Azure SQL Database Architecture

Download as pdf or txt
Download as pdf or txt
You are on page 1of 7

White Paper


White Paper

Although most developers and administrators can use Windows Azure SQL Database
(SQL Database) without understanding its underpinnings, it can be useful to study
some of its underlying architecture to better understand how to manage your
databases and how to adopt this technology properly in your custom application
development initiatives. This white paper gives you a glimpse into the internal
architecture of SQL Database and brings to light to some of the key concepts that
SQL Database is built on.

If you have ever used SQL Database you already know how simple it is to use
this relational database platform. Creating a database instance in SQL Database
is as simple as pushing a few buttons, and within minutes you can have a fully
supported, production-ready database infrastructure at your fingertips. However
you may wonder how this technology is put together; you may even ask yourself how
Microsoft is able to guarantee high availability, or what the master database really
is in a SQL Database, or even how the built-in connection firewall is implemented
behind the scenes.
In order to gain a better understanding on how this infrastructure works, this white
paper will give you a tour of SQL Database from an architecture point of view.
Note that Windows Azure SQL Database was previously called SQL Azure. What was
previously known as a SQL Azure database is now called a SQL Database instance.


Herve Roggero, SQL Azure MVP, is the founder of
Blue Syntax Consulting, a company specialized in
cloud computing products and services.
Herves experience includes software development,
architecture, database administration and senior
management with both global corporations
and startup companies. Herve holds multiple
certifications, including an MCDBA, MCSE,
MCSD. He also holds an masters in business
administration from Indiana University.
Herve is the co-author of PRO SQL Azure from Apress.

White Paper


Lets start with the underlying infrastructure. SQL Database is made

of a layer of routers, firewalls, servers and services that together
provide a unique database service. When a request is sent to a SQL
Database, it is actually handled by a proxy layer through a series of
gateways that perform login validation, enforce security constraints
such as firewall rules and denial of service attempts, and additional
services like billing and provisioning.

routing mechanism allows the SQL Database infrastructure to move the

database instances on other servers at any time to account for hardware
failures and load distribution.


You may be surprised to know that SQL Database instances run on
commodity hardware. Thats right! The main philosophy of cloud
computing is that services are designed to scale out and applications rely
on distributed processing. SQL Database is no exception. A SQL Database
instance runs on a server that has 8 cores, 32GB of RAM and 12 disks, on
which hundreds of other instances could be running.
Each physical server contains a SQL Server instance which itself contains
a single user database. This user database is internally divided into
partitions in which many SQL Database instances are stored. Because
SQL Database instances are replicated internally for high availability,
some of the partitions also hold replicated instances. In the following
figure you see a representation of a SQL Database instance called TestDB;
this instance is in fact a partition within a SQL Server user database.

Simplified SQL Database Topology

Once the TDS (Tabular Data Stream) request is validated by the proxy layer
it is forwarded to the server that stores the database initially requested. So
the client sending the original request is not communicating directly with
the server holding the database; it is going through the proxy layer that
determines dynamically where the database is actually located at the time of
the request by looking up an internal mapping table. This dynamic database

SQL Database instance as a partition within a SQL Server database

White Paper

This architecture has a few implications from a performance and

management standpoint. The TestDB database instance shares system
stored procedures and internal tables with other database instances on
the same SQL Server database. As a result, SQL Database limits access to
internal system objects for security reasons preventing administrators from
executing maintenance commands like DBCC. However a few dynamic
management views (DMV) are available at this time, allowing you to
troubleshoot certain performance problems in a SQL Database instance.
The following lists the DMVs currently available:

SQL Database instances are copied to other servers for high redundancy
and availability. Each SQL Database instance (including its copies) is
called a replica. The primary replica is the database instance you connect
to and execute statements against. There are two secondary replicas
for redundancy. When a database commit is issued against the primary
replica, at least one of the other two secondary replicas must also confirm
the commit operation before the transaction is considered committed.
This is referred to as a quorum commit.


SQL Databases quorum Commit

This replication architecture ensures 99.9% availability and is designed

to fail over quickly to a secondary replica if the primary replica fails. The
failover could take place for multiple reasons including: a failure on the
primary replica, a failure on the server itself, or a failure on the rack that
holds the server. The failover could also happen for other reasons that

White Paper

are not considered hard failures, such as during an upgrade of the SQL
Database environment. The failover process could take up to 30 seconds,
which will disconnect clients with active sessions to the primary replica at
the time of the failure and prevent new connections until the new replica
becomes available.


The Gateway service also uses a load balancing mechanism that
periodically evaluates the current load on the primary replica. The
Gateway has the authority to upgrade a secondary replica as the new
primary replica. This continuous shift in primary replica promotion allows
SQL Database to respond to increases in workloads quickly and to better
distribute server resources across the pool of servers available.


As mentioned previously, SQL Database implements a firewall
mechanism to help you limit access to your database instances. The
firewall is designed to keep a list of allowed IP Ranges for which database
credentials can be further authorized by SQL Database. In other words,
if a client connects outside of the allowed IP Ranges, the connection
request will be denied even if the credentials are valid.
A few stored procedures and system views are available in the master
database to manage the firewall rules. For example you use the sys.
firewall_rules view to list the current rules. To manage the rules you use
the sp_set_firewall_rule and sp_delete_firewall_rule stored procedures to
add and delete firewall rules respectively. You may need to consider the
following regarding setting up firewall rules with SQL Database:

Because your SQL Database instances are not stored on the same
machine, you may wonder where your master resides and what you can
do with it. The master database is in fact a logical database; it is handled
by the Gateway layer where the general SQL Database Server security
settings are defined. This explains why the master database is read-only in
SQL Database. This also explains why you need to connect to the master
database (i.e. the Gateway layer) in order to create additional databases.
The firewall settings of SQL Database are also stored in master, at the
Gateway layer. This also explains why changing firewall settings takes
effect relatively quickly, because the Gateway layer is responsible for
enforcing the firewall rules as well.
Last but not least, the Gateway layer also handles database provisioning
and keeps summary information of bandwidth usage. As a result, the
billing details are also provided by the Gateway layer and can be visible by
querying the master database.

SQL Database is secured by default. You must enable the desired

IP Ranges before establishing a database connection.
The Windows Azure management portal allows you to configure
the IP Range rules.
The IP Ranges defined in SQL Database only work for public
IP Addresses. If you are trying to connect from a machine that
is connected to the Internet through NAT (Network Address
Translation) you will need to first determine its public IP Address.

Throttling is a term used to describe a usage boundary in SQL
Database or other cloud resources in Windows Azure that are
enforced through a loss of connection. In SQL Database specifically,
throttling is enforced on the database server to prevent heavy loads
from affecting other database tenants on the same server. If your
system performs too many requests for example (more than 400

White Paper

concurrent requests), throttling may kick in and kill transactions that

have been running for more than 1 minute.
The set of rules used to determine whether throttling will take place and
to which degree can be complex and may change over time. In addition
throttling can have direct implications on coding practices and may affect
how you design certain database components. For more information
about throttling and general database connection management, check
Windows Azure SQL Database Connection Management on MSDN.

We discussed earlier that each database instance has two secondary
replicas. You are of course charged for the primary replica only. The
secondary replicas are invisible to you and, as such, are not included in
your service fees.
Your invoice contains a summary of the charges consumed by your Azure
services, including databases and data transfer. The charge for database
usage is measured in Database Units (DU). The cost for the first DU is
$9.99 per month (which represents the cost of a 1GB database) and is
amortized daily. If your database uses less than 100MB of storage, you
are charged for 0.5 DU. Above 1GB, you are charged per GB increment at
a progressively reduced price per DU.
The following diagram shows that my account is being charged about
0.06 DU per day and has an accumulated cost of $2.90 as of 7/27.
As mentioned previously the cost of a DU decreases progressively when
the database size exceeds specific thresholds. For example a 10GB
database costs 1 DU for the first GB and 0.4 DU for each additional GB, so
that would be 5 DUs or $45.96 (1 DU + 9 * 0.4 * DU = 9.99 + 9 * 0.4 * 9.99
= 45.96). Because the cost of a GB decreases with larger databases, it is
cheaper to provision a single 20GB database than two 10GB databases.

Sample billing for SQL Database

White Paper

This whitepaper introduced you to important concepts related to Windows Azure
SQL Database and explains how some of the underlying services provide high
availability. Because SQL Database is built as a multitenant system and requires a
flexible architecture, some of the traditional database concepts are implemented
differently than on SQL Server, such as the master database, and imposes
some performance constraints, such as throttling, to ensure a fair repartition of
resources between tenants.

Idera provides systems and application management
software for Windows and Linux Servers, including
solutions for performance monitoring, backup
and recovery, security and compliance and server
administration. Our market leading product suites
provide 360 degree management solutions for the
Microsoft SQL Server and SharePoint platforms as well
as high performance backup and recovery for server
operating systems. Whether you have ten servers or ten
thousand, we give you the best performance and value
with products that are easy to install and deploy and that
deliver real and measurable ROI.

Idera is headquartered in Houston, TX with offices in London

and Melbourne.

+1 713 523 4433

877 GO IDERA (464 3372)
+44 (0) 1753 218410
+61 1300 307 211
+52 (55) 8421 6770
+55 (11) 3230 7938


You might also like