Overview
Existing Environment
Contoso, Ltd. is a financial data company that has 100 employees. The company delivers financial data to customers.
Active Directory
Contoso has a hybrid Azure Active Directory (Azure AD) deployment that syncs to on-premises Active Directory.
Database Environment
Contoso has SQL Server 2017 on Azure virtual machines shown in the following table.
SQL1 and SQL2 are in an Always On availability group and are actively queried. SQL3 runs jobs, provides historical data, and handles the delivery of data to customers.
The on-premises datacenter contains a PostgreSQL server that has a 50-TB database.
Current Business Model
Contoso uses Microsoft SQL Server Integration Services (SSIS) to create flat files for customers. The customers receive the files by using FTP.
Requirements
Planned Changes
Contoso plans to move to a model in which they deliver data to customer databases that run as platform as a service (PaaS) offerings. When a customer establishes a service agreement with Contoso, a separate resource group that contains an Azure SQL database will be provisioned for the customer.
The database will have a complete copy of the financial data. The data to which each customer will have access will depend on the service agreement tier. The customers can change tiers by changing their service agreement.
The estimated size of each PaaS database is 1 TB.
Contoso plans to implement the following changes:
- Move the PostgreSQL database to Azure Database for PostgreSQL during the next six months.
- Upgrade SQL1, SQL2, and SQL3 to SQL Server 2019 during the next few months.
- Start onboarding customers to the new PaaS solution within six months.
Business Goals
Contoso identifies the following business requirements:
- Use built-in Azure features whenever possible.
- Minimize development effort whenever possible.
- Minimize the compute costs of the PaaS solutions.
- Provide all the customers with their own copy of the database by using the PaaS solution.
- Provide the customers with different table and row access based on the customer’s service agreement.
- In the event of an Azure regional outage, ensure that the customers can access the PaaS solution with minimal downtime. The solution must provide automatic failover.
- Ensure that users of the PaaS solution can create their own database objects but he prevented from modifying any of the existing database objects supplied by Contoso.
Technical Requirements
Contoso identifies the following technical requirements:
- Users of the PaaS solution must be able to sign in by using their own corporate Azure AD credentials or have Azure AD credentials supplied to them by Contoso. The solution must avoid using the internal Azure AD of Contoso to minimize guest users.
- All customers must have their own resource group, Azure SQL server, and Azure SQL database. The deployment of resources for each customer must be done in a consistent fashion.
- Users must be able to review the queries issued against the PaaS databases and identify any new objects created.
- ​Downtime during the PostgreSQL database migration must be minimized.
Monitoring Requirements
Contoso identifies the following monitoring requirements:
- Notify administrators when a PaaS database has a higher than average CPU usage.
- Use a single dashboard to review security and audit data for all the PaaS databases.
- Use a single dashboard to monitor query performance and bottlenecks across all the PaaS databases.
- Monitor the PaaS databases to identify poorly performing queries and resolve query performance issues automatically whenever possible.
PaaS Prototype
During prototyping of the PaaS solution in Azure, you record the compute utilization of a customer’s Azure SQL database as shown in the following exhibit.
For each customer’s Azure SQL Database server, you plan to assign the roles shown in the following exhibit.
