Configuring non-relational data services Flashcards
What are the four thing you can configure in Azure Cosmos DB? Give a summary of each.
Replication - whether you want to copy data to another region and, if copying globally, where. (Note that each replica increases the cost of Cosmos DB.)
Automatic failover - ensure there’s always a primary region for processing.
Multi-region writes - by default only the primary region is writable; the replicas are all read only.
Default consistency - the highest level for handling inconsistences between servers in a cluster.
What are the 5 consistency levels? Give a summary of each in order of least to most consistent.
Eventual Consistency - the least consistent option, but has low latency. Changes will appear eventually and not necessarily in the order they were made.
Consistent Prefix - this ensures the changes will appear in order, though there may be a delay become they become visible. In this period, apps may see old data.
Session - ensures changes all be immediately visible, and in order, to the application that made the changes. Other apps may see old data, but changes will appear in order.
Bounded staleness - There’s a lag between writing and then reading the updated data. You specify the staleness as a period of time or number of previous versions the data will be inconsistent for.
Strong - The most consistent option, but has high latency. All writes are only visible to the clients after the changes are confirmed as successfully written to all replicas.
What are the four things you can configure in Azure Storage Account? Give a summary of each.
Secure transfer required - enable or disable secure communications (HTTPS). By default, it is enabled.
Default access tier - switch the default between Hot and Cool.
Replication - changes how an account is replicated.
Identity-based access for file shares - enable or disable integration with Azure Active Directory Domain Services for requests that access files shares.
Describe how encryption works in Azure Storage account.
All data in Azure Storage is automatically encrypted. By default, encryption is performed using keys owned and managed by Microsoft. If preferred, you can provide your own keys.
How do you add a custom encryption key?
By adding it to Azure Key Vault. You then provide the details of the vault and key, or the URI of the key in the vault.
What happens when you change a custom key?
All new data will be encrypted using that key. Old data will be encrypted using a background process; this process may take a little time.
What is a SAS?
A Shared Access Signature (SAS) is a token that an application can use to connect to a resource.
What can a SAS token be used for?
Granting temporary access to an entire service, containers in the service, or individual objects such as blobs and files.
What can you configure on a SAS token?
The permissions, period of validity and IP address range of computers allowed to use the SAS token.
How does a SAS token work?
The application appends the token to the URL of the resource. The application can then send requests to read or write data using this URL and token.
How is a SAS token encrypted?
By using one of the two service access keys. You get to pick which.