Merge pull request #22 from MicrosoftDocs/main

8/15/2024 AM Publish
MicrosoftDocs · Aug 15, 2024 · 6123f44 · 6123f44
2 parents 75363da + 32864b7
commit 6123f44
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 13 deletions.
diff --git a/articles/mysql/flexible-server/concepts-maintenance.md b/articles/mysql/flexible-server/concepts-maintenance.md
@@ -101,6 +101,19 @@ There's no limitation on how many times a maintenance can be rescheduled, as lon
 
 Use this feature to avoid disruptions during critical database operations. We encourage your feedback as we continue to develop this functionality.
 
+## FAQ
+
+**Q: Why did some of my servers receive maintenance notifications while others did not?**
+
+A: The maintenance start times differ across regions, so servers in different regions may receive maintenance notifications at different times.
+
+**Q: Why did some servers in the same region receive maintenance notifications while others did not?**
+
+A: This could be because the servers that did not receive notifications were created more recently, and the system determined that they do not yet require maintenance.
+
+**Q: Can I opt out of scheduled maintenance?**
+
+A: No, opting out of scheduled maintenance is not allowed. However, you can use the maintenance reschedule feature to adjust the timing or enable the High Availability (HA) feature to minimize downtime. As a PaaS database product, it's essential to perform timely maintenance to ensure the security and reliability of your database.
 
 ## Next steps
 

diff --git a/articles/mysql/flexible-server/concepts-networking.md b/articles/mysql/flexible-server/concepts-networking.md
@@ -72,7 +72,7 @@ Azure Database for MySQL flexible server supports encrypted connections using Tr
 Following are the different configurations of SSL and TLS settings you can have for your flexible server:
 
 >[!IMPORTANT]
->Starting in early September 2024, new servers will no longer be permitted to use TLS 1.0 or 1.1, and existing servers will not be allowed to downgrade to these versions. Beginning mid-September 2024, we will initiate a mandatory upgrade of all servers currently using TLS 1.0 or 1.1 to TLS 1.2. This upgrade process is expected to be completed by the end of September 2024. We strongly recommend that customers ensure their applications are fully compatible with TLS 1.2 before the end of September.
+> According to [Removal of Support for the TLS 1.0 and TLS 1.1 Protocols](https://dev.mysql.com/doc/refman/8.0/en/encrypted-connection-protocols-ciphers.html#encrypted-connection-deprecated-protocols), starting in early September 2024, new servers will no longer be permitted to use TLS 1.0 or 1.1, and existing servers will not be allowed to downgrade to these versions. Beginning mid-September 2024, we will initiate a mandatory upgrade of all servers currently using TLS 1.0 or 1.1 to TLS 1.2. This upgrade process is expected to be completed by the end of September 2024. We strongly recommend that customers ensure their applications are fully compatible with TLS 1.2 before the end of September.
 
 | Scenario | Server parameter settings | Description |
 | --- | --- | --- |
@@ -85,11 +85,10 @@ Following are the different configurations of SSL and TLS settings you can have
 > Changes to SSL Cipher on the flexible server is not supported. FIPS cipher suites is enforced by default when tls_version is set to TLS version 1.2. For TLS versions other than version 1.2, SSL Cipher is set to default settings which comes with MySQL community installation.
 
 
-Review how to [connect using SSL/TLS](how-to-connect-tls-ssl.md) to learn more.
+Review [connect using SSL/TLS](how-to-connect-tls-ssl.md#verify-the-tlsssl-connection) to learn how to identify the TLS version you are using .
 
 ## Next steps
 
 - Learn how to enable private access (VNet integration) using the [Azure portal](how-to-manage-virtual-network-portal.md) or [Azure CLI](how-to-manage-virtual-network-cli.md)
 - Learn how to enable public access (allowed IP addresses) using the [Azure portal](how-to-manage-firewall-portal.md) or [Azure CLI](how-to-manage-firewall-cli.md)
 - Learn how to [configure private link for Azure Database for MySQL flexible server from Azure portal](how-to-networking-private-link-portal.md).
-
diff --git a/articles/mysql/flexible-server/how-to-connect-tls-ssl.md b/articles/mysql/flexible-server/how-to-connect-tls-ssl.md
@@ -21,16 +21,18 @@ Azure Database for MySQL flexible server supports encrypted connections using Tr
 
 Following are the different configurations of SSL and TLS settings you can have for your Azure Database for MySQL flexible server instance:
 
+> [!IMPORTANT]
+> According to [Removal of Support for the TLS 1.0 and TLS 1.1 Protocols](https://dev.mysql.com/doc/refman/8.0/en/encrypted-connection-protocols-ciphers.html#encrypted-connection-deprecated-protocols), starting in early September 2024, new servers will no longer be permitted to use TLS 1.0 or 1.1, and existing servers will not be allowed to downgrade to these versions. Beginning mid-September 2024, we will initiate a mandatory upgrade of all servers currently using TLS 1.0 or 1.1 to TLS 1.2. This upgrade process is expected to be completed by the end of September 2024. We strongly recommend that customers ensure their applications are fully compatible with TLS 1.2 before the end of September.
+
 | Scenario | Server parameter settings | Description |
 | --- | --- | --- |
 | Disable SSL enforcement | require_secure_transport = OFF | If your legacy application doesn't support encrypted connections to Azure Database for MySQL flexible server, you can disable enforcement of encrypted connections to your Azure Database for MySQL flexible server instance by setting require_secure_transport=OFF. |
-| Enforce SSL with TLS version < 1.2 | require_secure_transport = ON and tls_version = TLS 1.0 or TLS 1.1 | If your legacy application supports encrypted connections but requires TLS version < 1.2, you can enable encrypted connections, but configure your Azure Database for MySQL flexible server instance to allow connections with the TLS version (1.0 or 1.1) supported by your application. Supported only with Azure Database for MySQL flexible server version v5.7 |
+| Enforce SSL with TLS version < 1.2 (Will be deprecated in September 2024)| require_secure_transport = ON and tls_version = TLS 1.0 or TLS 1.1 | If your legacy application supports encrypted connections but requires TLS version < 1.2, you can enable encrypted connections, but configure your Azure Database for MySQL flexible server instance to allow connections with the TLS version (1.0 or 1.1) supported by your application. Supported only with Azure Database for MySQL flexible server version v5.7 |
 | Enforce SSL with TLS version = 1.2(Default configuration) | require_secure_transport = ON and tls_version = TLS 1.2 | This is the recommended and default configuration for Azure Database for MySQL flexible server. |
 | Enforce SSL with TLS version = 1.3 | require_secure_transport = ON and tls_version = TLS 1.3 | This is useful and recommended for new applications development. Supported only with Azure Database for MySQL flexible server version v8.0 |
 
 > [!NOTE]  
-> - Changes to SSL Cipher on Azure Database for MySQL flexible server is not supported. FIPS cipher suites is enforced by default when tls_version is set to TLS version 1.2 . For TLS versions other than version 1.2, SSL Cipher is set to default settings which comes with MySQL community installation.
-> - MySQL open-source community editions starting with the release of MySQL versions 8.0.26 and 5.7.35, the TLS 1.0 and TLS 1.1 protocols are deprecated. These protocols released in 1996 and 2006, respectively to encrypt data in motion, are considered weak, outdated, and vulnerable to security threats. For more information, see [Removal of Support for the TLS 1.0 and TLS 1.1 Protocols](https://dev.mysql.com/doc/refman/8.0/en/encrypted-connection-protocols-ciphers.html#encrypted-connection-deprecated-protocols). Azure Database for MySQL flexible server also stops supporting TLS versions once the community stops the support for the protocol, to align with modern security standards.
+> Changes to SSL Cipher on Azure Database for MySQL flexible server is not supported. FIPS cipher suites is enforced by default when tls_version is set to TLS version 1.2 . For TLS versions other than version 1.2, SSL Cipher is set to default settings which comes with MySQL community installation.
 
 In this article, you learn how to:
 
@@ -94,7 +96,7 @@ To set TLS versions on your Azure Database for MySQL flexible server instance, y
 
 | Azure Database for MySQL flexible server version | Supported Values of tls_version | Default Setting |
 | --- | --- | --- |
-| MySQL 5.7 | TLS 1.0, TLS 1.1, TLS 1.2 | TLS 1.2 |
+| MySQL 5.7 | TLS 1.0, TLS 1.1(Will be deprecated in September 2024) TLS 1.2 | TLS 1.2 |
 | MySQL 8.0	 | TLS 1.2, TLS 1.3 | TLS 1.2 |
 
 ## Connect using mysql command-line client with TLS/SSL

diff --git a/articles/mysql/select-right-deployment-type.md b/articles/mysql/select-right-deployment-type.md
@@ -24,6 +24,8 @@ When making your decision, consider the following two options:
 
    - [Flexible Server](flexible-server/overview.md) is a fully managed production-ready database service designed for more granular control and flexibility over database management functions and configuration settings. The flexible server architecture allows users to opt for high availability within a single availability zone and across multiple availability zones. Flexible servers provide better cost optimization controls with the ability to stop/start the server and burstable compute tier, ideal for workloads that don't need full compute capacity continuously. Flexible Server also supports reserved instances allowing you to save up to 63% cost, which is ideal for production workloads with predictable compute capacity requirements. The service supports the community version of MySQL 5.7 and 8.0. The service is generally available today in various [Azure regions](flexible-server/overview.md#azure-regions). Flexible servers are best suited for all new developments and migration of production workloads to Azure Database for MySQL service.
 
+   - [Single Server](single-server/single-server-overview.md) is a fully managed database service designed for minimal customization. The single server platform is designed to handle most database management functions such as patching, backups, high availability, and security with minimal user configuration and control. The architecture is optimized for built-in high availability with 99.99% availability in a single availability zone. It supports the community version of MySQL 5.6 (retired), 5.7, and 8.0. The service is generally available today in various [Azure regions](https://azure.microsoft.com/global-infrastructure/services/). Single servers are best-suited **only for existing applications already leveraging single servers**. It's recommended to choose Flexible Server for all new developments or migrations.
+
 - **MySQL on Azure VMs**. This option falls into the industry category of IaaS. With this service, you can run MySQL Server inside a managed virtual machine on the Azure cloud platform. You can install all recent versions and editions of MySQL on a virtual machine.
 
 ## Compare the MySQL deployment options in Azure
@@ -53,15 +55,15 @@ The main differences between these options are listed in the following table:
 | Low cost Burstable SKU | Not Supported | Supported | Supported |
 | [**Networking/Security**](single-server/concepts-security.md) | | | |
 | Network Connectivity | - Public endpoints with server firewall.<br />- Private access with Private Link support. | - Public endpoints with server firewall.<br />- Private access with Private Link support. <br />- Private access with Virtual Network integration. | - Public endpoints with server firewall.<br />- Private access with Private Link support.  |
-| SSL/TLS | Enabled by default with support for TLS v1.2, 1.1 and 1.0 | Enabled by default with support for TLS v1.2, 1.1 and 1.0 | Supported with TLS v1.2, 1.1 and 1.0 |
+| SSL/TLS | Enabled by default with support for TLS v1.2, 1.1 and 1.0 | Enabled by default with support for TLS v1.3, 1.2| Supported with TLS v1.2, 1.1 and 1.0 |
 | Data Encryption at rest | Supported with customer-managed keys (BYOK) | Supported with service managed keys | Not Supported |
 | Microsoft Entra authentication | Supported | Supported | Not Supported |
 | Microsoft Defender for Cloud support | Yes | Yes | No |
 | Server Audit | Supported | Supported | User Managed |
 | [**Patching & Maintenance**](flexible-server/concepts-maintenance.md) | | |
 | Operating system patching | Automatic | Automatic | User managed |
 | MySQL minor version upgrade | Automatic | Automatic | User managed |
-| MySQL in-place major version upgrade | Supported from 5.6 to 5.7 | Not Supported | User Managed |
+| MySQL in-place major version upgrade | Supported from 5.6 to 5.7 | Supported from 5.7 to 8.0 | User Managed |
 | Maintenance control | System managed | Customer managed | User managed |
 | Maintenance window | Anytime within 15-hrs window | 1 hr window | User managed |
 | Planned maintenance notification | Three days | Five days | User managed |
@@ -77,9 +79,9 @@ The main differences between these options are listed in the following table:
 | Number of read replicas supported | 5 | 10 | User Managed |
 | Mode of replication | Asynchronous | Asynchronous | User Managed |
 | Gtid support for read replicas | Supported | Supported | User Managed |
-| Cross-region support (Geo-replication) | Yes | Not supported | User Managed |
+| Cross-region support (Geo-replication) | Yes | Yes | User Managed |
 | Hybrid scenarios | Supported with [Data-in Replication](single-server/concepts-data-in-replication.md) | Supported with [Data-in Replication](flexible-server/concepts-data-in-replication.md) | User Managed |
-| Gtid support for data-in replication | Supported | Not Supported | User Managed |
+| Gtid support for data-in replication | Supported | Supported | User Managed |
 | Data-out replication | Not Supported | Supported | Supported |
 | [**Backup and Recovery**](flexible-server/concepts-backup-restore.md) | | | |
 | Automated backups | Yes | Yes | No |
@@ -94,7 +96,7 @@ The main differences between these options are listed in the following table:
 | Ability to restore a deleted server | Yes | Yes | No |
 | [**Disaster Recovery**](flexible-server/concepts-business-continuity.md) | | | |
 | DR across Azure regions | Using cross-region read replicas, geo-redundant backup | Using geo-redundant backup | User Managed |
-| Automatic failover | No | Not Supported | No |
+| Automatic failover | No | No | No |
 | Can use the same r/w endpoint | No | Not Supported | No |
 | [**Monitoring**](flexible-server/concepts-monitoring.md) | | | |
 | Azure Monitor integration & alerting | Supported | Supported | User Managed |
@@ -103,7 +105,7 @@ The main differences between these options are listed in the following table:
 | Server Logs | Supported | Supported (using Diagnostics logs) | User Managed |
 | Audit Logs | Supported | Supported | Supported |
 | Error Logs | Not Supported | Supported | Supported |
-| Azure advisor support | Supported | Not Supported | Not Supported |
+| Azure advisor support | Supported | Supported | Not Supported |
 | **Plugins** | | | |
 | validate_password | Not Supported | In preview | Supported |
 | caching_sha2_password | Not Supported | In preview | Supported |