Cloud first Speed Agility Proven Feedback
All of this results in a better on-premises SQL Server SQL Server 2016
PerformanceSecurityModern Availability & Scalability In-memory OLTP v2 Greater T-SQL surface area, terabytes of memory supported, and greater number of parallel logical processors Operational Analytics Insights on operational data; Works with in-memory OLTP and disk-based OLTP Query Store Monitor and optimize query plans Workload Insight Always encrypted Sensitive data remains encrypted at all times with ability to query Row-level security Apply fine-grained access control to table rows Dynamic data masking Real-time obfuscation of data to prevent unauthorized access Other enhancements Audit success/failure of database operations TDE support for storage of in- memory OLTP tables Enhanced auditing for OLTP with ability to track history of record changes Temporal database support Query data as points in time JSON Support Built-in JSON data support for modern web application Polybase Connect and query Hadoop data Machine Learning with R integration Enhanced AlwaysOn 3 synchronous replicas for auto failover across domains Round robin load balancing of replicas DTC for transactional integrity across database instances with AlwaysOn Stretch tables in Azure Hyperscale table into Azure database without application changes Support for Windows Server TB 16 Sockets Modern Mission Critical Platform
In-Memory Over 100x query speed and significant data compression with In-Memory ColumnStore Up to 30x faster transaction processing with In-Memory OLTP Faster Queries IN-MEMORY DW Faster Transactions IN-MEMORY OLTP
In-memory OLTP SQL Server Integration Same manageability, administration & development experience Integrated queries & transactions Integrated HA and backup/restore Main-Memory Optimized Optimized for in-memory data Indexes (hash and range) exist only in memory No buffer pool, B-trees Stream-based storage T-SQL Compiled to Machine Code T-SQL compiled to machine code via C code generator Invoking a procedure is just a DLL entry-point Aggressive compile-time Steadily declining memory price, NVRAM Many-core processors Stalling CPU clock rateTCO Hardware trends Business Hybrid engine and integrated experience High performance data operations Efficient business- logic processing Customer Benefits Architectural Pillars Drivers High Concurrency Multi-version optimistic concurrency control with full ACID support Core engine uses lock- free algorithms No lock manager, latches or spinlocks Frictionless scale- up
… C1 C2 C3 C5C4 Benefits: Improved compression: Data from same domain compress better Reduced I/O: Fetch only columns needed Improved Performance: More data fits in memory Data stored as rows Columnstore (index) Data stored as columns
Updatable NCCI In-Memory OLTP + Column-store Faster batch mode scans using CPU vector instructions Dynamic Aggregate pushdown PK/FK enforcement Offload Reporting to AlwaysOn Secondary Replica
SQL Server OLTP SQL Server data warehouse ETL In-memory ColumnStore In-memory OLTP Real-time fraud detection Fraud detected 2-24 hrs
Demo Column store
Find and fix plan regressions Identify top resource consumers De-risk SQL Server upgrade Deeply analyze workload patterns
Upgrade to SQL vNext Keep 110/120 CompatLevel Freeze plans (optional) Run Query Store (establish perf. baseline) Move to 130 CompatLevel and unfreeze plans Monitor perf. and fix regressions with plan forcing Query Store – Upgrade Made Easy
Demo Query Store
Prevents Data Disclosure Client-side encryption of sensitive data using keys that are never given to the database system. Queries on Encrypted Data Support for equality comparison, incl. join, group by and distinct operators. Application Transparency Minimal application changes via server and client library enhancements. Allows customers to securely store sensitive data outside of their trust boundary. Data remains protected from high-privileged, yet unauthorized users. Always Encrypted
How it Works Help protect data at rest and in motion, on-premises & cloud SQL Server or SQL Database ADO.NET Name Wayne Jefferson Name 0x19ca706fbd9a Result Set Client NameSSNCountry 0x19ca706fbd9a0x7ff654ae6dUSA dbo.Customers ciphertext "SELECT Name FROM Customers WHERE SSN 0x7ff654ae6d ciphertext "SELECT Name FROM Customers WHERE SSN " " Encrypted sensitive data and corresponding keys are never seen in plaintext in SQL Server trust boundary
Row level security Fine-grained Access Control Keeping multi-tenant databases secure by limiting access by other users who share the same tables. Application Transparency RLS works transparently at query time, no app changes needed. Compatible with RLS in other leading products. Centralized Security Logic Enforcement logic resides inside database and is schema-bound to the table it protects providing greater security. Reduced application maintenance and complexity. Targeting enterprise customers in finance, insurance, healthcare, oil/gas, … sectors
Database CREATE FUNCTION int) RETURNS TABLE WITH SCHEMABINDING AS return SELECT 1 as [fn_securitypredicate_result] FROM StaffDuties d INNER JOIN Employees e ON (d.EmpId = e.EmpId) WHERE e.UserSID = SUSER_SID() = d.Wing; CREATE SECURITY POLICY dbo.SecPol ADD FILTER PREDICATE dbo.fn_securitypredicate(Wing) ON Patients WITH (STATE = ON) Security Policy Application Patients 1) Policy manager creates filter predicate and security policy in T-SQL, binding the predicate to the Patients table 2) App user (e.g., nurse) selects from Patients table 3) Security Policy transparently rewrites query to apply filter predicate SELECT * FROM Patients SELECT Patients.* FROM Patients, StaffDuties d INNER JOIN Employees e ON (d.EmpId = e.EmpId) WHERE e.UserSID = SUSER_SID() AND Patients.wing = d.Wing;
On-the-fly obfuscation of data in query results Policy-driven at the table and column Multiple masking functions available for various sensitive data categories Flexibility to define a set of privileged logins for un- masked data access SQL Server Table.CreditCardNo On-the-fly masking of sensitive data in query results Limit sensitive data exposure by obfuscating it for non-privileged users
ALTER TABLE [Employee] ALTER COLUMN [SocialSecurityNumber] ADD MASKED WITH (FUNCTION = ‘SSN()’ ALTER TABLE [Employee] ALTER COLUMN [ ] ADD MASKED WITH (FUNCTION = ‘ ()’) ALTER TABLE [Employee] ALTER COLUMN [Salary] ADD MASKED WITH (FUNCTION = ‘RANDOM(1,20000)’) GRANT UNMASK to admin1 1)Security officer defines dynamic data masking policy in T-SQL over sensitive data in Employee table 2) App user selects from Employee table 3) Dynamic data masking policy obfuscates the sensitive data in the query results SELECT [Name], [SocialSecurityNumber], [ ], [Salary] FROM [Employee] SELECT Patients.* FROM Patients, StaffDuties d INNER JOIN Employees e ON (d.EmpId = e.EmpId) WHERE e.UserSID = SUSER_SID() AND Patients.wing = d.Wing;
Primary Site DR Site Computer2 Computer3 Computer4 Computer5 Computer1 (Primary) READ_ONLY_ROUTING_LIST= ((‘COMPUTER2’,’COMPUTER3’,’COMPUTER4’), ’COMPUTER5’)
Order history Name SSN Date Jane Doecm61ba906fd2/28/2005 Jim Grayox7ff654ae6d3/18/2005 John Smithi2y36cg776rg4/10/2005 Bill Brownnx290pldo90l4/27/2005 Sue Danielsypo85ba616rj5/12/2005 Sarah Jonesbns51ra806fd5/22/2005 Jake Marksmci12hh906fj6/07/2005 Eric Mearsutb76b916gi6/18/2014 Rachel Hoganpx61hi9306fj7/1/2014 Sam Johnsonol43bi506gd7/12/2014 David Simontx83hal916fi7/29/2014 Michelle Burnsnb95re926gi8/10/2014 Reed Deanvc61ira536fe8/23/2014 Order history Name SSN Date Jane Doecm61ba906fd2/28/2005 Jim Grayox7ff654ae6d3/18/2005 John Smithi2y36cg776rg4/10/2005 Bill Brownnx290pldo90l4/27/2005 Customer data Product data Order History Stretch to cloud App Query Microsoft Azure Jim Grayox7ff654ae6d3/18/2005
INSERT / BULK INSERT UPDATE DELETE MERGE DML SELECT * FROM temporal Querying FOR SYSTEM_TIME AS OF FROM..TO BETWEEN..AND CONTAINED IN Temporal Querying CREATE temporal TABLE PERIOD FOR SYSTEM_TIME… ALTER regular_table TABLE ADD PERIOD… DDL new insightsno change in programming model
SELECT * FROM Department FOR SYSTEM_TIME AS OF ' ' Azure SQL Database
Traditional RDBMS world: -All aspects of building, running and tuning are left up to the users -Requires significant expertise and large investment of time/energy -User focus is on how the RDBMS works Azure SQL Database today: -Platform automatically manages HW/SW stack, backups, HA -Users still need to worry about a lot of DB-specific details -User focus is on how AzureDB platform works Powered by Workload Insight My budget for DB infra is $800/month I need X business Tx/sec to run my business I need my business Tx to complete under Y ms I need Z days of backup retention + GeoDR My customers are mostly in US and Europe In Memory Backups Predictable Perf SLA for Business Tx Index/Schema Mgmt. Monitoring Hardware Patching Scale Out Security HA/DR Scale Up/Down Azure SQL Database Service Towards Azure SQL Database as an intelligent service -Platform does the tedious work automatically -Users focus on guiding the platform according to their needs
Azure DB Learning on hyper-scale cloud Building the learnings into SQL Server