事务复制到 Azure SQL 数据库 - 如何加密数据?
Transactional Replication to Azure SQL DB - How to Encrypt data?
我的组织正在考虑使用 到 Azure SQL DB 的事务复制,但不确定加密和安全性在何处适用于此新功能。我们正在寻找有关如何配置复制到 Azure SQL 的安全性的文档,可能会使用加密和其他步骤来帮助缓解漏洞。
This resource has some details but does it also apply to Azure scenaio?
请参阅此 article especially part about creating subscription using transact-SQL. Also see this 关于连接加密的内容。所以我认为当你添加一个订阅者时,你所要做的就是确保启用连接加密。下面是如何在连接到 Azure SQL 时实现此目的的简要说明。因为当您添加订阅者时,您必须连接到 Azure SQL 数据库,所以过程类似于:
- 打开 SQL Server Management Studio。
- 在对象资源管理器中,单击“连接”,然后单击“数据库引擎”。
- 从连接到服务器,单击连接属性。
- Select 加密连接
您还可以考虑在内部部署和 Azure 之间建立 VPN 连接,如前所述 here。
Protecting data in transit should be essential part of your data protection strategy. Since data will be moving back and forth from
many locations, the general recommendation is that you always use
SSL/TLS protocols to exchange data across different locations. In some
circumstances, you may want to isolate the entire communication
channel between your on-premises and cloud infrastructure by using a
virtual private network (VPN).
For data moving between your on-premises infrastructure and Azure, you
should consider appropriate safeguards such as HTTPS or VPN.
For organizations that need to secure access from multiple
workstations located on-premises to Azure, use Azure site-to-site VPN.
For organizations that need to secure access from one workstation
located on-premises to Azure, use Point-to-Site VPN.
Larger data sets can be moved over a dedicated high-speed WAN link
such as ExpressRoute. If you choose to use ExpressRoute, you can also
encrypt the data at the application-level using SSL/TLS or other
protocols for added protection.
我的组织正在考虑使用 到 Azure SQL DB 的事务复制,但不确定加密和安全性在何处适用于此新功能。我们正在寻找有关如何配置复制到 Azure SQL 的安全性的文档,可能会使用加密和其他步骤来帮助缓解漏洞。
This resource has some details but does it also apply to Azure scenaio?
请参阅此 article especially part about creating subscription using transact-SQL. Also see this 关于连接加密的内容。所以我认为当你添加一个订阅者时,你所要做的就是确保启用连接加密。下面是如何在连接到 Azure SQL 时实现此目的的简要说明。因为当您添加订阅者时,您必须连接到 Azure SQL 数据库,所以过程类似于:
- 打开 SQL Server Management Studio。
- 在对象资源管理器中,单击“连接”,然后单击“数据库引擎”。
- 从连接到服务器,单击连接属性。
- Select 加密连接
您还可以考虑在内部部署和 Azure 之间建立 VPN 连接,如前所述 here。
Protecting data in transit should be essential part of your data protection strategy. Since data will be moving back and forth from many locations, the general recommendation is that you always use SSL/TLS protocols to exchange data across different locations. In some circumstances, you may want to isolate the entire communication channel between your on-premises and cloud infrastructure by using a virtual private network (VPN).
For data moving between your on-premises infrastructure and Azure, you should consider appropriate safeguards such as HTTPS or VPN.
For organizations that need to secure access from multiple workstations located on-premises to Azure, use Azure site-to-site VPN.
For organizations that need to secure access from one workstation located on-premises to Azure, use Point-to-Site VPN.
Larger data sets can be moved over a dedicated high-speed WAN link such as ExpressRoute. If you choose to use ExpressRoute, you can also encrypt the data at the application-level using SSL/TLS or other protocols for added protection.