Process server
Azure Migrate:
Mobility server
Server Migration
443 (HTTPS) Microsoft Azure
Agent Date Channel
Source: VMware VMs Public Internet or ExpressRoute
Sends replication data / non-virtualized machines with Microsoft Peering
from server to process
server
Configuration Server Process Server Mobility Service
Used for centralized Used for caching, compression, Captures all data writes
management and encryption from memory
Classified as Microsoft Confidential
Replication appliance architecture
Microsoft Azure
On-premises
Azure Migrate: Server Migration
Appliance
Replication data Machines
sent to Process communicate with
server on inbound Configuration server
port HTTPS 9443 on inbound port
HTTPS 443
Customer
Process Server
Configuration Server
Physical server
Mobility service agents
Classified as Microsoft Confidential
Considerations for Azure VMs
Availability
Scaling
Sizing
Storage
Monitoring and
automation
Storage tiering
Security integration
Classified as Microsoft Confidential
Demo Perform server migration
Classified as Microsoft Confidential
Learning Objective: Migrate on-premises
VMware workloads to Azure
Classified as Microsoft Confidential
Common Azure VMware Solution use cases
High availability, cloud Speed and simplification
bursting, and disaster recovery of migration/hybrid cloud
IT expansion, datacenter Software upgrade, update
reduction, or retirement lifecycle, CapEx to OpEx
Desktop virtualization Application modernization,
in the cloud development, and testing
Classified as Microsoft Confidential
What is Azure VMware Solution (1 of 2)
Run VMware seamlessly on Azure
Reliability and cloud scale with Azure
Access familiar VMware tools and operations
Easily integrate with other Azure services
Reduce cost with Azure Hybrid Benefit On-premises VMware
vSphere stack
Classified as Microsoft Confidential
What is Azure VMware Solution (2 of 2)
First-party Microsoft Azure service – verified by VMware
Hyper-converged – bare metal infrastructure Azure Region
data center
vSphere vSAN NSX
data center
Classified as Microsoft Confidential
Azure VMware Solution overview (1 of 2)
Azure Specialized Your datacenter
Azure VMware Solution
VMware Technology Stack VMware Technology Stack
VMware vCenter VMware vCenter
VM VM VM VM VM VM VM VM
ESXi Hosts Express ESXi Hosts
Route
Storage (vSAN) Compute Storage Compute
VMware-Certified Hardware
Classified as Microsoft Confidential
Azure VMware Solution overview (2 of 2)
Azure Azure
Marketplace Azure Specialized Your datacenter
AVS Azure Portal and
partner Azure Resource Azure VMware Solution
solutions Manager
◼ Network virtual Pick and chose your VMware Technology Stack VMware Technology Stack
appliance Azure services
VMware vCenter VMware vCenter
Citrix
Azure backbone network
◼
◼ VMware Horizon VM VM VM VM VM VM VM VM
Microsoft
Entra ID
ESXi Hosts Express ESXi Hosts
Azure Route
Monitor
Storage (vSAN) Compute Storage Compute
Azure
Security VMware-Certified Hardware
Azure
Storage
Classified as Microsoft Confidential
Migration made easy
Microsoft
Azure
Azure
Portal Azure Portal and Azure Resource Manager
Create/deploy Quickly connect
AVS SDDC Experience Modernize apps
Utilize HCX to
environment migrate VMs low-latency with Azure Services
connection with
Visualize VM ExpressRoute Security monitor
resources in workloads with
Automation Azure VMware Self-service for Azure Defender for
Solution scale Cloud
Manage with Manage with Single pane of
Greenfield same VMware glass with Azure
vSphere
tools Arc
AVS Enterprise Scale
Brownfield
Classified as Microsoft Confidential
Learning Objective: Containerize and
migrate [Link] apps to Azure
Classified as Microsoft Confidential
Azure Migrate: App Containerization overview
LOB App
Azure Container Registry
App AKS App Service
containerization
helper
Web layer
• Dockerfile Pod Pod
• Create
ACR/AKS Publish
cluster/App image
Service plan
• Container
image Deploy apps
• Kubernetes
yaml specs
• Use Persistent
Key Vault for
Volumes secrets
Data layer (parameterized PV through Application
configs) Azure File Insights (Java
DB migration or test copy Share apps)
Microsoft
Azure
Classified as Microsoft Confidential
Azure Kubernetes Service
Azure Kubernetes
Service (AKS)
Front end Back-end services
External
data stores
Client Apps Azure load
Ingress
balancer Pod
autoscaling
Namespace Namespace
CI/CD
helm upgrade Utility service
Elasticsearch
Azure docker docker Kubernetes Prometheus
Pipelines push pull cluster Namespace
Container
registry Virtual network
RBAC
Azure Active Monitor Azure Key
Dev/Ops Directory Vault
Classified as Microsoft Confidential
Azure App Service
1. Convert existing web application to container
Private
2. Publish container image to: Registry or
Docker Hub
a) Private registry or Docker Hub
b) Or, Azure Container Registry
Code Container Azure Application
Container
App Service pulls image with: Instances Insights
3. Registry
a) Credentials for private registry or Docker Hub, if used
Web Apps for
b) Or, managed identity, which uses an Azure Active Changes Microsoft Browser
Entra ID Containers
Directory security principal to access to Azure App Service
Container Registry
4. Service connectors to access other Azure resources
SQL Azure Azure Storage
Database Cosmos DB Database Accounts
5. Push new image to the container registry PostgreSQL
Server
(Classic)
• Triggers App Service updates when continuous
deployment is enabled Service Bus Cache Key Vaults Event Hubs
Redis
Classified as Microsoft Confidential
App containerization and migration process
You can deploy containerized apps on Windows containers in Azure Kubernetes
Service (AKS) or Azure App Service
1. Set up host environment 3. Build container image
Prepare your Azure account Select Azure Container Registry
Download and install Azure Migrate: App Review the Dockerfile
Containerization tool Trigger build process
Complete tool prerequisites
4. Deploy app container on Azure Kubernetes
2. Discover [Link] apps Service
Select list of apps to containerize Select the AKS cluster the app should be deployed to
Specify a name for the target container for each Specify secret store
selected application
Specify Azure file share
Configure and deploy the application
Classified as Microsoft Confidential
Microsoft Azure Virtual
Training Day: Migrate
and Secure Windows
Server and SQL Server
Workloads
Classified as Microsoft Confidential
Protect workloads by enabling
Microsoft Defender for Cloud
Classified as Microsoft Confidential
Define the most common types of cyber-
attacks
Configure Microsoft Defender for Cloud
Learning Objectives based on your security posture
Review Secure Score and raise it
Enable Just-in-Time access
Classified as Microsoft Confidential
Learning Objective: Define the most
common types of cyber-attacks
Classified as Microsoft Confidential
MITRE | ATT&CK®matrix (1 of 3)
MITRE ATT&CK matrix
o Publicly accessible knowledge base for understanding tactics and
techniques used by attackers during a cyber-attack
o ATT&CK stands for Adversarial Tactics, Techniques, and Common
Knowledge
Knowledge base organized into various categories, for
example:
o Pre-attack, initial access, credential access, etc.
Leveraged by Microsoft Defender for Cloud to associate
alerts with their perceived intent
Classified as Microsoft Confidential
MITRE | ATT&CK®matrix (2 of 3)
MITRE Tactic Example: Pre-attack
Pre-attack could be either an attempt to access a
certain resource, regardless of malicious intent, or a
failed attempt to gather information prior to
exploitation.
This step is usually detected as an attempt, originating
from outside the network, to scan the target system
and identify an entry point.
Classified as Microsoft Confidential
MITRE | ATT&CK®matrix (3 of 3)
MITRE Tactic Example: Initial Access
Initial Access is the stage where an attacker
manages to get a foothold on the attacked
resource.
This stage is relevant for compute hosts and
resources such as user accounts, certificates etc.
Threat actors will often be able to control the
resource after this stage.
Classified as Microsoft Confidential
Brute force attacks
Brute force attack – hacking technique where attacker tries to gain access to
network or system by guessing the username and password combination
through an automated process.
Attacker typically generates large number of login attempts in short period of
time to try every possible combination of characters until the correct one is
discovered.
This type of attack can be effective against weak passwords with no protection
but is time-consuming and can be detected by security measures like account
lockouts after certain number of failed attempts.
Classified as Microsoft Confidential
Management services, ports, and protocols
Typically, management services over commonly used ports are used when guessing passwords
Management Service Port and Protocol
SSH (Secure Shell) 22 / TCP (Transmission Control Protocol)
Telnet (Teletype Network) 23 / TCP (Transmission Control Protocol)
FTP (File Transfer Protocol) 21 / TCP (Transmission Control Protocol)
NetBIOS (Network Basic Input/Out System)/SMB
139 and 445 / TCP (Transmission Control Protocol)
(Server Message Block)/Samba
LDAP (Lightweight Directory Access Protocol) 389 / TCP (Transmission Control Protocol)
Kerberos 88 / TCP (Transmission Control Protocol)
RDP (Remote Desktop Protocol) 3389 / TCP (Transmission Control Protocol)
HTTP/HTTP (Hypertext Transfer Protocol)
80 and 443 / TCP (Transmission Control Protocol)
Management Services
Classified as Microsoft Confidential
Brute force attack programs and use cases (2)
There are several types of brute force attack programs used by attackers, including:
Types of Brute Force Attack Programs Use Case
Password crackers used for guessing passwords and encryption keys.
Port scanners used to identify open ports on a network or system.
Network mappers used to map the topology of a network.
Web application servers used to test web applications for vulnerabilities.
SSH brute force tools used to guess SSH login credentials.
Remote desktop brute force tools used to guess RDP login credentials.
FTP brute force tools used to guess FTP login credentials.
SNMP brute force tools used to guess SNMP community strings.
Classified as Microsoft Confidential
Indications of a brute force attack
Extreme counts of failed sign-ins from many
unknown usernames
Never previously “successfully authenticated” Example: Alert
from multiple remote desktop protocol (RDP)
connections or from new source IP addresses
Classified as Microsoft Confidential
Practices to reduce brute force attacks
To counteract brute-force attacks, you can take multiple measures such as:
1. Disable the public IP address and use 3. Increase password length and
one of these connection methods: complexity (e.g., Ztyn%9*qvB)
o Use a point-to-site virtual private network
(VPN)
4. Limit login attempts
o Create a site-to-site VPN 5. Implement Completely Automated
o Use Azure ExpressRoute to create secure links Public Turing test “CAPTCHA”
from your on-premises network to Azure
6. Limit the amount of time that ports
2. Require two-factor authentication are open
Classified as Microsoft Confidential
Learning Objective: Configure Microsoft Defender
for Cloud based on your security posture
Classified as Microsoft Confidential
Implement Microsoft Defender for Cloud
Microsoft Defender for Cloud
Solution for cloud security posture
management (CSPM)
Azure, on-premises, and multicloud
resources
Covers two broad cloud security
pillars:
1. Security Posture Management
2. Workload protection
Classified as Microsoft Confidential
Cloud workload protection (CWP)
1. Microsoft Defender for
Cloud coverage
2. Security alerts
3. Advanced protection
4. Insights
Classified as Microsoft Confidential
Defender for Cloud – basic CSPM features
Foundational CSPM
Feature Defender CSPM Cloud availability
capabilities
Continuous assessment of the security
Azure, AWS, GCP, on-premises
configuration of your cloud resources
Security recommendations to fix
Azure, AWS, GCP, on-premises
misconfigurations and weaknesses
Secure score Azure, AWS, GCP, on-premises
Governance Azure, AWS, GCP, on-premises
Regulatory compliance Azure, AWS, GCP, on-premises
Cloud security explorer Azure, AWS
Attack path analysis Azure, AWS
Agentless scanning for machines Azure, AWS
Classified as Microsoft Confidential
Defender for Cloud – enhanced features
When you enable the enhanced security
features (paid), Defender for Cloud can
provide unified security management
and threat protection across your cloud
workloads.
Risk-based vulnerability management and
assessment
Attack surface reduction
Behavioral based and cloud-powered
protection
Endpoint detection and response (EDR)
Automatic investigation and remediation
Classified as Microsoft Confidential
Microsoft cloud security benchmark in Defender for Cloud
The Microsoft cloud security benchmark (MCSB) provides best practices and recommendations, with input
from a set of holistic Microsoft and industry security guidance that includes:
Cloud Adoption Framework: Guidance on security, including strategy, roles and responsibilities,
Azure Top 10 Security Best Practices, and reference implementation.
Azure Well-Architected Framework: Guidance on securing your workloads on Azure.
Chief Information Security Officer (CISO) Workshop: Program guidance and reference
strategies to accelerate security modernization using Zero Trust principles.
Other industry and cloud service providers security best practice standards and framework:
Examples include the Amazon Web Services, Center for Internet Security Controls, National
Institute of Standards and Technology, and the Payment Card Industry Data Security Standard.
Classified as Microsoft Confidential
Regulatory compliance dashboard
Microsoft Defender for Cloud streamlines the
process for meeting regulatory compliance
requirements, using the regulatory compliance
dashboard.
The compliance dashboard gives you a view of
your overall compliance standing.
Security for non-Azure platforms follows the
same cloud-neutral security principles as Azure.
Classified as Microsoft Confidential
Learning Objective: Review Secure Score and
raise it
Classified as Microsoft Confidential
Secure Score
Microsoft Defender for Cloud has two main goals:
1. To help you understand your current security
situation
2. To help you efficiently and effectively improve
your security
The central feature in Defender for Cloud that
enables you to achieve those goals is the secure
score
The higher the score, the lower the identified
risk level
Classified as Microsoft Confidential
Security controls
Example: Security Controls
Recommendations are grouped into
security controls and each control is a
logical group of related security
recommendations and reflects your
vulnerable attack surfaces.
Your score only improves when you
remediate all of the recommendations
for a single resource within a control.
Classified as Microsoft Confidential
Improve your secure score
To improve your secure score, remediate
security recommendations from your
recommendations list.
You can remediate each recommendation
manually for each resource or use the Fix
option (when available) to resolve an issue
on multiple resources quickly.
Classified as Microsoft Confidential
Demo Secure score
Classified as Microsoft Confidential
Learning Objective: Enable Just-in-Time
access
Classified as Microsoft Confidential
Just-in-time (JIT) VM access
Problem: Threat actors actively hunt accessible machines with open
management ports, like remote desktop protocol
(RDP) or secure shell protocol (SSH).
A compromised VM is used as the entry point to attack further
resources in your environment.
Solution: block inbound traffic on specific ports by enabling just-
in-time (JIT) VM access.
Classified as Microsoft Confidential
Start
Logic for Is
enabling JIT on
just-in-time VM access Yes
already enabled?
an Azure VM No
Does the NSG
Is the VM
assigned to a network have “Allow” rules VM classified as
Yes No
for ports 22, 3389, ‘Healthy’
security group?
5985, & 5986?
No Yes
Is the VM protected
Is the VM protected
by a firewall? by a firewall?
No
Example: Azure Virtual Machine Yes
Recommendation
No Yes to enable
just-in-time VM
access
Does the firewall
have “Allow” rules Yes
for ports 22, 3389,
5985, & 5986?
VM classified as
‘Not-applicable’
No
Classified as Microsoft Confidential
Added to recommendation’s Unhealthy resources tab
When Defender for Cloud finds
a machine that can benefit
from JIT, it adds that machine
to the recommendation's
Unhealthy resources tab.
Example: Affected resources
Classified as Microsoft Confidential
Implement just-in-time VM access (1 of 3)
To use just-in-time VM access, you must After you enable Defender, you can view
enable Microsoft Defender for Cloud which virtual machines have JIT configured
1
4
Classified as Microsoft Confidential
Implement just-in-time VM access (2 of 3)
For each VM, you’re provided with a list of recommended specific
ports and access
Save the recommendations or add other ports of your choosing
Classified as Microsoft Confidential
Implement just-in-time VM access (3 of 3)
Once everything is in place, users must request access to the virtual machine
You can also monitor the usage of each virtual machine
Classified as Microsoft Confidential
Demo Configure Just-in-Time access
Classified as Microsoft Confidential
Extend security and management to
hybrid and multicloud environments
with Azure Arc
Classified as Microsoft Confidential
Describe Azure Arc
Onboard Arc-enabled servers to Microsoft
Learning Objectives Defender for Cloud
Onboard Azure Arc-enabled servers to
Microsoft Sentinel
Classified as Microsoft Confidential
Learning Objective: Describe Azure Arc
Classified as Microsoft Confidential
Benefits of Azure Arc
Consistent multi-cloud and on- Azure Stack HCI
premises management platform
Azure Stack Hub Any hardware
Simplified governance and
management Azure Stack Edge
Azure Arc provides a centralized, On-premises
unified way to: Azure data services and management
Harden and manage your security Multi-cloud Edge
posture Azure Arc
Detect threats and protect your
infrastructure
Conform to key compliance standards
and enforce organizational policies
Classified as Microsoft Confidential
Azure Arc capabilities
Azure Arc for Servers Azure Arc for Kubernetes Azure data services on Azure Arc
Physical Kubernetes applications Azure data services
Virtual
Organize and govern servers across Manage Kubernetes applications Run data services anywhere
environments at-scale
Classified as Microsoft Confidential
Overview of Azure Arc
Tools and Management Services
experiences Monitoring | Update | Containers | Backup | Security Center | More…
Azure
Customers
Portal
Access and security Organization and inventory
Shell
Azure RBAC | Locks | Subscriptions Search | Index | Groups | Tags
Bash
Resource
CLI Automation Governance and compliance
Manager
Ecosystem Templates | Extensions Logs | Policy | Blueprints
Marketplace
Azure Arc
Local tools
Azure
Azure Data Studio
services
Customer locations K8s Native Tools
Server Admin Tools
Azure
Classified as Microsoft Confidential
Secure and govern across environments
Conform to key compliance
Harden and manage your Detect threats and protect standards and enforce
Security Posture your workloads organizational policies
Microsoft Defender Azure
Microsoft Sentinel
for Cloud Policy
Azure Arc- Azure Arc- Azure Arc-enabled Azure Arc-enabled
enabled servers enabled SQL servers VMware vSphere VMS Kubernetes
Azure Stack HCI On-premises, multicloud, and edge Azure IoT
Classified as Microsoft Confidential
Demo Explore an Arc-enabled server
Classified as Microsoft Confidential
Learning Objective: Onboard Arc-enabled
servers to Microsoft Defender for Cloud
Classified as Microsoft Confidential
Manage, govern and secure Azure Arc-enabled servers
Azure Resource Azure Hashicorp ArcBox workbook
Manager (ARM) Bicep Terraform
Microsoft Defender
Azure Monitor Azure Policy Azure Log Analytics for Cloud
Microsoft Sentinel
ArcBox (IT Pros) ArcBox-SQL
Azure Resource Group Azure Arc-
enabled SQL
ArcBox-SQL
Azure Arc-
ArcBox-Win2k19
Azure Arc-
ArcBox-Win2k22
Azure Arc-
ArcBox-Ubuntu
Azure Arc-
ArcBox-CentOS
Azure Arc-
server enabled server enabled server enabled server enabled server enabled server
ArcBox-Win2k19 ArcBox-Win2k22 ArcBox-Ubuntu ArcBox-CentOS
ArcBox-SQL Nested Hyper-V Nested Hyper-V Nested Hyper-V Nested Hyper-V
Nested Hyper-V VM (SQL installed) VM VM VM VM
Secure Arc-enabled servers using Azure VM Hyper-V host
Microsoft Defender for Cloud Windows Server 2022 Datacenter with Hyper-V enabled (nested virtualization)
ArcBox Azure Virtual Network
Classified as Microsoft Confidential
Overview of Microsoft Defender for Cloud
Cloud-native security platform
Continuously assess and understand your SQL/Storage VMs Containers
current security posture
Identify and track vulnerabilities Network Industrial Apps
Follow customized and prioritized
IoT
recommendations with Azure Security
Benchmark Microsoft Defender for Cloud
Detect and resolve threats to resources and
services
Multi-cloud Datacenter Edge
Classified as Microsoft Confidential
Benefits of integrating Azure Arc with Defender for Cloud
Benefit Explanation
You can gain a comprehensive view of your security posture across all your environments,
Unified visibility
including on-premises, multi-cloud, and edge environments.
Centralized management You can manage security policies across all your environments from a single location.
Defender for Cloud provides advanced threat protection and detection capabilities to help you
Advanced threat protection
protect your resources from potential security vulnerabilities
You can apply recommended configurations on Azure Arc-enabled servers using the Quick Fix
Automated remediation
remediations.
By collecting security-related configurations and event logs, you can improve your overall Azure
Improved security posture
security posture
Classified as Microsoft Confidential
Integrate Defender for Cloud with Azure Arc
1. Set up a Log Analytics workspace where Connected
logs and events are aggregated for Source
Security
analysis
ArcBox-Ubuntu
Nested Hyper-V
VM
event data
2. Assign Defender for Cloud security
policies Security Policy
3. Review Defender for Cloud
recommendations ArcBox-Ubuntu Repository
4. Apply recommended configurations on
Azure Arc-
enabled server
Azure Arc-enabled servers
Log Search
Classified as Microsoft Confidential
What are security initiatives and policies
Microsoft Defender for
Cloud applies security
initiatives to your
subscriptions.
These initiatives contain one
or more security policies.
Each of those policies
results in a security
recommendation for
improving your security
posture.
Classified as Microsoft Confidential
What is a security initiative?
A Security initiative is a collection of
Azure Policy definitions, or rules, that are
grouped together towards a specific goal
or purpose.
Security initiatives simplify management
of your policies by grouping a set of
policies together, logically, as a single
item.
Classified as Microsoft Confidential
What is a security policy?
An Azure Policy definition,
created in Azure Policy, is a
rule about specific security
conditions that you want
controlled.
For example, controlling
what type of resources can
be deployed or enforcing
the use of tags on all
resources.
Classified as Microsoft Confidential
Viewing and editing security policies
Security Administrator
View, Update, and Dismiss Alerts
Security
Administrator
vs.
Security Reader Security Reader
View Only
Classified as Microsoft Confidential
Recommendations
Using the policies, Defender for Cloud periodically
analyzes the compliance status of your resources
to identify potential security misconfigurations and
weaknesses.
It then provides you with recommendations on
how to remediate those issues.
Recommendations result from assessing your
resources against the relevant policies and
identifying resources that aren’t meeting your
defined requirements.
Classified as Microsoft Confidential
Demo Recommendations for Arc-enabled servers
Classified as Microsoft Confidential
Learning Objective: Onboard Azure Arc-
enabled servers to Microsoft Sentinel
Classified as Microsoft Confidential
Manage configurations for Azure Arc-enabled servers
Hashicorp ArcBox workbook
Azure Resource
Azure Bicep Terraform
Manager (ARM)
Azure Monitor Microsoft Defender
Azure Policy Azure Log Analytics Microsoft Sentinel
for Cloud
ArcBox (IT Pros) ArcBox-SQL
Azure Resource Group Azure Arc-
enabled SQL
ArcBox-SQL
Azure Arc-
ArcBox-Win2k19
Azure Arc-
ArcBox-Win2k22
Azure Arc-
ArcBox-Ubuntu
Azure Arc-
ArcBox-CentOS
Azure Arc-
server enabled server enabled server enabled server enabled server enabled server
ArcBox-Win2k19 ArcBox-Win2k22 ArcBox-Ubuntu ArcBox-CentOS
ArcBox-SQL Nested Hyper-V Nested Hyper-V Nested Hyper-V Nested Hyper-V
Nested Hyper-V VM (SQL installed) VM VM VM VM
Security information and event Azure VM Hyper-V host
management using Microsoft Windows Server 2022 Datacenter with Hyper-V enabled (nested virtualization)
Sentinel ArcBox Azure Virtual Network
Classified as Microsoft Confidential
Overview of
Microsoft Collect
Sentinel
Security data across
your enterprise
Collect data at cloud scale—across all users,
devices, applications, and infrastructure
Detect threats, and minimize false positives Respond Detect
Rapidly and automate Threats with vast
protection Microsoft Sentinel threat intelligence
Cloud-native SIEM+SOAR
Investigate threats with artificial intelligence,
and hunt for suspicious activities at scale
Respond to incidents rapidly with built-in Investigate
orchestration and automation of common Critical incidents
guided by AI
tasks
Classified as Microsoft Confidential
Integrate Microsoft Sentinel with Azure Arc
1. Ensure Log Analytics workspace and Log Analytics
Microsoft Sentinel are enabled in your agent
subscription
2. Ensure your machine is connected to Arc- Arc-enabled
Windows VM
enabled server Windows Server
3. Install agent on the machine
4. Deploy agent using Azure Policy Azure Policy
After Arc-enabled servers are connected, data Log Analytics
workspace
begins streaming into Sentinel, ready for use Microsoft
Sentinel
Classified as Microsoft Confidential
Workbooks
After you on-board to Microsoft
Sentinel, monitor your data using
the integration with Azure Monitor
workbooks.
Create custom workbooks across
your data
Microsoft Sentinel also comes with
built-in workbook templates
Quickly gain insights across your
data as soon as you connect a data
source
Classified as Microsoft Confidential
Incidents
Microsoft Sentinel uses analytics
to correlate alerts into incidents.
Reduce noise and minimize
number of alerts
Incidents are groups of related
alerts that together indicate an
actionable possible-threat
Use the built-in correlation rules
as-is or use them as a starting
point to build your own.
Classified as Microsoft Confidential
Playbooks
Integrate playbooks with Azure
services and existing tools
Automate and simplify simple tasks,
including:
o Data ingestion, enrichment,
investigation, and remediation
Playbooks work best with single,
repeatable tasks
Don't require coding knowledge
Classified as Microsoft Confidential
Hunting
Microsoft Sentinel's search-
and-query tool lets you hunt
for security threats across your
organization’s data sources,
before an alert is triggered.
Based on the MITRE framework
Create custom detection rules
based on your hunting query
Surface insights as alerts to your
security incident responders.
Classified as Microsoft Confidential
Design a SQL Server migration strategy
Classified as Microsoft Confidential
• Explore data platform modernization
• Plan a data migration
Learning Objectives • Perform database assessment
• Review Azure resources for cost savings
Classified as Microsoft Confidential
Learning Objective: Explore data
platform modernization
Classified as Microsoft Confidential
Why modernize your data platform
Agility Cost Scalability
Automatic Leverage other
Security
backups cloud services
Classified as Microsoft Confidential
Data platform modernization
Azure
laaS Paas Extend
Windows Linux VMs WS/Linux
Server VMs VMs on AVS Azure SQL Azure SQL Azure Database Azure Database Power BI Azure ML Azure Synapse
Managed Instance Database for MySQL for PostgreSQL Analytics
SQL Server MySQL and PostgreSQL
Classified as Microsoft Confidential
SQL Server modernization use cases
Migrating to Azure SQL
Adoption of new technologies
Usage of hybrid features
Upgrading to the latest version of SQL Server
Databases consolidation
Classified as Microsoft Confidential
SQL Server services on Azure
The family of SQL cloud to edge databases
SQL Server on Azure Azure SQL Azure SQL Azure SQL
Virtual Machines Managed Instance Database Edge
Best for lift and shift Best for modernizing Best for supporting Best for extending
and/or workloads existing apps modern cloud apps apps to IoT edge
requiring OS-level access
Infrastructure-as-a-Service Platform-as-a-Service Edge Computing
Azure SQL enabled by Azure Arc
Run Azure SQL on premises and in multicloud environments
Classified as Microsoft Confidential
Decision making in migrating to Azure SQL
Operational data workloads No (Hybrid)
Outside of Azure
Can data go to Azure?
Yes (Full migration)
Modernize in place App modernization
on existing apps /new apps
For customers who need For customers who need For customers who need For customers who need
• Retire data centers • SSRS/SSAS/SSIS • Operational databases • Small footprint SQL for IoT/ Edge
• Limitless scale, E2E security • Server-based, not in containers • PaaS-like experience & cloud billing compute
• IaaS, PaaS, Single DB, Pools • Specific versions of SQL Server for • Consistency and manageability • Streaming, time-series
• Fully managed with SLAs ISV apps across on-premises and multi-cloud • To run on devices up to 8 cores
SQL Server (on Arc-enabled servers) Azure Arc-enabled data services Azure SQL Edge
Azure SQL / OSS
databases
Any Windows/Linux servers Any Kubernetes Cluster Azure IoT Edge
Classified as Microsoft Confidential
Azure SQL deployment on Azure portal
Classified as Microsoft Confidential
Demo Deploy an Azure SQL Database
Classified as Microsoft Confidential
Learning Objective: Plan a data migration
Classified as Microsoft Confidential
SQL migration roadmap
Initiate Transform Migrate, validate,
Assess Plan
and discover and optimize and remediate
Understand your Assess the Describe the Transform Perform migration,
database footprint discovered workloads, the tool incompatible validate successful
and potential workload to be used for workloads. migration, and
approaches to requirements and migration and the Optimize remediate
migration any dependencies target platform for workloads to take applications where
the workload advantage of new required
features
Classified as Microsoft Confidential
Initiate and discover
TOOLS
• Inventory of your data estate
Microsoft
• Dependencies between existing Assessment
Azure
Database
applications and databases & Planning
(MAP)
Migration
Guide
Toolkit
• Databases that move together
• Workload type of your systems Azure Migrate
Classified as Microsoft Confidential
Azure Database Migration Guide
[Link]
Classified as Microsoft Confidential
Microsoft Assessment & Planning (MAP) Toolkit
Classified as Microsoft Confidential
Azure Migrate for SQL Server discovery
• Simplify migration and
modernization with a unified
platform.
• Discover SQL Server instances
and databases available across
Vmware, Microsoft Hyper-V,
and physical environments.
• The discovery process is
agentless – nothing is installed
on the target servers.
Classified as Microsoft Confidential
Assess your databases
Migration Azure
Breaking changes
blockers features
Current workload assessment Assessment criteria
This assessment should confirm what databases • Performance
exist on each server, establish the data volumes • Availability
and expected growth rates of each database, • Disaster recovery
and document the average resource usage of
each database. • Compliance
• Third party software
Classified as Microsoft Confidential
Plan your SQL Server migration
Plan
Remain
Rehost
Refactor
Rearchitect
Discover Assess Transform Test and
and Remediate
Rebuild Optimize
Replace
Retire
Classified as Microsoft Confidential
Transform and optimize
Transformation Optimization
• Pre-migration version upgrades • Pre-migration version upgrades
• Fix any errors identified in the assessment • Take advantage of new features
phase • Ensure workloads are right-sized
• Implement database schema changes • Choose the highest service level and
• Migrate existing integrated database services performance tier during the migration
into Azure • Disable auto-statistics during migration
• Handling SSIS workloads in the cloud • Partition tables and indexes
• Drop indexed views and recreate them once
finished
Classified as Microsoft Confidential
Migrate, validate, and remediate
Migrate
• Select non-critical workloads for migration initially
• Run a test migration with chosen tool
• Test databases for issues
• Test the plan to mitigate risk associated with downtime and compatibility issues
• Assess migration tools based on disruption to help lower the risk of database downtime
• Consider the maintenance windows available for migration
• Take old databases and application offline
• Test third-party applications
• Create new disaster recovery and maintenance plans
• Use monitoring tools to assist with the migration process
Classified as Microsoft Confidential
Demo Identify compatibilities issues
Classified as Microsoft Confidential
Learning Objective: Perform database
assessment
Classified as Microsoft Confidential
Azure SQL Migration extension for Azure Data Studio
Azure Data Studio
On-Premises SQL Server Azure SQL
Azure SQL Migration
extension
Collect Save results Analyze and
performance (local files) recommend
Classified as Microsoft Confidential
Install Azure migration extension for Azure Data Studio
Classified as Microsoft Confidential
Azure migration extension for Azure Data Studio
Classified as Microsoft Confidential
DMA assessment features
Breaking Behaviour Deprecated SQL Server
New features Integration
changes changes features
Services
(SSIS)
packages
Classified as Microsoft Confidential
Assess a database with Data Migration Assistant (DMA)
Classified as Microsoft Confidential
Data Migration Assistant (DMA)
Supported Supported
Sources Targets
• SQL Server 2008 • SQL Server 2012
• SQL Server 2008 R2 • SQL Server 2014
• SQL Server 2012 • SQL Server 2016
• SQL Server 2017
• SQL Server 2014
• SQL Server 2019
• SQL Server 2016 • SQL Server 2022
• SQL Server 2017 • Azure SQL Database single database
• SQL Server 2019 • Azure SQL Managed Instance (assessment
• SQL Server 2022 only)
• SQL Server on Azure Virtual Machine
Classified as Microsoft Confidential
Azure Migrate
Classified as Microsoft Confidential
Demo Assess a database with Azure Migrate
Classified as Microsoft Confidential
Learning Objective: Review Azure resources
for cost savings
Classified as Microsoft Confidential
Azure Cost Management
Classified as Microsoft Confidential
Azure SQL and the PaaS value proposition
Save with your existing licenses
Eligible customers pay a reduced rate for Azure SQL Database and Azure SQL
Managed Instance with the Azure Hybrid Benefit.
Reserve upfront and pay less
Reserve resources in advance and save over pay-as-you-go pricing—and
improve your budgeting and forecasting.
Extend security updates for free
Get SQL Server Extended Security Updates for three additional years for free.
Classified as Microsoft Confidential
Cost savings when migrating to Azure SQL
Maintain HADR in the cloud with free SQL Server
secondary replica hosted on Azure VM
Protect your data with free extended security updates
Boost productivity with fully managed Azure SQL
database services
Save on resource, maintenance and real estate costs
Classified as Microsoft Confidential
Azure Hybrid Benefit (AHB)
Use your existing SQL Server license to pay only SQL Database pricing structure in vCore Resourcing Model
for the Azure infrastructure (base compute
pricing). SQL License
B
With license-included pricing, you pay for both C
SA
the Azure infrastructure and the SQL Server
license.
A Base Compute A
Save up to 30 percent or more on SQL Database
and SQL Managed Instance by using your
Software Assurance-enabled SQL Server licenses
on Azure. License Included Azure Hybrid
pricing benefit prices
Classified as Microsoft Confidential
Centrally Managed Azure Hybrid Benefit for SQL
resources
Scalability Compliance Monitoring
• Apply SQL licenses across an • Centralized visibility into AHB • Tools to identify additional
entire Azure subscription license allocation and utilization licenses to maximize cost savings
• Licenses are automatically applied • Limit number of roles who can • Proactive notifications when
to active resources to optimize apply SQL licenses to AHB license assignments need to be
utilization refreshed
• SQL databases, SQL elastic pools, • Apply SQL Enterprise and
SQL managed instances, and SQL Standard core licenses together to
virtual machines are supported cover Azure SQL resources
Classified as Microsoft Confidential
SQL Server HADR and Azure Hybrid Benefit coexistence
Azure customers can install
and run passive SQL Server
instances for disaster recovery
in anticipation of a failover
event.
Ensures that the qualified
disaster recovery replicas
don't consume assigned SQL
Server licenses.
Classified as Microsoft Confidential
Change the license model of a SQL virtual machine
Classified as Microsoft Confidential
Enable Azure Hybrid Benefit for SQL Database and SQL
Managed Instance
Permissions required on the
subscription:
• Owner, or
• Reservation Purchaser
Classified as Microsoft Confidential
Azure Advisor
Classified as Microsoft Confidential
Compare on-premises Azure costs
Demo Review Cost Management dashboard and
reports
Classified as Microsoft Confidential
Migrate SQL Server databases to
Azure SQL
Classified as Microsoft Confidential
• Deploy Azure SQL resources
Learning Objectives • Migrate databases to Azure SQL
• Perform post-migration tasks
Classified as Microsoft Confidential
Learning Objective: Deploy Azure SQL
resources
Classified as Microsoft Confidential
Azure SQL Hybrid cloud
platform Shared
comparison
Lower cost
Software as a service
Platform as
a service
Azure SQL Azure SQL database
Infrastructure
Managed Instance Virtualized database
as a service
SQL Server on Azure VM
Virtualized machines
Virtual
SQL Server Private Cloud
Virtualized machines + Appliances
Physical
Dedicated
higher cost SQL Server
Physical Machines (raw iron)
On-premises Off-premises
Higher Lower
administration administration
Classified as Microsoft Confidential
Deployment options for Azure SQL
SQL Server on Azure SQL Azure SQL Azure SQL Edge
Azure virtual Database Managed Instance
machines
SQL virtual machine Single database Elastic pool Single instance Instance pool Edge gateways and
devices
SQL Server and OS Hyperscale storage (up Resource sharing SQL Server surface Pre-provision compute Containerized Microsoft
server access to 100TB) between multiple area (vast majority) resources for migration SQL database engine
Expansive SQL And OS Serverless compute databases to price Native virtual network Enables cost-efficient on ARM64 and x64
optimize edge devices
version support Fully managed service support migration.
Simplified performance Time-series, data
Automated Fully managed service Ability to host smaller
management for streaming and AI
manageability features instances (2Vcore)
multiple databases capabilities
for SQL Server Currently in public
Fully managed service Native integration with
preview
Azure services
Classified as Microsoft Confidential
Comparing manageability
SQL Server Azure SQL Azure SQL Azure SQL
on Azure VMs Managed Instance Database Edge*
Intelligent performance/security Intelligent performance/security Intelligent performance/security Managed by
customer
Managed by
Applications Applications Applications Applications
Microsoft
Machine learning
Data Data Data Data capability
Database Database Database Database
SQL Instance-level features SQL Instance-level features
High Availability /DR/Backups High Availability /DR/Backups High Availability /DR/Backups High Availability /DR/Backups
Database provision/Patch/Scaling Database provision/ Patch/Scaling Database provision/ Patch/Scaling Database provision/ Patch/Scaling
Operating System Operating System Operating System Operating System (container)
Virtualization Virtualization Virtualization Container platform
Hardware Hardware Hardware Hardware & Operating System
Datacenter Management Datacenter Management Datacenter Management Device Management (IoT Hub)
*In connected scenario
Classified as Microsoft Confidential
Azure SQL Managed Instance
Azure SQL
Development options that enables
frictionless migration for SQL apps and Azure SQL Azure SQL
Management Instance Database
modernization in a fully managed service
PaaS
PaaS
Easy lift and shift Fully managed PaaS Full isolation and security
Built on the same PaaS
Full-fledged SQL instance with Native VNet implementation
service infrastructure
nearly 100% compatibility with
on-premises Private IP addresses
All PaaS features
Classified as Microsoft Confidential
Supported SQL features
Operational Scenario enablers Programmability Security
• DMVs and • Service Broker • Global • Integrated
Extended events • Transactional temporary tables authentication
• Query store Replication • Cross-database with Azure AD
• SQL Server • Change Data queries and • TDE
Agent Capture transactions • Always
• Database mail • Linked servers Encrypted
• Native backup • CLR modules • SQL Auditing
and restore • Row-Level
• Configurable Security (RLS)
database file • Dynamic Data
layout Masking
Classified as Microsoft Confidential
Azure SQL Database purchasing models
DTU model vCore model
Simple, Independent scalability
Preconfigured
compute
compute
OR
Storage Storage
Database Transaction Unit (DTU)-based model vCore-based model
• Bundled measure of compute, storage and IO resources • Independent scaling of compute, storage and IO resources
• Best for customers who want simple, pre-configured resource options • Best for customers who value flexibility, control and transparency
• Use with Azure Hybrid Benefit for SQL Server to gain cost savings
Classified as Microsoft Confidential
Single database deployment
Simplest approach to deploying Azure SQL
Database
Each database has its own full set of resources Migration
All databases are isolated from each other and Modernization
are portable
Service level and costs are configured at the
individual database level
Classified as Microsoft Confidential
Elastic pool deployment
4 databases 20 databases
DTU utilization
DTU utilization
DB1
DB2
All DBs
DB3
DB4
Time Time
Significantly reduce costs by configuring min/max DTU or vCore settings on a per database level to balance resource
usage within an elastic pool
Best suited for databases that have similar performance requirements and non-concurrent spikes in utilization
Classified as Microsoft Confidential
Serverless compute tier
• Allows you to spend less for databases that
do not need to be running 24x7 CPU usage
• Best suited for irregular workloads
• Only available in vCore model
Number vcores
Inactive Paused
Serverless incompatibility:
• Geo-replication
• Long-term backup retention
• A job database in elastic jobs
Min vcores Max vcores Vcores used Vcores billed
• The sync database in SQL Data Sync
Classified as Microsoft Confidential
Serverless configuration on Azure portal
Classified as Microsoft Confidential
Hyperscale
Region 2
Region 1
Read application
service tier
Read-write Read application Read application
Read-Only
application
Read-Write Read-Only Read-Only Read-Only
Compute
Compute Compute
SSD Cache
SSD Cache SSD Cache SSD Cache
SSD Cache Geo replica
SSD Cache
HA secondary Named replica 1
Primary replica Named replica 2
Replica
Named replica 30
Log Service
Log Service
Page servers
Page servers
Page server
Page server Page server Page server
Non-covering SSD cache
SSD Cache
SSD Cache SSD Cache SSD Cache
Covering SSD cache
Data pathway
Log pathway Data files
Data files Data files Data files
User request Snapshots
Snapshots Snapshots Snapshots
Storage
Storage
Classified as Microsoft Confidential
Hyperscale configuration
Supports up to 100 TB of database size
Nearly instantaneous backups using
snapshot technologies
Fast database restores
Higher overall throughput because of
distributed log writes
Horizontal scaling model
Classified as Microsoft Confidential
Automatic backups – SQL MI and SQL Database
• Full once a week, differential ever 12-24 hours, transaction
logs every 5-10 min
• Stored in RA-GRS blobs that are replicated to a different
datacenter
• Configured per database
• Manual backups not supported in SQL Database
• SQL MI supports manually generate backups via backup to
URL
• It is possible to restore a deleted database
• Backups generated in SQL MI cannot be restored in SQL
Database
Classified as Microsoft Confidential
Exploring the Azure quick start template
Demo Deploy an Azure SQL Database
Deploy an Azure SQL Managed Instance
Classified as Microsoft Confidential
Learning Objective: Migrate workloads to
Azure SQL
Classified as Microsoft Confidential
Migration extension for Azure Data Studio
• Powered with the Azure Database Migration
Service engine to deliver a seamless migration
experience.
• Once the migration starts, you can monitor it
via Azure portal.
• Flexibility to create a self-hosted integration
runtime to provide your own compute for
accessing the source SQL Server and backups.
• Connect to your source and target using
private endpoints.
• Migrate databases encrypted with TDE.
• Migrate logins.
Classified as Microsoft Confidential
Migration extension targets and modes supported
Migration target Migration mode
SQL Server to Azure SQL Managed Instance Online / Offline
SQL Server to SQL Server on Azure Virtual Machine Online / Offline
SQL Server to Azure SQL Database Offline
Classified as Microsoft Confidential
Configure migration settings (1/3)
• Step1: Databases for assessment
• Step 2: Assessment results and
recommendations
• Step 3: Azure SQL target
• Step 4: Migration mode
• Step 5: Data source configuration
Classified as Microsoft Confidential
Configure migration settings (2/3)
• Step1: Databases for assessment
• Step 2: Assessment results and
recommendations
• Step 3: Azure SQL target
• Step 4: Migration mode
• Step 5: Data source configuration
Classified as Microsoft Confidential
Configure migration settings (3/3)
• Step1: Databases for assessment
• Step 2: Assessment results and
recommendations
• Step 3: Azure SQL target
• Step 4: Migration mode
• Step 5: Data source
configuration
Classified as Microsoft Confidential
Data Migration Assistant
Classified as Microsoft Confidential
Data Migration Assistant fine-tuning
Data Migration Assistant Wizard Advanced configurations:
Simple installation Parallel database* migration:
For Azure SQL Managed Instance, use
the migration extension instead.
Advanced configuration
Fine-tune Data Migration Assistant by
setting configuration values in the Connection timeout:
[Link] file located in
%ProgramFiles%\Microsoft Data
Migration Assistant\
Classified as Microsoft Confidential
DMA migration modes supported
Migration target Migration mode
Use the migration extension
SQL Server to Azure SQL Managed Instance
instead
SQL Server to SQL Server on Azure Virtual Machine Online / Offline
SQL Server to Azure SQL Database Offline
Classified as Microsoft Confidential
DMA SQL Server logins and SSIS packages
SQL Server logins SSIS packages
You can migrate Windows principal and SQL
You can assess SQL Server Integration Service
Server logins using Data Migration Assistant.
(SSIS) packages with DMA.
Data Migration Assistant assigns permissions to
DMA needs to run with administrator access to
existing securables on the target SQL Server.
assess SSIS packages in Package Store.
Review migration results for login migration
Source to SQL Server version 2019 and above
status and recommended post-migration
are not supported.
actions.
Classified as Microsoft Confidential
Data Migration Assistant best practices
Best Practices
Don't install and run the Data Migration Assistant directly on the SQL Server host machine.
Migrate a server during non-peak times.
Perform the compatibility issues and new feature recommendations assessments separately
to reduce the assessment duration.
Enable encrypt connection when connecting to the source and target servers.
Classified as Microsoft Confidential
Azure Migrate
Offers a hub of tools to facilitate SQL Server
assessment and migration to Azure SQL, such
as Azure Database Migration Service, Data
Migration Assistant and Azure Migrate:
Discovery and assessment.
Supports discovery of different SQL Server
deployments, such as SQL Server Always On
Failover Cluster Instances (FCI) and Always On
Availability Groups (AG).
It can be used to move the entire physical or
virtual SQL Server from its current location to
an instance of SQL Server on Azure Virtual
Machine.
Classified as Microsoft Confidential
Azure Migrate: Discovery and assessment
Classified as Microsoft Confidential
Azure Migrate: Data Migration Assistant (DMA)
Classified as Microsoft Confidential
Azure Migrate: Azure Data Migration Service
Classified as Microsoft Confidential
Distributed availability group
• Extend on-premises database into Source Target
the cloud to minimize downtime. OnPremAG AzureAG
• When migrating a database (or OnPremNode SQLVM
multiple databases) from a Azure ExpressRoute
standalone instance, it doesn't Azure Site to Site VPN
require either a Windows Server MSSQLSERVER
(Global Primary) Azure vNet peering
MSSQLSERVER
(Forwarder)
Failover Cluster or an availability
group listener on the source or Hadr_endpoint Hadr_endpoint
target.
Distributed availability group (DAG)
Classified as Microsoft Confidential
Backup and restore
SQL Server Backup/Upload Azure Storage Restore SQL Managed
to URL from URL Instance
BACKUP DATABASE [TargetDatabaseName] TO URL =
'[Link]
RESTORE DATABASE [TargetDatabaseName] FROM URL =
'[Link]
Classified as Microsoft Confidential
Azure SQL Managed Instance log replay
3. Cutover to
the cloud
when ready
Managed Migrated DB
Instance
2. Start LRS service
in the cloud
(continuous sync)
Azure Blob
2.1 Monitor the operation progress
Storage
1. Copy 2.2 Stop the operation if needed
database
backups to
SQL Server Backup Azure Blob
database files Storage
Classified as Microsoft Confidential
Azure SQL Managed Instance link feature
Managed Instance link
Replicates databases near
Primary real-time to Azure Replicated
User database User database
SQL Server (R/W) (R/O) Secondary replica
Primary replica Azure SQL Managed
Availability Distributed Availability Instance in Azure
Hosted anywhere: on-premises,
any data center, hosting provider, Group Availability Group Group
other clouds or a VM
Classified as Microsoft Confidential
Additional migration tools
Azure SQL Managed SQL Server on Azure Virtual
Tools Azure SQL Database
Instance Machine
Transactional replication Yes Yes Yes
Log Shipping Yes * No Yes
Detach and attach a database Yes No Yes
Convert to a VM, upload to a URL, and
No No Yes
deploy as a new VM
Import Export Wizard/BACPAC Yes Yes Yes
SQL Server data files on Azure Storage No No Yes
Bulk copy Yes Yes Yes
Azure Data Factory Yes Yes Yes
The Windows Import/Export Service No No Yes
* Natively built in as a part of Azure Data Migration Service (DMS), and Log Replay Service (LRS).
Classified as Microsoft Confidential
Perform an offline migration of a SQL Server
Demo database to Azure SQL Database
Classified as Microsoft Confidential
Learning Objective: Perform post-migration tasks
Classified as Microsoft Confidential
Post-migration considerations
Performance Security
& Monitoring (session 6)
Automation
HA/DR
(session 6)
Classified as Microsoft Confidential
Establishing a baseline
Identify any critical queries with performance
that don’t match your original performance.
Confirm that migration is successful if workload
performance on the Azure SQL target is aligned or
better than the workload performance on your source
SQL Server.
Baseline
You may also proactively allocate more
compute resources as your workload increases
over time.
Settings matter between source and target. Validate that various instance, database, and
tempdb settings are equivalent between the two environments.
Classified as Microsoft Confidential
Query Store
Identify the queries with regressed
performance
Easily identity the most expensive queries
in the target database
Available in Azure SQL Database and Azure
SQL Managed Instances
Compare the average execution time of a
query across time windows to see large deltas
SQL Managed Instance has a built-in
automatic plan correction feature that is enabled
by default.
Classified as Microsoft Confidential
Identify expensive
queries, using the Examine the query
Query Store or plans for those
Extended Events queries
profiling
Index tuning
methodology Test changes to
Implement changes indexes to evaluate
in the target database improvements in I/O
and elapsed time
Classified as Microsoft Confidential
Azure Monitor
All Azure resources collect a set of metrics
through the Azure Monitor service
Enhanced data may be collected through the
Azure Monitoring Insights for virtual
machine resources
Data is stored in Azure Log Analytics
Metrics available to monitor will vary
depending on the type of resource
Classified as Microsoft Confidential
Alerts for Azure SQL
Metric values
The alert triggers when the value of a specified metric
crosses a threshold you assign in either direction.
Activity log events
An alert can trigger on every event, or, only when a certain
number of events occur.
Classified as Microsoft Confidential
Query Performance Insight
Classified as Microsoft Confidential
Automatic tuning
Classified as Microsoft Confidential
Performance recommendations for Azure SQL Database
Classified as Microsoft Confidential
HADR Options for PaaS offering
Active Geo-Replication Auto Failover Groups
Classified as Microsoft Confidential
Active Geo-Replication
Programmatically or manually failover Azure Traffic
User device Manager
primary databases to secondary regions
during major disaster End user
traffic
Primary and secondary replicas are required
to have the same service tier and compute
Primary logical Secondary logical
Ingress server server Ingress
size
LB LB
Geo-replication
Cross subscription replication supported – Application Application
configure a secondary replica on a different (read-write)
Application
DB traffic
(read-write)
Application
subscription than the primary database (read-only) (read-only)
Primary region Secondary region
Only supported on Azure SQL Database
Indicates end user traffic failover to secondary region
Classified as Microsoft Confidential
Active geo-replication forced failover
Classified as Microsoft Confidential
Auto Failover Groups
Database is created automatically on the secondary through a process called seeding
It can contain one or more databases
Depending on the size of the database, the seeding process may take some time
If you have a tight RPO and can't afford much data loss, set the
GracePeriodWithDataLossHours property to a higher value (default is 1-hour)
Supported on SQL Database and SQL Managed Instance
Classified as Microsoft Confidential
Configure an auto-failover group for Azure SQL Database
Step 1:
Select Failover groups
under the Settings pane,
and then select Add group
to create a new failover
group
Classified as Microsoft Confidential
Configure an auto-failover group cont’d
Step 2:
On the Failover Group
page, enter or select the
required values, and then
select Create
Adding the database to the
failover group will
automatically start the geo-
replication process
Classified as Microsoft Confidential
Auto failover groups vs. geo-replication
Feature Geo-replication Failover groups
Automatic failover No Yes
Fail over multiple databases simultaneously No Yes
User must update connection string after failover Yes No
SQL Managed Instance support No Yes
Can be in same region as primary Yes No
Multiple replicas Yes No
Supports read-scale Yes Yes
Classified as Microsoft Confidential
Configure geo replication for Azure SQL
Demo Database
Classified as Microsoft Confidential
Enhance security and scalability in
Azure SQL
Classified as Microsoft Confidential
• Protect Azure SQL with security features
Learning Objectives • Automate database tasks for scalability
• Scale with hybrid features
Classified as Microsoft Confidential
Learning Objective: Protect Azure SQL with
security features
Classified as Microsoft Confidential
Data at rest vs. Data in transit
Encrypt Data Encrypt Data
Private Network
Public Network
Data at rest Data in transit
Encrypts data while it's on file storage Encrypts data while it travels through private or
public network communication channels
Classified as Microsoft Confidential
Configure server and database firewall rules
Each Azure SQL Database maps to a public IP
address which is hosted by Microsoft Firewalls are
designed to prevent people from accessing
resources that they should not be accessing
By default all access should be blocked with [Link].001 [Link].002 [Link].003
access opened as needed
In Azure SQL Database there are firewalls at the
server level as well as at the database level
Classified as Microsoft Confidential
Secure with Azure Active Directory authentication
Azure Active Directory
Azure extension
for SQL Server AAD login
Windows registry
[Link] SQL Server 2022
Classified as Microsoft Confidential
Azure AD authentication options
Windows Authentication
User login information is stored in Active Directory
SQL Server authentication
options SQL Server Authentication
User login information is stored in the Master or user database
Azure Active Directory Authentication
User information is stored in Azure Active Directory
SQL Database and SQL MI
authentication options SQL Server Authentication
User login information is stored in the master or user database
Classified as Microsoft Confidential
Transparent Data Encryption (TDE)
• TDE is enabled by default
• Data is protected as it rests on the
disks, and within the backups.
• For Azure SQL Managed Instance use
T-SQL to turn TDE on and off on a
database: ALTER DATABASE
<db_name> SET ENCRYPTION ON;
• For Azure SQL Database, enable and
disable TDE on the database level via
Azure portal.
Classified as Microsoft Confidential
Managing TDE
Always backup the certificate that is created in the
master database
You can’t restore the database without first
restoring the certificate
When setting up a database within an Availability
Group, restore this certificate to each server
within the Availability Group
Classified as Microsoft Confidential
Always Encrypted
Database engine
Secure enclave
Database SQL Client
Client driver
SQL
Ciphertext Plaintext DLL
Plaintext Ciphertext
• Data within the database is encrypted without the database
engine ever seeing plain text data.
• Data is encrypted with certificates created by the database,
but stored in the application.
• Even administrators cannot decrypt the encrypted data.
Classified as Microsoft Confidential
Always Encrypted encryption types
Deterministic Randomized
Should be used with data that has many Most secure
distinct values
Good for columns with few distinct values
Allows equality joins, grouping and
Prevents searching, grouping, indexing,
indexing on encrypted columns
joining on encrypted columns and equality
operations
Classified as Microsoft Confidential
Always Encrypted use cases
Client and data To protect your on-premises database from high-privileged users, i.e.
on-premises external vendors managing SQL Server
Client on- To ensure Microsoft cloud administrators have no access to the data,
Scenario premises with Always Encrypted keys are stored in key store hosted on-premises,
data in Azure for SQL Database or SQL Server in a virtual machine in Azure
Client and data in
Data is encrypted in the database
Azure
Classified as Microsoft Confidential
Explore server and database audit
• Tracks database events and writes them to an audit log in
your Azure Storage account, Log Analytics workspace or
Event Hubs
• You can define server-level and database-level policies
• It is recommended that you enable only server-level
auditing and leave the database-level auditing disabled
for all databases
Classified as Microsoft Confidential
Default auditing policy for SQL Database
Action group Definition
Audits all the queries and stored procedures executed against
BATCH_COMPLETED_GROUP
the database.
SUCCESSFUL_DATABASE_AUTHENTICA This indicates that a principal succeed to log into the
TION_GROUP database.
FAILED_DATABASE_AUTHENTICATION
This indicates that a principal failed to log into the database.
_GROUP
Classified as Microsoft Confidential
Audit sensitive labels
When combined with data classification, you can also monitor access to sensitive
data.
Classified as Microsoft Confidential
Dynamic Data Masking
• Obscures data from view by showing values
defined by a masking function.
• The data is masked server side, meaning
unmasked data is never transmitted over the
network.
• Data can be unmasked by simply granting a
right
to a user.
• Server admins will always have access to
unmasked data.
Classified as Microsoft Confidential
Built-in masks available
Social Security
Default Credit card Random number Custom text
number
Full Masking based Shows the last four Shows the last Generates random Exposes first and
on data types of digits of a credit 4 digits numbers according last characters and
the field (no data card number XXX-XX-1234 to the boundaries adds custom string
exposed) in the middle
Classified as Microsoft Confidential
Dynamic Data Masking use cases
Application users Mask data from application users who have no direct access to the database.
Group of users Restrict private information for a group of users.
Provide masked data to external vendors, where you need to protect sensitive
External vendors
information while still preserving the relationships among items in the data.
Export a copy of your production database to a lower environment for
Developers
development purposes. The export of the data will be in a masked format.
Classified as Microsoft Confidential
Azure SQL Database Ledger
Classified as Microsoft Confidential
Microsoft Defender for SQL
Continuously assess. Protects Azure
SQL Database and Azure SQL Managed
Instance as part of the advanced SQL
security features
Secure. Harden connected resources
and services by following customized
and prioritized recommendations.
Defend. Provides a set of advanced
SQL security capabilities, including SQL
Vulnerability Assessment and
Advanced Threat Protection.
Classified as Microsoft Confidential
Microsoft Defender for SQL – SQL vulnerability assessment
Classified as Microsoft Confidential
Microsoft Defender for SQL – Advanced threat protection
Classified as Microsoft Confidential
Enable Microsoft Defender for Azure SQL
Database
Demo Configure Data Classification for Azure SQL
Database
Configure Azure SQL Database firewall rules
Classified as Microsoft Confidential
Learning Objective: Automate database
tasks for scalability
Classified as Microsoft Confidential
Azure SQL deployment methods
ARM templates and Allow for the most complete, customizable deployment model for Azure
Bicep files resource deployment
Azure PowerShell Commonly used for resource modifications and status retrieval
Similar to PowerShell, Azure CLI is commonly used for resource status and
Azure CLI
modifications. It is built on the bash shell
Acts as a graphical interface to Azure ARM and can be used to generate ARM
Azure Portal
templates
Deployments are carried out using Azure Pipelines. Azure Pipelines allows you
Azure DevOps
to automate the build, testing, and deployment of your code
Classified as Microsoft Confidential
Azure Resource Manager (ARM) template
Improves consistency
Azure portal Azure
Repeatable and modular Resource Group
Azure
SQL Database
Reduce error caused by manual Export
mistakes Deploy
Promotes reuse Template
Simplifies orchestration JSON files that automate the deployment of resources
Classified as Microsoft Confidential
ARM template
Deploys a full set of resources in
one single declarative template
Dependencies and parameters
can be built
Templates may be exported
from the portal
Classified as Microsoft Confidential
ARM template deployment
Azure PowerShell
New-AzResourceGroupDeployment -Name ExampleDeployment -ResourceGroupName
ExampleResourceGroup `
-TemplateFile c:\MyTemplates\[Link] `
-TemplateParameterFile c:\MyTemplates\[Link]
Azure Command Line Interface (CLI)
az deployment group create --resource-group SampleRG --template-file `
‘\path\[Link]’
Classified as Microsoft Confidential
What is Azure Bicep?
Simpler revision of the ARM template language for
writing templates to deploy Azure resources
Azure Automatically detect dependencies between
Bicep your resources
Best authoring experience with Visual Studio Code
for your infrastructure-as-code solutions in Azure
Classified as Microsoft Confidential
Azure Bicep
Continuous full support
Simple syntax
Easy to use
Rich editor
Classified as Microsoft Confidential
Azure Bicep files vs. ARM template
Classified as Microsoft Confidential
Azure Bicep deployment
Azure PowerShell
New-AzResourceGroupDeployment -ResourceGroupName SampleRG -TemplateFile ./[Link]
-administratorLogin "<admin-login>"
Azure Command Line Interface (CLI)
az deployment group create --resource-group SampleRG --template-file –f `
‘\path\[Link]’
Classified as Microsoft Confidential
Azure CLI
Create Azure SQL Database
az sql server create --name ServerName --resource-group RGName `
--location Location --admin-user $login --admin-password $password
Create a firewall rule for Azure SQL Database
az sql server firewall-rule create --resource-group RGName `
--server ServerName -n AllowYourIp --start-ip-address [Link] --end-ip-address
[Link]
Classified as Microsoft Confidential
[Link] PowerShell module
Returns information about an Azure SQL Database
Get-AzSqlServer -ResourceGroupName "ResourceGroup01" -ServerName "Server01"
Create an Azure SQL Managed Instance database
New-AzSqlDatabase -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -
DatabaseName "Database01"
Classified as Microsoft Confidential
Azure Automation
Azure Automation allows you to create regularly scheduled tasks that run against any
Azure resource or even on-premises virtual machines
Automation allows you to perform maintenance activities against an Azure SQL target
Automation can also be used to ensure consistent settings across multiple VMs
Classified as Microsoft Confidential
Overview of Azure Automation components
Unit of execution in Azure Automation and may be created using PowerShell or
Runbooks
Python.
Used to execute PowerShell cmdlets within your runbooks. Load the modules for the
Modules
PowerShell cmdlets you need for your runbooks
Credentials Store sensitive information like passwords for use by runbooks
Schedules Allow for runbooks to be scheduled for regular execution
Classified as Microsoft Confidential
Create an Azure Automation runbook
Classified as Microsoft Confidential
Elastic jobs
Components
Azure SQL Azure SQL logical server
logical server Execute job
(Subscription A)
Elastic Job agent Job agent
on targets
All databases
In a server
Read Elastic pool
job definition Write
job status
Job database Job
database Azure SQL logical server
(Subscription B)
Azure SQL All databases
Target group logical server
Write job
In a pool
Elastic pool
output Individual
Output database
database
Job
Classified as Microsoft Confidential
Azure Logic Apps
Create and run automated workflows
that integrate apps, data, services,
and systems:
• Build your workflow using the design tool.
• Connectors support the following SQL
platform: SQL Server, Azure SQL Database,
and Azure SQL Managed Instance
Classified as Microsoft Confidential
Deploy an automation runbook to automatically
Demo rebuild indexes
Classified as Microsoft Confidential
Learning Objective: Scale with hybrid features
Classified as Microsoft Confidential
Reasons for a hybrid and multicloud strategy
Regulatory and data Low latency and edge
sovereignty workloads
Business continuity
Application and
and resilience
datacenter modernization
Freedom to use more than
one public cloud
Classified as Microsoft Confidential
Common challenges for hybrid and multicloud
Patching and
upgrades
Cost Manual DBA
management tasks
Data security
and Scaling on
governance demand
No unified view
on data assets
Classified as Microsoft Confidential
Azure Arc-enabled data services for SQL
SQL Server on Azure Arc-enabled SQL
Arc-enabled servers Managed Instance
Organize, inventory Azure SQL Managed Instance
Azure Defender for advanced security on any infrastructure
Free SQL Assessment service Fully automated, evergreen SQL Server
Cloud billing model for on-premises
Classified as Microsoft Confidential
Savings from Azure Arc-enabled data services
• Flexible cost structures
Choose between allocating costs as Opex or Capex
• Lower TCO
Reduce costs with built-in capabilities and increase productivity from
automation at scale
• Reusable investments
Leverage existing infrastructure, environments and SQL Server licenses
Classified as Microsoft Confidential
Azure Arc-enabled SQL Server in Azure portal
Classified as Microsoft Confidential
Best practices assessment in Azure Arc-enabled SQL Server
Provides valuable insights into the overall configuration
estate of SQL Server instances and databases.
To run a view, go to your Arc-enabled SQL Server
resource on Azure portal, and select Best practices
assessment in the left pane.
Assessments can take anywhere from a few minutes
to an hour and may cause up to a 5-10% CPU impact
on the server.
Classified as Microsoft Confidential
Azure SQL MI link feature
Managed Instance link
R/W R/O
On-premises
Primary R/W Secondary Azure SQL
SQL Server apps
database R/O replica Managed
Instance
Classified as Microsoft Confidential
Azure SQL MI link feature architecture
SOURCE TARGET
One-way replication SQL SERVER SQL MANAGED INSTANCE
Azure ExpressRoute
or Azure Site to Site VPN
On-premises Azure vNet peering Secondary
Primary
Two-way replication
HADR_ENDPOINT HADR_ENDPOINT
Distributed availability group (DAG)
Classified as Microsoft Confidential
Azure SQL MI link feature scenarios
Offload
Migrate
read-only
workloads
workloads
Business Automated
continuity backups
Classified as Microsoft Confidential
Near real-time analytics with Azure Synapse Link for SQL
Linked Service
for SQL
Self-hosted
Integration runtime Synapse workspace
Control channel
Control Plane
Linked
Connection
Synapse link stored
procedures
Linked Service
For LZ
database
Table
snapshot Parquet &
schema
Ingestion
Log
Landing Zone Service
changes
Change SQL dedicated
feed queue csv & pools
manifest ADLS Gen2
Classified as Microsoft Confidential
Replicate a database by using the link feature in
SSMS
Demo
Create Azure Synapse Link for SQL Server 2022
Classified as Microsoft Confidential
You might also like
- Cloud Migration Checklist: Take The First Steps in Your Move To The CloudNo ratings yetCloud Migration Checklist: Take The First Steps in Your Move To The Cloud3 pages
- Cloud Migration Checklist: Take The First Steps in Your Move To The CloudNo ratings yetCloud Migration Checklist: Take The First Steps in Your Move To The Cloud3 pages
- Azure Migrate - Data Center Migration To AzureNo ratings yetAzure Migrate - Data Center Migration To Azure108 pages
- Azure Migrate: Streamlined Cloud MigrationNo ratings yetAzure Migrate: Streamlined Cloud Migration34 pages
- Azure Migrate Overview and Assessment GuideNo ratings yetAzure Migrate Overview and Assessment Guide395 pages
- Azure Migration Solutions for VMs & DatabasesNo ratings yetAzure Migration Solutions for VMs & Databases71 pages
- Azure Migrate: Simplifying Cloud MigrationNo ratings yetAzure Migrate: Simplifying Cloud Migration17 pages
- Azure Migrate Overview and Assessment Guide67% (3)Azure Migrate Overview and Assessment Guide88 pages
- Preparing For Windows Server 2008 End of SupportNo ratings yetPreparing For Windows Server 2008 End of Support12 pages
- Azure Migrate: Comprehensive Migration GuideNo ratings yetAzure Migrate: Comprehensive Migration Guide1,264 pages
- Azure Migrate: Toolset & Migration StrategiesNo ratings yetAzure Migrate: Toolset & Migration Strategies3 pages
- Administer Azure Virtual Machines GuideNo ratings yetAdminister Azure Virtual Machines Guide39 pages
- Datacenter Transformation: Migrating Apps, Workloads, and Data To Azure100% (2)Datacenter Transformation: Migrating Apps, Workloads, and Data To Azure40 pages
- Security Challenges in Wireless Sensor NetworksNo ratings yetSecurity Challenges in Wireless Sensor Networks128 pages
- VCB8020Lahti Precision WA810 Communication Manual EN PDFNo ratings yetVCB8020Lahti Precision WA810 Communication Manual EN PDF39 pages
- Understanding IPSec's Transparency in SecurityNo ratings yetUnderstanding IPSec's Transparency in Security65 pages
- Transport Layer Protocols: TCP & UDP OverviewNo ratings yetTransport Layer Protocols: TCP & UDP Overview26 pages
- COMSEC and TRANSEC in Satellite SecurityNo ratings yetCOMSEC and TRANSEC in Satellite Security8 pages
- Operating Instructions for InspectorP61xNo ratings yetOperating Instructions for InspectorP61x78 pages
- Computer Networks: Key Concepts and DefinitionsNo ratings yetComputer Networks: Key Concepts and Definitions6 pages