Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Azure Boot Camp 21.04.2018 SQL Server in Azure Iaas PaaS on-prem Lars Platzdasch

110 visualizaciones

Publicado el

Compare SQL Server Azure VM with Azure SQL DB and On-Prem SQL Server.

  • Sé el primero en comentar

  • Sé el primero en recomendar esto

Azure Boot Camp 21.04.2018 SQL Server in Azure Iaas PaaS on-prem Lars Platzdasch

  1. 1. SQL Server in Azure IaaS, Paas, on-Prem Planning and Business Continuity or more like Take the Red or the Blue Pill Lars Platzdasch MCT,MCSE SQL, MCSE SharePoint
  2. 2. Sprecher: Lars Platzdasch Twitter @LarsPlatzdasch Xing /Lars_Platzdasch LinkedIn LarsPlatzdasch Web www.platzdasch.de www.3perspektiven.de MCT: SQL, SharePoint, .net MCSE: SQL Server Data Platform MCSE: SharePoint MCITP: SharePoint 2010, Administrator MCITP: SharePoint 2010, Developer Microsoft Certified Application Developer: .NET Certified Ethical Hacker (CEH) - EC-Council platzdasch netConsult GmbH & Co. KG | ISV 24/7 Support für SQL / SharePoint 3 Perspektiven GmbH | MBS 22 IT, 21 Jahre SQL Server, 14 Jahre SharePoint Gold
  3. 3. About the Audience • DBAs • Developers • SQL AlwaysOn Availability Groups Experience? • System Administrators • Azure Lovers ;-) • and …
  4. 4. The Plan 1. High Level Comparison to SQL Server 2. Most Important Slide about the differences 3. Drill into random interesting capabilities 4. Securing 5. Some demos 6. Tips for Iaas
  5. 5. Hosting Choices for SQL
  6. 6. Azure SQL DB is SQL Server Except… Common SQL Server “Just change the connection string…” https://azure.microsoft.com/en-us/documentation/articles/sql-database-transact-sql-information/ Additional information on Differences: Azure SQL DB
  7. 7. Demos • Demo: Meet the Portal (portal.azure.com) • Demo: Create a SQL Database .
  8. 8. What’s the Same 1. Team 2. Core Code Base 3. Transact-SQL ▪ Yes, full support ▪ https://feedback.azure.com/ 4. Most of the features 5. Mature .
  9. 9. What’s Missing (or is it?) in Azure SQL DB Category 1: Takes a Different Approach ▪ Example: SQL Agent Category 2: On the way ▪ Network Support ▪ But in the works… Category 3: No plan (?) https://feedback.azure.com/ .
  10. 10. You access a DB DB is fully managed: High Availability, Backups, Patching Runs latest SQL Server version, based on Enterprise ed. New paradigm of databases and modern app building Different DB sizes: Basic (2GB, 5DTUs) to Premium (1TB, 4000DTUs DB availability SLA: 99.99% 4000DTUs .. Premium) Azure SQL Database SQL Server in Azure VM You access a VM with SQL Server You manage SQL Server and Windows: High Availability, Backups, Patching (automation available) You can run any SQL Server version and edition Full on-premises compatibility Different VM sizes: A0 (1 core, 1GB mem, 100GB) to G5 ( .. ) VM availability SLA: 99.95%: In practice SQL AlwaysOn provides higher availability (~99.99%) Reuse on-premises infrastructure (e.g. Active Directory) Differences :
  11. 11. SQL Server View on ‘Managed’ Azure SQL Database Low Control | Low Maintenance Shared Lowercost Dedicated Highercost High Control | High Maintenance Hybrid Physical Virtual PaaS SaaS IaaS On premises Off premises SQL Server Physical Machines SQL Server Private Cloud Virtualized Machines SQL Server in Azure VM Virtualized Machines Virtualized Databases Cloud
  12. 12. Manageability ( Azure SQL DB ) 1. Server Management so easy - not available! ▪ You control schema, indexes, users, etc. as usual ▪ PaaS model 2. 99.95% uptime SLA (one instance) 3. Geo-DR/FO/BC (Active/Passive) 4. Geo-Replication (Active/Active RO) 5. Backups, PiTR .
  13. 13. DMV Views (https://azure.microsoft.com/en-us/documentation/articles/sql-database-monitoring-with-dmvs/ ) DTU (https://docs.microsoft.com/de-de/azure/sql-database/sql-database-what-is-a-dtu ) eDTU ( elastic Pool DTU) Performance ( Azure DB ) . Data Throughput Unit
  14. 14. Data Throughput Unit ▪ http://dtucalculator.azurewebsites.net/ ▪ Demo: DTU definition https://azure.microsoft.com/en- us/documentation/articles/sql-database-service- tiers/#understanding-dtus
  15. 15. SQL / Space / DTU Pools Geo Repl Pricing ( Azure DB )
  16. 16. Pricing in Tiers and Pools ▪ Demo: Pricing options https://azure.microsoft.com/en-us/pricing/ ▪ https://azure.microsoft.com/en- us/documentation/articles/sql-database- service-tiers/
  17. 17. Securing SQL Azure “[Cloud security] is a shared responsibility between the customer and the cloud vendor.” Mark Russinovich, Microsoft Azure CTO https://www.rsaconference.com/writable/presentations/file_upload/exp-w01_assume- breach-an-inside-look-at-cloud-service-provider-security.pdf
  18. 18. A Cautionary Tale: Code SpaceS 1. DDoS 2. Ransom demand 3. Security breach noticed 4. Fighting back 5. Malicious destruction of assets 6. Security & Business #fail “Code Spaces has a full recovery plan that has been proven to work and is, in fact, practiced.” Data plane (data access) vs. mgmt/control plane (Portal, APIs, PowerShell)ELAPSEDTIME: 12HOURShttp://arstechnica.com/security/2014/06/aws-console-breach-leads-to-demise-of-service-with-proven-backup-plan/
  19. 19. Risk Mitigation Internet Exposed RDP or SSH Endpoints Network ACLs or Host-based Firewall; Strong passwords; VPN or SSH Tunnels Virtual Machine Missing Security Patches Keep Automatic Updates Enabled; Web Application Vulnerability Securing Azure Web Applications; Vulnerability scan/penetration test Weak Admin/Co-Admin Credentials Azure Multi-Factor Authentication; Subscription Management Certificate Unrestricted SQL Endpoint Azure SQL Firewall Storage Key Disclosure Manage Access to Storage Resources Insufficient Security Monitoring Azure Security and Log Management; Top Azure Risks Leading to Tenant Breach https://www.rsaconference.com/writable/presentations/file_upload/exp-w01_assume- breach-an-inside-look-at-cloud-service-provider-security.pdf
  20. 20. SSO for Built-In Services Use same AAD where makes sense across • Azure • Office 365 • Visual Studio Team Services • Windows 10 (Intune) • Azure SQL Database (!)
  21. 21. Prefer RBAC to Co-Admin • Co-Admin only option on Classic Portal • RBAC only available on portal.azure.com • New portal support not 100% • https://azure.microsoft.com/en-us/documentation/articles/role-based-access-built-in- roles/ • https://azure.microsoft.com/en-us/documentation/articles/role-based-access-control- configure/ RBAC : Role Based Access Control ( IAM )
  22. 22. 1. Always Encrypted 2. TDE, CLE 3. Data Masking 4. Auditing 5. Firewall Protecting Your SQL Database ( Demo )
  23. 23. Firewalls • SQL DB Server • Database Level: sp_set_firewall_rule • Or SSMS beim Login
  24. 24. Data Masking • Dynamic Data Masking: • https://azure.microsoft.com/en-us/documentation/articles/sql-database-dynamic-data-masking- get-started/ • Server-side
  25. 25. SQL DB Data Encryption Always Encrypted • Transparent Data Encryption • Server-side • Always Encrypted: https://azure.microsoft.com/en- us/updates/public-preview-always-encrypted- for-azure-sql-database/ • Client-side
  26. 26. • GEO-REPL Backup / Point In Time Recovery Disaster Recovery and Business Continuity
  27. 27. SQL Server Iaas
  28. 28. Some Best Practices (Azure Iaas) • Start the deployment with Lower Specification. • Use DS Series VMs and User Premium storage for higher throughput • Disable geo-redundant storage on the storage accounts. • Enable read caching on the disks hosting the data files and TempDB. • Disable caching on the logs disk. • Strip multiple disks to achieve higher IOPs. • Move all databases to separate disks. (Not in OS disks) • Disable autogrow • Enable instant file initialization for data files.
  29. 29. • • • • Blue or Red? Azure SQL Database SQL Server in Azure VM
  30. 30. Resources • Pass or Iaas https://docs.microsoft.com/en-us/azure/sql- database/sql-database-paas-vs-sql-server-iaas
  31. 31. Q & A Vielen Dank für eure Zeit. @LarsPlatzdasch http://blog.platzdasch.de

×