This chapter covers Azure Database for PostgreSQL, a fully managed relational database service in Azure. For the DP-900 exam, understanding the differences between deployment options (Single Server and Flexible Server), pricing tiers, and high-level configuration is essential. Approximately 10-15% of exam questions touch on Azure relational database services, with PostgreSQL being one of the three main engines tested alongside SQL Server and MySQL. This chapter will equip you with the precise knowledge needed to answer questions about PostgreSQL-specific features, scalability options, and migration paths.
Jump to a section
Azure Database for PostgreSQL is like a high-end car rental service that offers a fleet of vehicles all built on the same robust engine platform (PostgreSQL). When you rent a car, you get a vehicle that is fully maintained, secured, and ready to drive—you don't need to worry about oil changes, tire rotations, or engine diagnostics. However, you can still customize certain aspects: you can choose the model (single server or flexible server), the engine size (compute tier), and optional features like GPS (geo-replication) or a sunroof (connection pooling via PgBouncer). The rental company handles all the heavy lifting: they ensure the engine meets emission standards (compliance), they monitor fuel efficiency (performance metrics), and they have a roadside assistance team (automated backups and failover). If you crash the car, they have a replacement ready (point-in-time restore). Importantly, you cannot modify the core engine design—you cannot change the PostgreSQL kernel or install arbitrary operating system patches—just as you cannot replace the car's engine with a different brand. The rental service abstracts the underlying hardware and OS, giving you a predictable, managed experience while retaining the full power of PostgreSQL's SQL dialect and extensions.
What is Azure Database for PostgreSQL?
Azure Database for PostgreSQL is a Platform-as-a-Service (PaaS) relational database service that provides a managed PostgreSQL database engine. It eliminates the need to manage the underlying virtual machines, operating system, and PostgreSQL software patches. The service offers built-in high availability, automated backups, and scaling options. Microsoft offers two deployment modes: Single Server and Flexible Server. The DP-900 exam focuses on understanding these options, their use cases, and key differences.
Why Choose PostgreSQL on Azure?
PostgreSQL is an open-source object-relational database known for its extensibility, standards compliance, and support for advanced data types like JSON, geometric data, and custom extensions. On Azure, you get the benefits of PostgreSQL without the operational overhead. The service is suitable for enterprise workloads, including transactional systems, analytics, and geospatial applications. Azure adds features like automatic backups with point-in-time restore (PITR), read replicas, and integration with Azure Active Directory (AAD) authentication.
Deployment Options: Single Server vs. Flexible Server
The exam expects you to know the key distinctions between Single Server and Flexible Server. Single Server is the older offering, now with a retirement date of March 28, 2023 (note: this date has passed; the exam may reference it as legacy). Flexible Server is the newer, more feature-rich option.
Single Server: Provides a single database server with up to 4 TB of storage and up to 64 vCores. It offers a fixed set of compute tiers: Basic, General Purpose, and Memory Optimized. It includes built-in high availability with a 99.99% SLA, but failover is not instantaneous. It supports up to 5 read replicas with replication lag typically under a few seconds.
Flexible Server: Offers more flexibility in compute and storage scaling, including the ability to stop/start the server (not available in Single Server). It supports zone-redundant high availability (within a region) and a burstable compute tier (B-series) for low-cost development. It also integrates with Azure Virtual Network (VNet) for private access and supports custom maintenance windows. Flexible Server uses the same PostgreSQL engine but provides a more modern deployment experience.
Compute and Storage Tiers
Both deployment options offer different compute tiers, but the names and specifics differ slightly.
Single Server Compute Tiers: - Basic: 1-2 vCores, 50-100 GB storage, no high availability SLA. Suitable for lightweight development. - General Purpose: 2-64 vCores, up to 4 TB storage, 99.99% SLA. Balanced compute and memory. - Memory Optimized: 2-64 vCores, up to 4 TB storage, 99.99% SLA. Higher memory-to-core ratio for memory-intensive workloads.
Flexible Server Compute Tiers: - Burstable (B-series): 1-20 vCores, up to 16 GB RAM per vCore. Suitable for development and low-traffic applications. Can burst CPU credits. - General Purpose (D-series): 2-64 vCores, up to 32 GB RAM per vCore. Balanced. - Memory Optimized (E-series): 2-64 vCores, up to 48 GB RAM per vCore. High memory.
Storage: Both options support up to 16 TB of storage (Flexible Server) or 4 TB (Single Server). Storage is auto-growing in increments of 5 GB up to the maximum. The exam may ask about the maximum storage size: 16 TB for Flexible Server, 4 TB for Single Server (though Single Server can go up to 16 TB with certain configurations? Actually, Single Server max is 4 TB for Basic and 16 TB for General Purpose and Memory Optimized? Double-check: Single Server max storage is 4 TB for Basic, 16 TB for General Purpose and Memory Optimized. Flexible Server max is 16 TB. The exam may test this distinction.
Backup and Restore
Azure Database for PostgreSQL automatically performs backups and stores them in geo-redundant storage (if configured). The backup retention period is configurable from 7 to 35 days. Backups are taken every 5 minutes (transaction log backups) for point-in-time restore. The full backup is taken once a day. Restore operations create a new server with the same configuration. The exam may ask about the default backup retention (7 days) and the maximum (35 days).
High Availability and Disaster Recovery
Single Server: Built-in high availability with automatic failover. The SLA is 99.99% for General Purpose and Memory Optimized tiers. Failover is typically under 60-120 seconds. There is no cross-region DR built-in; you must use read replicas or manual backup/restore.
Flexible Server: Offers zone-redundant high availability (two zones within the same region) with automatic failover. The SLA is 99.99% with zone redundancy. Without zone redundancy, the SLA is 99.9%. You can also use read replicas for read-scale and DR.
Security and Authentication
PostgreSQL on Azure supports two authentication methods: - Password authentication: Using PostgreSQL native passwords. - Azure Active Directory (AAD) authentication: For Single Server (preview) and Flexible Server (GA). AAD authentication allows you to use managed identities and conditional access policies.
Firewall rules can be set at the server level (IP firewall) or via VNet service endpoints (Single Server) or VNet integration (Flexible Server). SSL/TLS is enforced by default. The exam may ask about the default minimum TLS version (1.2).
Extensions
PostgreSQL's extensibility is a key feature. Azure Database for PostgreSQL supports many popular extensions, including:
- postgis for geospatial data
- pg_stat_statements for query performance tracking
- uuid-ossp for UUID generation
- pgcrypto for cryptographic functions
- hstore for key-value store
- pg_buffercache for buffer cache analysis
The exam may ask which extensions are available out-of-the-box. You should know that postgis is a common extension for location-based queries.
Performance and Scaling
Scaling compute (vCores) and storage can be done with minimal downtime (typically a few minutes). For Flexible Server, you can also scale storage online without downtime. The exam may ask about the scalability limits: up to 64 vCores and 16 TB storage.
Migration Tools
Azure provides several tools for migrating PostgreSQL databases to Azure: - Azure Database Migration Service (DMS): Supports online and offline migrations from on-premises or other clouds. - pg_dump / pg_restore: Traditional PostgreSQL tools for logical backup and restore. - Azure Data Factory: For bulk data movement.
The exam may ask which tool is suitable for minimal downtime migration (DMS with online mode).
Pricing Models
Pricing is based on compute (vCores), storage (GB), and backup storage (GB). You can choose between Provisioned (fixed compute) and Serverless (Flexible Server only, which automatically scales compute based on workload). The exam may ask about the serverless compute tier: it pauses during inactivity (after 60 minutes of no connections) and resumes on demand, charging only for the compute used.
Connection Pooling
Flexible Server includes built-in support for PgBouncer, a connection pooler for PostgreSQL. This helps reduce connection overhead by reusing connections. Single Server does not include PgBouncer natively but you can install it on a VM.
Monitoring and Alerts
Azure Monitor provides metrics like CPU percentage, storage percentage, IOPS, and connections. The exam may ask about the metric for tracking storage usage (storage_percent). Alerts can be set up based on metric thresholds.
Exam-Relevant Commands and Settings
While the DP-900 exam does not require CLI commands, understanding the following can help:
# Create a Flexible Server (example)
az postgres flexible-server create \
--name mypostgresqlserver \
--resource-group myResourceGroup \
--location eastus \
--admin-user myadmin \
--admin-password <password> \
--sku-name Standard_D2s_v3 \
--tier GeneralPurpose \
--public-access 0.0.0.0/0-- Enable an extension
CREATE EXTENSION IF NOT EXISTS postgis;Summary of Key Differences Between Single Server and Flexible Server
| Feature | Single Server | Flexible Server | |---------|---------------|-----------------| | Compute tiers | Basic, General Purpose, Memory Optimized | Burstable, General Purpose, Memory Optimized | | Max storage | 4 TB (Basic), 16 TB (others) | 16 TB | | High availability | Built-in (99.99% SLA) | Zone-redundant HA (99.99% SLA) | | VNet integration | Service endpoints | Private DNS VNet integration | | Stop/start | Not supported | Supported | | Serverless compute | Not supported | Supported | | PgBouncer | Not built-in | Built-in | | Retirement date | March 28, 2023 | Active |
The exam may ask which deployment option is recommended for new workloads (Flexible Server).
Provision an Azure PostgreSQL Server
Using the Azure portal, CLI, or ARM template, you create a new Azure Database for PostgreSQL server. You choose the deployment option (Single Server or Flexible Server), resource group, location, compute tier, storage size, and admin credentials. The provisioning process allocates a dedicated PostgreSQL instance on managed VMs. The server is created with default settings: SSL enforced, firewall blocking all external connections, and automated backups enabled with a 7-day retention. The initial state is 'Ready' after a few minutes. You can also specify a VNet integration for private access (Flexible Server) or configure public IP firewall rules.
Configure Firewall and Security Settings
By default, the server is locked down. You must add firewall rules to allow client IP addresses or ranges. For Single Server, you use IP firewall rules or VNet service endpoints. For Flexible Server, you can use IP firewall rules or VNet integration with private DNS. You can also enable Azure Active Directory authentication for managed identity access. SSL/TLS is enforced by default; you can disable it but it's not recommended. The minimum TLS version can be set (default 1.2). These settings are stored in server configuration and applied at the network level.
Create Databases and Configure Parameters
After connecting via psql or a GUI tool, you create databases using standard SQL (`CREATE DATABASE`). You can also modify server parameters like `max_connections`, `shared_buffers`, and `work_mem` through the Azure portal (under Server parameters). Some parameters require a server restart to take effect. The service manages the `postgresql.conf` file; you cannot edit it directly. Extensions like `postgis` can be enabled via `CREATE EXTENSION`. The exam may ask which parameters are modifiable (most are) and which require restart (e.g., `shared_buffers`).
Scale Compute and Storage
When workload grows, you can scale the server vertically. For compute, you change the vCore count or tier (e.g., from General Purpose to Memory Optimized). Scaling compute causes a brief downtime (typically 60-120 seconds) as the underlying VM is resized. Storage can be scaled up (but not down) with no downtime for Flexible Server; Single Server may require a restart. The maximum storage is 16 TB. You can also enable auto-growth of storage (default is on). The exam may ask about the impact of scaling compute: downtime occurs, connections are dropped.
Set Up High Availability and Read Replicas
For production workloads, you enable zone-redundant high availability (Flexible Server) or rely on built-in HA (Single Server). This configures a standby replica in a different availability zone or same zone. Failover is automatic and typically completes within 60-120 seconds. For read scaling, you can create up to 5 read replicas (Single Server) or 10 (Flexible Server). Replicas are kept in sync using PostgreSQL's native streaming replication. Replication lag is visible in metrics. You can also promote a replica to a standalone server for disaster recovery.
Monitor Performance and Configure Alerts
Use Azure Monitor to track key metrics: CPU percent, storage percent, IOPS, connections, and replication lag. Set up alerts for threshold breaches (e.g., CPU > 80% for 5 minutes). Enable Query Performance Insight (for Single Server) or use `pg_stat_statements` to identify slow queries. The service automatically collects logs and metrics. For Flexible Server, you can enable automatic tuning of parameters based on workload (preview feature). The exam may ask which metric indicates storage is nearing capacity (`storage_percent`).
Perform Backup and Restore Operations
Backups are automated. You can configure backup retention (7-35 days) and choose geo-redundancy. To restore, you use point-in-time restore (PITR) to any time within the retention period. Restore creates a new server. You can also perform a geo-restore if geo-redundant backups are enabled. For logical backup, you use `pg_dump` and `pg_restore`. The exam may ask about the default backup retention (7 days) and the maximum (35 days). Also, know that PITR restores are available to the second.
Enterprise Scenario 1: Geospatial Application with PostGIS
A logistics company uses Azure Database for PostgreSQL with the PostGIS extension to store and query delivery routes, customer locations, and warehouse coordinates. They chose Flexible Server for its zone-redundant HA and ability to scale storage online. The database handles millions of spatial queries per day, such as 'find nearest warehouse to a given GPS coordinate'. They use the ST_DWithin function for proximity searches. The database is deployed in the East US region with a read replica in West Europe for disaster recovery. They monitor replication lag using the replication_lag metric and have alerts set for lag > 5 seconds. They also use PgBouncer to manage thousands of concurrent connections from microservices. A common misconfiguration is not enabling the PostGIS extension during initial setup, leading to failed queries; it must be enabled via CREATE EXTENSION postgis;. Performance issues arise when spatial indexes are missing; they use GiST indexes on geometry columns. The database is backed up with 35-day retention and geo-redundancy. They perform quarterly dry-run restores to ensure RTO is met.
Enterprise Scenario 2: SaaS Multi-Tenant Application with Connection Pooling
A SaaS provider offers a multi-tenant application where each tenant has a separate PostgreSQL database. They use Azure Database for PostgreSQL Flexible Server with the serverless compute tier to handle variable workloads. During peak hours, the server automatically scales up to 16 vCores; during off-hours, it scales down and eventually pauses after 60 minutes of inactivity. This reduces costs significantly. They use PgBouncer for connection pooling to avoid connection limits. Each tenant's database is created dynamically via SQL. They use Azure Active Directory authentication to allow tenant admins to manage their own databases. A challenge they faced was the serverless compute's cold start latency (around 30 seconds) when resuming from pause. To mitigate, they keep a minimum number of connections open to prevent pause. They also use read replicas for reporting workloads. The exam-relevant point: serverless compute is only available in Flexible Server, not Single Server.
Scenario 3: Migration from On-Premises PostgreSQL to Azure
A financial services company migrates a 2 TB PostgreSQL database from an on-premises data center to Azure. They use Azure Database Migration Service (DMS) for an online migration with minimal downtime. The source database is PostgreSQL 11, target is Flexible Server with PostgreSQL 13. They perform a pre-migration assessment to check for compatibility issues, such as deprecated functions. During migration, DMS continuously syncs changes using logical replication. The cutover takes less than 5 minutes. Post-migration, they enable zone-redundant HA and configure automated backups with 35-day retention. They also set up diagnostic settings to stream logs to Azure Log Analytics for auditing. A common mistake is not testing the target server's performance tier; they initially chose a General Purpose tier but had to scale up to Memory Optimized due to high memory requirements. The exam may ask about the recommended migration tool for minimal downtime (DMS with online mode).
DP-900 Exam Focus: Azure Database for PostgreSQL
Objective Code: 2.1 Describe relational data services on Azure. Specifically, the exam tests your ability to:
Identify the characteristics of Azure Database for PostgreSQL (open-source, object-relational, extensible).
Differentiate between Single Server and Flexible Server deployment options.
Understand high-level capabilities: automated backups, high availability, read replicas, scaling.
Recognize use cases: geospatial (PostGIS), JSON data, custom extensions.
Know the maximum storage (16 TB for Flexible Server, 4 TB for Basic Single Server).
Know the default backup retention (7 days) and maximum (35 days).
Understand authentication options: password and Azure AD.
Common Wrong Answers and Why Candidates Choose Them: 1. 'PostgreSQL is a NoSQL database.' – Some candidates confuse PostgreSQL's JSON support with NoSQL. In reality, PostgreSQL is a relational database that can store JSON documents, but it is not a NoSQL database. The exam tests this distinction. 2. 'Single Server is the recommended deployment for new workloads.' – Since Single Server is retired, the correct answer is Flexible Server. Candidates who don't keep up with updates may choose Single Server. 3. 'Azure Database for PostgreSQL supports unlimited storage.' – The maximum is 16 TB. Candidates might think 'unlimited' due to auto-growth, but there is a hard limit. 4. 'You can directly edit the postgresql.conf file.' – In the managed service, you cannot access the file system. You must use the Azure portal or API to modify parameters. 5. 'Read replicas are available for both Single Server and Flexible Server.' – While both support replicas, the number differs: up to 5 for Single Server, up to 10 for Flexible Server. Also, read replicas are not supported in the Basic tier of Single Server.
Specific Numbers and Terms That Appear on the Exam: - Default backup retention: 7 days. - Maximum backup retention: 35 days. - Maximum storage: 16 TB. - Maximum vCores: 64. - SLA for General Purpose and Memory Optimized: 99.99%. - Supported PostgreSQL versions: 11, 12, 13, 14, 15 (as of exam date; check latest). - Common extension: PostGIS. - Authentication: Azure AD and password.
Edge Cases and Exceptions:
- The Basic tier does not have an SLA.
- Geo-redundant backups are not available in all regions.
- Serverless compute is only available for Flexible Server.
- You cannot downgrade storage.
- Some parameters require a restart (e.g., shared_buffers).
How to Eliminate Wrong Answers:
- If a question asks about 'fully managed' vs 'IaaS', remember that PaaS means no OS access, automatic backups, and built-in HA.
- If comparing PostgreSQL to SQL Server, note that PostgreSQL is open-source and extensible with custom extensions; SQL Server has tighter integration with Azure services.
- For migration questions, if minimal downtime is required, choose Azure Database Migration Service (online mode). If downtime is acceptable, pg_dump/pg_restore is simpler.
Azure Database for PostgreSQL is a PaaS offering with two deployment options: Single Server (retired) and Flexible Server (recommended).
Flexible Server offers zone-redundant HA, stop/start, serverless compute, VNet integration, and PgBouncer connection pooling.
Maximum storage is 16 TB for Flexible Server; storage can only be scaled up, not down.
Default backup retention is 7 days, maximum is 35 days; backups are automated with point-in-time restore.
Supported authentication methods: PostgreSQL password and Azure Active Directory (AAD) authentication.
Common PostgreSQL extension: PostGIS for geospatial data; other extensions like pg_stat_statements are available.
Scaling compute (vCores) causes a brief downtime; scaling storage is online for Flexible Server.
The SLA for General Purpose and Memory Optimized tiers is 99.99% (with HA for Flexible Server).
For minimal downtime migration, use Azure Database Migration Service (DMS) with online mode.
Serverless compute (Flexible Server only) automatically pauses after 60 minutes of inactivity and resumes on demand.
These come up on the exam all the time. Here's how to tell them apart.
Azure Database for PostgreSQL Single Server
Older deployment model, retired March 28, 2023
Compute tiers: Basic, General Purpose, Memory Optimized
Max storage: 4 TB (Basic), 16 TB (General Purpose and Memory Optimized)
Built-in HA with automatic failover (99.99% SLA for GP and MO)
Up to 5 read replicas
Azure Database for PostgreSQL Flexible Server
Newer deployment model, actively developed
Compute tiers: Burstable (B-series), General Purpose (D-series), Memory Optimized (E-series)
Max storage: 16 TB for all tiers
Zone-redundant HA option (99.99% SLA); without HA, 99.9% SLA
Up to 10 read replicas
Mistake
Azure Database for PostgreSQL is a NoSQL database because it supports JSON.
Correct
PostgreSQL is an object-relational database. It supports JSON data types and queries, but it is fully relational, with ACID compliance, schemas, and SQL support. The JSON support is for flexibility, not for replacing NoSQL.
Mistake
Single Server and Flexible Server are identical except for the name.
Correct
They differ significantly. Single Server is older and retired; Flexible Server offers more features: zone-redundant HA, stop/start, serverless compute, VNet integration, PgBouncer, and up to 16 TB storage. Flexible Server is the recommended option for new deployments.
Mistake
You can scale storage down to reduce costs.
Correct
Storage can only be scaled up, not down. Once you increase storage, you cannot decrease it. Plan storage carefully to avoid over-provisioning.
Mistake
Azure Database for PostgreSQL supports all PostgreSQL extensions.
Correct
Only a curated list of extensions is supported due to security and compatibility. For example, extensions that require superuser access or modify system files are not allowed. Always check the official list.
Mistake
The service provides a 99.99% SLA for all tiers.
Correct
The 99.99% SLA applies only to General Purpose and Memory Optimized tiers. The Basic tier has no SLA. For Flexible Server, the SLA is 99.99% with zone-redundant HA; without it, it's 99.9%.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Single Server is the older deployment model, now retired. Flexible Server is the newer offering with more features: zone-redundant high availability, stop/start capability, serverless compute, VNet integration, built-in PgBouncer, and up to 16 TB storage. Flexible Server also supports up to 10 read replicas versus 5 for Single Server. For new workloads, always choose Flexible Server.
Yes, both Single Server (preview) and Flexible Server (GA) support Azure Active Directory authentication. This allows you to use managed identities, conditional access, and eliminate the need for password management. You can configure AAD as the primary authentication method or alongside password authentication.
The maximum storage is 16 TB for both Single Server (General Purpose and Memory Optimized tiers) and Flexible Server. The Basic tier of Single Server is limited to 4 TB. Storage can be auto-grown in increments of 5 GB up to the maximum, but cannot be decreased.
Use Azure Database Migration Service (DMS) with an online migration. DMS uses logical replication to continuously sync changes from the source to the target. During cutover, you stop the source application, apply any remaining changes, and redirect traffic to the Azure database. This typically results in downtime of minutes rather than hours.
Yes, PostGIS is supported in both Single Server and Flexible Server. You enable it by running `CREATE EXTENSION postgis;` in the database. PostGIS adds support for geographic objects, spatial indexes, and spatial functions, making it suitable for location-based applications.
Scaling compute (vCores) causes a brief downtime, typically 60-120 seconds, during which the server is restarted with the new compute size. Connections are dropped and must be re-established. Storage scaling, however, can be done online with no downtime for Flexible Server. For Single Server, storage scaling may also cause a restart.
The default backup retention period is 7 days. You can configure it to a maximum of 35 days. Backups are automatically taken every 5 minutes (transaction log) and daily full backups. You can also enable geo-redundant storage for disaster recovery.
You've just covered Azure Database for PostgreSQL — now see how well it sticks with free DP-900 practice questions. Full explanations included, no account needed.
Done with this chapter?