Policy Based Management: Introduction & implementation

Slides:



Advertisements
Similar presentations
Your Data Any Place, Any Time Manageability. SQL Server 2008 Manageability Challenges Challenges face database administrators today : Managing complex.
Advertisements

Module 12: Auditing SQL Server Environments
Week 6: Chapter 6 Agenda Automation of SQL Server tasks using: SQL Server Agent Scheduling Scripting Technologies.
Brian Alderman | MCT, CEO / Founder of MicroTechPoint Pete Harris | Microsoft Senior Content Publisher.
Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.
1 Introduction 2 SQL Server 2008 Policy-Based Management Central Management Servers Extending with Windows PowerShell.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Administering Your.
VMware vCenter Server Module 4.
Chapter 10.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Maintaining a Microsoft SQL Server 2008 Database SQLServer-Training.com.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
DONE-10: Adminserver Survival Tips Brian Bowman Product Manager, Data Management Group.
It is one of the techniques to create a stand by server. Introduced in SQL 2000,enhanced in It is a High Availability as well as Disaster recovery.
CSI-E Computer Security Investigator – Enterprise.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide.
Chokchai Junchey Microsoft Product Specialist Certified Technical Training Center.
Module 9 Authenticating and Authorizing Users. Module Overview Authenticating Connections to SQL Server Authorizing Logins to Access Databases Authorization.
Learningcomputer.com SQL Server 2008 – Administration, Maintenance and Job Automation.
A PRIMER FOR KEEPING YOUR ENVIRONMENT IN SHAPE. SQL Server 2008 Policy Based Management By Scott Abrants.
Triggers A Quick Reference and Summary BIT 275. Triggers SQL code permits you to access only one table for an INSERT, UPDATE, or DELETE statement. The.
Module 15 Monitoring SQL Server 2008 R2 with Alerts and Notifications.
SharePoint enhancements through SQL Server RSS integration with SharePoint What’s New Elimination of IIS
Clifford Dibble Program Manager Microsoft Corporation SESSION CODE: DAT208.
SQL School is strongly committed to provide COMPLETE PRACTICAL REALTIME Trainings on SQL Server Technologies – Dev, SQL DBA, MSBI (SSIS, SSAS, SSRS) and.
Module 6: Data Protection. Overview What does Data Protection include? Protecting data from unauthorized users and authorized users who are trying to.
SQL Server 2008 R2 Manageability. Challenges facing database administrators today: Scaling management to multiple data centers Proactively monitoring.
Alwayson Availability Groups
Central Management Server Managing Your SQL Server Environment 1.
SQL SERVER AUDITING. Jean Joseph DBA/Consultant Contact Info: Blog:
Feature Overview Oracle Explorer – browse and alter schema Wizards and Designers Automatic code generation PL/SQL Editor with IntelliSense Oracle Data.
WELCOME! SQL Server Security. Scott Gleason This is my 9 th Jacksonville SQL Saturday Over ten years DBA experience Director of Database Operations
AUDIT & ACCOUNTING + CONSULTING + TAX SERVICES + TECHNOLOGY I Postlethwaite & Netterville, A Professional Accounting Corporation Organizing.
Defense In Depth: Minimizing the Risk of SQL Injection
SQL Database Management
Policy Based Management
Building a Home Grown Auditing Infrastructure for SQL Server
SQL Server Security & Intrusion Prevention
Managing Windows Server 2012
Microsoft SQL Server 2014 for Oracle DBAs Module 8
Table spaces.
Working at a Small-to-Medium Business or ISP – Chapter 8
Achieve more in less time using the new SQL PowerShell
Outsourcing Database Administration
Chapter 5 : Designing Windows Server-Level Security Processes
6/16/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
DBA and IT Professional for ~9 years. Currently I am a Data Architect
Policy Based Management: Introduction & implementation
SQL Server Security For Everyone
Deploying and Configuring SSIS Packages
Contained DB? Did it do something wrong?
Common Security Mistakes
DevOps Database Administration
Auditing in SQL Server 2008 DBA-364-M
DevOps Database Administration
What’s new in SQL Server 2016 Availability Groups
Migrating your SQL Server Instance
dbatools - PowerShell and SQL Server Working Together
SQL Azure Database – No CDC, No Problem!
Lesson 16-Windows NT Security Issues
Securing SQL Server Processes with Certificates
DBA for ~4+years, IT Professional for 7.5 years.
Outsourcing Database Administration
BACHELOR’S THESIS DEFENSE
Andrew Fryer Microsoft UK
Governing Your Enterprise with Policy-Based Management
Presentation transcript:

Policy Based Management: Introduction & implementation Done! With Ryan Brickey

Done!

Who is this guy? Ryan Brickey Networking SQL Saturday speaker MCITP: SQL Server Database Administrator 2008 (since 2012) Wells Fargo: Database Analyst (2013 – present) SQL Sentry: Software Support Engineer (2010 – 2013) Living Well Health Solutions: Data Analyst (2007 – 2010) Networking SQLBrickey http://www.linkedin.com/in/ryanbrickey/ http://mindofadba.blogspot.com/ Done!

What are we going to look at What is Policy-Based Management My business case for using with Policy-Based Management Benefits Terms and concepts Scenario breakdowns DEMO Implementation architecture Recap / Questions Resources Done!

Before we start….. How many people have never used Policy-Based Management? Who is currently using Policy-Based Management in some way?

What is Policy-Based Management The ability to evaluate policies (rules) against SQL Server instance(s) in an environment When was it introduced? SQL Server 2008 Can be created via GUI / T-SQL

My Business case for using policies Why did I start using policies? Annual SQL Server policy updates New servers coming online that needed to comply with policies Audit-Prep How did I get started? Trial and error PASS Summit Blogs – links included at the end Done!

Benefits of Policies based mgmt. Compliance / Audit Prep Consistent Implementation Removes tribal knowledge Cost / Time Great Performance Review / Bonus / Raise

Key Terms & Concepts Facet: Set of logical properties which can be evaluated Condition: Expression that sets or compares a facet to a value Policy: Evaluates configured condition(s) in an environment Evaluation modes: On Demand – Ad-Hoc On Schedule – Scheduled through Agent job On Change: Prevent DDL events ONLY Requires the enabled nested triggers feature on SQL Server On Change: Log only On Demand > ad-hoc / On Schedule > agent job / On Change: Prevent > DDL trigger / On Change: Log > Event Notifications Policy must include: name / target / facet / condition / eval mode

Scenario - 1 We want to audit all servers to make sure that the SA account is disabled. Policy: Confirm that the ‘SA’ account is disabled by comparing the Login = ‘SA’ condition to the Login Option – IsDisabled = True condition Condition: Login – Name = ‘SA Login Option – IsDisabled = True Facet: Login Login Options On Demand > ad-hoc / On Schedule > agent job / On Change: Prevent > DDL trigger / On Change: Log > Event Notifications Policy must include: name / target / facet / condition / eval mode

Scenario - 1 We want to audit all servers to make sure that the SA account is disabled. Policy: Confirm that the account is disabled Condition: Login = ‘SA; Login Option = Disabled Facet: Login Login Options On Demand > ad-hoc / On Schedule > agent job / On Change: Prevent > DDL trigger / On Change: Log > Event Notifications Policy must include: name / target / facet / condition / eval mode

Scenario - 1 We want to audit all servers to make sure that the SA account is disabled. Policy: Confirm that the account is disabled Condition: Login = ‘SA; Login Option = Disabled Facet: Login Login Options On Demand > ad-hoc / On Schedule > agent job / On Change: Prevent > DDL trigger / On Change: Log > Event Notifications Policy must include: name / target / facet / condition / eval mode

Scenario - 1 We want to audit all servers to make sure that the SA account is disabled. Policy: Confirm that the account is disabled Condition: Login = ‘SA; Login Option = Disabled Facet: Login Login Options On Demand > ad-hoc / On Schedule > agent job / On Change: Prevent > DDL trigger / On Change: Log > Event Notifications Policy must include: name / target / facet / condition / eval mode

Scenario - 1 We want to audit all servers to make sure that the SA account is disabled. Policy: Confirm that the account is disabled Condition: Login = ‘SA; Login Option = Disabled Facet: Login Login Options On Demand > ad-hoc / On Schedule > agent job / On Change: Prevent > DDL trigger / On Change: Log > Event Notifications Policy must include: name / target / facet / condition / eval mode

Scenario - 1 We want to audit all servers to make sure that the SA account is disabled. Policy: Confirm that the account is disabled Condition: Login = ‘SA; Login Option = Disabled Facet: Login Login Options On Demand > ad-hoc / On Schedule > agent job / On Change: Prevent > DDL trigger / On Change: Log > Event Notifications Policy must include: name / target / facet / condition / eval mode

Scenario - 1 We want to audit all servers to make sure that the SA account is disabled. Policy: Confirm that the account is disabled Condition: Login = ‘SA; Login Option = Disabled Facet: Login Login Options On Demand > ad-hoc / On Schedule > agent job / On Change: Prevent > DDL trigger / On Change: Log > Event Notifications Policy must include: name / target / facet / condition / eval mode

Scenario - 2 Due to performance concerns we must ensure that Auto-Shrink is disabled. Policy: Verify Auto-Shrink is disabled against all databases Condition: Auto-Shrink = False Facet: Database On Demand > ad-hoc / On Schedule > agent job / On Change: Prevent > DDL trigger / On Change: Log > Event Notifications Policy must include: name / target / facet / condition / eval mode

Scenario - 3 New naming convention to use RPT schema to qualify all reporting stored procedures and remove ‘rpt%’ from the names. Policy: Verify that no current stored procedures begin with ‘rpt’ and no NEW stored procedures begin with ‘rpt’ Condition: Procedure names are not like ‘rpt%’ Facet: Stored Procedure USE [RVS_VIP] GO CREATE PROCEDURE [dbo].[rpt_TestPolicy] AS BEGIN SET NOCOUNT ON; select * FROM MIDE.APPR WHERE APPR_RCV_DT >= GETDATE()-30 END

USE [RVS_VIP] GO CREATE PROCEDURE [dbo].[rpt_TestPolicy] AS BEGIN SET NOCOUNT ON; select * FROM MIDE.APPR WHERE APPR_RCV_DT >= GETDATE()-30 END

Implementation Architecture Locally Managed Policies Allows for policies specific to the server hosting it Supports evaluation modes: On Demand; On Schedule, On Change – Prevent; and On Change - Log only Central Management Server (CMS) Leverages registered servers Offers ability to evaluate multiple servers at once Provides central location for all policies Supports evaluation mode: On Demand

Implementation Architecture Locally Managed Policies On Demand SSMS > Object Explorer

Implementation Architecture Locally Managed Policies On Demand SSMS > Object Explorer On Schedule Policy Properties

Implementation Architecture Locally Managed Policies On Demand SSMS > Object Explorer On Schedule Policy Properties On Change: Prevent On Change: Log Only

Implementation Architecture Central Management Server (CMS) On Demand – All registered servers SSMS > Registered Servers

USE [RVS_VIP] GO CREATE PROCEDURE [dbo].[rpt_TestPolicy] AS BEGIN SET NOCOUNT ON; select * FROM MIDE.APPR WHERE APPR_RCV_DT >= GETDATE()-30 END

Potential policies & Uses Auto Shrink Disabled Authentication Mode SQL Password Expiration SQL Password Policy Guest Permissions Last Backup Time Enforce Naming Convention Database Compatibility Level Database Encryption Is Trustworthy Option Login Auditing Database Mail Enabled Extended Stored Procedures Disabled Backup Compression Agent jobs have notification on failure Monitor SQL Agent Jobs Leveraging PowerShell to Schedule OnDemand Evlauations against CMS registered groups!!!

Links/Scripts Books Online: http://msdn.microsoft.com/en-us/library/bb510667.aspx http://blogs.msdn.com/b/sqlpbm/ Jens Suessmeyer http://blogs.msdn.com/b/jenss/archive/2009/04/18/getting-a-list-of-all-facets-and-its-properties.aspx Colin Stasuik: Author: Pro SQL Server Policy Based Management Twitter: @ColinStasiuk http://benchmarkitconsulting.com/ Ryan Adams http://www.ryanjadams.com/ Policy-Based Management White Paper (http://www.ryanjadams.com/2014/04/policy-based-management-white-paper/#axzz34GR4BaDi) CMS White Paper (http://www.ryanjadams.com/2014/04/central-management-server-white-paper/#axzz34GQwozzW) Enterprise Policy Management http://epmframework.codeplex.com/

Thanks Everyone slide deck is available on SQLSaturday Thanks Everyone slide deck is available on SQLSaturday.com & Please complete a survey 10th chair

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.