How has Microsoft training and certification impacted your career?

by | Jul 6, 2022 | Technology

This article is contributed. See the original author and article here.

Microsoft invites you to participate in the annual IT Skills and Salary Survey led by Skillsoft. The Microsoft community have been strong supporters of the annual IT Skills and Salary Survey by Skillsoft for over eight years. If you’ve taken any Microsoft training or earned a Microsoft fundamentals, role-based, or specialty certification, we want you to represent Microsoft. 


 


Here are some key themes from the Skillsoft 2021 IT Skills and Salary Report, which will be available to download here. 



  • IT salaries continue to increase. 

  • IT values certifications. 

  • Certifications deliver value to organizations and employees. 

  • The skills gap remains a critical challenge. 

  • Investing in employee development can close skills gaps and help retain top talent. 

  • For the second year in a row, Cloud and Cybersecurity skills are the most in-demand, as IT decision-makers continue to struggle to hire in these areas.  

  • Once again, Microsoft holds the number one position in our top ten areas of focus for IT departments. 


 


All contributions collected in the survey are confidential and will offer insight into industry salaries, in-demand certifications, skill gaps, and the existing career landscape. Survey results help generate an annual report used by industry insiders, hiring managers, and IT professionals. Please help us contribute and take the 15-25 minute survey by 11:59 ET on Sunday, July 31, 2022. Don’t forget to invite your IT colleagues and communities to complete it as well!  


 


At the end of the survey, participants who request an advanced copy of the 2022 report before it’s published will be automatically entered to win a $100 gift card from Skillsoft. 


 


Take the IT Skills and Salary Survey now. 

OpenSSL Releases Security Update

by | Jul 6, 2022 | Security, Technology

This article is contributed. See the original author and article here.

OpenSSL has released a security update to address a vulnerability affecting OpenSSL 3.0.4. An attacker could exploit this vulnerability to take control of an affected system. 

CISA encourages users and administrators to review the OpenSSL advisory and upgrade to the appropriate version. 

How to build a modern field service organization

How to build a modern field service organization

by | Jul 6, 2022 | Dynamics 365, Microsoft 365, Technology

This article is contributed. See the original author and article here.

Field service organizations have traditionally operated under the break-fix modelthat is, responding to a device failure after the customer reports an issue. This operating model has grown antiquated due to rising costs and inefficiencies in labor and operations. It is also proving less than effective in satisfying the customer’s growing expectations.

The field service industry is evolving quickly in new and exciting directions with cutting-edge technology continuing to enter the arena. These innovations in technology and workflows are helping to transform field service by providing customers optimal device uptime, along with greater visibility, efficiency, and profitability. The evolution of field service includes automation, AI, new learning tools, and mixed reality to help technicians achieve success.  

The ability to capture, digest, and derive actionable insights from data is critical in modernizing a field service organization. Intelligent, predictive systems driven by AI can automate time-consuming manual tasks like collecting data, diagnosing problems, and identifying the best solution to resolve an issue. AI can optimize resource management, empower field teams through mixed reality and mobilization, and can improve customer service with proactive and predictive service. In short, AI is providing organizations the ability to optimize the delivery of field service.

While service organizations lay frameworks of sensors and solutions to capture data across every facet of their organization, AI and machine learning represent the next steps that organizations are taking to leverage the value of the captured information. The ultimate goal is to transition from a reactive, break-fix service model to one that is proactive and predictive, achieving a near constant uptime. 

One organization leveraging mixed reality and field service is Burckhardt Compression. The leading global compressor company adopted Microsoft Dynamics 365 Remote Assist and Dynamics 365 Field Service so that engineers can quickly collaborate with ship technicians in remote locations and provide specialized mechanical expertise. They successfully reduced costs, decreased its carbon footprint, and can now respond to customer needs in mere minutes instead of days.

Improve the customer experience

Field service customers need stability and reliability in their businesses. They want visibility into their assets and need to minimize downtime when breakdowns occur.

Prior to AI-empowered systems, the customer would have to actively reach out to report that the device had failed. Depending on the type of failure, work using the device could be slowed or blocked for days or weeks until a technician could complete the repairs. Without intelligent support, the technician may need to return for follow-up visits, unnecessarily wasting both time and money.

AI allows for automated, remote self-healing and predictive forecasting, monitoring, and analyzing connected devices for potential issues. If one is identified, the system can remotely attempt to resolve problems through self-healing processes, like having the device restart itself during an off-time to mitigate an overheating failure. Using historical device data and predictive analytics, the system might make a recommendation to schedule a technician site visit to head off future problems, notifying the customer of the work order. The customer could then plan around the scheduled downtime and even track the technician’s arrival to the appointment in real-time.

During the visit, using recommendations from the system, the technician would be able to discuss additional products and services with the customer that meet their specific usage and operating needs. Ultimately, the customer gains more control over their assets, and the field service organization is empowered to provide improved service delivery capabilities.

Increase technician productivity

To be the most effective and prevent costly return visits, technicians must have complete access to the information and real-time guidance they need. The technician could utilize a digital twin of the device to learn about its status and operating condition, and to train on the particular problem that requires repair. AI’s cognitive capabilities can even help optimize repairs before a technician arrives, taking care of routine diagnostics and testing for common or similar issues. These capabilities ensure the technician is better prepared for the work and that their timeand the customer’sis used efficiently.

The technician’s mobile service app empowers the technician to better manage appointment schedules and access turn-by-turn driving directions to the customer site. Onsite, this app can highlight the top two to three possibilities that might be wrong with the device. Chatbots can assist in locating customer, product, and work order information. Mixed reality tools, like Dynamics 365 Remote Assist, can create 3D renderings overlaid directly onto the device, highlighting missing or broken parts and allowing the technician to view performance data. AI can use data from predictive analytics to make just-in-time recommendations. A headset can be worn to identify irregularities and help maintain focus on the right issues without having to stop and troubleshoot, ensuring work is completed correctly the first time. And the technician can obtain assistance from a more experienced technician through Microsoft Teams if the issue is beyond their current skill set.

Optimize resource management

And finally, effectively managing resources, such as inventory and technician time, is at the heart of the challenge for any field service organization, creating a powerful competitive advantage when performed well. 

In a traditional field service organization, technicians are often dispatched based on availability, not proximity to the customer or experience with a specified device. A technician may arrive on-site with limited access to customer information and device history, impacting the ability to complete the repair on a first visit and driving up overall costs for the customer and the field service organization.

As an example, let’s look at a manufacturing customer experiencing a device failure. When a work order is scheduled in an intelligent system, assignments are optimized using multiple factors, such as a technician’s experience in handling the specific failure, the customer’s preferred technician, or the proximity to the site. Leveraging machine learning, this intelligent system can automatically assign the work order to the closest, best available technician matching specific criteria.

If the device were outfitted with an Internet of Things (IoT)-connected sensor, a real-time alert would be sent, triggering an automatic service request. The system would attempt to self-heal the issue first, and if unsuccessful, a technician would then analyze the data and commit a repair remotely, often without the customer ever knowing there was a problem. Sending the technician for an onsite visit would be the last option if the device could not be repaired remotely.

As more requests come in, the system would then optimize the technician’s schedule to create the most efficient path to navigate, allowing the technician more time to perform additional calls per day and driving greater revenue.

Real-time inventory management ensures that the replacement part is available on the scheduled date and that the technician has access to the tools needed to complete the repair. The system can identify the best parts to replace, where they should be purchased, and provide more accurate lead time predictions for the organization. Field service managers and technicians alike can synchronize and track inventory down to the truck level with real-time visibility to increase first time fix rates.

Get started today

AI enables field service organizations to evolve from the break-fix model by empowering technicians, optimizing resources, and improving customer experiences.

Microsoft offers a unique combination of world-class IoT, intelligence, scalability, and end-to-end field service capabilities. 

Learn more aboutDynamics 365 Field Service and how it can transform your service organization.

Get started today with a live demo or a free trial today.

The post How to build a modern field service organization appeared first on Microsoft Dynamics 365 Blog.

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector

by | Jul 6, 2022 | Security, Technology

This article is contributed. See the original author and article here.

CISA, the Federal Bureau of Investigation (FBI), and the Department of the Treasury (Treasury) have released a joint Cybersecurity Advisory (CSA), North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector, to provide information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health (HPH) Sector organizations. 

CISA, FBI and Treasury urge network defenders to examine their current cybersecurity posture and apply the recommended mitigations in this joint CSA, which include:

  • Train users to recognize and report phishing attempts.
  • Enable and enforce multifactor authentication.
  • Install and regularly update antivirus and antimalware software on all hosts.

See North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector for Maui ransomware tactics, techniques, and procedures, indicators of compromise, and recommended mitigations. Additionally, review StopRansomware.gov for more guidance on ransomware protection, detection, and response.

For more information on state-sponsored North Korean malicious cyber activity, see CISA’s North Korea Cyber Threat Overview and Advisories webpage. 

North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector

by | Jul 6, 2022 | Security, Technology

This article is contributed. See the original author and article here.

Summary

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury (Treasury) are releasing this joint Cybersecurity Advisory (CSA) to provide information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health (HPH) Sector organizations.

This joint CSA provides information—including tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs)—on Maui ransomware obtained from FBI incident response activities and industry analysis of a Maui sample. The FBI, CISA, and Treasury urge HPH Sector organizations as well as other critical infrastructure organizations to apply the recommendations in the Mitigations section of this CSA to reduce the likelihood of compromise from ransomware operations. Victims of Maui ransomware should report the incident to their local FBI field office or CISA. 

The FBI, CISA, and Treasury highly discourage paying ransoms as doing so does not guarantee files and records will be recovered and may pose sanctions risks. Note: in September 2021, Treasury issued an updated advisory highlighting the sanctions risks associated with ransomware payments and the proactive steps companies can take to mitigate such risks. Specifically, the updated advisory encourages U.S. entities to adopt and improve cybersecurity practices and report ransomware attacks to, and fully cooperate with, law enforcement. The updated advisory states that when affected parties take these proactive steps, Treasury’s Office of Foreign Assets Control (OFAC) would be more likely to resolve apparent sanctions violations involving ransomware attacks with a non-public enforcement response.

For more information on state-sponsored North Korean malicious cyber activity, see CISA’s North Korea Cyber Threat Overview and Advisories webpage. 

Download the PDF version of this report: pdf, 553 kb.

Click here for STIX.

Technical Details

Since May 2021, the FBI has observed and responded to multiple Maui ransomware incidents at HPH Sector organizations. North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services—including electronic health records services, diagnostics services, imaging services, and intranet services. In some cases, these incidents disrupted the services provided by the targeted HPH Sector organizations for prolonged periods. The initial access vector(s) for these incidents is unknown.

Maui Ransomware

Maui ransomware (maui.exe) is an encryption binary. According to industry analysis of a sample of Maui (SHA256: 5b7ecf7e9d0715f1122baf4ce745c5fcd769dee48150616753fec4d6da16e99e) provided in Stairwell Threat Report: Maui Ransomware—the ransomware appears to be designed for manual execution [TA0002] by a remote actor. The remote actor uses command-line interface [T1059.008] to interact with the malware and to identify files to encrypt. 

Maui uses a combination of Advanced Encryption Standard (AES), RSA, and XOR encryption to encrypt [T1486] target files:

  1. Maui encrypts target files with AES 128-bit encryption. Each encrypted file has a unique AES key, and each file contains a custom header with the file’s original path, allowing Maui to identify previously encrypted files. The header also contains encrypted copies of the AES key.
  2. Maui encrypts each AES key with RSA encryption.
    • Maui loads the RSA public (maui.key) and private (maui.evd) keys in the same directory as itself. 
  3. Maui encodes the RSA public key (maui.key) using XOR encryption. The XOR key is generated from hard drive information (.PhysicalDrive0).

During encryption, Maui creates a temporary file for each file it encrypts using GetTempFileNameW(). Maui uses the temporary to stage output from encryption. After encrypting files, Maui creates maui.log, which contains output from Maui execution. Actors likely exfiltrate [TA0010] maui.log and decrypt the file using associated decryption tools.

See Stairwell Threat Report: Maui Ransomware for additional information on Maui ransomware, including YARA rules and a key extractor.

Indicators of Compromise

See table 1 for Maui ransomware IOCs obtained from FBI incident response activities since May 2021. 
 

Table 1: Maui Ransomware IOCs

Indicator Type Value
Filename maui.exe
maui.log
maui.key
maui.evd
aui.exe
MD5 Hash 4118d9adce7350c3eedeb056a3335346
9b0e7c460a80f740d455a7521f0eada1
fda3a19afa85912f6dc8452675245d6b
2d02f5499d35a8dffb4c8bc0b7fec5c2
c50b839f2fc3ce5a385b9ae1c05def3a
a452a5f693036320b580d28ee55ae2a3
a6e1efd70a077be032f052bb75544358
802e7d6e80d7a60e17f9ffbd62fcbbeb
SHA256 Hash 5b7ecf7e9d0715f1122baf4ce745c5fcd769dee48150616753fec4d6da16e99e
45d8ac1ac692d6bb0fe776620371fca02b60cac8db23c4cc7ab5df262da42b78
56925a1f7d853d814f80e98a1c4890b0a6a84c83a8eded34c585c98b2df6ab19
830207029d83fd46a4a89cd623103ba2321b866428aa04360376e6a390063570
458d258005f39d72ce47c111a7d17e8c52fe5fc7dd98575771640d9009385456
99b0056b7cc2e305d4ccb0ac0a8a270d3fceb21ef6fc2eb13521a930cea8bd9f
3b9fe1713f638f85f20ea56fd09d20a96cd6d288732b04b073248b56cdaef878
87bdb1de1dd6b0b75879d8b8aef80b562ec4fad365d7abbc629bcfc1d386afa6

Attribution to North Korean State-Sponsored Cyber Actors

The FBI assesses North Korean state-sponsored cyber actors have deployed Maui ransomware against Healthcare and Public Health Sector organizations. The North Korean state-sponsored cyber actors likely assume healthcare organizations are willing to pay ransoms because these organizations provide services that are critical to human life and health. Because of this assumption, the FBI, CISA, and Treasury assess North Korean state-sponsored actors are likely to continue targeting HPH Sector organizations. 

Mitigations

The FBI, CISA, and Treasury urge HPH Sector organizations to:

  • Limit access to data by deploying public key infrastructure and digital certificates to authenticate connections with the network, Internet of Things (IoT) medical devices, and the electronic health record system, as well as to ensure data packages are not manipulated while in transit from man-in-the-middle attacks. 
  • Use standard user accounts on internal systems instead of administrative accounts, which allow for overarching administrative system privileges and do not ensure least privilege.  
  • Turn off network device management interfaces such as Telnet, SSH, Winbox, and HTTP for wide area networks (WANs) and secure with strong passwords and encryption when enabled. 
  • Secure personal identifiable information (PII)/patient health information (PHI) at collection points and encrypt the data at rest and in transit by using technologies such as Transport Layer Security (TPS). Only store personal patient data on internal systems that are protected by firewalls, and ensure extensive backups are available if data is ever compromised. 
  • Protect stored data by masking the permanent account number (PAN) when it is displayed and rendering it unreadable when it is stored—through cryptography, for example. 
  • Secure the collection, storage, and processing practices for PII and PHI, per regulations such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Implementing HIPAA security measures can prevent the introduction of malware on the system. 
  • Implement and enforce multi-layer network segmentation with the most critical communications and data resting on the most secure and reliable layer. 
  • Use monitoring tools to observe whether IoT devices are behaving erratically due to a compromise. 
  • Create and regularly review internal policies that regulate the collection, storage, access, and monitoring of PII/PHI.

In addition, the FBI, CISA, and Treasury urge all organizations, including HPH Sector organizations, to apply the following recommendations to prepare for, mitigate/prevent, and respond to ransomware incidents.

Preparing for Ransomware

  • Maintain offline (i.e., physically disconnected) backups of data, and regularly test backup and restoration. These practices safeguard an organization’s continuity of operations or at least minimize potential downtime from a ransomware incident and protect against data losses.
    • Ensure all backup data is encrypted, immutable (i.e., cannot be altered or deleted), and covers the entire organization’s data infrastructure. 
  • Create, maintain, and exercise a basic cyber incident response plan and associated communications plan that includes response procedures for a ransomware incident.
    • Organizations should also ensure their incident response and communications plans include response and notification procedures for data breach incidents. Ensure the notification procedures adhere to applicable state laws. 
    • See CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide and CISA Fact Sheet Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches for information on creating a ransomware response checklist and planning and responding to ransomware-caused data breaches.

Mitigating and Preventing Ransomware

  • Install updates for operating systems, software, and firmware as soon as they are released. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats. Regularly check for software updates and end-of-life notifications and prioritize patching known exploited vulnerabilities. Consider leveraging a centralized patch management system to automate and expedite the process.
  • If you use Remote Desktop Protocol (RDP), or other potentially risky services, secure and monitor them closely.
    • Limit access to resources over internal networks, especially by restricting RDP and using virtual desktop infrastructure. After assessing risks, if RDP is deemed operationally necessary, restrict the originating sources, and require multifactor authentication (MFA) to mitigate credential theft and reuse. If RDP must be available externally, use a virtual private network (VPN), virtual desktop infrastructure, or other means to authenticate and secure the connection before allowing RDP to connect to internal devices. Monitor remote access/RDP logs, enforce account lockouts after a specified number of attempts to block brute force campaigns, log RDP login attempts, and disable unused remote access/RDP ports.
    • Ensure devices are properly configured and that security features are enabled. Disable ports and protocols that are not being used for a business purpose (e.g., RDP Transmission Control Protocol Port 3389). 
    • Restrict Server Message Block (SMB) Protocol within the network to only access servers that are necessary and remove or disable outdated versions of SMB (i.e., SMB version 1). Threat actors use SMB to propagate malware across organizations.
    • Review the security posture of third-party vendors and those interconnected with your organization. Ensure all connections between third-party vendors and outside software or hardware are monitored and reviewed for suspicious activity.
    • Implement listing policies for applications and remote access that only allow systems to execute known and permitted programs under an established.
    • Open document readers in protected viewing modes to help prevent active content from running.
  • Implement user training program and phishing exercises to raise awareness among users about the risks of visiting suspicious websites, clicking on suspicious links, and opening suspicious attachments. Reinforce the appropriate user response to phishing and spearphishing emails. 
  • Require MFA for as many services as possible—particularly for webmail, VPNs, accounts that access critical systems, and privileged accounts that manage backups. 
  • Use strong passwords and avoid reusing passwords for multiple accounts. See CISA Tip Choosing and Protecting Passwords and National Institute of Standards and Technology (NIST) Special Publication 800-63B: Digital Identity Guidelines for more information.
  • Require administrator credentials to install software.
  • Audit user accounts with administrative or elevated privileges and configure access controls with least privilege in mind.
  • Install and regularly update antivirus and antimalware software on all hosts.
  • Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN.
  • Consider adding an email banner to messages coming from outside your organizations.
  • Disable hyperlinks in received emails.

Responding to Ransomware Incidents

If a ransomware incident occurs at your organization:

  • Follow your organization’s Ransomware Response Checklist (see Preparing for Ransomware section). 
  • Scan backups. If possible, scan backup data with an antivirus program to check that it is free of malware. This should be performed using an isolated, trusted system to avoid exposing backups to potential compromise.
  • Follow the notification requirements as outlined in your cyber incident response plan. 
  • Report incidents to the FBI at a local FBI Field Office, CISA at us-cert.cisa.gov/report, or the U.S. Secret Service (USSS) at a USSS Field Office
  • Apply incident response best practices found in the joint Cybersecurity Advisory, Technical Approaches to Uncovering and Remediating Malicious Activity, developed by CISA and the cybersecurity authorities of Australia, Canada, New Zealand, and the United Kingdom.

Note: the FBI, CISA, and Treasury strongly discourage paying ransoms as doing so does not guarantee files and records will be recovered and may pose sanctions risks. 

Request for Information

The FBI is seeking any information that can be shared, to include boundary logs showing communication to and from foreign IP addresses, bitcoin wallet information, the decryptor file, and/or benign samples of encrypted files. As stated above, the FBI discourages paying ransoms. Payment does not guarantee files will be recovered and may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. However, the FBI understands that when victims are faced with an inability to function, all options are evaluated to protect shareholders, employees, and customers. Regardless of whether you or your organization have decided to pay the ransom, the FBI, CISA, and Treasury urge you to promptly report ransomware incidents to the FBI at a local FBI Field Office, CISA at us-cert.cisa.gov/report, or the USSS at a USSS Field Office. Doing so provides the U.S. Government with critical information needed to prevent future attacks by identifying and tracking ransomware actors and holding them accountable under U.S. law.

Resources 

  • For more information and resources on protecting against and responding to ransomware, refer to StopRansomware.gov, a centralized, U.S. whole-of-government webpage providing ransomware resources and alerts.
  • CISA’s Ransomware Readiness Assessment is a no-cost self-assessment based on a tiered set of practices to help organizations better assess how well they are equipped to defend and recover from a ransomware incident.
  • A guide that helps organizations mitigate a ransomware attack and provides a Ransomware Response Checklists: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide.
  • The U.S. Department of State’s Rewards for Justice (RFJ) program offers a reward of up to $10 million for reports of foreign government malicious activity against U.S. critical infrastructure. See the RFJ website for more information and how to report information securely. 

Acknowledgements

The FBI, CISA, and Treasury would like to thank Stairwell for their contributions to this CSA. 

Contact Information

To report suspicious or criminal activity related to information found in this Joint Cybersecurity Advisory, contact your local FBI field office at fbi.gov/contact-us/field, or the FBI’s 24/7 Cyber Watch (CyWatch) at (855) 292-3937 or by e-mail at CyWatch@fbi.gov. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting company or organization; and a designated point of contact. To request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov

Revisions

July 6, 2022: Initial Version

July 7, 2022: Added STIX

This product is provided subject to this Notification and this Privacy & Use policy.

Cross region replication using Data-in replication with Azure Database for MySQL – Flexible Server

Cross region replication using Data-in replication with Azure Database for MySQL – Flexible Server

by | Jul 5, 2022 | Technology

This article is contributed. See the original author and article here.

MySQL workloads are often read-heavy and support customers with operations in different geographical locations. To provide for Disaster Recovery (DR) in the rare event of a regional disaster, Azure Database for MySQL – Flexible Server offers Geo-restore. An alternate option for DR or read scaling across regions is to create an Azure Database for MySQL flexible server as the source server and then to replicate its data to a server in another region using Data-in replication. This set up helps improve the Recovery Time Objective (RTO) as compared to geo-restore and the Recovery Point Objective (RPO) will be equal to the replication lag between the primary server and the replica server.


 


Data-in replication, which is based on the binary log (binlog) file position, enables synchronization of data from one Azure Database for MySQL flexible service to another. To learn more about binlog replication, see MySQL binlog replication overview.


 


In this blog post, I’ll use mydumper/myloader and Data-in replication to create cross region replication from one Azure Database for MySQL flexible server to another in a different region, and then I’ll synchronize the data.


 


Prerequisites


To complete this tutorial, I need:



  1. A primary and secondary Azure Database for MySQL flexible server, one in each of two different regions, running either version 5.7 or 8.0 (it is recommended to have the same version running on the two servers. For more information, see Create an Azure Database for MySQL flexible server.


    Note: Currently, this procedure is supported only on flexible servers that are not HA enabled.





  1. An Azure VM running Linux that can connect to both the primary and replica servers in different regions. The VM should have the following client tools installed.




  1. A sample database for testing the replication. Download mysqlsampledatabase.zip, and then run the included script on the primary server to create the sample classicmodels database.

  2. The binlog_expire_logs_seconds parameter on the primary server configured to ensure that binlogs aren’t purged before the replica commits the changes.

  3. The gtid_mode parameter set to same value on both the primary and replica servers. Configure this on the Server parameters page.

  4. Networking configured to ensure that primary server and replica server can communicate with each other.



  • For Public access, on the Networking page, under Firewall rules, ensure that the primary server firewall allows connection from the replica server by verifying that the Allow public access from any Azure service…check box is selected. For more information, in the article Public Network Access for Azure Database for MySQL – Flexible Server, see Firewall rules.

  • For Private access, ensure that the replica server can resolve the FQDN of the primary server and connect over the network. To accomplish this, use VNet peering or VNet-to-VNet VPN gateway connection.



Configure Data-in replication between the primary and replica servers


To configure Data-in replication, I’ll perform the following steps:



  1. On the Azure VM, use the mysql client tool to connect to the primary and replica servers.

  2. On the primary server, verify that log_bin is enabled by using the mysql client tool to run the following command:

    SHOW VARIABLES LIKE 'log_bin';​



 


3. On the source server, create a user with the replication permission by running the appropriate command, based on SSL enforcement.

If you’re using SSL, run the following command:


 


 

CREATE USER 'syncuser'@'%' IDENTIFIED BY 'yourpassword';
GRANT REPLICATION SLAVE ON *.* TO ' syncuser'@'%' REQUIRE SSL;

 



If you’re not using SSL, run the following command:


 


 

CREATE USER 'syncuser'@'%' IDENTIFIED BY 'yourpassword';
GRANT REPLICATION SLAVE ON *.* TO ' syncuser'@'%';

 


 


4. On the Azure VM, use mydumper to back up the primary server database by running the following command:


 


 

mydumper --host=<primary_server>.mysql.database.azure.com --user=<username> --password=<Password> --outputdir=./backup --rows=100 -G -E -R -z --trx-consistency-only --compress --build-empty-files --threads=16 --compress-protocol --ssl  --regex '^(classicmodels.)' -L mydumper-logs.txt​

 


 


  –host: Name of the primary server


  –user: Name of a user having permission to dump the database.


  –password: Password of the user above


  –trx-consistency-only: Required for transactional consistency during backup.

For more information about using mydumper, see mydumper/myloader.


 


5. Restore the database using myloader by running the following command:


 


 

myloader --host=<servername>.mysql.database.azure.com --user=<username> --password=<Password> --directory=./backup --queries-per-transaction=100 --threads=16 --compress-protocol --ssl --verbose=3 -e 2>myloader-logs.txt

 


 


–host: Name of the replica server.


–user: Name of a user. You can use server admin or a user with readwrite permission capable of restoring the schemas and data to the database.


–password: Password of the user above.



  1. Read the metadata file to determine the binary log file name and offset by running the following command:

    cat ./backup/metadata​


    In this command, ./backup refers to the output directory specified in the command in the previous step.

    The results should appear as shown in the following image:



image1_crossregion.png


 



  1. Depending on the SSL enforcement on the primary server, connect to the replica server using the mysql client tool, and then perform the following the steps.


    If SSL enforcement is enabled, then:

    a. Download the certificate needed to communicate over SSL with your Azure Database for MySQL server from here.
    b. In Notepad, open the file, and then copy and paste the contents into the command below, replacing the text “PLACE PUBLIC KEY CERTIFICATE CONTEXT HERE“.

    SET @cert = ‘-----BEGIN CERTIFICATE-----
PLACE PUBLIC KEY CERTIFICATE CONTEXT HERE 
-----END CERTIFICATE-----'


    c. To configure Data-in replication, run the updated command above along with the following command to set @cert

    CALL mysql.az_replication_change_master(‘<Primary_server>.mysql.database.azure.com’, ‘<username>’, ‘<Password>’, 3306, ‘<File_Name>’, <Position>, @cert);

     


    If SSL enforcement isn’t enabled, then run the following command:

    CALL mysql.az_replication_change_master(‘<Primary_server>.mysql.database.azure.com’, ‘<username>’, ‘<Password>’, 3306, ‘<File_Name>’, <Position>, ‘’);

     




–Primary_server: Name of the primary server


–username: Replica user created in step 4


–Password:  Password of the replica user created in step 4


–File_Name and Position: From the information in step 7


8. On the replica server, to ensure that write traffic is not accepted, set the server parameter read_only to ON.


 


 

call mysql.az_replication_start;

 


 



  1. On the replica server, to ensure that write traffic is not accepted, set the server parameter read_only to ON.


 


Test the replication


On the replica server, to check the replication status, run the following command:


 


 

show slave status G;

 


 


In the results, if the state of Slave_IO_Running and Slave_SQL_Running shows “Yes” and Slave_IO_State is “Waiting for master to send event”, then replication is working well. You can also check Seconds_Behind_Master, which indicates how late the replica is. If the value is something other than 0, then the replica is still processing updates.


For more information on the output of the show slave status command, in the MySQL documentation, see SHOW SLAVE STATUS Statement.


For details on troubleshooting replication, see the following resources:



 


Optional


To confirm that cross region is working properly, you can verify that the changes to the tables in primary have been replicated to the replica.



  1. Identify a table to use for testing, for example the Customers table, and then confirm that it contains the same number of entries on both the primary and replica servers by running the following command on each server:


 

select count(*) from customers;

 


 



  1. Make a note of the count of entries in each table for later comparison.


To confirm that replication is working properly, on the primary server, add some data to the Customer table. Next, run the select count command each of the primary and replica servers to verify that the entry count on the replica server has increased to match the entry count on the primary server.


Note: For more information about how to monitor Data-in replication and create alerts for potential replication failures, see Monitoring and creating alerts for Data-in replication with Azure Database for MySQL-Flexible Server.


Conclusion


We’ve now set up replication between Azure Database for MySQL flexible servers in two different regions. Any changes to primary instance in one region will be replicated to the server in the other region by using the native replication technique. Take advantage of this solution to scale read workloads or to address DR considerations for potential regional disasters.



If you have any feedback or questions about the information provided above, please leave a comment below or email us at AskAzureDBforMySQL@service.microsoft.com. Thank you!

Prepare for a New Cryptographic Standard to Protect Against Future Quantum-Based Threats

by | Jul 5, 2022 | Security, Technology

This article is contributed. See the original author and article here.

The National Institute of Standards and Technology (NIST) has announced that a new post-quantum cryptographic standard will replace current public-key cryptography, which is vulnerable to quantum-based attacks. Note: the term “post-quantum cryptography” is often referred to as “quantum-resistant cryptography” and includes, “cryptographic algorithms or methods that are assessed not to be specifically vulnerable to attack by either a CRQC [cryptanalytically relevant quantum computer] or classical computer.” (See the National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems for more information).

Although NIST will not publish the new post-quantum cryptographic standard for use by commercial products until 2024, CISA and NIST strongly recommend organizations start preparing for the transition now by following the Post-Quantum Cryptography Roadmap, which includes:

  • Inventorying your organization’s systems for applications that use public-key cryptography.
  • Testing the new post-quantum cryptographic standard in a lab environment; however, organizations should wait until the official release to implement the new standard in a production environment.
  • Creating a plan for transitioning your organization’s systems to the new cryptographic standard that includes:
    • Performing an interdependence analysis, which should reveal issues that may impact the order of systems transition;
    • Decommissioning old technology that will become unsupported upon publication of the new standard; and
    • Ensuring validation and testing of products that incorporate the new standard.
  • Creating acquisition policies regarding post-quantum cryptography. This process should include:
    • Setting new service levels for the transition.
    • Surveying vendors to determine possible integration into your organization’s roadmap and to identify needed foundational technologies.
  • Alerting your organization’s IT departments and vendors about the upcoming transition.
  • Educating your organization’s workforce about the upcoming transition and providing any applicable training.

For additional guidance and background, CISA and NIST strongly encourage users and administrators to review: