SQL Azure got a new pricing model!


Summary First:
1. New 100 MB Database Option
2. Significant Price reduction for Database sizes greater than 1 GB!
3. Note the Changes in Billing increments

The new pricing model is:

Database Size Price Per Database Per Month
0 to 100 MB (Web) Flat $5.00
Greater than 100 MB to 1 GB (Web) Flat $9.99
Greater than 1 GB to 10 GB (Web/Business) $9.99 for first GB, $4.00 for each additional GB
Greater than 10 GB to 50 GB (Business) $45.99 for first 10 GB, $2.00 for each additional GB
Great than 50 GB to 150 GB (Business) $125.99 for first 50 GB, $1.00 for each additional GB

Previous pricing model was:

Database Size Price Per Database Per Month
0 to 1 GB (Web) $9.99
Greater than 1 GB to 5 GB (Web) $49.95
Greater than 1 GB to 10 GB (Business) $99.99
Greater than 10 GB to 50 GB (Business) $99.99 for first 10 GB, $99.99 for each increment of 10 GB
Greater than 50 GB to 150 GB (Business) No Charge

FYI: Max DB size of Web Edition: 5 GB; Business Edition: 150 GB.

News source: http://blogs.msdn.com/b/windowsazure/archive/2012/02/14/announcing-reduced-pricing-on-sql-azure-and-new-100mb-database-option.aspx

Review your SQL Azure security issues and Attack surface, Check out “SQL Azure security services”


There’s an interesting SQL Azure lab in public preview called “SQL Azure security services”. It let’s you review security issues and Attack surface of your SQL Azure database. To give you a taste of the usefulness of this service, following is information that you’ll find for specified database(s)/server:

– A List of security issues. For e.g.: A particular User Name has read permissions on ALL  tables/views

– List of Usernames in a database along with database permission for each user

– List of Roles along with it’s members

– List of all user-created database objects


Useful? Interesting? continue reading to know more..

In this blog-post, first I would give a step by step tutorial on how to start using it and then walk you through a report that I generated for a sample database on my SQL Azure server.

This is the home page of “SQL Azure security services”: http://www.microsoft.com/en-us/sqlazurelabs/labs/sqlazuresecurityservices.aspx .To get started, you can watch a video tutorial here but if you prefer to read, let’s gets started:

First go to https://labs.web.sqlsecurity.azure.com/scanner.html ; This is the place to access SQL Azure security services. Bookmark (save) it!

Now here you’ll be asked to login using SQL Azure credentials. I am going to login as service administrator. you’ll need to login using credentials that has access to databases in a server and select permission on tables for databases that you want to inspect.


Click on next and here you would be asked to select between scanning the complete server vs scanning individual databases. I am going to scan a complete server (which has just one database)


Ideally, if you are scanning the entire server then storing the html report in an Azure storage account is the way to got but I just have one database in the server that I specified and so I know it would not take long, so I opted for HTML output to browser:



After clicking on scan, after few seconds, I got a link to access the report:


And I would open that report (it’s in HTML format) in the browser.

The first tab is “Security issues” and it would look like:


here , you can drill down a particular issue and view Description along with recommended mitigation.

So basically, what the above report is saying me is that I have a username indiawebdev (which I purposefully created for demoing) which has select permission on all tables/views in the sample database AdventureWorksLTAZ2008R2.

And it suggests me to grant minimum set of permission on various objects.

Now let’s go to the second tab “Attack Surface”


Quick note: Since I had opted to “scan complete server” earlier, I am getting the server level information like Logins, server roles, databases but if I opted for “scan individual database” then the server information would not be provided.

Any-who let’s drill-down a little bit see what information is made available to us:

For my Database AdventureWorksLTAZ2008R2, I can see a list of usernames along with login name, type, database permissions. So with the help of this information we can review all usernames and see if there are any “unwanted” users. And also it let’s us review the permission granted to each username at db level.

Also, it lists all roles along with it’s members and this information can be used to verify that a member is granted the minimum level of permission.



It also lists all user-created database objects along with schema/type, owner information.

Now from server information, we can use the information in the Logins information to find “unwanted” logins.

It also lists the server roles by Name along with it members so here we can see if members belong to desired roles.

And it also lists Databases with it’s database owner.

So that was about it on exploring the report. Check it out! Review Attack surface of your SQL Azure server and become aware of the security issues.

Thus, in this blog post, We learned about “SQL Azure security services” in SQL Azure labs. We also saw a sample report and explored few parts of it. And I hope you got an overview of what SQL Azure security services has to offer as of today.

SQL server 2012 introduces a straightforward way to migrate to SQL Azure (via SSMS)


SQL server 2012 introduces a straightforward way to migrate to SQL Azure via SSMS. So Let’s get in action. Fire up SQL server management studio 2012 RC0:


Go To Object Explorer, Source Database, Tasks, Deploy Database to SQL Azure:


You’ll see deploy database wizard, click on next.


Here, you’ll need to specify the connection to Target Database which is SQL Azure. So click on connect.


Enter SQL Azure credentials and click on connect:


Note that I changed the Edition of SQL Azure, you can specify Edition and Max Size based on your need. Now, click on next


Here it would validate the source database and target requirements. If they result in Success, you’ll get to click on next.


In the summary page, just review the settings and click on Finish:

And on successful completion, you’ll see a message:


So that’s about it. your SQL Server database is migrated to SQL Azure!

At the end, Just few notes:

1. Under the hood, it uses BACPAC.

2. If there is Feature/TSQL incompatibility between source (SQL server) and Target (SQL server), you will get error in the validation step. In such cases, click on error, it would open a wizard, here click on technical details to know more.


Based on the details given in the “show technical details” – you’ll have to refactor the source database (SQL server) and then try again.

3. There are other alternatives to migrate to SQL Azure, check those out: Summary – SQL server to SQL Azure migration

10 Beginner Level Windows Azure Interview Question and Answers (Q&A)


In 2011, I had written a Guest post on Pinal Sir’s blog about SQL Azure Interview Q&A – It was fun, so this time around I put together a 10 beginner level Windows Azure Questions.

They are on BeyondRelational.com and apart from Azure Questions, you would also find Interview Q&A’s on SQL server, .Net, etc..

Here are those 10 interview questions, click on the question to read its answer:

What is cloud computing?

What are the three main components of Windows Azure Platform?

Which are three types of roles in Azure compute?

what is web role in Windows Azure?

what is worker role in Windows Azure?

what is VM role in Windows Azure?

Apart from.Net framework, Name other three language/framework that can be used to develop Windows Azure applications?

Storage Emulator?

Compute Emulator?

What do you mean by Windows Azure Fabric Controller?

And one more..

Currently, How would you categorize Windows Azure?

That’s about it!

[cloud 101] Is cloud secure?


I got this question recently and I thought of converting them into a “cloud 101” blog posts. So here they are:

Q: “Banking – with its high security needs and strict regulations – was always considered to be one of the last industries to accept cloud-computing”. So is cloud computing insecure?”

A: I would say – Cloud is secure. At least companies like Amazon (AWS), Microsoft, Google have advanced security mechanisms in place – In most cases, Cloud is more secure than private data-centers. And some banks do not move to Cloud (or cannot move to cloud) because of other reasons. And most of them fall on the legal side of things. Strict regulations (government regulations) as you mentioned.

And later at one point, we discussed about banks keeping parts of the data/app on-premise and moving other parts to cloud. That’s called hybrid cloud. What they do is that since they cannot move “sensitive” data to cloud because of government regulation and/or business policies – they move things that are permissible by law/business policies to cloud.

And we also discussed about what are the disadvantages of moving to cloud? I realized: Most of the perceived “disadvantages” are actually MYTHS. so at one point I felt the need to clear myths and then talk about other topics. It was fun though!


Cloud Security Alliance

How to enable RDP (Remote Desktop) for a Windows Azure Web Role?


In this blog post, we would see how to enable RDP (Remote Desktop) for a Windows Azure web role. You would see that it’s pretty straightforward. Just note that this blog post is not about How to deploy a Windows Azure web role and it’s also not about How to develop an application that can be ported to Windows Azure. Nope, This blog post is just about enabling Remote Desktop for an ‘Hello world’ application (MVC3 web app) deployed as a Windows Azure web role. And yes, I  would be using the Azure SDK 1.6 (Nov 2011). I mention this because Windows Azure is growing rapidly and growing for the better and since Microsoft folks are trying to give us the best developer experience – you may find that the exact steps may differ in future.


I created an app by following steps: File, New, Project, Installed templates, Visual c#, cloud, Windows Azure project, ASP.Net MVC3 web role, Internet application. Clicked OK

Then I edited the default text in the app and so now I have this nice little MVC3 web app running Locally. Just a Hello world app.

Courtesy: A default ASP.NET MVC 3 project with an account controller that uses forms authentication.


Now in solution explorer, right-click the project and click on “publish


Now, In the Publish Windows Azure application, choose the subscription. If you are doing it for the first time, click on “Sign in to download credentials”. Login with the Live ID and download a file like:


And click the import button in the Publish Windows Azure application wizard and point to this file and open it.

This is how it looks:


Click on Next >

Now if your subscription does not have any hosted services, you would be prompted to create one. Provide the Name and Location.


Now once you do that – In the common settings, To enable Remote Desktop you’ll need to select the check box Enable Remote Desktop for all roles. Also notice that since I just want to the app to be in staging environment, I selected the Environment as staging. To enable Remote Desktop to a web role, you can set the environment as production too. Either way, you can enable Remote Desktop.


Now when to click on the check box, a window would pop up and here, you will need to specify the username and password that you will use to RDP into the Web role. Provide a strong password which is important, and by default it asks you for a password that is at least 6 characters in length with upper, lower, digits and symbols in it.


Click Ok when done.

And press next >

The next step shows the summary:


Click on Publish

You need to wait for a 3-4 minutes while it is deploying and you can see the progress in the Windows Azure Activity Log. And when it completes, you can see a the Website URL:10

Now to RDP into Azure web role, Go to Azure management portal, Hosted services storage accounts and CDN, Hosted services.

Now here select your subscription, and select the instance:


Now on the Top Right section of the portal, In the Remote Access section, Click on Connect


save the .rdp file.

Then, open the file. And click on connect and provide the password which you had set earlier for RDP earlier. click on OK.


It’ll attempt to connect.


On successful connection, you would see:

Windows Azure management portal RDPConclusion:

In this blog-post, we saw how to enable remote desktop for a Windows Azure web role.

Upload a file to windows azure blob via “data transfer” tool


In earlier blog post, we talked about how to upload excel file to SQL Azure via the Data transfer tool found in SQL Azure labs. In this blog post, we will see how to upload an excel file to windows azure blob via this tool codenamed Data Transfer. So let’s get started.

1. Go to https://web.datatransfer.azure.com and select the second option – Windows Azure Blob:


2. Provide the credentials of your storage account (I checked the URL, it has https) – And provide account name in the format.blob.core.windows.net , container name and if the container of that name does not exist than it would be created, and the key which you can find from the storage accounts in Azure management portal. click on next.


3. now point the tool to the file you wish to upload and click on Import.


4. So that’s it Done! you will find the files you uploaded on My Data > Blobs Tab.


And you can view the file through My Data tab. (excel file will be downloaded and viewed via excel on your machine)


And during my experiments, I also tried uploading a .txt and .xml files. It works too!



Overall, Data Transfer makes our life easier by providing a web interface to upload data to SQL Azure and Windows Azure blobs.