Download presentation
Presentation is loading. Please wait.
Published byMikael Öberg Modified over 5 years ago
1
Governing Your Enterprise with Policy-Based Management
Lara Rubbelke Microsoft Technology Specialist
4
Enterprise Policy Management
Provide auditors with assurance that SQL Server complies with all security and business guidelines Complement All Actions Audited Compliance Ensure peak performance High levels of security & reliability Consistency Drive strategic management initiative to control costs More efficient and proactive management Costs
5
Policy Based Management
Monitor, manage and enforce a desired system configuration Key features: Management by intent Expressive conditions Multiple execution modes Extensible framework Multi-Server management Note that Policies can help manage all areas of compliance including: Report on execution of key rotation and encryption of databases Enforce audits are defined and configured to standards Enforce SQL logins are always created with proper password policies Protect the configuration of the surface area of the server
6
Agenda Policy-Based Management Framework
Extending Policy-Based Management to the Enterprise
7
Manage By Policy Introduction to Policy-Based Management
Evaluating Policies Best Practices Policies Management Studio Integration Category Management Multi-Server Evaluation Manage By Policy
8
Manage by Policy Policy definition
Microsoft ASP.NET Connections Manage by Policy Policy definition All SQL logins have password complexity rules enabled All databases must be backed up every day Ensure Compliance Policy Ensure Compliance Enabled = True Condition LastBackupDate >= dateadd(‘day’, -1, getdate()) Start at the bottom of the slide. A policy is based on a Facet. A facet is simply a logical group of properties that are related. For example an audit facet includes name, enabled. A server configuration facet includes all the settings available in sp_configure, including xp_cmdshell, MAXDOP. Stored procedures have many aspects to them --- schema aspects, execution aspects, etc. Each is captured by a set of properties. Which do we care to say something about? ---- The schema properties. We call each set of properties a “management facet”. What is a valid stored procedure? --- one where Name starts with “usp’. This is the Condition. What do we want to do with this Condition ---- ensure complaince with it. This is the Policy. It tells the SQLServer management runtime to apply this intent. So these are the basics of Policy-Based management. There is a management model of the system --- captured by the target types and facets. Management intent is captured by defining what an acceptable state of the system is ---- via a Condition. Finally, the Policy is the means to inform the management runtime services of what actual instances to apply the Condition to, when to apply it, and what to do if the Condition is violated. This is probably best explained interactively in the demo. PasswordPolicyEnabled Properties LastBackupDate Login Options Facet Database Maintenance Updates will be available at _06/ASP_Connections
9
Policy Server Restriction Target Evaluation Mode Category
10
Manage by Policy Policy Evaluation Modes
On Demand Evaluate a policy when specified by user Available through SSMS or Windows PowerShell™ Option to force certain conditions to comply with policy Supports down-level evaluation (depends on properties exposed) On Schedule SQL Server 2008 only SQL Server Agent job periodically evaluates a policy All Facets supported On Change: Prevent DDL triggers prevent policy violations On Change: Log Only Event notification evaluates a policy when a relevant change is made Evaluation modes The Facet determines available Evaluation Modes
11
Manage by Policy Policy Category
Organize Policies Manage Policy Evaluation
12
Manage by Policy Security
On Demand Context of the user executing the evaluation On Schedule SQL Server Agent authentication Job is owned by sa by default On Change: Prevent ##MS_PolicyEventProcessingLogin## Certificate based authentication On Change: Log Only Service Broker queue methods Execution Security
13
Extend to the Enterprise Central Management Server
Logically group instances based on business function(s) Centrally publish policies to groups of SQL Server 2008 ® instances Evaluate policies on-demand against a group of servers Filter by logical groups in Windows PowerShell™ scripts
14
Agenda Policy-Based Management Framework
Extending Policy-Based Management to the Enterprise
16
Extend to the Enterprise EPM Framework In Action
policy results Central Management Server policy results policy results policy results One SQL Server 2008 instance One Reporting Services 2008 instance policy results policy results
17
Enterprise Policy Management
18
Extend to the Enterprise Scaling EPM Evaluation
Add Intelligence to Policies Place each policy in a category Define server restrictions for versions and editions where appropriate
19
Extend to the Enterprise Scaling EPM Evaluation
Define Concurrent Jobs Create jobs with parameters for each Policy Category and/or Central Management Server group
20
Extend to the Enterprise Benefits of Upgrading to SQL Server 2008
Real-Time Enforcement and Reporting Monitor the event log through Alerting integration Advanced functionality and integration with SSMS Dependency, health states, subscriptions, history Scale and Security Access to other SQL Server 2008 ® features EPM is not a replacement for upgrading to 2008
21
Additional Resources Policy Based Management
Enterprise Policy Management Framework: Whitepapers: Enterprise Policy Management Framework with SQL Server 2008: SQL Server 2008 ® Policy-Based Management: Blogs: Policy Based Management Blog: Lara Rubbelke’s Blog: Dan Jones’ Blog:
22
for attending this session and the 2009 PASS Summit in Seattle
Thank you for attending this session and the PASS Summit in Seattle
23
Complete the Evaluation Form & Win!
You could win a Dell Mini Netbook – every day – just for handing in your completed form! Each session form is another chance to win! Pick up your Evaluation Form: Within each presentation room At the PASS Booth near registration area Drop off your completed Form: Near the exit of each presentation room Sponsored by Dell
24
Microsoft Technical Learning Center Located in the Expo Hall
Visit the Microsoft Technical Learning Center Located in the Expo Hall Microsoft Ask the Experts Lounge Microsoft Chalk Talk Theater Presentations
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.