YugabyteDB Managed on Azure: A New Era of Security and Scalability Capabilities

As you may recall, we recently announced support for single and multi-region clusters across 21 Azure regions for YugabyteDB Managed, our self-managed DBaaS. Building on this, we’re excited to introduce new Azure capabilities, including encryption at rest with Customer Managed Keys (CMKs) via Azure Key Vault and single-sign-on (SSO) integration using Microsoft Entra ID (Azure Active Directory). These enhancements align our Azure capabilities more closely with what is offered on AWS and Google Cloud.

So, let’s explore these Azure capabilities in more detail, along with other updates like our flexible read replicas and new Azure tutorials for developers.

Expanded Data Security using Customer Managed Keys (CMK) with Azure Key Vault

We know that safeguarding your information is essential to maintaining trust and compliance. Therefore, YugabyteDB Managed now offers an advanced level of data security with the introduction of encryption at rest using customer managed keys (CMK) with Azure Key Vault.

Customer managed keys, which can be used for dedicated clusters on YugabyteDB Managed, are now available across all supported cloud providers: AWS, Google Cloud, and (now) Azure. This addition underscores our commitment to multi-cloud flexibility and robust security.

Using customer managed keys (CMK) for encryption at rest offers you complete control over your encryption keys, allowing you to encrypt your data at rest and manage the encryption key’s lifecycle with ease. This feature ensures robust security for your data in the cloud, enabling you to restrict access to authorized parties and manage permissions with just a few clicks.

Key features and benefits include:

• Complete control over encryption keys: With customer managed keys (CMK )on Azure Key Vault, you (literally) hold the keys! You can create, manage, and revoke these keys as needed, ensuring that only authorized users can access your data in the cloud. This level of control covers your encryption keys’ entire lifecycle. 
• User-friendly management interface: Manage your encryption effortlessly through our intuitive interface, powerful command line interfaces (CLI), or through the YugabyteDB Managed API.
• Regulatory compliance and enhanced security: CMK on Azure Key Vault adheres to the highest regulatory standards, offering an additional layer of security beyond the standard volume encryption offered by cloud service providers.
• No vendor lock-in: The CMK solution seamlessly integrates with your existing encryption procedures and key management solutions. This flexibility avoids vendor lock-in, ensuring that you can use your preferred cloud’s key management services.
• Cost-effective data protection: The BYOK (bring your own key) model offers a cost-effective way to protect your data, eliminating the need for extensive in-house infrastructure for key management.

Streamlined Access Management with Single Sign-On Using Microsoft Entra ID (Azure Active Directory)

Single sign-on (SSO) using Microsoft Entra ID (Azure AD) via OpenID Connect (OIDC) is now available. This solution streamlines user access and management for organizations leveraging Azure AD for identity management, ensuring both efficiency and enhanced security.

This integration enables the use of existing Azure AD identities for logins, significantly reducing administrative work and bolstering security. It automates user setup in YugabyteDB Managed, removing the need for manual invitations and preventing duplicate user configurations across systems.

Key features and benefits include:

• Federated authentication: Simplifies access management by using existing Azure AD identities.
• Centralized identity management: Manages user roles and access in one location, reducing redundancy and administrative workloads.
• Seamless integration: Ensures easy integration with Azure AD, enhancing support for the overall Azure ecosystem.
• Enhanced security: Improves security protocols by centralizing identity management, reducing the risk of unauthorized access.
• Admin-focused accessibility: Reinforces control and security by ensuring that only admin users can sign in with email-based login after federated authentication is enabled.

Scale as Needed with Flexible Read Replicas

Flexible read replicas now enable cost-effective scaling tailored to each region. Scale up or out read replica nodes in specific, high-traffic regions and scale down read replica nodes in regions with less traffic, optimizing resource allocation and costs.

Key features and benefits include:

• Flexible scaling: Scale read replica nodes differently in each region, whether scaling up (vertically) or out (horizontally).
• Cost-effective scaling: Optimize your budget by controlling resource utilization more granularly, adjusting to the application traffic in each geographical region.
• Automated scaling: Orchestrate and scale automatically based on traffic via the YugabyteDB Managed CLI or Terraform.

Develop Applications with Azure and YugabyteDB

To help you start building applications on Azure using YugabyteDB, we are excited to announce new Azure-focused step-by-step tutorials. These tutorials show you how to use Azure App Service, Azure OpenAI, Azure Private Link, Azure Event Hubs, and more with the most effectively with YugabyteDB.

Get Started Today—For Free

YugabyteDB Managed is currently available as a free, full-featured trial, allowing you to experience the full benefits without charge. Use it to test PostgreSQL compatibility, horizontal scalability, fault tolerance, and multi-region clustering.

Get started in minutes with no credit card required! Test advanced YugabyteDB Managed features to optimize your database performance and drive business success.