SQL Data Sync - Data Security

Your data is important to you and the success of your business.   Unfortunately, your data may also be important to someone else. You want to make sure that it is secure from unauthorized access.  Therefore, it is prudent and reasonable for you to ask, “How does SQL Data Sync help me keep my data secure?”

Important! This wiki topic may be obsolete. This wiki topic is no longer updated by Microsoft. We moved the content to the MSDN Library where we keep it current. To find the latest version of this topic on MSDN click here.

Encryption

Encrypted Data

The SQL Data Sync service encrypts all sensitive data that it stores, including:

• SQL Data Sync service credentials for the system databases in SQL Database.

• SQL Data Sync service credentials for the system storage in Windows Azure.

• User credentials for the user's SQL Database.

• The configuration file for the Data Sync Client Agent.

Encrypted Connections

The SQL Data Sync service encrypts all connections between components, including:

• The connections between the service and the system database in SQL Database.

• The connections between the service and the system storage in Windows Azure.

• The connections between all components in the cloud-based service.

• The connection between the Client Agent and the cloud-based service. And

• The connection between the Windows Azure Management Portal and the cloud-based service.

Authentication

Client Agent Authentication

• The Client agent authenticates local users with Windows user security. The Client agent requires the user to be a member of a specific security group.

• The cloud-based SQL Data Sync service authenticates the Client Agent using a unique token or "agent Key." The user generates the agent key in the Windows Azure Platform Management Portal and then installs the agent key in the Client Agent. The user can regenerate and reinstall and agent key at any time.

Database Access Authentication

The on-premises SQL Server database authenticates the Client Agent using the connection string and credentials that the user provides.

System Component Authentication

The cloud-based SQL Data Sync service authenticates connections between system components within the cloud service using certificates.

Portal Access Authentication

The Windows Azure Platform Management Portal authenticates users with Windows Live ID and the Windows Azure subscription database. Users should follow good security procedures to protect their Windows Live IDs, including:

• Keep your ID and password secure.

• Do not check the "Remember my password" checkbox on the Windows Live sign in page.

• Log out of your Windows Live session any time you are going to be away from your computer.

Suggestions for creating strong passwords and password security can be found at Create Strong Passwords. You can check the strength of a password by using the secure password checker at https://www.microsoft.com/protect/fraud/passwords/checker.aspx?wt.me_id=site_link. You can generate passwords with various levels of strengths at Strong Password Generator. This site also evaluates the strength of passwords.

Note: SQL Server supports both Windows Credentials and SQL Credentials.  SQL Database supports only SQL Credentials.

Feedback

This release was provided in order to gather feedback from our customers. Now that you have previewed what the SQL Data Sync team is doing, please let us know what you think of our direction, and tell us about your experiences. You can send us your thoughts in any of the following ways:

• Send us a note on http://twitter.com/syncfx.
• Post a comment to our blog at http://blogs.msdn.com/sync.
• Post a thread to our forum at http://social.msdn.microsoft.com/forums/en-US/ssdsgetstarted/threads/

See Also

• [[Windows Azure SQL Database Overview]]
• [[SQL Data Sync Overview]]
• [[Windows Azure SQL Database TechNet Wiki Articles Index]]