Always Encrypted–Key Stores
As you know, we can create “Column Master Key” & “Column Encryption Key” to encrypt the column values. You can check here to learn about key creation. Usually these keys are associated with the certificate which includes the details like,
Issued To, Issued By, Expiration Date, Thumbprint & etc.
In Always encryption, we have four different Key store options are available which helps us to secure our keys. These keys are associated with the table columns. We can decrypt the values using these keys so we need to make sure to secure the keys.
Key stores,
- Windows Certificate Store – Current User
- Windows Certificate Store – Local Machine
- Azure Key Vault
- Key Storage Provider (CNG)
Widows Certificate Store – Current User
This type of certificate store is local to current user on the computer. This is located in the registry of the computer, specifically on HKEY_CURRENT_USER root
We need to compare the current user certificate store with local machine certificate store. Current user certificate always inherit the content of the local machine certificate.
We can generate the certificate by our self and that will be available for one year and we can use that to encrypt the column values.
T-SQL Statement to create a master key, we can select the certificate (Thumbprint) which I highlighted.
Windows Certificate Store – Local Machine
This will be available on the computer which is global to all users on the computer. This is located under HKEY_LOCAL_MACHINE registry.
This will list out all the available certificates in your computer and choose for encryption.
Azure Key Vault
This should be used to safeguard the keys in cloud (Azure). It requires a Azure subscription.
Key Storage Provider (CNG)
It provides different providers,
- Microsoft Passport Key Storage Provider
- Microsoft Smart Card Key Storage Provider
- Microsoft Software Key Storage Provider
We can choose any of the above provider, for more information about the algorithm, key length & etc., check Microsoft article here.
Always Encrypted in SQL Server – Part 2
We can easily enable the encryption using wizard which you can check it here.
Disabling the encryption is also an easy task through wizard.
Steps to disable the encryption,
Step 1: Right Click on your database and choose Tasks->Encrypt Columns..
Step 2: Select next on the introduction page.
Step 3: When you are enter into column selection page, you can see the lock symbol on the columns which you enabled the encryption. Under encryption type, you can see the drop down values which includes “Plaintext”, “Deterministic” & “Randomized”. Choose the “Plaintext” and proceed next.
Step 4: Go through further steps and finish it.
Step 5: Now, run the select statement on table and you should see the result without an encryption.
We can define the “Encryption Key” & “Master key” Name manually.
Follow the steps to create custom names and to make use for encryption.
Step 1: Go to Security folder of your database.
Step 2: Expand the security folder and you should see the folder called “Always Encrypted Keys”. Expand the folder.
Step 3: You should see another two folders, Column Master Keys & Column Encryption Keys. Right click on Column Master Keys folder and choose “New Column Master Key..”
Step 4: Define the name of the master key and choose the key store where you want to store your key safely and click OK. Master will be created.
Step 5: Right click on Column Encryption Keys folder and choose “New Column Encryption Keys”
Step 6: Give the name and choose the master key from drop down. You should see the master key which you created in above step 4 and click OK.
Step 7: Now, go and create an encrypted column and you should see the option to choose your encryption key. Master key also will be applied automatically.
Always Encrypted SQL Server 2016
I have discussed “Always Encrypted” concept and covered steps to create Always encrypted columns through T-SQL Statement. Check column level encryption using Always Encrypted in SQL Server 2016
We can enable the encryption to the database table columns through wizard as well .
Before Always Encryption,
After Always Encryption,
Steps to encrypt the column,
Step 1: Right click your database where your tables are there to encrypt.
Step 2: Go to Tasks->Encrypt Columns… and choose.
Step 3: You will see the Introduction page, click Next
Step 4: Choose the columns from table and choose the encryption type. To know more about encryption type, visit here. The encryption key name will be created like “CEK_Auto”. It will keep extend like “CEK_Auto1”, …Auto2, etc. You can use the same encryption key for multiple columns.
Step 5: Once selected the required options, Next option will be enabled and click Next
Step 6: Master Key Configuration will be created for your database. It is an one time activity.
Step 7: Click Next and you can see two options,
- Generate PowerShell Script to run later – Basically this enabling the encryption should be done while doing database maintenance.
- Proceed to finish now
Step 8: Check the configuration in summary page and click next to proceed. The scripts will start run in the background and will encrypt the selected columns.
Step 9: Run the table and check the column values.
For Loop in R
In a real time, we will be in a position to handle the logic using loops. Loop concept is available in all programming language and also in R.
For example, if we want to generate first 200 prime numbers, we have to use loop to get the result.
In R, “for loop” is used to iterate over a vector.
Syntax
for (val in sequence) {
statement
}
In the above syntax, sequence is a vector which we can define and assign into an object and can use the object or we can directly place the vector with the expression. “val” will take the value of sequence and process in a loop. The statement will be triggered until the length of the sequence is completed.
Example,
x <- c(1,2,3,4,5,6,7,8,9,10)
count <- 0
for (val in x) {
if(val %% 2 == 0) count = count+1
}
print(count)
Using Next
We can use the word next inside the for loop and it will change the flow of the process. Check the below example,
for (i in 1:10) {
if (!i %% 2){
}
print(i)
}
If you run above script, I will get the result as 1,2,3,4,5,6,7,8,9,10 (All the values from the 1:10 sequence).
If you want to display only the odd number for the same sequence input then I can just add a “next” keyword inside if loop.
for (i in 1:10) {
if (!i %% 2){
next
}
print(i)
}
First “i” value 1 will go to if condition once the value reaches the keyword “next”. It will redirect to for loop again and it will come again for the second number i.e. 2 and it will continue up to 10.
If and Else function in R
I have discussed that how to use if and else statement in R in my previous article.
In a real time coding, we will be expecting a short form of code which should give the same expected result.
Vectors are basic building block of R Programming and will be used as input.
To apply the same if and else logic for the vector input, we can use if and else function which will give the same result but as a output vector.
Syntax:
Ifelse(test_expression,x,y)
The output of the function could be a vector. In the above syntax, test_expression is a condition which we can apply into the input vector and x is nothing but a custom value or expression, in logical it is called TRUE. If the condition is satisfied then x (TRUE) will display, you can replace x with any value. Here y is FALSE, if the test_expression is not satisfied then y will display.
Example,
number = c(3,5,7,10)
ifelse(number %% 2 == 0,”even”,”odd”)
Logically the result would be FALSE, FALSE, FALSE, TRUE.
If and Else statement in R
As we know, decision making is an important part for every programming. Almost all the projects make use of this decision making logic and sometimes this is very mandatory as well. Considering this importance, R language has if..else statement.
Probably we are in situation to run the set of codes when the condition is match. In that case, we can use if statement. It is very easy to use in R as like other programming language.
The General flow of “IF” statement,
Syntax:
if (test_expression) {
statement
}
Examples:
Example 1
x <- 10
if(x > 0){
print(“Positive number”)
}
Example 2
X<-weekdays(Sys.Date())
if(X == “Monday”)
{ print(“Today is Monday”)}
But in a real time scenario, sometimes we need to run the set of codes when the condition is not match. If that is the case then we need to use if and else statement.
Syntax:
if (test_expression) {
statement1
} else {
statement2
}
Examples:
Example 1
x <- -1
if(x > 0){
print(“Positive Number”)
} else {
print(“Negative number”)
}
Example 2
X<-weekdays(Sys.Date())
if(X == “Monday”)
{ print(“Today is Monday”)} else
{ print (“Today is not Monday”)}
We can use Nested if and else statement,
Syntax:
if ( test_expression1) {
statement1
} else if ( test_expression2) {
statement2
} else if ( test_expression3) {
statement3
} else
statement4
Examples:
Example 1
x <- 0
if (x < 0) {
print(“Negative number”)
} else if (x > 0) {
print(“Positive number”)
} else
print(“Zero”)
Example 2
X<-weekdays(Sys.Date())
if(X == “Monday”)
{ print(“Today is Monday”)} else if (X==”Tuesday”)
{ print (“Today is Tuesday”)} else if (X==”Wednesday”)
{ print (“Today is Wednesay”)} else if (X==”Thursday”)
{ print (“Today is Thursday”)} else if (X==”Friday”)
{ print (“Today is Friday”)} else if (X==”Saturday”)
{ print (“Today is Saturday”)} else
{print (“Today is Sunday”)}
Azure PowerShell Commandlets Issues
As usual, I was trying to use PowerShell Command line tool to manage my azure services. I used to prefer PowerShell as we have more control on it. This time, I got an error message, I was not able to run any Azure commandlets but I was able to add my azure account.
The error message is bit tricky and to solve the issue, I just follow closed and re-opened but still I got the same error message. I found that I got something issue with my saved credentials (token).
Error message,
Get-AzureSubscription : Failed to refresh token. AADSTS90002 : No Service namespace named ‘ ‘ was not found in the data store.
Trace ID:XXXXXXXXXX
Correlation ID: XXXXXXXXXXXXXXXXXX
TimeStamp: 2015-09-12 13:24:477 : The remote server returned an error : (400) Bad Request.
I followed the below steps to solve the issue,
Step 1: Explored the following folder in your system, C:\Users\{User Name}\AppData\Roaming\Windows Azure Powershell.
Note: AppData folder will be in hidden by default and replace {User Name} into your system name.
Step 2: I saw the below files inside the folder and Just deleted all the files.
Step 3: Closed the PowerShell tool and reopen again.
Step 4: Added my azure account, this time, I was able to run all commands successfully.
New feature in Azure Storage
As we know, Microsoft Azure team keep updating the features for all the services. The one of the latest and noticeable update in Azure Storage service is “Account kind”.
This new feature introduced new interesting capabilities which will help customers to decide the right storage access tier.
Before “Account kind”, we used to create a storage account by just specifying the values for Name, Deployment Model, Performance & Location, of course, resource name. There was no data category kind of structure. In this latest update, we can have same the previous feature or we can categories the storage account like Hot or Cool.
The available options under “Account kind”,
1. General Purpose
2. Blob Storage
When we select “Blob Storage”, it will add a new option called “Access tier” which has “Cool” & “Hot” (default).
We can categories our data like “High access data” & “Low access data”. It depends on how frequently, we accessing the data. It has some advantages as well.
If you choose “Cool”, it has lower storage costs and higher access and transaction costs. If “Hot”, it has higher storage costs, lower access and transaction costs.
For more information, please check the Microsoft Azure Documentation here.
