Presentation is loading. Please wait.

Presentation is loading. Please wait.

SQL Azure In this module- Learn how SQL lives in the cloud

Published byKenneth Carpenter Modified over 6 years ago

Similar presentations

Presentation on theme: "SQL Azure In this module- Learn how SQL lives in the cloud"— Presentation transcript:

1 SQL Azure In this module- Learn how SQL lives in the cloud
What are the differences How to migrate easily

2 Azure…Where’s my stuff?
Local Storage Unstructured Blob Storage Tables Queues (NOT relational) BUT we want RELATIONAL! Hello SQL Azure…

3 History of SQL Server Departmental Server Local Server
Enterprise Server Cloud Server Departmental Server Local Server – SQL CE, Express, etc. Enterprise Server – add SSIS, SSRS, etc. Around SQL 2000

4 A Server is not a Machine
SQL Server A Machine SQL Azure Server A TDS Endpoint

5 How it Works Tools ODBC ADO.NET TDS SQL Azure Server Server Server
Applications Tools How it Works ODBC ADO.NET TDS SQL Azure Server Connection Routing Billing Provisioning Server Server Server SQL Server SQL Server SQL Server SQL Azure Fabric SQL Azure Fabric SQL Azure Fabric

6 Set up a server... Browse to

7 Create a database Also available at

8 Silverlight SQL Manager
Basic database management facilities Create Tables, Views, & Stored Procedures Run Queries Manage database objects

9 Connecting with SSMS Get SSMS 2008 R2 at

10 Create SQL Azure database

11 Considerations... Application connectivity Compatibility Migration
Administration & Security Price, Size and Edition Code Near vs. Code Far vs. Hybrid Partitioning, Sharding and Federation Backup and Replication

12 Connecting to SQL Azure
SQL Azure connection strings follow normal SQL syntax Applications connect directly to a database “Initial Catalog = <db>” in connection string No support for context switching (no USE <db>) Some commands must be in their own batch Create/Alter/Drop Database & Create/Alter/Drop Login, & Create/Alter USER with FOR/FROM LOGIN Encryption security Set Encrypt = True, only SSL connections are supported TrustServerCertificate = False, avoid Man-In-The-Middle-Attack! Format of username for authentication: ADO.Net: Data Source=server.database.windows.net; User Setup your firewall rules first!

13 SQL Azure Firewall IP Address-based access control for SQL Azure
Internet IP Address-based access control for SQL Azure No IP authorized by default Configurable using the SQL Azure Portal Option to disable/enable access from applications hosted in Windows Azure Rather than using a REST API like the other Azure storage services, SQL Azure is accessed via Tabular Data Stream (TDS), the same protocol used by Microsoft SQL Server (operating over port TCP/1433). To help protect the data, the SQL Azure firewall prevents all access to your SQL Azure server until you specify which computers have permission. The firewall grants access based on the originating IP address of each request. Initially, all access to your SQL Azure server is blocked by the SQL Azure firewall; connection attempts originating from the Internet or Windows Azure will not be able to reach your SQL Azure server. In order to begin using your SQL Azure server, you must go to the SQL Azure Portal and specify one or more firewall settings that enable access to your SQL Azure server. Use the firewall settings to specify which IP address ranges from the Internet are allowed, and whether or not Windows Azure applications can attempt to connect to your SQL Azure server.

14 SQL Azure Compatibility
Not Currently Supported Currently Supported Tables, indexes and views Stored Procedures Triggers Constraints Table variables, session temp tables (#t) Spatial types, HierarchyId Data Types Sparse Columns, Filestream Partitions Full-text indexes SQL-CLR Tables require clustered indexes

15 SQL Azure Security Traditional SQL Server vs SQL Azure
SQL (native) authentication only, no Windows authentication Authorization based on database users and roles Adds login manager and dbmanager roles in Master DB to simulate relevant server roles Access via TDS + SSL on port TCP 1433 Native SQL Azure firewall for IP blocking No native encryption support SQL (native) and Windows Integrated authentication Authorization based on database users and roles Server roles such as serveradmin, securityadmin and dbcreator Access via TDS + SSL on port TCP 1433 Firewall and IP blocking using host firewall Support for native encryption (TDE) This slide shows the some of the similarities and differences between the SQL Server and the Azure SQL security capabilities. While Microsoft SQL Server supports Windows Integrated authentication, using Active Directory credentials for user login, SQL Azure Database supports only SQL Server Authentication. Windows Authentication (integrated security) is not supported.  Both Microsoft SQL Server and SQL Azure use the same authorization model, with users and roles created in each database and associated to the user logins. Microsoft SQL Server has fixed server-wide roles such as serveradmin, securityadmin and dbcreator. These roles do not exist in SQL Azure. Instead SQL Azure has a loginmanager role for creating logins and dbmanager role for creating and manage databases. These roles can only be assigned to users in the master database. Access to both SQL Server and SQL Azure happens on the wire using the same Tabular Data Stream (TDS) application layer protocol, protected using the Secure Sockets Layer (SSL) protocol, over TCP port Use of SSL is optional for Microsoft SQL Server and mandatory for SQL Azure. In SQL Server any IP address-based access control needs to be done at the host or network level, using a host firewall or a network firewall. SQL Azure has a built-in firewall that prevents all access to your SQL Azure server until the customer specifies which computers have permission. The firewall grants access based on the originating IP address of each request. SQL Server provides realtime encryption of the stored data at page level, using its Transparent Data Encryption (TDE) feature. Native encryption is currently not available for SQL Azure.

16 SQL Azure Security Authentication and Authorization Model
SQL Azure uses the same familiar, proven authentication and authorization model used by Microsoft SQL Server. SQL Server Logins Database Users Database Roles Used to authenticate access at the server level Used to grant access at the database level Key point – SQL Azure uses the same familiar, proven authentication and authorization model used by Microsoft SQL server. Many databases contain sensitive data, so it is essential to carefully control access. This is especially important in a multi-tenant application that involves users from different customers who must be isolated from each other. SQL Azure provides the same set of security principals that are available in SQL Server with SQL Server Authentication. You can use these to authorize access and secure your data: SQL Server Logins: Used to authenticate access to SQL Azure at the server level. Database Users: Used to grant access to SQL Azure at the database level. Database Roles: Used to group users and grant access to SQL Azure at the database level. Used to group users and grant access at the database level 16

17 Authorization, Auditing and Encryption Support
Database-level permission model in SQL Azure is same as on-premise SQL Server Logins associated to users in databases Users may be part of one or more database roles Permissions granted to roles or directly to users Auditing is not supported in the current version of SQL Azure No native encryption support (TDE) yet Azure requires SSL encryption and offers optional certificate validation connection string Encrypt=True;TrustServerCertificate=False Managing security at the database-level in SQL Azure is almost identical to Microsoft SQL Server, with differences only in the parameters available. The database-level permission model in SQL Azure is same as an on-premise instance of SQL Server: Logins associated to users in databases. Users may be part of one or more database roles. Permissions granted to roles or directly to users. Auditing feature is not supported in the current version of SQL Azure. SQL Azure does not currently support the Transparente Data Encryption (TDE) feature available in Microsoft SQL Server. SQL Azure forces SSL encryption with all client connections and hence data is secured over the wire. When defining the connection string to SQL Azure, developers should use the following parameters: Encrypt=True specifies that SSL must be used in the connection. TrustServerCertificate specifies whether encryption occurs if there is no verifiable server certificate. Setting the value to False forces the client to verify the validity of the certificate presented by SQL Azure.

18 Data-tier Application Component Future - DAC Deployment Profile
Migration Options Generate Script Wizard Produce a SQL script compatible with SQL Azure, Schema and/or data SQL Server Migration Assistants (downloadable) MySQL, Oracle, Access, SQL Server... SQLAzureMW Useful for catching unsupported features in SQL Azure Moves data efficiently Unofficially supported Data-tier Application Component (DAC) New unit of deployment for T-SQL apps. Supports Install, Uninstall Contains developer intent as policies Data-tier Application Component Schema LOGICAL Tables, Views, Constraints, SProcs, UDFs, PHYSICAL Users, Logins, Indexes Future - DAC Deployment Profile Deployment Requirements, Management Policies, Failover Policies Unit of Deployment

19 Security model is compatible with on-premise SQL
Uses regular SQL security model Authenticate logins, map to users and roles Authorize users and roles to SQL objects Support for standard SQL Auth logins Username + password Security model is compatible with on-premise SQL

20 Size Matters Web 5 GB Business 50 GB

21 Pricing SQL Azure Development Accelerator Core - $74.95
Edition Web Business Bandwidth Max 1 GB $9.99/month n/a $.10 in / $.15 out Asia $.30 in / $.45out Max 5 GB $49.95/month same Max 10 GB $99.99/month Max 20 GB $199.98/month Max 30 GB $299.97/month Max 40 GB $399.96/month Max 50 GB $499.95/month TechEd 2010 Announcements - new-large-sql-azure-databases-explained.aspx. SQL Azure Development Accelerator Core - $74.95 See for full price breakdown.

22 Scale-out with SQL Azure Today
Elastic Provisioning of Databases CREATE DATABASE and go No VMs, no servers Pay-as-you-go business model Don’t need it --- DROP it Zero Physical Administration Built-in High Availability, patching, maintenance Database Copy, SQL Azure Data Sync

23 Sharding Pattern Linear scaling through database independence
No need for distributed transactions in common cases Engineered partitioning Rather than complete transparency Local access for most Connection routing Query, transaction scoping Distributed access for some Fan-out expensive computation App

24 DOSO_Full_db CustomerAudit ProductImages LineItems ProductAvailability
PurchaseOrders ShoppingCart OrderHistory Companies Orders Products Customers DOSO = Day Old Sushi Online

25 DOSO_Orders DOSO_Products Customers Orders Products Companies
DOSO_Customers DOSO_Orders DOSO_Products Customers Orders Products Companies LineItems ProductAvailability CustomerAudit PurchaseOrders ProductImages ShoppingCart OrderHistory

26 DOSO_Customers_AK DOSO_Customers_LQ DOSO_Customers_RZ OrderHistory
Orders Products ProductAvailability LineItems PurchaseOrders Companies ProductImages CustomerAudit ShoppingCart DOSO_Customers_LQ Customers Orders Products Companies LineItems ProductAvailability CustomerAudit PurchaseOrders ProductImages ShoppingCart OrderHistory DOSO_Customers_RZ Customers Orders Products Companies LineItems ProductAvailability CustomerAudit PurchaseOrders ProductImages ShoppingCart OrderHistory

27 SQL Azure Federations: Concepts
Represents the data being sharded Federation Key The value that determines the routing of a piece of data Atomic Unit All rows with the same federation key value: always together! Federation Member (aka Shard) A physical container for a range of atomic units Federation Root The database that houses federation directory Root Federation “CustData” (Federation Key: CustID) Member: [min, 100) AU PK=5 AU PK=25 AU PK=35 Member: [100, 488) AU PK=105 AU PK=235 AU PK=365 Member: [488, max) AU PK=555 AU PK=2545 AU PK=3565

28 Federation “Orders_Fed” (Federation Key: CustID)
Creating the schema SalesDB Federated tables CREATE TABLE orders (…) FEDERATE ON (customerId) Federation key must be in all unique indices Part of the primary key Value of federation key will determine the member Reference tables CREATE TABLE zipcodes (…) Absence of FEDERATE ON indicates reference Centralized tables Create in root database Products Federation “Orders_Fed” (Federation Key: CustID) Member: [min, max) orders zipcode

29 Backups Two dangers: Disaster Recovery, and Bob the SQL Builder
No current built in backup features High priority for next version Must provide own approach Code that moves data to another SQL location Export to file Perhaps BCP or SSIS

30 Database Copy Makes a transactional copy of your database to a database with a new name on the same server, or to another server No downtime on the source database Transactional equivalent at the END of the copy Only works within the same datacenter Must have matching credentials on the servers Must have db_owner on source and dbmanager on destination

31 Database Copy To See progress:
CREATE DATABASE destination_database_name AS COPY OF [source_server_name.]source_database_name To See progress: SELECT * FROM sys.dm_database_copies

32 SQL Azure Data Sync – Key Features
Elastic Scale Service scales as resources requirements grow No-Code Sync Configuration Easily define data to be synchronized Schedule Sync Choose how often data is synchronized Conflict Handling Handle issues where same data is changed in multiple locations Logging and Monitoring Administration capabilities for tracking data and monitoring potential issues

33 On-Premises to Cloud Symmetry
SQL Server to SQL Azure Sync SQL Azure Benefits Makes cloud extension rather than replacement Enables moving workload to cloud in stages preserving investment in existing infrastructure New scenarios spanning enterprise, cloud Sync

34 Extending Data to Retail and Remote Offices
SQL Azure SQL Azure to SQL Server Sync Benefits Share data with remote and retail offices, bringing data closer to the end-users Lower latency – data access doesn’t require round trips Higher availability – app still runs if server is unreachable Reduced network utilization – most data access is local

35 Sync End to End Scenarios
SQL Azure Data Sync CTP1 (Available now from Offline Applications Sync Sync Sync Sync On-Premises Applications Sync Sync Sync SQL Azure Database Sync Sync Sync Microsoft Sync Framework 4.0 CTP available now! Retail & Remote Offices SQL Azure Data Sync CTP2 (Coming in near future) SQL Azure Data Sync

36 Summary SQL Azure IS SQL Server…a TDS endpoint
Create DB’s and manage using what we already know Data Migration strategies to fit specific needs Considerations and futures paint exciting picture of what to expect looking forward

37 More Information General Guidelines & Limitations -

38

39 Introduction to SQL Azure
C:\WAPTK\Labs\IntroToSQLAzureVS2010 For exercise 4-> only need to do tasks 1, 2, and 5. For exercise 4, only need to do tasks 1, 2, and 5.

Download ppt "SQL Azure In this module- Learn how SQL lives in the cloud"

Similar presentations

“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.

“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Jeremy Boyd Director – Mindscape MSDN Regional Director

Jeremy Boyd Director – Mindscape MSDN Regional Director
Virtual techdays INDIA │ 22-23 November 2010 SQL Azure Data Sync Shilpa Nirmale │ Associate Manager, Accenture.

Virtual techdays INDIA │ November 2010 SQL Azure Data Sync Shilpa Nirmale │ Associate Manager, Accenture.
VMware vCenter Server Module 4.

VMware vCenter Server Module 4.
Manage & Configure SQL Database on the Cloud Haishi Bai Technical Evangelist Microsoft.

Manage & Configure SQL Database on the Cloud Haishi Bai Technical Evangelist Microsoft.
XVII Encontro – 29/11/2011. Virgílio Esteves ID&T – Research & Founder of NetPonto Coimbra C# / WPF / Silverlight / XNA / Azure.

XVII Encontro – 29/11/2011. Virgílio Esteves ID&T – Research & Founder of NetPonto Coimbra C# / WPF / Silverlight / XNA / Azure.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Building Offline/Cache Mode Web Apps Using Sync Framework Mike Clark Group Manager Cloud Data Services Team

Building Offline/Cache Mode Web Apps Using Sync Framework Mike Clark Group Manager Cloud Data Services Team
Chapter 5 Roles and features. objectives Performing management tasks using the Server Manager console Understanding the Windows Server 2008 roles Understanding.

Chapter 5 Roles and features. objectives Performing management tasks using the Server Manager console Understanding the Windows Server 2008 roles Understanding.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Windows Azure SQL Database and Storage Name Title Organization.

Windows Azure SQL Database and Storage Name Title Organization.
Database Design Table design Index design Query design Transaction design Capacity Size limits Partitioning (shard) Latency Redundancy Replica overhead.

Database Design Table design Index design Query design Transaction design Capacity Size limits Partitioning (shard) Latency Redundancy Replica overhead.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Training Workshop Windows Azure Platform. Presentation Outline (hidden slide): Technical Level: 200 Intended Audience: Developers Objectives (what do.

Training Workshop Windows Azure Platform. Presentation Outline (hidden slide): Technical Level: 200 Intended Audience: Developers Objectives (what do.
Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software

Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software
Virtual techdays INDIA │ 18-20 august 2010 SQL Azure – Tips and Tricks Ramaprasanna Chellamuthu │ Developer Evangelist, Microsoft.

Virtual techdays INDIA │ august 2010 SQL Azure – Tips and Tricks Ramaprasanna Chellamuthu │ Developer Evangelist, Microsoft.
Module 11: Remote Access Fundamentals

Module 11: Remote Access Fundamentals

Similar presentations

Ads by Google