APJ - ISV - Database

You can, in addition, set up a virtual private gateway that extends your corporate network into your VPC, and permits access to the database instances in that VPC through a VPN of your choice. Most cloud providers offer built-in firewalls that help you control network access to the computing instances. The cloud provider might also offer a private or dedicated connectivity option to con‐ nect the cloud consumer's office and on-premises environments with the cloud environment. You can set up database security groups to secure database instances within a VPC. Security groups are firewall rules that control network access to your cloud data‐ bases. You can also allow or deny network traffic entering and exit‐ ing a subnet via network ACLs. Any network traffic that enters or exits your VPC via your VPN can be inspected by your on-premises security infrastructure (such as a firewall) and by intrusion detec‐ tion systems. Direct Connections Instead of a VPN, you can connect systems outside the cloud to systems within the cloud through Direct Con‐ nect in AWS or ExpressRoute in Azure. They exploit private network links provided by telecommunications carriers to create a direct connection. End-to-end encryption is still recommended, and is generally done through standard Secure Sockets Layer (SSL)/Trans‐ port Layer Security (TLS). Data Encryption In the cloud, it's easy to encrypt your data to provide additional pro‐ tection to data at rest. For example, when you enable encryption in an Amazon RDS cluster, the database stores all data in the tables that you create in an encrypted format. The encryption also applies to the database backups. Encryption is also easy to set up when you transmit data to and from the cloud. Encryption is particularly necessary for organizations that must meet industry compliance requirements such as Health Insurance Portability and Accountability Act (HIPAA) compliance for health care, the Sarbanes-Oxley Act (SOX) for financial reporting, and the Payment Card Industry Data Security Standard (PCI DSS) standards for ecommerce and retail business. If you protect your encryption 22 | Chapter 2: The Changing Role of the DBA in the Cloud

• Cover
• Table of Contents
• Chapter 1. Database Options in the Cloud
• High-Level Effects of Moving to the Cloud
• Self-Managed Versus Managed Databases
• Cloud Native Databases
• Types of Managed Databases
• When a Managed Database Might Not Be a Good Fit
• Role of the DBA in a Managed Database
• Chapter 2. The Changing Role of the DBA in the Cloud
• How DBA Tasks Change in the Cloud
• DBA Tasks That Are Taken Over by the Vendor
• DBA Tasks That Remain but with Changes
• New Tasks for the DBA in the Cloud
• Security for Data and Applications in the Cloud
• Access Control and Identity and Access Management
• Network Isolation
• Data Encryption
• Infrastructure as Code: Making the Most of the Cloud
• Chapter 3. Moving Your Databases to the Cloud
• Planning
• Factors in a Migration
• Major Migration Tasks
• Readiness Assessment
• Checking for Incompatibilities
• Data Movement
• Migrating the Database
• Migrating Applications
• Post-Migration Checks
• Optimization
• Availability
• Performance Optimization
• Adapting to Differences in the Cloud
• Conclusion
• Chapter 4. Conclusion
• About the Authors