This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.
I'm excited to announce that ledger is now in preview in Azure SQL Managed Instance! Ledger is a technology that offers the power of blockchain with the simplicity of SQL. It was released last year in Azure SQL Database and SQL Server 2022. As a logical next step, ledger is now available in preview for Azure SQL Managed Instance. Using ledger, the data in SQL is verifiable using the same integrity benefits seen in blockchain technology, while keeping the flexibility, efficiency, and performance of a traditional database. The data is centrally managed and you can cryptographically attest to other parties, such as auditors or other business parties, that your data is trusted and isn’t tampered with.
How it works
The way ledger in Azure SQL Managed Instance works is the same as in Azure SQL Database and SQL Server 2022. Each transaction that the managed database executes is cryptographically hashed (SHA-256). Transactions are then cryptographically linked together, like a blockchain. Cryptographically hashed database digests represent the state of the database. They're periodically generated and stored outside the managed database in a tamper-proof storage location such as Azure immutable Blob storage or Azure Confidential Ledger.
All historical ledger table data is transparently maintained in the database system and exposed to users for auditing and forensic purposes. Historical data is used to analyze the executed operations and detect unexpected or malicious modifications. However, malicious high privileged users or cloud operators can update the content of ledger tables, using other techniques like writing directly to the data files, and tamper with the data. These "under the covers attacks" are detected through cryptographic verification. Database digests are used by auditors, business partners (in case of a multi-party scenario) or even end users to execute the database verification process that recomputes the hashes in the database and compares them to the input hashes provided by the user. When the verification is successful, you have cryptographic proof that your data is fully trusted.
Tietoevry, who has partnered with our team throughout the development process of ledger in Azure SQL Managed Instance, has this to say about the feature:
|Ledger is a cutting-edge, game-changing technology that uses blockchain-inspired principles to ensure the integrity and accuracy of our financial data. With ledger, we can track our client’s transactions with complete transparency, from inception to settlement, with full accountability. Plus, ledger provides an immutable record of every transaction, so our clients can be confident that their data is secure and tamper-proof, as ledger is fully compliant with international financial regulations. This has helped us build stronger relationships with our clients, who appreciate the transparency and clarity we provide. The key benefit is that ledger is compatible with Azure SQL Managed Instance. Peter Larsson, Product Architect|
Use cases for ledger in Azure SQL Managed Instance
Multiple-party business processes
Automating cross-business processes and establishing trust around them are critical problems in several sectors, such as supply chain, manufacturing, etc. They struggle with the challenge of sharing and trusting data. Many organizations turn to traditional blockchains to digitally transform their multiple-party business processes.
However, due to its decentralized nature, blockchain solutions present significant challenges when used for real-world production workloads. There are many scenarios where a Blockchain solution is overkill and does not justify the cost and performance overhead. Ledger provides a solution for this. Participants can verify the integrity of the centrally housed data, without the complexity and performance implications of a Blockchain network.
Audit processes are expensive and time-intensive activities. Auditing requires on-site inspection of implemented practices such as reviewing audit logs, inspecting authentication, and inspecting access controls. Although these manual processes can expose potential gaps in security, they can't provide attestable proof that the data hasn't been maliciously altered.
Ledger provides cryptographic proof of data integrity to auditors. This proof can help streamline the auditing process. It also provides nonrepudiation regarding the integrity of the system's data.
For more information and to get started with ledger in Azure SQL Managed Instance, see:
- Explore the Azure SQL Database ledger documentation
- Read the whitepaper