How to Take Advantage of Contained Databases in SQL Server 2012 Steve Jones SQLServerCentral Red Gate Software.

Slides:

Advertisements

Similar presentations

Advantage Data Dictionary. agenda Creating and Managing Data Dictionaries –Tables, Indexes, Fields, and Triggers –Defining Referential Integrity –Defining.

Advertisements

Chapter 9 Security. Endpoints  A SQL Server endpoint is the point of entering into SQL Server.  It is implemented as a database object that defines.

Backup The flip side of recovery. Types of Failures Transaction failure –Transaction must be aborted System failure –Hardware or software problem resulting.

BUSINESS DRIVEN TECHNOLOGY

Oracle Database Administration. Rana Almurshed 2 course objective After completing this course you should be able to: install, create and administrate.

Agenda Model migration vs MDS upgrade Model migration overview Model migration – how does it work? Model package Demo.

AGENDA Tools used in SQL Server 2000 Graphical BOL Enterprise Manager Service Manager CLI Query Analyzer OSQL BCP.

How to Manage Unstructured SQL Server Data Steve Jones SQLServerCentral Red Gate Software.

Sql Server Advanced Features MIS 424 Professor Sandvig.

Manage & Configure SQL Database on the Cloud Haishi Bai Technical Evangelist Microsoft.

D ATABASE A DMINISTRATION ITEC 450 Fall 2012 Instructor: Dr. Rama Gudhe.

1 Chapter Overview Creating a User Database Setting Database Options Managing User Database Size Placing Database Files on Multiple Disks.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Microsoft SQL Server 2008 Installation Guide Omer Alrwais.

Migrating Business Apps to Windows Azure Marc Müller Principal Consultant, 4tecture GmbH

Today’s Objectives Chapters 10 and 11 Security in SQL Server –Manage server logins and database users. –Manage server-level, database-level, and application.

Virtual techdays INDIA │ august 2010 SQL Azure – Tips and Tricks Ramaprasanna Chellamuthu │ Developer Evangelist, Microsoft.

Windows Azure Conference 2014 Deploy your Java workloads on Windows Azure.

Course Topics Administering SQL Server 2012 Jump Start 01 | Install and Configure SQL Server04 | Manage Data 02 | Maintain Instances and Databases05 |

Security David Frommer Principal Architect Business Intelligence Microsoft Partner of the Year 2005 & 2007.

1 SQL Server 2000 Administration Kashef Mughal MSB.

Chokchai Junchey Microsoft Product Specialist Certified Technical Training Center.

MICROSOFT SQL SERVER 2005 SECURITY  Special Purpose Logins and Users  SQL Server 2005 Authentication Modes  Permissions  Roles  Managing Server Logins.

Module 4: Managing Security. Overview Implementing an Authentication Mode Assigning Login Accounts to Users and Roles Assigning Permissions to Users and.

From Virtualization Management to Private Cloud with SCVMM 2012 Dan Stolts Sr. IT Pro Evangelist Microsoft Corporation

Learningcomputer.com SQL Server 2008 – Administration, Maintenance and Job Automation.

Module 14 Configuring Security for SQL Server Agent.

October 1-2 Ølensvåg. AppFrame SQL – Security Session Code: SQL-201-Security Speaker(s): Jekaterina Golouchova.

SQL Azure Intro and What’s New Level: Introductory to Intermediate Andy Thiru SQL/BI Developer.

By Wayne Sibley Information Engineering Technology University of Cincinnati College of Applied Science.

Storing Organizational Information - Databases

Module 10 Assigning Server and Database Roles. Module Overview Working with Server Roles Working with Fixed Database Roles Creating User-defined Database.

1 Chapter Overview Preparing to Upgrade Performing a Version Upgrade from Microsoft SQL Server 7.0 Performing an Online Database Upgrade from SQL Server.

Securing SQL Server 2005 Anil Desai. Speaker Information Anil Desai –Independent consultant (Austin, TX) –Author of several SQL Server books –Instructor,

Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.

ADO.NET AND STORED PROCEDURES - Swetha Kulkarni. RDBMS ADO.NET Provider  SqlClient  OracleClient  OleDb  ODBC  SqlServerCE System.Data.SqlClient.

INTRO TO SQL SERVER SECURITY By Robert Biddle

BSG Group - Dau Anh Trong1 Introduction about MS SQL Server 2005.

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

Esri UC 2014 | Technical Workshop | Administering Your Microsoft SQL Server Geodatabase Shannon Shields Chet Dobbins.

® IBM Software Group ©IBM Corporation IBM Information Server Architecture Overview.

SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.

1 Chapter Overview Granting Database-Specific Permissions Using Application Roles Designing an Access and Permissions Strategy.

Endpoints Lesson 17. Skills Matrix Endpoints Endpoints provide a reliable, securable, scalable messaging system that enables SQL Server to communicate.

SQL Server Security Basics Starting with a good foundation Kenneth Fisher

Log Shipping, Mirroring, Replication and Clustering Which should I use? That depends on a few questions we must ask the user. We will go over these questions.

Introduction to SQL Server  Working with MS SQL Server and SQL Server Management Studio.

Introduction to SQL Server for Windows Administrators Presented to WiNSUG 02/05/09 Bret Stateham Owner, Net Connex Blogs.netconnex.com.

Introduction to MySQL  Working with MySQL and MySQL Workbench.

SQL Server Security The Low Hanging Fruit. Lindsay Clark Database Administrator at American Credit Acceptance

Putting Your Head in the Cloud Working with SQL Azure David Postlethwaite 19/09/2015David Postlethwaite.

End to End Always Encrypted in SQL Server 2016 Steve Jones SQLServerCentral Redgate Software.

Session Name Pelin ATICI SQL Premier Field Engineer.

WELCOME! SQL Server Security. Scott Gleason This is my 9 th Jacksonville SQL Saturday Over ten years DBA experience Director of Database Operations

SQL Database Management

Administrating a Database

Lead SQL BankofAmerica Blog: SQLHarry.com

Oracle Database Administration

SQL Server Security For Everyone

Contained DB? Did it do something wrong?

The Dirty Business of Auditing

SQL Server Security from the ground up

Migrating your SQL Server Instance

dbatools - PowerShell and SQL Server Working Together

Rick Negrin, Program Manager Adrian Bethune, Program Manager Microsoft

Mario…Take My Data To The Cloud!

Administrating a Database

SQL Server Assessment Results

SQL Server Security from the ground up

06 | SQL Server and the Cloud

Presentation transcript:

How to Take Advantage of Contained Databases in SQL Server 2012 Steve Jones SQLServerCentral Red Gate Software

Agenda What is a contained database? Contained Databases in SQL Server 2012 Looking Forward

Instance DB1 tables, views procedures users Databases in SQL Server DB1 tables, views procedures users DB1 tables, views procedures users

Instance Other RDBMS Platforms DB1 tables, views procedures users Instance DB1 tables, views procedures users Instance DB1 tables, views procedures users

Instance DB1 tables, views procedures users Databases in SQL Server DB1 User tables, views procedures users Logins Linked Servers Jobs Packages/Plans

DB1 tables, views procedures Contained Databases Databases in SQL Server DB1 tables, views procedures Logins Linked Servers Jobs Packages

Moving Databases When do we move database? – Testing – DR – Hardware upgrades – Scalability – Azure

Virtualization Moving VMs

Azure

Contained Database A contained database is a concept in which a database includes all the settings and metadata required to define the database and has no configuration dependencies on the instance of the SQL Server Database Engine where the database is installed. From Partially Contained Databases

Terms Application Boundary (Database Boundary) Contained Uncontained Application Model (Database Model) Management Model

SQL Server 2012 Partially contained databases – Users authenticate inside the database – Collation resolution – Can include non-contained objects – No replication – No Change Tracking – No CDC – No file activity (Filestream/FileTable) – Various other restrictions (see BOL)

SQL Server 2012 Create CDB Demo

Security User with password – Authentication Type = 2 – Password complexity rules apply on create/alter Windows Principal – No login in master

Security

Contained Databases Security Demo – Users – certficates

Migration set partial containment migrate users

Collation Collation conflicts between a user database and tempdb are handled Collation set when the batch begins Collation Demo

Partial Containment Issues sys.dm_db_uncontained_entities – DMV to find objects that are not contained. sys.dm_db_uncontained_entities Cdb_uncontained_usage Event – Xevent fired when an uncontained entity is used. (run-time) Collation – determined at batch start time. Can cause issues if you have USE statements. Duplicate logins RAISERROR/THROW

Containment Security Issues ALTER ANY USER (db_owner or db_securityadmin) users can create users without the server admin’s knowledge Guest accounts break containment. Contained users can exploit this. Sysadmin – never use initial catalog, always use server level authentication.

Containment Security Issues Dbcreator role – Can change containment status (possible users created without knowledge) Attaching databases does not check user passwords. Passwords stored in the CDB (dictionary attack issues)

The Future What might be coming – Linked servers – Service Broker – Maintenance Plans – Jobs – ?

The End Questions? Don’t forget to fill out your evaluations Resources at the end of the PPT Enjoy DevConnections

References Partially Contained Databases - us/library/ff929071%28v=SQL.110%29.aspxhttp://technet.microsoft.com/en- us/library/ff929071%28v=SQL.110%29.aspx Threats Against Contained Databases - us/library/ff929055%28v=sql.110%29.aspx sys.dm_db_uncontained_entities Contained Databases overview - denali-contained-databases.aspx denali-contained-databases.aspx Database Shuffle - shuffle.aspxhttp://blogs.msdn.com/b/isaac/archive/2011/04/20/the-database- shuffle.aspx Collation Hell - hell.aspx Features within the Application Model - us/library/ff929188%28v=SQL.110%29.aspxhttp://msdn.microsoft.com/en- us/library/ff929188%28v=SQL.110%29.aspx

References Features Outside of the Application Model - us/library/ff929118(v=sql.110).aspxhttp://msdn.microsoft.com/en- us/library/ff929118(v=sql.110).aspx authentication-introduction.aspx authentication-introduction.aspx authentication-in-depth.aspx authentication-in-depth.aspx authentication-monitoring-and-controlling-contained-users.aspx authentication-monitoring-and-controlling-contained-users.aspx authentication-how-to-control-which-databases-are-allowed-to-authenticate-users- using-logon-triggers.aspx authentication-how-to-control-which-databases-are-allowed-to-authenticate-users- using-logon-triggers.aspx Azure - file.ashx/__key/communityserver-wikis-components-files/ /2671.figure1.jpg

Images Sword - Knife - Login Logic - image.ashx/__size/550x0/__key/CommunityServer-Blogs-Components- WeblogFiles/ /8130.alg.jpghttp://blogs.msdn.com/resized- image.ashx/__size/550x0/__key/CommunityServer-Blogs-Components- WeblogFiles/ /8130.alg.jpg vMotion -