Manage data across Azure SQL estate with Azure Purview

Solution Idea

If you’d like to see us expand this article with more information, such as potential use cases, alternative services, implementation considerations, or pricing guidance, let us know with GitHub Feedback!

As more of your organization’s data is loaded into Azure, the need to properly govern and manage that data across all your data sources and data consumers grows.

Without high-quality data in your Azure SQL estate, the business value can be diminished. The solution is to build a foundation for data governance and management that can produce and deliver trustworthy high-quality data.

Data needs to be managed at scale across on-premises, cloud, and multi-cloud storage. This management ensures compliance requirements are met around security, privacy, and usage. Well-managed data can also improve self-discovery, data sharing, and quality—improving the use of data in applications and analytics.

With Azure Purview, you can:

  • Ensure that definitions, classifications, and governance processes are applied uniformly for your data.
  • Provide a central platform where you can apply definitions and ownership to your data.
  • With a single view on reports and insights, you can generate data standards that should be imposed on your data.
  • Focus on governance to find, classify, define, and enforce policies and standards across data.

Azure Purview can automatically discover, catalog, classify, and manage data across Microsoft SQL offerings, whether on-premises or in Azure. To take advantage of Azure Purview, use these Microsoft SQL services together:

  • On-premises SQL Server
  • Azure SQL
  • SQL Server Managed Instance
  • Power BI

Potential use cases

The solution described here is appropriate for organizations that would benefit from the following outcomes of well-governed data:

  • Automatic discovery of data in the organization to accelerate cloud adoption.
  • Secure data for compliance with data laws and regulations.
  • Improved access, discovery, and quality of managed data to enhance analytics.

Architecture

Architecture diagram shows how Azure Purview scans and classifies data and data lake storage

Download a PowerPoint file of this architecture.

Dataflow

The next four scenarios show the options available to you, to connect to Azure Purview securely.

  1. Connect Azure Purview to on-premises SQL via Self-Hosted Integration Run time by Private Endpoint.
  2. Connect Azure Purview to Azure SQL via Managed Virtual Network by Managed Private Endpoint.
  3. Connect Azure Purview to Azure SQL Managed Instance via Self-Hosted Integration run time by Private Endpoint.
  4. Connect Azure Purview natively to Power BI.

    Note

    The information transferred from the sources to Azure Purview is metadata describing the data within the scanned sources. No actual data is transferred from the SQL sources to Azure Purview.

Capabilities

  • Catalog. Azure Purview data catalog can automatically capture and describe core characteristics of data at the source. The characteristics include schema, technical properties, and location. Azure Purview glossary allows a business-friendly definition of data to be layered on top to improve search and discovery.
  • Classification. Azure Purview automatically classifies datasets and data elements with over 100 predefined sensitive-data classifications. It also allows users to define their own custom classification schemes that can be applied manually and automatically.
  • Ownership. Azure Purview allows data ownership and stewardship to be applied to data assets and glossary items within the catalog.
  • Insights. Insights in Azure Purview provide multiple pre-defined reports to help CDOs, data professionals, and data governance professionals gain a detailed understanding of the data.

Components

The solution uses the following components:

  • Azure Purview is a unified data catalog that manages on-premises, multi-cloud, and software as a service (SaaS) data. This data governance service maintains data landscape maps. Features include automated data discovery, sensitive-data classification, and data lineage.
  • Microsoft SQL Server is a family of relational database management systems, or RDBMS. The servers are deployed and managed by your organization.
  • Azure SQL Database is a fully managed SQL database built for the cloud with automatic updates, provisioning, scaling, and backups.
  • Azure SQL Managed Instance is a cloud database service that provides all the features of SQL Server with added protection, connectivity, and automatic updates.
  • Power BI is a collection of software services and apps. These services create and share reports that connect and visualize sources of data. When you use Power BI with Azure Purview, it can be cataloged, classified, and have granular lineage illustrated end to end.
  • Azure Private Link provides private connectivity from a virtual network to Azure platform as a service (PaaS), services that you own, or Microsoft partner services.
  • Azure Key Vault stores and controls access to secrets such as tokens, passwords, and API keys. Key Vault also creates and controls encryption keys and manages security certificates.
  • Azure AD offers cloud-based identity and access management services. These features provide a way for users to sign in and access resources.
  • Azure Monitor collects and analyzes data on environments and Azure resources. This data includes app telemetry, such as performance metrics and activity logs.

Next steps

https://docs.microsoft.com/en-us/azure/architecture/solution-ideas/articles/azure-purview-sql-estate-architecture

Leave a Reply