À La Carte SQL HA - Always On Availability Groups

Executive Summary

Microsoft's SQL Server Always On Availability Groups [1] provide high availability by replicating databases across multiple replicas, with automatic failover supported in Enterprise Edition. This active-passive approach ensures continuity during database or service failures, but relies on byte-for-byte replication. While this preserves database state across nodes, it cannot distinguish between valid changes and malicious ones, so corruption or ransomware on the primary is immediately propagated to all replicas. Efficiency remains one-to-one, as each primary requires at least one paired secondary.

Failover

Always On relies on a Windows Server Failover Cluster, providing resilience against database disk and SQL service failures. Failover is natively handled within the solution.

Consistency

The solution provides rapid SQL database synchronization in a manner transparent to end users.

Cybersecurity

Always On cannot distinguish between legitimate changes and malicious modifications. For example, if a stealthy procedure is injected into the primary replica, it is automatically propagated to all secondary replicas. As AI-driven malware becomes more sophisticated, this byte-for-byte replication model provides no inherent protection against malicious activity. See Selective Object Synchronization for a non-exhaustive enumeration of intelligent cyber threats that this solution will treat as benign.

Ransomware-Locked Data Pages

Rogue Admin Account Creation

Stealth Procedure Injection

Privilege Escalation

Configuration Wipeout

Standby Disk Overfill

Efficiency

Efficiency is one-to-one, meaning one standby node can support one primary node failure. Two standbys are required to support two simultaneous primary node failures, and so on.

References

1. Microsoft, Overview of Always On Availability Groups (SQL Server), link.