Make building and maintaining applications easier and more productive. With built-in intelligence that learns app patterns and adapts to maximize performance, reliability, and data protection, SQL Database is a cloud database built for developers. The session covers our most advanced features to-date including Threat Detection, auto-tuned performance and actionable recommendations across performance and security aspects. Case studies and live demos help you understand how choosing SQL Database will make a difference for your app and your company.
3. • Database provisioning on-demand
• Predictable performance and costs
• 99.99% availability built-in
• Geo-replication and restore services for data protection
• Fully compatible with SQL Server 2016 databases
Worlds most sophisticated fully
managed SQL database service that
lets you focus on your business
4. Scales on the
fly
Intelligent cloud database for app developers
Learns
& adapts
Works in your
environment
Secures and
protects
Redefines
multi-tenancy
6. Predictable workloads
Single databases or partitioned data across multiple
databases; scale between service tiers and
performance levels as capacity needs fluctuate.
Scaledatabases
upasneeded
Scale out/in the pool
…
Single database or
partitioned databases
Customer
1
Customer
2
Customer
3 Customer
#N…
Unpredictable workloads
For large numbers of databases with unpredictable
performance demands; pool resources to be shared
between these databases.
Elastic Database Pool
Databasesconsume
resourcesasneeded
Managing large numbers of Databases
10. Security OfficerDeveloperApp User
Web Application Azure SQL Database
Performance
Expert
Costs
Expert
The intelligent cloud database for app developers
Security
Expert
11. The intelligent cloud database for app developers
Optimize your costs
Elastic Pools Recommendations to
help you identify opportunities to save
money by using elastic database pools
Query Insights for monitoring,
including events from partner solutions
Maximize app performance
Performance Recommendations tailored
to your database workload to keep your
applications running at max speed
Auto Tuning mode to let SQL DB service
automatically tune your DB performance
Secure your data
Security Recommendations to help
you secure your sensitive data using
actionable recommendations.
Threat Detection for identifying and
investigating suspicious database activities
indicating a potential threat to the DB
12.
13. Critical for end-user satisfaction
and overall business success
It needs to be an ongoing process
(most users do it reactively today)
Requires significant expertise to
understand and master
Most DB users are Devs, not DBAs
Developer
App User
Web Application Database
Developer needs to find and fix
the underlying problem, ASAP
Customer reports the issue
(app is slow/unresponsive)
19. Optimize DB SKU choice
Which DB SKU is the right one for
my application?
How to support peak-and-valley
usage patterns?
How to support 1000s of DBs?
Optimize app query patterns
How are my DB resources being
spent?
What are the TOP resource
consuming queries in my app?
From DB performance analysis
to improving the application
25. Verizon Data Breach Investigation Report 2016
• SQL injection
• Credential theft
• Malicious insider
Threats
Apps Azure SQL Database
Compliance
• PCI
• HIPAA
• FedRAMP
• Lack of knowledge
• Lack of time
• Lack of methods
Developers
26. Surrounded by layers of protection
Secure Code
• Secure development lifecycle
• Least vulnerable last 6 years
• SQL Threat Detection
• SQL Server Auditing
• Row-level Security
• Dynamic Data Masking
• Always Encrypted
• Transparent Data Encryption
• Encryption-in-flight (TLS over TDS)
Database Access
• SQL Permissions
• SQL Authentication
• Windows Authentication
• Azure Active Directory Auth.
• SQL Firewall
Proactive Monitoring
Application Access
Data Protection
27. •
•
Security
Officer
Requires to meet security standards
recommended by regulating authorities
One-click recommendations to enable
Auditing, Threat Detection & Encryption at-rest
Developer
SQL Database
Audit
Log
Transparent
Data Encryption
28. •
•
On-the-fly obfuscation
of data in query results
Phone Number
XXX-XXX-5796
XXX-XXX-1978
App user/
Engineer
One-click recommendations to
discover and obfuscate sensitive data
Developer
SQL Database
Table.PhoneNo
1-313-555-5796
972-4-777-1978
Masking
Policy
34. Azure Security
Center
Azure REST API
The intelligent cloud database
for app developers
PowerShell
Application
Insights
Azure Portal
35. Maximize app
performance
Performance Recommendations
Automatic Tuning
Optimize your
costs
Elastic Pools Recommendations
Query Insights
Secure your data
Security Recommendations
Threat Detection
The Intelligent Cloud Database for app developers
SQL Database built-in intelligence optimizes your DB
within minutes, without the need to be an expert
1 min
Overview
Azure SQL Database is the only intelligent cloud database service built for app developers. It’s the only cloud database service that scales on-the-fly without downtime and helps you efficiently deliver multitenant apps-- ultimately giving you more time to innovate and accelerating your time to market. SQL Database’s built-in machine learning quickly learns your app’s unique characteristics and dynamically adapts to maximize performance, reliability, and data protection. You can build secure apps and connect to your SQL Database using the languages and platforms you prefer.
Develop with a choice of popular languages such as C#, Java, Node.js, Ruby, PHP, or Python or with popular frameworks such as Entity Framework, Hibernate, Ruby on Rails, and Django.
Built-in Intelligence that learns and adapts with your app
Database provisioning on-demand
Range of offers for all workloads
99.99% availability SLA, zero maintenance
Geo-replication and restore services for data protection
Secure and compliant to protect sensitive data
Compatible with SQL Server 2016 – hybrid, migration
1 min
Follow the steps in readme.txt in demo1_azuredbiseasy
Good mix of what kinds of customers are using Azure SQL Database today and why
What do database customers want ?
application users, data fast
Developers/ engineering teams - control and optimize their database expenses while scale up/ our according to needs of business
Security team – customer data is secured, avoid data leakage + cyber-attacks – compromise data (external or internal)
Good news: Azure SQL Database as a cloud database service generates and processes a tremendous amount of telemetry from millions of databases,
allows us in Azure to learn and profile your DB application usage,
offer a power set of SQL intelligent features which provide you actionable recommendations, that help to
Make your apps run faster
Control your database expenses
Make your database environment and data more secure
Introducing Azure SQL DB – the intelligent cloud database for app developers!
3 categories of intelligent features
Performance intelligent features that help you to tune and optimize your database according to your application profile
Costs intelligent features, that help you to control and monitor your database expenses
And last our security intelligent features, that help you to secure your data and detect anomalous activities on your database
Each part: live demos and real customers testimonials
you get a full understanding for how you can make use of these features,
and how choosing Azure SQL Database will make a difference for your app and your business
We’ll see how Azure SQL Database, as a backend, can help you maximize database performance – and provide a great application experience for your customers.
Scenario – app performance problem
Why are perf problems HARD to deal with?
Critical for end to end business success. – In a world online applications, users are online all the time, app used non-stop. When app grinds to a halt, everybody knows instantly Reputation loss
Performance management ongoing process. Frequent app changes, no large performance testing process on each change performance management is reactive. Customer knows … and notify you about it.
Requires expertise and time to master. Most managing DBs are developers and not DBAs not every team has an expert in database performance + access to skills to effectively troubleshoot and tune db performance, and PROACTIVE before customers discover the issues.
So how can Azure SQL Database help with this?
SQL Database Advisor - a performance tuning service built-in to Azure SQL DB and provides tailored tuning recommendations for your database.
How it works - monitors the database usage and collects telemetry. Tuning models run in the Azure cloud (using ML), provide tailored tuning recommendations for your DB – available in DB advisor. Joe – picks rec to apply.
Tailored. Models learn from running millions of DBs in the service, provide customized tailored experience for each customer
Recommendations based on data + usage - evolve together with your application. As app evolves -- user base -- data access patterns – recommendations automatically adjusted to reflect the current state.
Not ‘best practice’ – but you need THIS INDEX to improve app perf
Applying the recommendations is really easy (couple of clicks) - Service does heavy lifting. Anybody implement index? Just apply rec – service does the work: baseline, apply, report.
If impact not expected – roll back.
Result: experience is better, perf issues detected proactively and fixed quickly.
Even Better:
Monitor for tuning recommendations? App needs ongoing tuning … Automatic Tuning
Never tired - monitors application and apply recommendations as needed. Fast reaction speeds.
Scale? Not feasible for humans – auto tuning easily scalses
Not a robot, full control – logs available. Actions taken + actual commands, incl. T-SQL scripts. Understand what happened + add to DB code
Joe just sets tuning policies, free to work on his application + focus on making a difference for his business – not put out fires.
How customers are using these features:
1. Christoph - Director of R&D at Docuware, German-based company that builds document lifecycle management software.
2. Docuware has chosen Azure SQL DB as the backend DB for their SAAS product, and they have many databases with us.
3. They key challenges for Christoph and Docuware are: lot of databases, lots of changes to the app, flexible schema
4. Leveraging database advisor to help them proactively tune the performance of their databases + automatic tuning to make their life easier and to make their customers happier.
Follow the readme.txt in demo2_dbadvisor
Covered: help improve and optimize performance
Now: optimizing costs.
Not favorite topic, nonetheless to make a great business out of great database applications we need to be aware of our costs, keep them to a minimum, so we can effectively compete in the market.
So let’s see how the SQL DB built-in intelligence allows you to optimize your database layer costs
2 main areas of cost optimization
Select right DB SKU – many SKUs, finding the right one not easy
Unpredictable load – harder. Typically have to provision for peaks not cost effective
Hundreds or thousands of databases? Provisioning each one for peak capacity will likely ruin your business plan, and translate to unreasonably high costs.
Other side – once you have optimal SKU layout - how do I optimize my application access patterns? How to make sure that I am accessing the data effectively?
4. How are DB resources being spent? What am I paying for? Queries/ WFs – dominant resource users?
5. Specific info e.g. on top queries – go back and tune the application
6. Understand query perf significantly improve application performance.
Full application more efficient and also perform very well for your customer scenarios.
SKU choice part -- help manage cost of SKUs.
SaaS application with hundreds of customers and growing … DB per customer. Isolation of customer data, spin up new DB
DB layer – cost effective? Lots of DBs, need to handle peak load.
Enter Elastic Database Pools - huge differentiator and a unique feature of Azure SQL Database.
Shared pool of resources you can define for a set of databases - effective resource utilization and SHARE resources among themselves
Few, up to thousands
DB per customer – not each DB is always active at the same time. Depends on usage patterns of each customer.
Elastic DB Pools optimally allocate resources among different DBs based on their needs at that time.
Pay once for the resource allocation of the whole pool – rather than peak for each.
HUGE money saver. You just pay for the pool so it caps your spending
Resources are shared – but can set a minimum and maximum utilization utilization is maximized and optimized.
Customer isolation
Effective and easy management at scale analyze and manage my databases within the pool, using a single centralized function.
How do you know what you need? Analyze yourself?
Intelligence of Azure SQL Database built-in advisor
How: look at all of the DBs in your server, figure out which are suitable for pool – and how big of a pool you need – so that you can
Maximize your resource savings – and minimize your bill!
Now: we’ve solved SKU, let’s make sure that application access patterns are optimal:
Performance testing/tuning before changes are rolled out. But sometimes, things slip through.
Changes in the data volume and/or app usage patterns lead to sub-optimal queries.
Monitor query patterns and profile them – which queries use most resources – info available in portal.
Some views : Top queries by resource utilization, by duration, or by frequency of execution. (also issues app users care about)
Easily find ‘bad query’ and invest
Based on Query Store data – new feature, flight data recorder for your database. It records all of the data about query performance – stores it in your DB proactively, so you have it when you need it.
Not like profiling
Data is already there. Collected and analyzed –provides you with insights and recommendations which you can immediately implement and improve your system!
So we have customers using this – and are really happy with this.
Let me introduce you to Morten.
Tech Lead at Umbraco, a company from Denmark that build CMS solutions used by 100s of thousands of websites.
Their latest product, Umbraco-as-a-service is a SaaS version of their product, and leverages Azure SQL database as the back-end
They key challenge for Umbraco-as-service is keeping the costs down to the point where it can be successful in this highly competitive market.
The leverage SQL Elastic Pools - which enable Umbraco to have great performance and management at scale – and also at a favorable price point. This allows them to compete effectively in the market.
Follow the readme.txt in demo3_elasticpools
We’ve covered some great intelligent features in Azure SQL DB that help manage performance and expenses.
And now I’d like to move on to another set of intelligent features that have to do with security.
In this part of the session, I’ll show you how simple it is to secure your data in Azure SQL database within minutes and with no need to be a security expert.
Investments in SQL Security
Today focus: SQL Security Recommendations and SQL Threat Detection
So why do you need SQL Security intelligent capacities ?
Public reports indicate there is a growth in frequency and severity of cyber-attacks and insider data breaches on Organizations today.
Verizon Data Breach Report, no organization is immune to cyber attack and
Most breaches capture highly sensitive data like trade secrets or proprietary information, which cause huge financial impact on Organizations
Since a vast majority of sensitive data is stored on databases, this means that database security requires developer attention
Most organizations are investing in security for their data.
Some have specific requirements that come in to achieve compliance from official regulations authorities.
And generally, investments are being made to prevent possible threats on the database that can compromise valuable information. These threats include the very common ‘SQL Injection’ attack, credential theft – and all too often today we hear about the insider threat.
Unfortunately, most developers and organizations have limited security knowledge, time and expertise to provide the basic protection of their data - even against most common attacks like SQL Injection.
This leaves exposed and the data unprotected.
2 min
SQL Server - least vulnerable database for the last six years (NIST). Graph shows vulnerabilities by vendor per year.
As customers, your data is exposed until a patch is released and then implemented.
High levels of vulnerabilities = higher risk, and more patching.
SQL Server has a long track record of low-levels of exposure.
Beyond secure code SQL Server has technologies at infrastructure and the database level - to protect your data, control access and monitor activity
Monitoring, audit, forensics:
Advanced Threat Analytics and SQL Server Auditing
Access control
Windows Server 2016 is improving Windows authentication access control
SQL Server Row level security
SQL Server Dynamic data masking
Protecting data
(Already available) transparent data encryption TDE protects data at rest.
New in 2016 is Always Encrypted (next slide)
This is where Azure SQL Database intelligence comes in – and can help improve the security for the data you store in the Azure SQL DB service.
Rather than having to figure out what to secure, how to secure it – the service helps you by providing effective and simple-to-apply features for securing data, and actionable recommendations for what to apply where.
First: SQL security recommendations within Azure Security Center
Azure Security Center is a new service in Azure which enables you to understand and improve the security health of all your Azure resources
A couple of the standard security requirements recommended by auditing authorities are
Encryption at-rest which means encrypting the database, backups, transaction log files on the physical disk itself
Auditing which collects logs of database activities – and enables you to know who did what and when on your database.
Azure Security Center allows you to identify databases and servers that have not enabled auditing and encryption at-rest
and provides actionable recommendations to enable these within a few clicks – so that you can immediately meet these compliance requirements.
Second SQL security recommendation is within a feature called dynamic data masking.
App displays data, some is sensitive. App users don’t need to see it. Data from DB.
You want to hide or MASK. Could modify app to hide all or part of the value
SQL intelligent security can help: SQL Dynamic Data Masking, built-in, limits exposure by masking in query results
You define what to mask and how to mask it in the DB – and it shows up masked everywhere (apps and developer queries)
Data isn’t changed – just masked on query
Help = automatically discovering potentially sensitive data
Actionable recommendations to mask it, that help you to secure you sensitive data within a few clicks and without changing your application code
Feedback from one of our Azure SQL Database customers who benefited from these security recommendations.
This Frans, who is the CTO of New Orbit , which is a company in the UK that build cloud based applications for enterprises and financial organizations
Security is major concern for New Orbit customers - and New Orbit must also comply with some official security standards
Frans and his team make use of the SQL Security Recommendations - to track the security in their system and make sure all their databases comply with the requirements, and help them to pass security audits.
Follow the readme.txt in demo4_security
The last SQL security intelligent feature, I would it to share Is SQL Threat Detection
which is a built-in feature in Azure SQL Database service that detects anomalous database activities indicating a possible threat to the database
Its super simple to enable using Azure portal or standard API and requires no modifications to your application code
Set of world-class algorithms that learn, profile application behavior, detect anomalous activity, including potential SQL injections and unusual behavior patterns.
Detect something suspicious --> immediate notification over email and an alert in Azure Security Center
Actionable investigation and remediation steps. Use your audit log to investigate database activities around the time of the security alert. Guidelines to remediate.
Final customer story:
Richard Priest, head of technology for Missing Widget – which is a company that provides an ISV solution. Missing Widget is also a customer of Azure SQL Database.
Threat Detection on their databases several alerts about vulnerabilities to SQL injection in their application.
Able to find and track down the exact vulnerabilities in their code – and based on the guidelines we provide in the documentation they were able to quickly fix the vulnerabilities in their code.
Guides everyone on the team to turn on Auditing and Threat Detection on all their projects – as this is a simple and effective way to give another layer of protection for their system.
Follow the readme.txt in demo5_threatdetection
We’ve seen powerful intelligent features in Azure SQL Database can improve performance, manage costs and secure your data
Can I benefit from this? Can my application make use of this?
YES – not just Azure portal, your own or standard APIs
Manage maintenance actions and automate via Powershell – standard set of Azure APIs
Security related: Azure Security Center
Whatever your preferred way of managing your Azure environment – make use of useful recommendations + intelligent features of Azure SQL DB.
Finally - not using MS stack? Azure SQL database comes with full set of drivers for all of the most popular languages and frameworks. Beyond .Net: Java, Ruby, PHP, Node.js, Python
Frameworks: Entity Framework, but also Hibernate, Rails, Django….
Move backend to SQL DB, and app benefits from intelligence built-in, regardless of technology it’s built on.
Summarize and recap :
Azure SQL Database built-in intelligent features work around the clock for you –
We help you configure and optimize and tune your database within minutes, without requiring YOU to be the expert.
We’ve seen how in Performance the SQL Database Advisor provides actionable recommendations and automatic tuning to help you speed up your application and prevent performance incidents.
Elastic Pools and Query Insights help you configure your database SKUs in an optimal way, whether for one database or for thousands of databases! Query Insights – helps you understand resource bottlenecks + tune
Intelligent security features secure your data – detect and prevent attacks that can expose your most precious resource (your sensitive data) and jeopardize your business.
4. Easy to use – each of the demos only took a couple of clicks, and very little effort on your part.
5. No need to change your application - and it’s available and consumable anywhere.
6. Examples of global companies choosing Azure SQL DB and benefiting
7. You can move your database to Azure SQL DB – and benefit from the power of the cloud – using advanced algorithms to learn from millions of other apps and providing you with a customized and tailored experience to help improve your app, with very little effort on your part.
8. So you can spend your time focusing on your application logic and what’s important for your business to succeed