SQL Azure In this module- Learn how SQL lives in the cloud What are the differences How to migrate easily

Azure…Where’s my stuff? Local Storage Unstructured Blob Storage Tables Queues (NOT relational) BUT we want RELATIONAL! Hello SQL Azure…

History of SQL Server Departmental Server Local Server Enterprise Server Cloud Server Departmental Server Local Server – SQL CE, Express, etc. Enterprise Server – add SSIS, SSRS, etc. Around SQL 2000

A Server is not a Machine SQL Server A Machine SQL Azure Server A TDS Endpoint

How it Works Tools ODBC ADO.NET TDS SQL Azure Server Server Server Applications Tools How it Works ODBC ADO.NET TDS SQL Azure Server Connection Routing Billing Provisioning Server Server Server SQL Server SQL Server SQL Server SQL Azure Fabric SQL Azure Fabric SQL Azure Fabric

Set up a server... Browse to http://windows.azure.com

Create a database Also available at http://sqlazurelabs.com

Silverlight SQL Manager Basic database management facilities Create Tables, Views, & Stored Procedures Run Queries Manage database objects

Connecting with SSMS Get SSMS 2008 R2 at http://www.microsoft.com/express/Database/InstallOptions.aspx

Create SQL Azure database

Considerations... Application connectivity Compatibility Migration Administration & Security Price, Size and Edition Code Near vs. Code Far vs. Hybrid Partitioning, Sharding and Federation Backup and Replication

Connecting to SQL Azure SQL Azure connection strings follow normal SQL syntax Applications connect directly to a database “Initial Catalog = <db>” in connection string No support for context switching (no USE <db>) Some commands must be in their own batch Create/Alter/Drop Database & Create/Alter/Drop Login, & Create/Alter USER with FOR/FROM LOGIN Encryption security Set Encrypt = True, only SSL connections are supported TrustServerCertificate = False, avoid Man-In-The-Middle-Attack! Format of username for authentication: ADO.Net: Data Source=server.database.windows.net; User ID=user@server;Password=password;... Setup your firewall rules first!

SQL Azure Firewall IP Address-based access control for SQL Azure Internet IP Address-based access control for SQL Azure No IP authorized by default Configurable using the SQL Azure Portal Option to disable/enable access from applications hosted in Windows Azure Rather than using a REST API like the other Azure storage services, SQL Azure is accessed via Tabular Data Stream (TDS), the same protocol used by Microsoft SQL Server (operating over port TCP/1433). To help protect the data, the SQL Azure firewall prevents all access to your SQL Azure server until you specify which computers have permission. The firewall grants access based on the originating IP address of each request. Initially, all access to your SQL Azure server is blocked by the SQL Azure firewall; connection attempts originating from the Internet or Windows Azure will not be able to reach your SQL Azure server. In order to begin using your SQL Azure server, you must go to the SQL Azure Portal and specify one or more firewall settings that enable access to your SQL Azure server. Use the firewall settings to specify which IP address ranges from the Internet are allowed, and whether or not Windows Azure applications can attempt to connect to your SQL Azure server.

SQL Azure Compatibility Not Currently Supported Currently Supported Tables, indexes and views Stored Procedures Triggers Constraints Table variables, session temp tables (#t) Spatial types, HierarchyId Data Types Sparse Columns, Filestream Partitions Full-text indexes SQL-CLR Tables require clustered indexes

SQL Azure Security Traditional SQL Server vs SQL Azure SQL (native) authentication only, no Windows authentication Authorization based on database users and roles Adds login manager and dbmanager roles in Master DB to simulate relevant server roles Access via TDS + SSL on port TCP 1433 Native SQL Azure firewall for IP blocking No native encryption support SQL (native) and Windows Integrated authentication Authorization based on database users and roles Server roles such as serveradmin, securityadmin and dbcreator Access via TDS + SSL on port TCP 1433 Firewall and IP blocking using host firewall Support for native encryption (TDE) This slide shows the some of the similarities and differences between the SQL Server and the Azure SQL security capabilities. While Microsoft SQL Server supports Windows Integrated authentication, using Active Directory credentials for user login, SQL Azure Database supports only SQL Server Authentication. Windows Authentication (integrated security) is not supported.  Both Microsoft SQL Server and SQL Azure use the same authorization model, with users and roles created in each database and associated to the user logins. Microsoft SQL Server has fixed server-wide roles such as serveradmin, securityadmin and dbcreator. These roles do not exist in SQL Azure. Instead SQL Azure has a loginmanager role for creating logins and dbmanager role for creating and manage databases. These roles can only be assigned to users in the master database. Access to both SQL Server and SQL Azure happens on the wire using the same Tabular Data Stream (TDS) application layer protocol, protected using the Secure Sockets Layer (SSL) protocol, over TCP port 1433. Use of SSL is optional for Microsoft SQL Server and mandatory for SQL Azure. In SQL Server any IP address-based access control needs to be done at the host or network level, using a host firewall or a network firewall. SQL Azure has a built-in firewall that prevents all access to your SQL Azure server until the customer specifies which computers have permission. The firewall grants access based on the originating IP address of each request. SQL Server provides realtime encryption of the stored data at page level, using its Transparent Data Encryption (TDE) feature. Native encryption is currently not available for SQL Azure.

SQL Azure Security Authentication and Authorization Model SQL Azure uses the same familiar, proven authentication and authorization model used by Microsoft SQL Server. SQL Server Logins Database Users Database Roles Used to authenticate access at the server level Used to grant access at the database level Key point – SQL Azure uses the same familiar, proven authentication and authorization model used by Microsoft SQL server. Many databases contain sensitive data, so it is essential to carefully control access. This is especially important in a multi-tenant application that involves users from different customers who must be isolated from each other. SQL Azure provides the same set of security principals that are available in SQL Server with SQL Server Authentication. You can use these to authorize access and secure your data: SQL Server Logins: Used to authenticate access to SQL Azure at the server level. Database Users: Used to grant access to SQL Azure at the database level. Database Roles: Used to group users and grant access to SQL Azure at the database level. Used to group users and grant access at the database level 16

Authorization, Auditing and Encryption Support Database-level permission model in SQL Azure is same as on-premise SQL Server Logins associated to users in databases Users may be part of one or more database roles Permissions granted to roles or directly to users Auditing is not supported in the current version of SQL Azure No native encryption support (TDE) yet Azure requires SSL encryption and offers optional certificate validation connection string Encrypt=True;TrustServerCertificate=False Managing security at the database-level in SQL Azure is almost identical to Microsoft SQL Server, with differences only in the parameters available. The database-level permission model in SQL Azure is same as an on-premise instance of SQL Server: Logins associated to users in databases. Users may be part of one or more database roles. Permissions granted to roles or directly to users. Auditing feature is not supported in the current version of SQL Azure. SQL Azure does not currently support the Transparente Data Encryption (TDE) feature available in Microsoft SQL Server. SQL Azure forces SSL encryption with all client connections and hence data is secured over the wire. When defining the connection string to SQL Azure, developers should use the following parameters: Encrypt=True specifies that SSL must be used in the connection. TrustServerCertificate specifies whether encryption occurs if there is no verifiable server certificate. Setting the value to False forces the client to verify the validity of the certificate presented by SQL Azure.

Data-tier Application Component Future - DAC Deployment Profile Migration Options Generate Script Wizard Produce a SQL script compatible with SQL Azure, Schema and/or data SQL Server Migration Assistants (downloadable) MySQL, Oracle, Access, SQL Server... SQLAzureMW Useful for catching unsupported features in SQL Azure Moves data efficiently Unofficially supported Data-tier Application Component (DAC) New unit of deployment for T-SQL apps. Supports Install, Uninstall Contains developer intent as policies Data-tier Application Component Schema LOGICAL Tables, Views, Constraints, SProcs, UDFs, PHYSICAL Users, Logins, Indexes Future - DAC Deployment Profile Deployment Requirements, Management Policies, Failover Policies Unit of Deployment

Security model is compatible with on-premise SQL Uses regular SQL security model Authenticate logins, map to users and roles Authorize users and roles to SQL objects Support for standard SQL Auth logins Username + password Security model is compatible with on-premise SQL

Size Matters Web 5 GB Business 50 GB

Pricing SQL Azure Development Accelerator Core - $74.95 Edition Web Business Bandwidth Max 1 GB $9.99/month n/a $.10 in / $.15 out Asia $.30 in / $.45out Max 5 GB $49.95/month same Max 10 GB $99.99/month Max 20 GB $199.98/month Max 30 GB $299.97/month Max 40 GB $399.96/month Max 50 GB $499.95/month TechEd 2010 Announcements - http://blogs.msdn.com/b/cbiyikoglu/archive/2010/06/10/pricing-for-the- new-large-sql-azure-databases-explained.aspx. SQL Azure Development Accelerator Core - $74.95 See http://www.microsoft.com/windowsazure/pricing/#sql for full price breakdown.

Scale-out with SQL Azure Today Elastic Provisioning of Databases CREATE DATABASE and go No VMs, no servers Pay-as-you-go business model Don’t need it --- DROP it Zero Physical Administration Built-in High Availability, patching, maintenance Database Copy, SQL Azure Data Sync

Sharding Pattern Linear scaling through database independence No need for distributed transactions in common cases Engineered partitioning Rather than complete transparency Local access for most Connection routing Query, transaction scoping Distributed access for some Fan-out expensive computation App

DOSO_Full_db CustomerAudit ProductImages LineItems ProductAvailability PurchaseOrders ShoppingCart OrderHistory Companies Orders Products Customers DOSO = Day Old Sushi Online

DOSO_Orders DOSO_Products Customers Orders Products Companies DOSO_Customers DOSO_Orders DOSO_Products Customers Orders Products Companies LineItems ProductAvailability CustomerAudit PurchaseOrders ProductImages ShoppingCart OrderHistory

DOSO_Customers_AK DOSO_Customers_LQ DOSO_Customers_RZ OrderHistory Orders Products ProductAvailability LineItems PurchaseOrders Companies ProductImages CustomerAudit ShoppingCart DOSO_Customers_LQ Customers Orders Products Companies LineItems ProductAvailability CustomerAudit PurchaseOrders ProductImages ShoppingCart OrderHistory DOSO_Customers_RZ Customers Orders Products Companies LineItems ProductAvailability CustomerAudit PurchaseOrders ProductImages ShoppingCart OrderHistory

SQL Azure Federations: Concepts Represents the data being sharded Federation Key The value that determines the routing of a piece of data Atomic Unit All rows with the same federation key value: always together! Federation Member (aka Shard) A physical container for a range of atomic units Federation Root The database that houses federation directory Root Federation “CustData” (Federation Key: CustID) Member: [min, 100) AU PK=5 AU PK=25 AU PK=35 Member: [100, 488) AU PK=105 AU PK=235 AU PK=365 Member: [488, max) AU PK=555 AU PK=2545 AU PK=3565

Federation “Orders_Fed” (Federation Key: CustID) Creating the schema SalesDB Federated tables CREATE TABLE orders (…) FEDERATE ON (customerId) Federation key must be in all unique indices Part of the primary key Value of federation key will determine the member Reference tables CREATE TABLE zipcodes (…) Absence of FEDERATE ON indicates reference Centralized tables Create in root database Products Federation “Orders_Fed” (Federation Key: CustID) Member: [min, max) orders zipcode

Backups Two dangers: Disaster Recovery, and Bob the SQL Builder No current built in backup features High priority for next version Must provide own approach Code that moves data to another SQL location Export to file Perhaps BCP or SSIS

Database Copy Makes a transactional copy of your database to a database with a new name on the same server, or to another server No downtime on the source database Transactional equivalent at the END of the copy Only works within the same datacenter Must have matching credentials on the servers Must have db_owner on source and dbmanager on destination

Database Copy To See progress: CREATE DATABASE destination_database_name AS COPY OF [source_server_name.]source_database_name To See progress: SELECT * FROM sys.dm_database_copies

SQL Azure Data Sync – Key Features Elastic Scale Service scales as resources requirements grow No-Code Sync Configuration Easily define data to be synchronized Schedule Sync Choose how often data is synchronized Conflict Handling Handle issues where same data is changed in multiple locations Logging and Monitoring Administration capabilities for tracking data and monitoring potential issues

On-Premises to Cloud Symmetry SQL Server to SQL Azure Sync SQL Azure Benefits Makes cloud extension rather than replacement Enables moving workload to cloud in stages preserving investment in existing infrastructure New scenarios spanning enterprise, cloud Sync

Extending Data to Retail and Remote Offices SQL Azure SQL Azure to SQL Server Sync Benefits Share data with remote and retail offices, bringing data closer to the end-users Lower latency – data access doesn’t require round trips Higher availability – app still runs if server is unreachable Reduced network utilization – most data access is local

Sync End to End Scenarios SQL Azure Data Sync CTP1 (Available now from http://azure.com) Offline Applications Sync Sync Sync Sync On-Premises Applications Sync Sync Sync SQL Azure Database Sync Sync Sync Microsoft Sync Framework 4.0 CTP available now! Retail & Remote Offices SQL Azure Data Sync CTP2 (Coming in near future) SQL Azure Data Sync http://azure.com

Summary SQL Azure IS SQL Server…a TDS endpoint Create DB’s and manage using what we already know Data Migration strategies to fit specific needs Considerations and futures paint exciting picture of what to expect looking forward

More Information General Guidelines & Limitations - http://msdn.microsoft.com/en-us/library/ee336245.aspx

Introduction to SQL Azure C:\WAPTK\Labs\IntroToSQLAzureVS2010 For exercise 4-> only need to do tasks 1, 2, and 5. For exercise 4, only need to do tasks 1, 2, and 5.