I have a simple project to upload pics and Images to Azure, I have these strategies
WINDOWS PHONE -> WCF SERVICE -> AZURE SQL
WINDOWS PHONE -> WCF SERVICE -> AZURE STORAGE
WINDOWS PHONE -> AZURE STORAGE
However, I have these questions...
Can I go ahead with WCF Services and if yes, how to deal with large size images?
Maybe better upload from Windows Phone to Azure storage directly?
I would suggest that SQL database can be counted off to a large degree. storage is a much more cost effective way to store images which are essentially blobs, however - depending on your needs you might want to store metadata on the blobs in sql to assist in querying
If that is the case using a service layer can assist encapsulating the two paths - storing the blob and storing the metadata
Having said that, passing large blobs through a service is very inefficient and so, for the images themselves, phone->storage is perhaps the most compelling approach and will be the most efficient way to do so both from a coding perspective, solution components and responsiveness; the main downside with that is that it requires the phone app to have the credentials to the storage account, which is a big security risk.
Given all of this you might want to consider a combined flow -> phone->service to store metadata and receive a shared access signature token to the blob and then phone->storage, using the SAS token received, for the photo itself
you will need to handle failures in this flow to update the metadata accordingly...
slightly more complex, but with a good balance between security and performance?
Related
I have .NET Core Web API microservices with MS SQL and elastic search(NoSql). I want to encrypt PII(Personal Identifiable Information) both in Elasticsearch and MS SQL database. Which is better option to use .NET data protection API or always encrypted?.
If I use always encrypted then it will only work with MS SQL. Elastic search + logging will require handling it separately so is it better to encrypt in API using data protection API?.
Documents say that data protection API is only meant for temporary data.
Is there any other better way to protect data other than above too?
Any common pattern or strategy for this?
Depending on your company's industry and internal policy, you might be required to encrypt data AT REST as well as IN MOTION.
Logging PII should be strictly banned. Only log account's internal IDs that can not identify a user, dont log usernames/userids, just account id. Do not log account numbers etc.
As an alternate to elastic search, you could break down the PII data points in to multiple systems to avoid any one system's compromise leading to PII leak.
I am currently in the process of building a SQL database in Microsoft Azure for handling pictures, documents, etc. What is the most efficient/best way of storing data? Uploading the files directly to the DB, or by sourcing the files from something like Azure BLOB? I have read numerous posts about people uploading it directly to the DB, but I am concerned about its efficiency.
Thank you in advance for any replies.
You can store in something like Azure SQL DB for example but I would not recommend it, you should definitely store in Azure Storage (BLOB) and then for reference store in a DB. Azure has multiple relational and NoSQL data stores which are offered as platform services.
I would do two things, use a NoSQL platform data store like Cosmos DB using SQL Core API to store the metadata for the images, here you can use the filename as the partition ID to do a point read (this is very fast read and it would be a very cheap option with blazing fast performance) and secondly I would use Azure CDN to make sure images are accessed via CDN so that they are faster.
Azure CDN has three options; Akamai, Verizon and Microsoft. You can test which CDN is faster from where you are from here: https://cloudharmony.com/speedtest-for-azure
Using the above URL you can also use to test which Azure region is closer to you so to use that region, or test for your end-users and choose the region closer tot them.
I would say storing in Azure BLOBs is a better idea. Imagine you have 100 GB files stored in DB.
It will slow down your query if your table is not designed properly.
Backup & Restore DB will be very slow.
Azure DB is more expensive than Azure BLOB for the same size.
If your total file size is small enough, it doesn't make much difference.
I want to create a database for a company and I need to store some images for them. I want to give users the ability to select the image in form I create and then SQL server should upload it to a cloud service directly but I don't know how to do it and which cloud service is best for this job
thanks and regards, Yeki
You will have to elaborate on what you're looking for as there are multiple options avaialble.
1) If you're using Microsoft and are set on Cloud Services, look at the Azure Platform. You're able to store files and manage a database from the cloud and it is very cost effective. They will host your application as well if you need.
2) Are you not able to store the files in the same location the app is being hosted?
3) If the images are relatively small (i.e. less than 200kb), you can save them directly in the database.
You can store larger images, it's just not as efficient, so a file store would be better.
I only starting to learn about SQL Azure, have spoken to some potential clients, they say they have not chosen Azure due to the private nature of their customers information.
Reading about Azure it has firewalls to prevent unauthorised access.
I was just wonder what other way I could market Azure so that clients who potentially want to use it would not be concerned about privacy issues.
Also as I understand Azure supports Hybrid solutions where you can store data locally or remotely?
Thanks
SQL Azure is a public service and the data is stored somewhere in the cloud provider facility. With all security measures including firewalls and sentry dogs the data is still under zero customer control.
So the provider could do some backup and store it for some very long time and you might want to destroy the data ASAP and will be unable to have it done.
Also here's what technically could happen (not that I'm saying it is likely):
the provider might dispose of undestroyed hard disks
a bug could cause the authorization to fail and allow an unauthenticated user (because you see, you don't control what software updates the provider applies)
the provider employee might be bribed and copy the data
So if the user really wants privacy (or the laws say the data he deals with must be processed according to certain requirements) or he wants actual control on how the data is dealt with then a public storage service like SQL Azure is technically inapplicable for him. You trying to market Azure as providing the same level of control and security as a local facility would provide are deceiving the customer.
Sad but true and you can't lie to the compiler. There's no such thing as control over your data in a public storage service. Risks of negative outcomes are perceived as rather low, but they exist and they are real.
Yes, the Azure service bus has connecting private and public clouds as a feature. Keeping sensitive data locally may be what your clients want/need to push parts of their infrastructure to the cloud, although it will take some effort for sure to keep that separation clear, and I'm not just talking technically.
That said, marketing Azure to a client that's not ready for the cloud may very well lose you the entire deal, so make sure you're not pushing anything they aren't ready to cope with to start with.
A good starting point is the Windows Azure Trust Center to learn about Windows Azure privacy and security.
There's also a 7-part Windows Azure security best practice series on the ISV Developer Community Blog. Part 1 has links to the remaining entries, at the end of the post.
Microsoft's data centers are run by Global Foundation Services, which has its own set of security and compliance. There you'll find a data center tour video
i want to develop a wp7 application that can store geospatial data and pictures in an azure database.
does anyone have an idea on how to do this? Do i use blobs?
Cheers
There are a couple of codeplex and Microsoft projects that will help you
Firstly this community quick start - http://wp7azurequickstarts.codeplex.com/
Secondly the official toolkit - http://watoolkitwp7.codeplex.com/
There is a walkthrough which shows how MS recommend you upload photos to blob storage - http://watoolkitwp7.codeplex.com/wikipage?title=Running%20and%20Going%20Through%20the%20Windows%20Phone%207%20Cloud%20Application
The basic structure you use is:
a service which your app can call in Azure compute
that service can then store things in Blob, Table or SQL storage - most likely it will
store images in Blob
store index information in SQL (or maybe in table)
Note that while the app itself could upload direct to Azure Blob storage, this would most likely require you to distribute your secret private keys along with the app - which wouldn't be a good thing to do. If you did want to optimise the communications in you application, then you could implement a direct upload to blob using a shared access key retrieved from your Azure service (but I think this is only a small optimisation)