This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.
Azure PostgreSQL Flexible Server -February 2023 Feature Summary
The Azure PostgreSQL product team is pleased to introduce a new initiative: the monthly product feature summary. This report will showcase the latest updates and new features added to the Azure PostgreSQL Flexible Server over the past month, providing customers, stakeholders, and development teams with a clear overview of the changes and improvements made to the product. Each feature or update will be briefly described, along with its benefits and any relevant documentation. By regularly sharing this information, the product team hopes to build stronger relationships with customers and receive valuable feedback that can help them optimize the product even further.
Welcome to our February 2023 update, where we will be highlighting our latest features and improvements. Since this is our inaugural blog, we'll also be covering the features we released in January. We invite you to keep reading for more information on how these updates can benefit you and your organization.
- Azure Active Directory Authentication
- Customer Managed Keys
- Major Version Upgrade (In-Place)
- AutoVacuum Metrics
- Minor versions (14.6, 13.9, 12.13, 11.18).
- Geo Redundant Backups for CMK-enabled servers
- Semver extension for new servers.
Azure Active Directory Authentication
Azure Active Directory authentication for Azure Database for PostgreSQL - Flexible Server allows you to improve database security by delegating credential management and authentication to a centralized identity provider. Azure Active Directory for Azure Database for PostgreSQL – Flexible Server now provides full support for managed identities, improved group roles and support for invited users and the ability to disable local password-based authentication. Azure Active Directory authentication for Flexible server general availability was announced on January 23rd and now we have also added API/CLI/Terraform GA support.
Azure Active directory Authentication can be configured either during server provisioning or after server creation and you can use the steps below to configure this.
In the Azure portal, during server provisioning, select either PostgreSQL and Azure Active Directory authentication or Azure Active Directory authentication only as the authentication method.
On the Set admin tab, select a valid Azure AD user, group, service principal, or managed identity in the customer tenant to be the Azure AD administrator.
Post Server Creation
In the Azure portal, select the instance of Azure Database for PostgreSQL - Flexible Server that you want to enable for Azure AD. Under Security, select Authentication. Then choose either PostgreSQL and Azure Active Directory authentication.
To learn more about AAD for PostgreSQL Flexible Server please click on the following links.
Active Directory authentication - Azure Database for PostgreSQL - Flexible Server | Microsoft Learn
Use Azure Active Directory for authentication with Azure Database for PostgreSQL - Flexible Server | Microsoft Learn
Customer Managed Keys
Azure Database for PostgreSQL - Flexible Server has been widely adopted by customers in various industries that manage sensitive data, including finance, professional services, and e-commerce. While storage encryption for data at rest is a built-in security feature of Microsoft Azure, some organizations require additional control over data access using a customer-managed key (CMK). To address this need, we introduced the Customer Managed Keys (CMK) feature.
We announced worldwide General Availability of CMK for Azure Database for PostgreSQL - Flexible Server in January. With CMK feature, customers have full control over data access, including the ability to remove the key and make the database inaccessible, full control over the key lifecycle, central management and organization of keys in Azure Key Vault, and the ability to implement separation of duties between security team, DBAs, and system administrators.
Enabling encryption with CMK does not impact performance as Flexible server relies on the Azure storage layer for data encryption in both scenarios, with the only difference being that when CMK is used, the Azure Storage Encryption Key is encrypted using the customer-managed key. Additionally, we have also added Geo-redundant backup, API/CLI support for CMK-enabled servers.
To learn more about CMK for PostgreSQL Flexible Server please click on the following links.
Data encryption with customer-managed key - Azure Database for PostgreSQL - Flexible server | Microsoft Learn
How to set up CMK for Azure PostgreSQL Flexible Server
Major Version Upgrade
Azure Database for PostgreSQL Flexible Server platform now offers an in-place major version upgrade feature in public preview that makes it easier for customers to upgrade their servers to a higher version. This new feature eliminates the need for data migration, which can be a complex and time-consuming process that requires additional resources and results in business downtime. The in-place upgrade process is faster, minimizes downtime, and keeps the existing server name and other settings intact, providing customers with greater ease in managing their infrastructure. Additionally, there is no need to change application connection strings, which further simplifies the upgrade process for customers. This new feature provides customers with a more streamlined and efficient upgrade process, making it easier for them to take advantage of the latest features and enhancements available in higher versions of PostgreSQL.
How to Perform In-Place Major Version Upgrade:
- You can perform in-place major version upgrade using Azure portal or CLI (command-line interface). You can click the Upgrade button on the server Overview blade to start the in-place major version upgrade process.
To learn more about this feature including support for read replicas, extension and limitations please refer Major version upgrade documentation.
Autovacuum is a background process in PostgreSQL that runs automatically and is triggered by a threshold of dead tuples or at specific intervals. While it typically runs without user intervention, monitoring key metrics is necessary for busy servers with high transactional volume to ensure its effectiveness. Parameters such as autovacuum_vacuum_cost_limit, autovacuum_vacuum_cost_delay, and autovacuum_vacuum_scale_factor can impact autovacuum's performance and should be configured properly.
We are pleased to announce the public preview of new autovacuum metrics that you can use to optimize your auto vacuum process. These metrics allow you to monitor and tune autovacuum performance for Azure database for PostgreSQL flexible server. Each metric is emitted at a 30-minute frequency and has up to 93 days of retention. Customers can configure alerts on the metrics and access new metrics dimensions to split and filter the metrics data by database name. In conclusion, it's vital to monitor and optimize the autovacuum process to maintain the performance and health of your Azure PostgreSQL database instance. By understanding how autovacuum works, monitoring key metrics, and optimizing the process, you can ensure that your database runs smoothly and efficiently while avoiding potential issues.
To enable autovacuum metrics, the server parameter metrics.autovacuum_diagnostics must be turned on, as it's disabled by default. This parameter is dynamic, so an instance restart isn't required.
We released support for new PostgreSQL minor versions 14.6, 13.9, 12.13, 11.18.
Extension support for SemVer for newly created servers.
That’s all for this month! Please continue sending us your feedback, please reach out via email to Ask Azure DB for PostgreSQL for PostgreSQL for any other questions or clarifications.