Presentation is loading. Please wait.

Presentation is loading. Please wait.

Governing Your Enterprise with Policy-Based Management

Published byMikael Öberg Modified over 6 years ago

Similar presentations

Presentation on theme: "Governing Your Enterprise with Policy-Based Management"— Presentation transcript:

1 Governing Your Enterprise with Policy-Based Management
Lara Rubbelke Microsoft Technology Specialist

2

3

4 Enterprise Policy Management
Provide auditors with assurance that SQL Server complies with all security and business guidelines Complement All Actions Audited Compliance Ensure peak performance High levels of security & reliability Consistency Drive strategic management initiative to control costs More efficient and proactive management Costs

5 Policy Based Management
Monitor, manage and enforce a desired system configuration Key features: Management by intent Expressive conditions Multiple execution modes Extensible framework Multi-Server management Note that Policies can help manage all areas of compliance including: Report on execution of key rotation and encryption of databases Enforce audits are defined and configured to standards Enforce SQL logins are always created with proper password policies Protect the configuration of the surface area of the server

6 Agenda Policy-Based Management Framework
Extending Policy-Based Management to the Enterprise

7 Manage By Policy Introduction to Policy-Based Management
Evaluating Policies Best Practices Policies Management Studio Integration Category Management Multi-Server Evaluation Manage By Policy

8 Manage by Policy Policy definition
Microsoft ASP.NET Connections Manage by Policy Policy definition All SQL logins have password complexity rules enabled All databases must be backed up every day Ensure Compliance Policy Ensure Compliance Enabled = True Condition LastBackupDate >= dateadd(‘day’, -1, getdate()) Start at the bottom of the slide. A policy is based on a Facet. A facet is simply a logical group of properties that are related. For example an audit facet includes name, enabled. A server configuration facet includes all the settings available in sp_configure, including xp_cmdshell, MAXDOP. Stored procedures have many aspects to them --- schema aspects, execution aspects, etc. Each is captured by a set of properties. Which do we care to say something about? ---- The schema properties. We call each set of properties a “management facet”. What is a valid stored procedure? --- one where Name starts with “usp’. This is the Condition. What do we want to do with this Condition ---- ensure complaince with it. This is the Policy. It tells the SQLServer management runtime to apply this intent. So these are the basics of Policy-Based management. There is a management model of the system --- captured by the target types and facets. Management intent is captured by defining what an acceptable state of the system is ---- via a Condition. Finally, the Policy is the means to inform the management runtime services of what actual instances to apply the Condition to, when to apply it, and what to do if the Condition is violated. This is probably best explained interactively in the demo. PasswordPolicyEnabled Properties LastBackupDate Login Options Facet Database Maintenance Updates will be available at _06/ASP_Connections

9 Policy Server Restriction Target Evaluation Mode Category

10 Manage by Policy Policy Evaluation Modes
On Demand Evaluate a policy when specified by user Available through SSMS or Windows PowerShell™ Option to force certain conditions to comply with policy Supports down-level evaluation (depends on properties exposed) On Schedule SQL Server 2008 only SQL Server Agent job periodically evaluates a policy All Facets supported On Change: Prevent DDL triggers prevent policy violations On Change: Log Only Event notification evaluates a policy when a relevant change is made Evaluation modes The Facet determines available Evaluation Modes

11 Manage by Policy Policy Category
Organize Policies Manage Policy Evaluation

12 Manage by Policy Security
On Demand Context of the user executing the evaluation On Schedule SQL Server Agent authentication Job is owned by sa by default On Change: Prevent ##MS_PolicyEventProcessingLogin## Certificate based authentication On Change: Log Only Service Broker queue methods Execution Security

13 Extend to the Enterprise Central Management Server
Logically group instances based on business function(s) Centrally publish policies to groups of SQL Server 2008 ® instances Evaluate policies on-demand against a group of servers Filter by logical groups in Windows PowerShell™ scripts

14 Agenda Policy-Based Management Framework
Extending Policy-Based Management to the Enterprise

15

16 Extend to the Enterprise EPM Framework In Action
policy results Central Management Server policy results policy results policy results One SQL Server 2008 instance One Reporting Services 2008 instance policy results policy results

17 Enterprise Policy Management

18 Extend to the Enterprise Scaling EPM Evaluation
Add Intelligence to Policies Place each policy in a category Define server restrictions for versions and editions where appropriate

19 Extend to the Enterprise Scaling EPM Evaluation
Define Concurrent Jobs Create jobs with parameters for each Policy Category and/or Central Management Server group

20 Extend to the Enterprise Benefits of Upgrading to SQL Server 2008
Real-Time Enforcement and Reporting Monitor the event log through Alerting integration Advanced functionality and integration with SSMS Dependency, health states, subscriptions, history Scale and Security Access to other SQL Server 2008 ® features EPM is not a replacement for upgrading to 2008

21 Additional Resources Policy Based Management
Enterprise Policy Management Framework: Whitepapers: Enterprise Policy Management Framework with SQL Server 2008: SQL Server 2008 ® Policy-Based Management: Blogs: Policy Based Management Blog: Lara Rubbelke’s Blog: Dan Jones’ Blog:

22 for attending this session and the 2009 PASS Summit in Seattle
Thank you for attending this session and the PASS Summit in Seattle

23 Complete the Evaluation Form & Win!
You could win a Dell Mini Netbook – every day – just for handing in your completed form! Each session form is another chance to win! Pick up your Evaluation Form: Within each presentation room At the PASS Booth near registration area Drop off your completed Form: Near the exit of each presentation room Sponsored by Dell

24 Microsoft Technical Learning Center Located in the Expo Hall
Visit the Microsoft Technical Learning Center Located in the Expo Hall Microsoft Ask the Experts Lounge Microsoft Chalk Talk Theater Presentations

Download ppt "Governing Your Enterprise with Policy-Based Management"

Similar presentations

Simplified Management using the Enterprise Policy Management Framework

Simplified Management using the Enterprise Policy Management Framework
Your Data Any Place, Any Time Manageability. SQL Server 2008 Manageability Challenges Challenges face database administrators today : Managing complex.

Your Data Any Place, Any Time Manageability. SQL Server 2008 Manageability Challenges Challenges face database administrators today : Managing complex.
Module 12: Auditing SQL Server Environments

Module 12: Auditing SQL Server Environments
Week 6: Chapter 6 Agenda Automation of SQL Server tasks using: SQL Server Agent Scheduling Scripting Technologies.

Week 6: Chapter 6 Agenda Automation of SQL Server tasks using: SQL Server Agent Scheduling Scripting Technologies.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
INTRODUCTION TO BUILDING REPORTS Reporting Services.

INTRODUCTION TO BUILDING REPORTS Reporting Services.
Automating SQL Buildouts With Hyper-V and SQL Server 2008 R2 Robert L Davis, Sr. DBA, Microsoft Corp.

Automating SQL Buildouts With Hyper-V and SQL Server 2008 R2 Robert L Davis, Sr. DBA, Microsoft Corp.
1 Introduction 2 SQL Server 2008 Policy-Based Management Central Management Servers Extending with Windows PowerShell.

1 Introduction 2 SQL Server 2008 Policy-Based Management Central Management Servers Extending with Windows PowerShell.
Managing and Monitoring SQL Server 2005 Shankar Pal Program Manager SQL Server, Redmond.

Managing and Monitoring SQL Server 2005 Shankar Pal Program Manager SQL Server, Redmond.
SQL Server 2008 for Hosting Key Questions to Address How can SQL Server save your costs? How can SQL Server help you increase customer base? How can.

SQL Server 2008 for Hosting Key Questions to Address How can SQL Server save your costs? How can SQL Server help you increase customer base? How can.
Connect with life www.connectwithlife.co.in Praveen Srvatsa Director | AsthraSoft Consulting Microsoft Regional Director, Bangalore Microsoft MVP, ASP.NET.

Connect with life Praveen Srvatsa Director | AsthraSoft Consulting Microsoft Regional Director, Bangalore Microsoft MVP, ASP.NET.
Chapter 10.

Chapter 10.
SYSTEM CENTER: ENDPOINT PROTECTION FUNDAMENTALS Howard A. Carter III Senior Consultant Microsoft Consulting Services September 21, 2013 TechGate 2013 –

SYSTEM CENTER: ENDPOINT PROTECTION FUNDAMENTALS Howard A. Carter III Senior Consultant Microsoft Consulting Services September 21, 2013 TechGate 2013 –
ArcGIS Workflow Manager An Introduction

ArcGIS Workflow Manager An Introduction
Maintaining a Microsoft SQL Server 2008 Database SQLServer-Training.com.

Maintaining a Microsoft SQL Server 2008 Database SQLServer-Training.com.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
SQL Server 2008 for Developers John

SQL Server 2008 for Developers John
Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide.

Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide.
DBSQL 14-1 Copyright © Genetic Computer School 2009 Chapter 14 Microsoft SQL Server.

DBSQL 14-1 Copyright © Genetic Computer School 2009 Chapter 14 Microsoft SQL Server.
Security David Frommer Principal Architect Business Intelligence Microsoft Partner of the Year 2005 & 2007.

Security David Frommer Principal Architect Business Intelligence Microsoft Partner of the Year 2005 & 2007.

Similar presentations

Ads by Google