DAT329 SQL Server 2005 (code named “Yukon”): A Platform For Web Services Srik Raghavan Microsoft Corporation

AgendaAgenda Statement of Vision - Goals Architecture Request/Response format SecurityPerformance SQLXML comparison Best Practices Questions

Vision Statement Provide an open “standards” based mechanism to access SQL Server Outreach Ubiquitous data access Interoperability Based on standards such as HTTP, SOAP 1.1 and 1.2, XSD and WSDL 1.1. Comply with latest Web Services Specifications as applicable Outreach Ubiquitous data access Interoperability Based on standards such as HTTP, SOAP 1.1 and 1.2, XSD and WSDL 1.1. Comply with latest Web Services Specifications as applicable

SQL Server Access Protocols TDS/TCPNamedPipesTDS/TCPNamedPipesODBC, OLE DB, Ado.NetODBC, Ado.Net SQL SERVER SOAP/HTTPSOAP/HTTP SQL XML IIS IIS Unix Client

Platform Requirements Windows Server 2003, Windows XP SP2 Kernel Mode Http.Sys support No requirement for IIS

SQL SERVER Architecture Diagram RPC Access Batch Access WSDL request EndpointEndpoint StoredProcedureStoredProcedure WSDLGeneratorWSDLGenerator

Endpoints Example An endpoint has a name A set of options for transport (HTTP) – the URL A set of options for the payload (SOAP) - methods callable at that URL create endpoint Demo as HTTP ( as HTTP ( authentication = ( integrated ), authentication = ( integrated ), path = '/sql/demo', ports = ( clear), path = '/sql/demo', ports = ( clear), state = started state = started) for soap ( webmethod webmethod ' stproc1‘ ' stproc1‘ (name = demodb.dbo.testproc1), (name = demodb.dbo.testproc1), batches = enabled, batches = enabled, wsdl = default wsdl = default)

Endpoints – Security Model Authentication Types Basic, Digest, Integrated (NTLM, Kerberos) SQL Auth (WsSecurity Username token ) Prevent credentials from being sent in the clear Enforce SSL when using BASIC or LOGIN_TYPE = MIXED IP Filtering

WSDL Request Describes the application (services) that endpoint exposes Request for WSDL

Create Endpoint, Request WSDL

WSDL - Support Dynamic generation WSDL – Out of the Box Support Complex Rich type description for parameters and results using XSD complex types Simple Minimal description Increased interoperability Extensible – use custom stored procedure WSDL=sp_name

Custom WSDL Architecture WSDL QueryString Invoke Custom WSDL Proc Invoke Custom WSDL Proc Generate Output TransformTransform Invoke Internal WSDL Generator Invoke Internal WSDL Generator SQL SERVER OutputOutput

Custom WSDL Generator

SOAP Request - Batch SELECT EmployeeID, LoginID, Gender FROM Employee Where ; SELECT EmployeeID, LoginID, Gender FROM Employee Where ;</BatchCommands> <Parameters> 1 1 </SqlParameter> </Parameters></sqlbatch> Equivalent in TDS to Declaring parameters Invoking sp_executesql

SOAP- RPC Request <CustomerID>1</CustomerID></GetCustInfo> </soap:Envelope> Is similar to (over TDS, in a batch) EXEC demodb.dbo.GetCustInfo EXEC demodb.dbo.GetCustInfo <CustomerID>1</CustomerID></GetCustInfo> </soap:Envelope> Is similar to (over TDS, in a batch) EXEC demodb.dbo.GetCustInfo EXEC demodb.dbo.GetCustInfo

SOAP Responses User Defined Functions are simple For example, a return value of an nvarchar(100) is mapped to “string”, with max length facet as 100 Stored Procedures are harder No fixed schema for what it returns. Mapped to return an array of values No fixed schema for what it returns. Mapped to return an array of values SQL Batch return type is the same as a stored proc

SOAP Response ResultStream of SqlRowSet - output of SELECT … SqlXml – output of SELECT.. FOR XML SqlMessage – Error, Warning, Print messages SqlRowCount – Rows affected SqlResultCode – Return code for SP Errors/Faults

SOAP Headers Used in both requests and responses SESSIONS SQL Login credentials Parity with TDS Initial database ….

Session Support Sessions must be enabled on endpoint Conceptually similar to using cookies Sessions can span connections Sessions initiated and terminated through SOAP header Session timeout can be configured in endpoint and through initiate request

Session Request/Response <SOAP-ENV:Header xmlns:SOAP- ENV=” xmlns:SOAP- ENV=” xmlns:sqloptions=” rver/2001/12/SOAP/Options”> xmlns:sqloptions=” rver/2001/12/SOAP/Options”> </SOAP-ENV:Header><SOAP-ENV:Header xmlns:SOAP- ENV=” xmlns:SOAP- ENV=” xmlns:sqloptions=” rver/2001/12/SOAP/Options”> xmlns:sqloptions=” rver/2001/12/SOAP/Options”> </SOAP-ENV:Header> <SOAP-ENV:Header xmlns:SOAP- ENV=” xmlns:SOAP- ENV=” xmlns:sqloptions=” rver/2001/12/SOAP/Options”> xmlns:sqloptions=” rver/2001/12/SOAP/Options”> </SOAP-ENV:Header><SOAP-ENV:Header xmlns:SOAP- ENV=” xmlns:SOAP- ENV=” xmlns:sqloptions=” rver/2001/12/SOAP/Options”> xmlns:sqloptions=” rver/2001/12/SOAP/Options”> </SOAP-ENV:Header>

WS-Security Support Support WsSecurity Username token headers. Used for SQLAuth. Do not support Encryption and Signature from WS-Security spec.

WS-Security Header - SQL Auth <SOAP-ENV:Header> <wsse:Security xmlns:wsse= <wsse:Security xmlns:wsse= " soap.org/ws/2003/06/secext"> " soap.org/ws/2003/06/secext"> sqluser sqluser <wsse:Password Type= <wsse:Password Type= "wsse:PasswordText" >pass-word1 "wsse:PasswordText" >pass-word1 </SOAP-ENV:Header><SOAP-ENV:Header> <wsse:Security xmlns:wsse= <wsse:Security xmlns:wsse= " soap.org/ws/2003/06/secext"> " soap.org/ws/2003/06/secext"> sqluser sqluser <wsse:Password Type= <wsse:Password Type= "wsse:PasswordText" >pass-word1 "wsse:PasswordText" >pass-word1 </SOAP-ENV:Header>

Smart Clients Clients consume WSDL to generate proxy code In Microsoft® Visual Studio®.NET “Add Web Reference” Command line wsdl.exe For example… object[] sqlbatch(string BatchCommands, ref SqlParameter[] Parameters); ref SqlParameter[] Parameters); string testfunc1(string p1); object[] testproc1();

Result Format And Language Binding FORMAT = ALL_RESULTS Object [] o = myProcedure(params); FORMAT = ROWSETS_ONLY DataSet ds = myProcedure(myParam);

Smart Client And Perl Client

Security Features Secure By Default Who can create endpoints? Members of the sysadmin role Users granted CREATE ENDPOINT permission Who can connect to an endpoint? Members of sysadmin role, owner of endpoint, users granted CONNECT permission on the specific endpoint No Anonymous support for connecting to endpoints

Interoperability Testing WSI-BP Jbuilder 9 PerlGlue Axis 1.1 WASP VS.Net (RTM,Everett, Whidbey) Soap Toolkit 3.0

SQLXML Versus Native SOAP Complementary technologies SQLXML offers Templates (provides updateable views) Updategrams, Bulkload, Query strings in URL SOAP access offers No dependency on IIS ~%40 performance improvement over SQLXML Full support for parameterized Batch execution Dynamic WSDL

Best Practices - Security Deploy behind firewall/proxy/DMZ Do not open up port to the internet Provision endpoints for access by granting access to only principals who need access

Best Practices –App Arch. Use in heterogeneous environments Can connect to SQL using Perl Can be used as an alternative for Java Database Connectivity (JDBC) Do not use for applications characterized by real time highly concurrent access, with short duration transactions Do not use for Web farm type scale-out. Not a replacement for IIS

QuestionsQuestions

Visit the SQL Server 2005 website: Learn more about SQL Server 2005 at Tech  Ed Hands On Labs Rooms 6E and 6F 13 Hands On Labs Ask the Experts Track Cabanas located around CommNet Experts Available All Week Next Steps: SQL Server 2005 Exclusive Tech  Ed Offer! Receive Beta 2 of SQL Server 2005 Register for SQL Server 2005 Beta 2 at: Exclusive Tech  Ed Offer! Receive Beta 2 of SQL Server 2005 Register for SQL Server 2005 Beta 2 at:

SQL Server 2005: More Sessions DAT330 Tue 3.30 – 4.45 SQL Server 2005 (code named "Yukon"): Security Enhancements DAT329 Tue 5.00 – 6.15 SQL Server 2005 (code named "Yukon"): A Platform for Web Services DAT313 Wed 8.30 – 9.45 Introducing SQL Server 2005 (code named "Yukon") Data Transformation Services DAT377 Wed – Data mining in SQL Server 2000 and SQL Server 2005 (code named "Yukon") DAT317 Wed 2.00 – 3.15 SQL Server 2005 (code named "Yukon"): Setup and Deployment DAT318 Wed 3.45 – 5.00 SQL Server 2005 (code named "Yukon"):.NET Framework-Based Programming in the Database DAT323 Wed 5.30 – 6.45 SQL Server 2005 (code named "Yukon"): What's New in Replication DAT328 Thu 8.30 – 9.45 SQL Server 2005 (code named "Yukon"): Introduction to the Unified Dimensional Model in Analysis Services DATC15 Thu – Real Time Analytics: Bringing It All Together Using Analysis Services DAT321 Thu – SQL Server 2005 (code named "Yukon"): Management Tools DAT319 Thu 1.30 – 2.45 XML in the Database - the XML Data Type in SQL Server 2005 (code named "Yukon") DAT340 Thu 3.15 – 4.30 Applying and Targeting DTS in SQL Server 2005 (Code Named "Yukon") DAT324 Thu 5.00 – 6.15 SQL Server 2005 (code named "Yukon"): Backup and Restore Engine DAT322 Fri 9.00 – SQL Server 2005 (code named "Yukon"): SQL Server Management Object (SMO), Next Generation SQL-DMO DAT431 Fri – High Availability Technologies in SQL Server 2000 and SQL Server 2005 (code named "Yukon"): A Comparative Study DAT326 Fri – SQL Server 2005 (code named "Yukon"): Be More Efficient with T-SQL DAT325 Fri 1.00 – 2.15 SQL Server 2005 (code named "Yukon"): Using the Service Broker to Build Asynchronous, Queued Database Applications DAT327 Fri 2.45 – 4.00 SQL Server 2005 (code named "Yukon"): Inside XQuery

SQL Server Community sites List of newsgroups Locate Local User Groups Attend a free chat or web cast

Q1:Overall satisfaction with the session Q2:Usefulness of the information Q3:Presenter’s knowledge of the subject Q4:Presenter’s presentation skills Q5:Effectiveness of the presentation Please fill out a session evaluation on CommNet

© Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.