what kind of locks are applied by Azure Synapse when loading data using COPY INTO

what kind of locks are applied by Azure Synapse when loading data using COPY INTO, if we are running extract from synapse dw (say from table A) and simultaneously loading new data into a some other (say table B). Will it cause any locks, will we face slowness or any locks while extracting data from table A

can someone please tell me how can we download malware pcap in ubuntu VM in microsoft azure?

I tried to download malware pcap on ubuntu VM in microsoft azure from the putty but it is not allowing me to do so .It gives following output: 2016-12-17-traffic-analysis-exercise.pcap.zip: Permission denied Cannot write to ‘2016-12-17-traffic-analysis-exercise.pcap.zip’

can someone please tell me how can we download malware pcap in ubuntu VM in microsoft azure?

I manage to connect to Azure Analysis Services from SSMS, but not from SSIS

I’m new to the Microsoft Server Suite.

I’ve downloaded SSMS and connected to Azure Analysis Services from it. I’m able to query my data using mdx without any problems.

However, I actually intend to build an ETL pipeline with the AAS cube as one of the sources. So I installed SSIS and have been trying to connect it to the AAS cube.

I first add "Analysis Services Processing Task" to the package. The result looks ok (when I click on "Test connection" the result is positive). But when I click on "Add", it doesn’t detect any cubes (there are two on the AAS server specified):

enter image description here

I assumed it worked anyway, but I can’t query the cube no matter how I try to do that. I added "Execute SQL task", but when I run it, it gives me an error:

enter image description here

enter image description here

enter image description here

The error message is:

An OLE DB record is available. Source: "Microsoft OLE DB Driver for SQL Server" Hresult: 0x80004005 Description: "Login timeout expired". An OLE DB record is available. Source: "Microsoft OLE DB Driver for SQL Server" Hresult: 0x80004005 Description: "A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online.". An OLE DB record is available. Source: "Microsoft OLE DB Driver for SQL Server" Hresult: 0x80004005 Description: "Named Pipes Provider: Could not open a connection to SQL Server [53]. ". Error: 0xC00291EC at Execute SQL Task, Execute SQL Task: Failed to acquire connection "asazure://northeurope.asazure.windows.net/xxxx". Connection may not be configured correctly or you may not have the right permissions on this connection. Task failed: Execute SQL Task Warning: 0x80019002 at Package: SSIS Warning Code DTS_W_MAXIMUMERRORCOUNTREACHED. The Execution method succeeded, but the number of errors raised (1) reached the maximum allowed (1); resulting in failure. This occurs when the number of errors reaches the number specified in MaximumErrorCount. Change the MaximumErrorCount or fix the errors. SSIS package "C:\Users176\source\repos\Integration Services Project1\Integration Services Project1\Package.dtsx" finished: Failure. The program ‘[18664] DtsDebugHost.exe: DTS’ has exited with code 0 (0x0).

Any ideas?

Is it possible to create an “always on” environment from a SQL Server on premises to a virtual machine on azure?

I’ve been looking for a similar question here and reading about it about ""Add Azure Replica Wizard", but I heard the it doesnt works because it’s a deprecated feature.

I used to have a primary server and a secondary server on premises as always on, but because of costs I had to delete the secondary "replica".

I would like to know if it’s possible to recreate this always on environment, and then have the primary server On Premises, and a replicated environment on a virtual machine on Azure Cloud.

Then if something happens with our primary, automatically the secondary replica on azure will take the work.

Wrap key operation in Azure Key Vault – symmetric keys

Could anyone explain why the bolded part of the wrap key description?

Wraps a symmetric key using a specified key. The WRAP operation supports encryption of a symmetric key using a key encryption key that has previously been stored in an Azure Key Vault. The WRAP operation is only strictly necessary for symmetric keys stored in Azure Key Vault since protection with an asymmetric key can be performed using the public portion of the key. This operation is supported for asymmetric keys as a convenience for callers that have a key-reference but do not have access to the public key material. This operation requires the keys/wrapKey permission.

AFAIK, all the keys in Azure Key Vault are stored at rest in HSM modules. Why is key wrapping necessary for symmetric keys? What does ‘protection’ mean in this case? Using a public key to encrypt data?

If HSM are securing all the keys in Key Vault (using its built-in symmetric key), then why would encrypting a symmetric key be necessary as quoted?

Any good RP systems out there for a Azure Lane RP? [closed]

Kinda a weird question for sure, but to put small context this all began after a small joke that got way out of hand. By the end of it I was "encouraged" to put together a one-shot campaign for Azure Lane with some friends. Looking around though at the few I know such as DnD & Pathfinder, none of those really work for something like Azure Lane.

So my question is then does anyone have some good recommendations regarding a RP system to use for a Azure Lane focused setting and mechanics?

Azure Key Vault – hardware vs software protection

I was wondering if I correctly understand the difference between hardware and software protected keys.

Quoting the Applied Cryptography in .NET and Azure Key Vault (page 146 available on Google books)

Azure Key Vault Hardware Mode

When you configure Key Vault to work in hardware mode, you get the most benefit from the service because not only are keys stored in the hardware, but all operations such as encryption, decryption, and digital signatures are also performed on the device, which gives you the high level of protection when using Key Vault. The extra level of security that this affords does come at a cost as you need to use a premium service plan, but the additional cost gives you the extra protection that you would want in a production system.

Azure Key Vault Software Mode On the flip side, when you configure Key Vault to work in software mode, your keys are stored on the hardware, but any other operations, such as encryption, decryption, and digital signatures are performed outside of the HSM hardware using standard Azure compute virtual machines. Since there is less work on the HSM, you save money. From a software interface point of view, there is no difference in how you use Key Vault between hardware and software mode; the differences are transparent to a developer. When you are planning your testing and production environments for your software application, it is a good idea to use Key Vault in software mode for your testing environments as you can keep the costs low, and then use the hardware version for your production environment as this gives you the most significant level of protection.

In summary, my secret key is safe with hardware protection as long as the encryption key used to secure my secret key is not read from the HSM (which requires tampering with it and it leaves evidence). My secret key does not leave the HSM which performs all the operations using my secret key on its own. However, the software protection doesn’t have this extra security layer and my secret key is given away to Azure compute virtual machines, and my secret key could therefore be stolen without leaving any physical evidence whatsoever. Is that correct?

On-premesis SQL Server setup for MFA against Azure AD

I am trying to set up multi-factor authentication in SSMS using an on-premesis SQL Server (Standard Edition). I believe the SSMS is simple enough. Under the "Login" tab, I have chosen "Active Directory – Universal with MFA support" and have my user name (like "john.doe@example.com").

Login tab

Under "Connection Properties," I put in a specific database and my Azure AD tenant ID (guid):

Connection Properties tab

When I try to log in, I get a popup from Microsoft, which I assume is the SSO login:

SSO Login

However, when I put in my password, I get error 18456, State 1:

Error 18456

I assume this is because I need to add the user on the server side. However, I have not been able to find how to do that for an on-premesis SQL Server (there are plenty of guides for Azure SQL). I am using Standard Edition 2017. What do I need to do to complete the setup?

Security pattern for third party uploads to Azure blob container

Scenario:

  • Vendor 1 needs to upload data to an Azure blob storage container owned by Vendor 2
  • Vendor 1 is issued a limited duration SAS token each day to use
  • Azure does no scanning of incoming blobs (therefore content is untrusted when it lands)
    • Microsoft recommends pre-scanning all files before uploading

Questions:

  • What is a repeatable pattern for Vendor 2 to secure this type of content unpload against malware threats?