January 22, 2019 at 9:20 pm
Comments posted to this topic are about the item Faster Cloud Warehouses
January 22, 2019 at 10:00 pm
I personally love Azure Data Warehouse and have no plans on moving away from it in the future. It's truly an amazing piece of tech that is getting better and better.
One of the best set of features for me is the fact I can leverage other cloud-based services like the data lake and connect it pretty seamlessly through Polybase. This enhances Azure Data Warehouse so much because not only can you scale up the warehouse across multiple computers, you can also leverage the same power through Azure Data Lake Analytics. When they are both working together, there is nothing you can't tackle.
January 23, 2019 at 1:27 pm
I have worked with on-premise Microsoft Analytics Platform System (PDW/APS) appliances which are costly solution in terms of hardware/software, support, and scalability. From this perspective Azure SQL Data Warehouse is a great solution with all the benefits of scalability, Modern data warehouse, Advanced analytics for big data, and Real-time analytics options. But benefits will depend on the Data Warehouse design (replicated, distributed, and round robin tables), amount of processing, proper use of Column Store Indexes, SQL code. If these are poorly designed and implemented Azure SQL Data warehouse can prove to be a costly proposition.
January 23, 2019 at 1:41 pm
Here you can estimate the costs for compute and storage.
https://azure.microsoft.com/en-us/pricing/details/sql-data-warehouse/gen2/
Also, iIf you're considering a hybrid scenario, where your source systems and applications are on-prem and your DW is in Azure, then consider that it will cost $,$$$ per month for an Express Route connection, and then outbound data transfer is billed per GB.
https://azure.microsoft.com/en-us/pricing/details/expressroute/
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
January 24, 2019 at 7:49 am
The security aspects (from an attack surface perspective) are APPALLING.
Given that every Tom, Dick, and Harry on the PLANET can potentially see the DB and try to hack it, the liability is simply breathtaking.
Yes, security can exist. But...we already know that security and the net are mutually exclusive. The defenders need to cover every single potential weakness (and realistically, this number might as well be infinite). The attacker only needs ONE.
Not to mention the number of potential inside attackers explodes from the company's own employees to the vendors employees, their contractors, any hackers that may have corrupted insiders or compromised systems--of either the company or vendors or vendor contractors... Need I remind you of the hack that resulted from an HVAC company being compromised? Really? An *H/VAC* company????
Seriously, has everyone forgotten attack surface in the rush to chase that pretty rainbow unicorn right into the wood chipper?
January 24, 2019 at 9:13 am
roger.plowman - Thursday, January 24, 2019 7:49 AMThe security aspects (from an attack surface perspective) are APPALLING.Given that every Tom, Dick, and Harry on the PLANET can potentially see the DB and try to hack it, the liability is simply breathtaking.
Yes, security can exist. But...we already know that security and the net are mutually exclusive. The defenders need to cover every single potential weakness (and realistically, this number might as well be infinite). The attacker only needs ONE.
Not to mention the number of potential inside attackers explodes from the company's own employees to the vendors employees, their contractors, any hackers that may have corrupted insiders or compromised systems--of either the company or vendors or vendor contractors... Need I remind you of the hack that resulted from an HVAC company being compromised? Really? An *H/VAC* company????
Seriously, has everyone forgotten attack surface in the rush to chase that pretty rainbow unicorn right into the wood chipper?
Why do you think the attack surface is horrible? By default, this has no access from anywhere. Most of the people moving to Azure don't open a 0.0.0.0 firewall rule. Access is limited to specific IPs or subnets.
January 24, 2019 at 9:59 am
Steve Jones - SSC Editor - Thursday, January 24, 2019 9:13 AMroger.plowman - Thursday, January 24, 2019 7:49 AMThe security aspects (from an attack surface perspective) are APPALLING.Given that every Tom, Dick, and Harry on the PLANET can potentially see the DB and try to hack it, the liability is simply breathtaking.
Yes, security can exist. But...we already know that security and the net are mutually exclusive. The defenders need to cover every single potential weakness (and realistically, this number might as well be infinite). The attacker only needs ONE.
Not to mention the number of potential inside attackers explodes from the company's own employees to the vendors employees, their contractors, any hackers that may have corrupted insiders or compromised systems--of either the company or vendors or vendor contractors... Need I remind you of the hack that resulted from an HVAC company being compromised? Really? An *H/VAC* company????
Seriously, has everyone forgotten attack surface in the rush to chase that pretty rainbow unicorn right into the wood chipper?
Why do you think the attack surface is horrible? By default, this has no access from anywhere. Most of the people moving to Azure don't open a 0.0.0.0 firewall rule. Access is limited to specific IPs or subnets.
It doesn't have any access until it does. Sigh.
If you can get to it via the net that opens an access route for any hacker anywhere on the planet to get to it, provided they find a way. Given the inherent complexity of cloud systems the attack surface is much larger than an on-site server that has one carefully shielded point of entry.
1. There are more companies involved, thus far more employees that can be compromised and/or corrupted.
2. There are many more computers, routers, etc. between you and your data.
3. There are more computers involved directly (failover, virtual systems, containers and the like).
4. There are many companies data concentrated in one place, making it a big juicy target.
The more complex the system the more attack surface it has. The more people involved the exponentially higher possibility for A) procedural error, B) configuration error, C) corruption, D) disgruntled employees.
Thus an infinitely larger attack surface. Just look at all the supposedly secure systems that have been hacked in 2018 alone.
It's a case of the Emperor's new clothes in cyber-space.
January 24, 2019 at 12:55 pm
In addition to the firewall, you can secure access to your Azure resources using VPN, Azure AD authentication, and access tokens. For hackers, the low hanging fruit are unpatched servers, misconfigured networks, and lazy admins. Azure eliminates all that.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
January 24, 2019 at 9:20 pm
Eric M Russell - Thursday, January 24, 2019 12:55 PMIn addition to the firewall, you can secure access to your Azure resources using VPN, Azure AD authentication, and access tokens. For hackers, the low hanging fruit are unpatched servers, misconfigured networks, and lazy admins. Azure eliminates all that.
Yeppers. Azure does the hybrid pretty well with active directory integration across cloud and on-prem.
There is also good real-time monitoring systems to like Advance Threat Protection, which is a service you pay for to alert you on many attacks and potential threats. For example, even if the IP address is on the firewall, you still will get an email to all the admins about another admin logging onto that new IP address for the first time just in case the firewall rule was placed by someone else.
Auditing wise, you get the full logs to all of the Azure portal and most of the services. For example, I can easily pull a complete list of SQL queries ran against the data warehouse from within the Azure portal directly. I don't have to log into SSMS to run anything. Can pull it right down to Excel or hook it right up to PowerBI and create dashboards right away. See who is reading, writing, logging in, out, etc.
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply