rohan joackhim pinnacle sports policy based management in sql server 2008
TRANSCRIPT
Rohan Joackhim Pinnacle Sports
Policy Based ManagementPolicy Based ManagementIn SQL Server 2008In SQL Server 2008
AgendaIntroduction to Policy Based
Management and terminology
Get to know the implementation process and what is under the hood.
Demonstrations of actual implementations
What ? Why ? What ? Why ? Who ?Who ?
What? It’s a management feature available in SQL Server2008. Database
administrators declare their administrative intent through policies that are then applied
by the system.
Why? Increased complexity in database environments today
Security Virtualization Larger Product Offering Proactive vs. Reactive “Do more with less” -- “Keeping it simple”
Who? Database Administrators Database & BI Developers System Administrators Developers
Solutions for problemsSolutions for problemsHave backups been completed?
Are we in compliance with security mandates?
Are we in compliance with best practices?
Are database management objects meeting schema and database generation requirements?
Basic Terminology
PolicyChecks or enforces the condition when fired
Conditions a property expression that evaluates to True or False; i.e. the state of a
Facet
Facets Predetermined set of database properties we are using to manage in
SQL Server 2008.There are 74 defined facets with different properties to create
conditions.
TargetAn object or entity that is managed by a Policy
Managed TargetEntities
SQL Engine, Database or Object (Table, view etc…) Hierarchal based. (targets within an instance). Set – Targets can have a defined set, such as schema.
What is a Facet ?What is a Facet ?
◦ Facets
Facets are stored in MSDB: syspolicy_management_facets (management_facet_id, name, execution_mode)
Predefined set of Facets. Based on properties of characteristics for specified
functionality. A target type can implement one or more management facets,
and a management facet can be implemented by one or more target types.
Facet availability are version (SQL Server) dependent.
What are Conditions ?What are Conditions ?Elements of a condition
Expression or BooleanBased on the attribute of the facet chosenCondition can be used for many policiesOnly one facet per condition
Property (of a facet)
Operator =, !=, Like, In, NotIn, NotLike, NotIn
ValueMultiple expressions can be used with and/or logicExpressions can be grouped
DescriptionOptional value
What are Policies ?What are Policies ?◦Elements of a policy
Enabled (yes, no) Check Condition (singular) Against Targets
Can define or use a defined condition to limit or specify Targets Evaluation Mode
On Demand On Schedule On Change : Log Only On Change : Prevent
Server Restriction Can define or use a defined condition
Category Create or Assign the category for the policy
Description Optional – Will display with error message when violated.
Pre defined policies C:\Program Files\microsoft sql server\100\Tools\Policies
Steps to implementSteps to implementSelect a Policy-Based Management facet that
contains the properties to be configured.
Define a condition that specifies the state of a management facet.
Define a policy that contains the condition, additional conditions that filter the target sets, and the evaluation mode.
Check whether an instance of SQL Server is in compliance with the policy.
What else important?What else important? Policy categories
Policy categories are user defined it can organize the policies for easy policy administration. A policy belongs to one and only one policy category.
Permissions Required to access PBM
Users who need to access policy based management should have PolicyAdministratorRole in MSDB database. Users in this role have complete privilege over all the policies exists. Users have privilege to create or edit policies and conditions, in addition to this they will be allowed to enable or disable the policies.
GoodGood Policy-Based Management provides much more control
over your database procedures as a DBA.
You will have the ability to implement your paper policies at the database level. Paper polices are great for defining database standards and guidelines. To strictly enforce them, you need to go over your database with a fine-toothed comb.
Policy-Based Management, lets you define your policies
and automate them assuring that they will be enforced.
BadBadPolicies can affect how some SQL Server
features work. For example, change data capture and transactional replication both use the systranschemas table, which does not have an index. If you enable a policy that all tables must have an index, enforcing compliance of the policy will cause these
features to fail.