sql azure
DESCRIPTION
TRANSCRIPT
![Page 1: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/1.jpg)
SQL Azure
Yves Goeleven
![Page 2: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/2.jpg)
Yves Goeleven• Solution Architect @ Capgemini• Board Member Azug.be• [email protected]• www.goeleven.com• Twitter.com/YvesGoeleven• Facebook• Linkedin
Architecture, Design, Best Practices in Enterprise and Cloud environments
![Page 3: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/3.jpg)
Agenda• Introduction to SQL Azure• SQL Azure Architecture• Availability features• Scalability considerations• Security measures• Wrap up
![Page 4: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/4.jpg)
Introduction to SQL Azure
![Page 5: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/5.jpg)
Introduction
Highly scaled out relational database as a service
• A massively scaled• Multi-tenant relational database service • Built on commodity hardware
• Not database hosting
![Page 6: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/6.jpg)
Extending SQL Data Platform to Cloud
Browser
MSDatacenter
SOAP/RESTHTTP/S
SQL Azure Database (Windows Azure Compute)
Windows Azure Compute
T-SQL (TDS)
App Code(ASP.NET)
SQL Server Reporting Server
(on-premises)
Astoria/REST - EDMHTTP/S
- AD Federation (LiveId /.Net Svcs ACS)
SQL AzureDatabase
T-SQL (TDS)
High-Level Features Self-provisioning and capacity on demand Automatic high-availability Automated management (infrastructure) Symmetry with on-premises platform Simple, flexible pricing model – pay for
what you use New, differentiated capabilities…
Web & Departmental Applications SaaS ISVs (SMB) Enterprise SIs
& Internal MS Properties
Key differentiator for SQL Server platform
![Page 7: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/7.jpg)
Service Provisioning Model• Each account has zero or more servers
– Azure wide, provisioned in a common portal– Billing instrument
• Each server has one or more databases– Contains metadata about the databases– Unit of authentication– Unit of Geo-location
• Each database has standard SQL objects– Unit of consistency– Contains users, tables, views, indices, etc…
Account
Server
Database
![Page 8: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/8.jpg)
Compatibility• Support common application patterns• Logical/policy based administration• Patterns work for SQL Azure and SQL Server• Multi-tenancy considerations
– Throttling and load balancing– Limits on DB size, duration of transaction, etc
Version 1: Address the needs of 95% or more web and departmental application
![Page 9: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/9.jpg)
CompatibilityIncluded in version 1
• Tables, indexes and views• Stored Procedures• Triggers• Constraints• Table variables,
session temp tables (#t)• …
Out of Scope for version 1
• Distributed Transactions• Distributed Query• CLR• Service Broker• Spatial• Physical server or catalog DDL and views
![Page 10: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/10.jpg)
DEMO : A lap around SQL Azure
![Page 11: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/11.jpg)
SQL Azure Architecture
![Page 12: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/12.jpg)
TopologyApplication
InternetAzure Cloud
Loadbalancer
TDS (tcp)
TDS (tcp)
TDS (tcp)
Applications use standard SQL client libraries: ODBC, ADO.Net, PHP, …
Load balancer forwards ‘sticky’ sessions to TDS protocol tier
Security Boundary
SQL SQL SQL SQL SQLSQL
Gateway Gateway Gateway Gateway Gateway Gateway
Gateway: TDS protocol gateway, enforces AUTHN/AUTHZ policy; proxy to CloudDB
Scalability and Availability: Fabric, Failover, Replication, and Load balancing
![Page 13: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/13.jpg)
Gateway• TDS Listener
– Capability negotiation– TDS Packet inspection– Security
• Logical->Physical mapping via metadata catalog• Enabler for multi-tenant capabilities
– Metrics– Billing
• Isolation layer– Security
![Page 14: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/14.jpg)
Gateway
Gateway Process
TDS EndpointAdmin Service
EndpointProtocol ParserProvisioning Endpoint
Business Logic Services
Connection Management
![Page 15: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/15.jpg)
Windows Azure Fabric
Switches
Highly-availableFabric Controller
Out-of-band communication – hardware control In-band communication
– software control
WS08 Hypervisor
VMVM
VM
Control VM
Service RolesControl
Agent
WS08
Node can be a VM or a physical machine
Load-balancers
![Page 16: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/16.jpg)
Fabric Controller
“What” is needed
Make it happen
Fabric
SwitchesLoad-balancers
Fabric Controller
• Fabric Controller (FC) – Maps declarative service
specifications to available resources
– Manages service life cycle starting from bare metal
– Maintains system health and satisfies SLA
• What’s special about it– Enables utility-model
shared fabric– Automates hardware
management
![Page 17: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/17.jpg)
Fabric Controller• Owns all the data center hardware• Uses the inventory to host services
– Similar to what a per machine operating system does with applications
• Provisions the hardware as necessary• Maintains the health of the hardware• Deploys applications to free resources• Maintains the health of those applications
![Page 18: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/18.jpg)
Availability Features
![Page 19: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/19.jpg)
Replication
Replica 1
Replica 2
Replica 3
DB
Single Logical Database Multiple Replicas
Single Primary
![Page 20: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/20.jpg)
Service Resilience• Provisioning
– State machines used to coordinate activities across node (and datacenter) boundaries
– Failed provisioning attempts cleaned automatically after 10 minutes
• Login– Failovers during the login will be transparent (<30
seconds)– Metadata catalog refresh occurs automatically
• Active Session– Surface as connection drops (due to state)
![Page 21: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/21.jpg)
Health Monitoring• Metrics
– Cluster wide performance counters gather key metrics on the service
– Used to alert Operations to issues before they become a problem• Early warning system• Code issues• Capacity warnings
• Health– Exercises the service routinely looking for problems– When issues are encountered runs deep diagnostics
• Network connectivity at the node level• Validate all dependent services (Live DNS, Live ID, etc)
• Monitoring from other MSFT Data Center’s– Validates accessibility from multiple geographic locations– Alerts fired automatically when test jobs fail
![Page 22: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/22.jpg)
Scalability Considerations
![Page 23: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/23.jpg)
A hint from the Business ModelDatabase
Availability
Database will be available/reachable, external connectivity
Proper requests will be processed successfully
> 99.9%
World-wide presence in CY’09: Asia Pacific, EMEA, North America (2)Additional data centers scheduled for 1H CY’10
Business Edition10 GB DB space
$99.99
+ BW
Web Edition1 GB DB space
$9.99Additional 5% promotional discount available to partners
(Except storage and bandwidth)
Introductory Offer (promotion)• Free developer starter offer• Limit one per customer
Standard Consumption Offer• Optimized for cloud elasticity
Subscription Offers (promotion)• Predictable and discounted price
MSDN Premium Offer (promotion)• Available to MSDN Premium subscribers• Limit one per subscription
Low barrier to entry and flexible. Optimized to enable cloud elasticity. Additional promo and program offers
to drive early adoption
Standard
Consumption
All usage at standard rates No limit in the number of
subscriptionsCharged only for what you use
Initial Offers
![Page 24: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/24.jpg)
Database sharding• “Shared-nothing” partitioning scheme• Partition large database
– in multiple small databases– Think of broken glass
• Use parallel fan-out queries– To obtain data– Map-Reduce pattern
![Page 25: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/25.jpg)
Security Measures
![Page 26: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/26.jpg)
Security Model• Uses regular SQL security model
– Authenticate logins, map to users and roles– Authorize users and roles to SQL objects
• Limited to standard SQL Auth logins– Username + password
• Future AD Federation, WLID, etc as alternate authentication protocols
Security model is 100% compatible with on-premise SQL
![Page 27: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/27.jpg)
Differences for administration roles• Master database is effectively ‘read only’• Administration roles have permission for
• CREATE/DROP database • CREATE/DROP/ALTER login• GRANT/REVOKE rights
![Page 28: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/28.jpg)
Network Access Control
• Each server defines a set of firewall rules– Determines access policy based on client IP– By default, there is NO ACCESS to server
• Controlled using Firewall API (masterDB)– sys.firewall_rules, sys.sp_merge_firewall_rule and
sys.sp_delete_firewall_rule
ID Name Start IP End IP Create Modify
1 Office 12.1.2.0 12.1.2.255 2009-09-18 … 2009-09-18 …
2 Home 12.2.2.5 12.2.2.5 2009-09-20 … 2009-09-21 …
![Page 29: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/29.jpg)
More Security Measures• Service
– Secure channel required (SSL)– Denial Of Service trend tracking– Packet Inspection
• Server – IP allow list (Firewall) – Idle connection culling– Generated server names
• Database– Disallow the most commonly attacked user id’s (SA,
Admin, root, guest, etc) – Standard SQL Authentication / Authorization mode
![Page 30: Sql Azure](https://reader034.vdocuments.net/reader034/viewer/2022042813/5452c1f8af7959ed5f8b6caf/html5/thumbnails/30.jpg)
Questions