Manage SQL Database Auditing and Security
•
0 gostou•1,259 visualizações
Apresentação no Global Azure Bootcamp no dia 16/04/2016
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Semelhante a Manage SQL Database Auditing and Security
Semelhante a Manage SQL Database Auditing and Security (20)
Mais de Marcos Freccia
Mais de Marcos Freccia (20)
Último
Último (20)
Manage SQL Database Auditing and Security
- 2. ✔ ✔ ✔
- 4. Azure SQL Database Portal REST API PowerShell Xplat CLI TDS Endpoint sqlcmd SSMS Visual Studio
- 5. Azure SQL Database Virtual Machine SQL database
- 8. Predictable performance and business continuity
- 14. Client Layer - Used by application to communicate directly with SQL Database. Services Layer – Gateway between Client layer and Platform layer. Platform Layer – Includes physical servicers and services that support the Services layer. Infrastructure Layer – IT administration of the physical HW and OS. PHP WCF Data Services SQL Server Applications and Tools ODBC ADO.NET Tabular Data Stream (TDS)
- 23. You can audit:
- 24. © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Notas do Editor
- Let’s begin by covering Azure SQL Database
- Predictable performance is measured in DTUs, only buy the performance you need Replication is included in base price, services are available for active geo-replication and scheduled or manual backups TDS endpoints are the same you have come to expect. This opens up familiar scenarios with your favorite managed tools The service is managed and this provides a near-zero maintenance experience
- SQL Database provides rich capabilities for relational data with minimal administration costs. Easy to scale up and relatively easy to scale out to meet the most rigorous demands. SQL Database provides enterprise level capabilities such as geo-replication with read-only secondary's (similar to SQL AlwaysOn) and point-in-time recovery (up to 35 days).
- An Azure SQL Database instance can be managed using tools such as the Portal or Azure APIs. <click> However, the TDS endpoint allows you to manage an Azure SQL Database instance using your favorite and familiar tools.
- Microsoft Azure provides you two options when hosting your SQL Server-based data: Azure SQL Database and SQL Server in Azure Virtual Machine. In general, the two options are optimized for different purposes: SQL Database is optimized to reduce costs to the minimum amount possible. It provides a very quick and easy way to build a scale-out data tier in the cloud, while lowering ongoing administration costs since customers do not have to provision or maintain any virtual machines or database software. SQL Server running in a Windows Azure VM is optimized for the best compatibility with existing applications and for hybrid applications. It provides full SQL Server box product features and gives the administrator full control over a dedicated SQL Server instance and cloud-based VM.
- From a features and compatibility standpoint, running SQL Server 2012 (or earlier edition) in a Windows Azure VM is no different than running full SQL Server box product in a VM hosted in your own data center: it is full box product, and the features supported just depend on the edition of SQL Server you deploy.
- Let’s review the tiers and how we can use DTUs to make informed decisions
- SQL Database comes in several service tiers: Basic, Standard and Premium. Each tier comes with its own set of features and with guaranteed resources that are easy to monitor and scale up or down depending on your need.
- DTUs provide a way to describe the relative capacity of a performance level of Basic, Standard, and Premium databases. DTUs are based on a blended measure of CPU, memory, reads, and writes. As DTUs increase, the power offered by the performance level increases. For example, a performance level with 5 DTUs has five times more power than a performance level with 1 DTU. A maximum DTU quota applies to each server.
- DTUs are compared in a relative manner. This graph shows the difference between each tier in DTUs.
- DTUs are compared in a relative manner. This graph shows the difference between each tier in DTUs.
- DTUs are compared in a relative manner. This graph shows the difference between each tier in DTUs.
- Let’s talk about the “architecture” of Azure SQL Database
- It is important that the attendee understands that it IS INDEED SQL Server at the platform layer. There are physical boxes running SQL Server 2012 Enterprise Edition. However, due to the nature of the Azure environment to provide the high-availability and scalability necessary, access to the physical boxes is currently not supported.
- The Azure SQL Database service is separated into tiers with varying sets of responsibility.
- To help protect your data, the Azure SQL Database firewall prevents all access to your Azure SQL Database server until you specify which computers have permission. The firewall grants access based on the originating IP address of each request.
- Azure SQL Database data is transferred using tabular data stream (TDS) over a secure sockets layer (SSL). This is a commonly used protocol and already supported by a wide variety of tools.
- SQL Database Migration Wizard (SQLAzureMW) is an open source application that has been used by thousands of people to migrate their SQL database to and from Windows Azure SQL Database. SQLAzureMW is a user interactive wizard that walks a person through the analysis / migration process. One of the main requests from the SQLAzureMW community was to take the user interactive wizard and make it command line driven interface so that it could be used in an automated backup process to back up their Windows Azure SQL Database schema / data to a data store for disaster recovery.
- [Author Note] Demo removed
- Let’s look at how we can monitor our service instances.
- Blades and tiles viewed throughout the Preview Portal can be “pinned” to the Startboard to create a custom dashboard for your applications in Azure.
- Dynamic management views and functions return server state information that can be used to monitor the health of a server instance, diagnose problems, and tune performance.
- Let’s review SQL Database auditing
- Azure SQL Database Auditing tracks database events and writes audited events to an audit log in your Azure Storage account. Auditing is available in preview for Basic, Standard, and Premium service tiers. Auditing can help you maintain regulatory compliance, understand database activity, and gain insight into discrepancies and anomalies that could indicate business concerns or suspected security violations.
- Let’s discuss business continuity with Azure SQL Database
- By storing your data in Azure SQL Database, you take advantage of many fault tolerance and secure infrastructure capabilities that you would otherwise have to design, acquire, implement, and manage. Azure SQL Database has a built-in high availability subsystem that protects your database from failures of individual servers and devices in a datacenter. Azure SQL Database maintains multiple copies of all data in different physical nodes located across fully independent physical sub-systems to mitigate outages due to failures of individual server components, such as hard drives, network interface adapters, or even entire servers. At any one time, three database replicas are running—one primary replica and two or more secondary replicas.
- This chart shows the difference between tiers for business continuity-related features.
- Standard geo-replication is available for standard and premium databases. It’s designed for less write-intensive applications that nevertheless process high volumes of data and have more aggressive recovery requirements than geo-restore can offer. When the primary database fails, it shows as degraded, and you can initiate failover to a non-readable secondary database stored in a different region Active Geo-Replication is available for premium databases. It’s designed for write-intensive applications with the most aggressive recovery requirements.
- With standard geo-replication, you simply select a replica that is unavaialable to you until an outage.
- With active geo-replication you select up to 4 replicas that are available in a read-only fashion.