Data Security in SQL Data Sync (Preview)
Updated: February 12, 2014
Your data is important to you and the success of your business. Unfortunately, your data may also be important to someone else. You want to make sure that it is secure from unauthorized access. Therefore, it is prudent and reasonable for you to ask, “How does SQL Data Sync (Preview) help me keep my data secure?”
All client agent communications use SSL to help secure your data.
The Windows Azure SQL Data Sync plug-in on the Windows Azure Silverlight portal has been decommissioned. Going forward, use the Windows Azure Management portal, for Windows Azure SQL Data Sync.
You access SQL Data Sync (Preview) via the SYNC tab under SQL Database at the Windows Azure Management portal. The SYNC tab is only available when you have one or more sync groups. See the topic How To: Create a Sync Group (SDS) for guidance on creating and modifying a sync group from this portal.
See the Navigation section below for links to topics you should read before you start and guidance on creating and modifying sync groups.
The SQL Data Sync (Preview) service encrypts all sensitive data that it stores, including:
SQL Data Sync (Preview) service credentials for the system databases in SQL Database.
SQL Data Sync (Preview) service credentials for the system storage in Windows Azure.
User credentials for the user's SQL Database.
User credentials for the user's SQL Server database.
The configuration file for the SQL Data Sync (Preview) client agent.
The SQL Data Sync (Preview) service encrypts all connections between components, including:
The connections between the service and the system database in SQL Database.
The connections between the service and the system storage in Windows Azure.
The connections between all components in the cloud-based service
The connection between the client agent and the cloud-based service.
The connection between the Windows Azure management portal and the cloud-based service.
Client Agent Authentication
The client agent authenticates local users with Windows user security.
The client agent requires that anyone that installs or accesses the client agent UI supply admin credentials, though service log-in credentials supplied during the client agent install do not have to be admin credentials.
The cloud-based Data Sync service authenticates the client agent using a unique token or "agent key." The user generates the agent key in the Windows Azure management portal and then installs the agent key in the client agent. The user can regenerate and reinstall an agent key at any time.
Database Access Authentication
The on-premises SQL Server database authenticates the client agent using the connection string and credentials that the user provides.
System Component Authentication
The cloud-based Data Sync service authenticates connections between system components within the cloud service using certificates.
Portal Access Authentication
The Windows Azure management portal authenticates users with Windows Live ID and the Windows Azure subscription database. Users should follow good security procedures to protect their Windows Live IDs, including:
Keep your ID and password secure.
Do not check the "Remember my password" checkbox on the Windows Live sign in page.
Log out of your Windows Live session any time you are going to be away from your computer.
Suggestions for creating strong passwords and password security can be found at Create Strong Passwords. You can check the strength of a password by using the secure password checker at Password Checker. You can generate passwords with various levels of strengths at Strong Password Generator. This site also evaluates the strength of passwords.
|SQL Server supports both Windows Credentials and SQL Credentials. SQL Database supports only SQL Credentials.|
Some of the actions you can take to increase your system’s security are:
Use the “In Private” browsing option if your browser supports it.
Have the SQL Server on one computer behind the firewall, the local agent on a public internet facing computer (since it needs to connect to the service) and the service itself as an entity.
Have the local agent service run as a min-privileged user instead of an admin account
SQL Data Sync (Preview) is a feature of SQL Database. From the Windows Azure Management portal you can perform all tasks necessary to create, deploy, and modify a sync group.
Before you start
Before you begin to design and implement your synchronizations, you should be familiar with these topics.
How to create a sync group
There are six steps to creating a sync group from the Windows Azure Management portal. Details on each step can be found by following these links.
How to modify a sync group
You can modify a sync group’s schema by adding/removing tables or columns in the sync group; or by altering a column’s width or data type. Details can be found by following the links.
ConceptsSQL Data Sync (Preview)
SQL Data Sync (Preview) Community Resources
SQL Database Data Types supported by SQL Data Sync (Preview)
Conflict Resolution when Synchronizing
Known SQL Data Sync (Preview) Issues
SQL Data Sync (Preview)Troubleshooting Guide
Glossary of SQL Data Sync Terms
Other ResourcesWindows Azure Management Portal
SQL Azure Data Sync [Channel 9 videos]
SQL Data Sync Forum