Downloaded 22 times
More Related Content
Similar to Brk3043 azure sql db intelligent cloud database for app developers - wash dc
Brk3043 azure sql db intelligent cloud database for app developers - wash dc
- 2.
- 3. • Database provisioningon-demand • Predictable performance and costs • 99.99% availability built-in • Geo-replication and restore services for data protection • Fully compatible with SQL Server 2016 databases Worlds most sophisticated fully managed SQL database service that lets you focus on your business
- 4. Scales on the fly Intelligentcloud database for app developers Learns & adapts Works in your environment Secures and protects Redefines multi-tenancy
- 5.
- 6. Predictable workloads Single databasesor partitioned data across multiple databases; scale between service tiers and performance levels as capacity needs fluctuate. Scaledatabases upasneeded Scale out/in the pool … Single database or partitioned databases Customer 1 Customer 2 Customer 3 Customer #N… Unpredictable workloads For large numbers of databases with unpredictable performance demands; pool resources to be shared between these databases. Elastic Database Pool Databasesconsume resourcesasneeded Managing large numbers of Databases
- 8. ISVs and SaaSEnterpriseApps Serving Customers Enterprise Apps Serving Employees
- 9. Security OfficerDeveloperApp User AzureSQL Database Faster Cheaper More secure What do database customers want ? Web Application
- 10. Security OfficerDeveloperApp User WebApplication Azure SQL Database Performance Expert Costs Expert The intelligent cloud database for app developers Security Expert
- 11. The intelligent clouddatabase for app developers Optimize your costs Elastic Pools Recommendations to help you identify opportunities to save money by using elastic database pools Query Insights for monitoring, including events from partner solutions Maximize app performance Performance Recommendations tailored to your database workload to keep your applications running at max speed Auto Tuning mode to let SQL DB service automatically tune your DB performance Secure your data Security Recommendations to help you secure your sensitive data using actionable recommendations. Threat Detection for identifying and investigating suspicious database activities indicating a potential threat to the DB
- 13. Critical for end-usersatisfaction and overall business success It needs to be an ongoing process (most users do it reactively today) Requires significant expertise to understand and master Most DB users are Devs, not DBAs Developer App User Web Application Database Developer needs to find and fix the underlying problem, ASAP Customer reports the issue (app is slow/unresponsive)
- 14. System produces the recommendations AppUser Web Application Azure SQL DB Developer chooses which recommendations to apply Developer SQL Database Advisor
- 15. SQL Database Advisor System produces and automaticallyapplies the recommendations Web Application Azure SQL DB Developer controls the Automatic Tuning policy Developer
- 16. Tuning the performancefor 1000s of DBs
- 19. Optimize DB SKUchoice Which DB SKU is the right one for my application? How to support peak-and-valley usage patterns? How to support 1000s of DBs? Optimize app query patterns How are my DB resources being spent? What are the TOP resource consuming queries in my app? From DB performance analysis to improving the application
- 20. Elastic Database Pools BasicStandard Premium 125 200 400 1,000 1,200 Min/max DTUs per second per DB
- 21. Query Performance Insights Query Perf. Insights Systemanalyzes the usage and provides the insights Web Application Azure SQL DB Developer Developer identifies bad queries and improves the app
- 22. Easily manage 1000sof DBs using Elastic Pools
- 25. Verizon Data BreachInvestigation Report 2016 • SQL injection • Credential theft • Malicious insider Threats Apps Azure SQL Database Compliance • PCI • HIPAA • FedRAMP • Lack of knowledge • Lack of time • Lack of methods Developers
- 26. Surrounded by layersof protection Secure Code • Secure development lifecycle • Least vulnerable last 6 years • SQL Threat Detection • SQL Server Auditing • Row-level Security • Dynamic Data Masking • Always Encrypted • Transparent Data Encryption • Encryption-in-flight (TLS over TDS) Database Access • SQL Permissions • SQL Authentication • Windows Authentication • Azure Active Directory Auth. • SQL Firewall Proactive Monitoring Application Access Data Protection
- 27. • • Security Officer Requires to meetsecurity standards recommended by regulating authorities One-click recommendations to enable Auditing, Threat Detection & Encryption at-rest Developer SQL Database Audit Log Transparent Data Encryption
- 28. • • On-the-fly obfuscation of datain query results Phone Number XXX-XXX-5796 XXX-XXX-1978 App user/ Engineer One-click recommendations to discover and obfuscate sensitive data Developer SQL Database Table.PhoneNo 1-313-555-5796 972-4-777-1978 Masking Policy
- 29.
- 31. Developer • • • •Azure SQL DatabaseApps Appuser External attacker Malicious insider Audit Log Threat & Anomaly Detection Turn on threat detection Real-time alerts Possible threat to access/breach data
- 32.
- 34. Azure Security Center Azure RESTAPI The intelligent cloud database for app developers PowerShell Application Insights Azure Portal
- 35. Maximize app performance Performance Recommendations AutomaticTuning Optimize your costs Elastic Pools Recommendations Query Insights Secure your data Security Recommendations Threat Detection The Intelligent Cloud Database for app developers SQL Database built-in intelligence optimizes your DB within minutes, without the need to be an expert
- 36.
Editor's Notes
- #5 1 min Overview Azure SQL Database is the only intelligent cloud database service built for app developers. It’s the only cloud database service that scales on-the-fly without downtime and helps you efficiently deliver multitenant apps-- ultimately giving you more time to innovate and accelerating your time to market. SQL Database’s built-in machine learning quickly learns your app’s unique characteristics and dynamically adapts to maximize performance, reliability, and data protection. You can build secure apps and connect to your SQL Database using the languages and platforms you prefer. Develop with a choice of popular languages such as C#, Java, Node.js, Ruby, PHP, or Python or with popular frameworks such as Entity Framework, Hibernate, Ruby on Rails, and Django. Built-in Intelligence that learns and adapts with your app Database provisioning on-demand Range of offers for all workloads 99.99% availability SLA, zero maintenance Geo-replication and restore services for data protection Secure and compliant to protect sensitive data Compatible with SQL Server 2016 – hybrid, migration
- #6 1 min
- #8 Follow the steps in readme.txt in demo1_azuredbiseasy
- #9 Good mix of what kinds of customers are using Azure SQL Database today and why
- #10 What do database customers want ? application users, data fast Developers/ engineering teams - control and optimize their database expenses while scale up/ our according to needs of business Security team – customer data is secured, avoid data leakage + cyber-attacks – compromise data (external or internal)
- #11 Good news: Azure SQL Database as a cloud database service generates and processes a tremendous amount of telemetry from millions of databases, allows us in Azure to learn and profile your DB application usage, offer a power set of SQL intelligent features which provide you actionable recommendations, that help to Make your apps run faster Control your database expenses Make your database environment and data more secure
- #12 Introducing Azure SQL DB – the intelligent cloud database for app developers! 3 categories of intelligent features Performance intelligent features that help you to tune and optimize your database according to your application profile Costs intelligent features, that help you to control and monitor your database expenses And last our security intelligent features, that help you to secure your data and detect anomalous activities on your database Each part: live demos and real customers testimonials you get a full understanding for how you can make use of these features, and how choosing Azure SQL Database will make a difference for your app and your business
- #13 We’ll see how Azure SQL Database, as a backend, can help you maximize database performance – and provide a great application experience for your customers.
- #14 Scenario – app performance problem Why are perf problems HARD to deal with? Critical for end to end business success. – In a world online applications, users are online all the time, app used non-stop. When app grinds to a halt, everybody knows instantly Reputation loss Performance management ongoing process. Frequent app changes, no large performance testing process on each change performance management is reactive. Customer knows … and notify you about it. Requires expertise and time to master. Most managing DBs are developers and not DBAs not every team has an expert in database performance + access to skills to effectively troubleshoot and tune db performance, and PROACTIVE before customers discover the issues.
- #15 So how can Azure SQL Database help with this? SQL Database Advisor - a performance tuning service built-in to Azure SQL DB and provides tailored tuning recommendations for your database. How it works - monitors the database usage and collects telemetry. Tuning models run in the Azure cloud (using ML), provide tailored tuning recommendations for your DB – available in DB advisor. Joe – picks rec to apply. Tailored. Models learn from running millions of DBs in the service, provide customized tailored experience for each customer Recommendations based on data + usage - evolve together with your application. As app evolves -- user base -- data access patterns – recommendations automatically adjusted to reflect the current state. Not ‘best practice’ – but you need THIS INDEX to improve app perf Applying the recommendations is really easy (couple of clicks) - Service does heavy lifting. Anybody implement index? Just apply rec – service does the work: baseline, apply, report. If impact not expected – roll back. Result: experience is better, perf issues detected proactively and fixed quickly.
- #16 Even Better: Monitor for tuning recommendations? App needs ongoing tuning … Automatic Tuning Never tired - monitors application and apply recommendations as needed. Fast reaction speeds. Scale? Not feasible for humans – auto tuning easily scalses Not a robot, full control – logs available. Actions taken + actual commands, incl. T-SQL scripts. Understand what happened + add to DB code Joe just sets tuning policies, free to work on his application + focus on making a difference for his business – not put out fires.
- #17 How customers are using these features: 1. Christoph - Director of R&D at Docuware, German-based company that builds document lifecycle management software. 2. Docuware has chosen Azure SQL DB as the backend DB for their SAAS product, and they have many databases with us. 3. They key challenges for Christoph and Docuware are: lot of databases, lots of changes to the app, flexible schema 4. Leveraging database advisor to help them proactively tune the performance of their databases + automatic tuning to make their life easier and to make their customers happier.
- #18 Follow the readme.txt in demo2_dbadvisor
- #19 Covered: help improve and optimize performance Now: optimizing costs. Not favorite topic, nonetheless to make a great business out of great database applications we need to be aware of our costs, keep them to a minimum, so we can effectively compete in the market. So let’s see how the SQL DB built-in intelligence allows you to optimize your database layer costs
- #20 2 main areas of cost optimization Select right DB SKU – many SKUs, finding the right one not easy Unpredictable load – harder. Typically have to provision for peaks not cost effective Hundreds or thousands of databases? Provisioning each one for peak capacity will likely ruin your business plan, and translate to unreasonably high costs. Other side – once you have optimal SKU layout - how do I optimize my application access patterns? How to make sure that I am accessing the data effectively? 4. How are DB resources being spent? What am I paying for? Queries/ WFs – dominant resource users? 5. Specific info e.g. on top queries – go back and tune the application 6. Understand query perf significantly improve application performance. Full application more efficient and also perform very well for your customer scenarios.
- #21 SKU choice part -- help manage cost of SKUs. SaaS application with hundreds of customers and growing … DB per customer. Isolation of customer data, spin up new DB DB layer – cost effective? Lots of DBs, need to handle peak load. Enter Elastic Database Pools - huge differentiator and a unique feature of Azure SQL Database. Shared pool of resources you can define for a set of databases - effective resource utilization and SHARE resources among themselves Few, up to thousands DB per customer – not each DB is always active at the same time. Depends on usage patterns of each customer. Elastic DB Pools optimally allocate resources among different DBs based on their needs at that time. Pay once for the resource allocation of the whole pool – rather than peak for each. HUGE money saver. You just pay for the pool so it caps your spending Resources are shared – but can set a minimum and maximum utilization utilization is maximized and optimized. Customer isolation Effective and easy management at scale analyze and manage my databases within the pool, using a single centralized function. How do you know what you need? Analyze yourself? Intelligence of Azure SQL Database built-in advisor How: look at all of the DBs in your server, figure out which are suitable for pool – and how big of a pool you need – so that you can Maximize your resource savings – and minimize your bill!
- #22 Now: we’ve solved SKU, let’s make sure that application access patterns are optimal: Performance testing/tuning before changes are rolled out. But sometimes, things slip through. Changes in the data volume and/or app usage patterns lead to sub-optimal queries. Monitor query patterns and profile them – which queries use most resources – info available in portal. Some views : Top queries by resource utilization, by duration, or by frequency of execution. (also issues app users care about) Easily find ‘bad query’ and invest Based on Query Store data – new feature, flight data recorder for your database. It records all of the data about query performance – stores it in your DB proactively, so you have it when you need it. Not like profiling Data is already there. Collected and analyzed –provides you with insights and recommendations which you can immediately implement and improve your system!
- #23 So we have customers using this – and are really happy with this. Let me introduce you to Morten. Tech Lead at Umbraco, a company from Denmark that build CMS solutions used by 100s of thousands of websites. Their latest product, Umbraco-as-a-service is a SaaS version of their product, and leverages Azure SQL database as the back-end They key challenge for Umbraco-as-service is keeping the costs down to the point where it can be successful in this highly competitive market. The leverage SQL Elastic Pools - which enable Umbraco to have great performance and management at scale – and also at a favorable price point. This allows them to compete effectively in the market.
- #24 Follow the readme.txt in demo3_elasticpools
- #25 We’ve covered some great intelligent features in Azure SQL DB that help manage performance and expenses. And now I’d like to move on to another set of intelligent features that have to do with security. In this part of the session, I’ll show you how simple it is to secure your data in Azure SQL database within minutes and with no need to be a security expert. Investments in SQL Security Today focus: SQL Security Recommendations and SQL Threat Detection
- #26 So why do you need SQL Security intelligent capacities ? Public reports indicate there is a growth in frequency and severity of cyber-attacks and insider data breaches on Organizations today. Verizon Data Breach Report, no organization is immune to cyber attack and Most breaches capture highly sensitive data like trade secrets or proprietary information, which cause huge financial impact on Organizations Since a vast majority of sensitive data is stored on databases, this means that database security requires developer attention Most organizations are investing in security for their data. Some have specific requirements that come in to achieve compliance from official regulations authorities. And generally, investments are being made to prevent possible threats on the database that can compromise valuable information. These threats include the very common ‘SQL Injection’ attack, credential theft – and all too often today we hear about the insider threat. Unfortunately, most developers and organizations have limited security knowledge, time and expertise to provide the basic protection of their data - even against most common attacks like SQL Injection. This leaves exposed and the data unprotected.
- #27 2 min SQL Server - least vulnerable database for the last six years (NIST). Graph shows vulnerabilities by vendor per year. As customers, your data is exposed until a patch is released and then implemented. High levels of vulnerabilities = higher risk, and more patching. SQL Server has a long track record of low-levels of exposure. Beyond secure code SQL Server has technologies at infrastructure and the database level - to protect your data, control access and monitor activity Monitoring, audit, forensics: Advanced Threat Analytics and SQL Server Auditing Access control Windows Server 2016 is improving Windows authentication access control SQL Server Row level security SQL Server Dynamic data masking Protecting data (Already available) transparent data encryption TDE protects data at rest. New in 2016 is Always Encrypted (next slide)
- #28 This is where Azure SQL Database intelligence comes in – and can help improve the security for the data you store in the Azure SQL DB service. Rather than having to figure out what to secure, how to secure it – the service helps you by providing effective and simple-to-apply features for securing data, and actionable recommendations for what to apply where. First: SQL security recommendations within Azure Security Center Azure Security Center is a new service in Azure which enables you to understand and improve the security health of all your Azure resources A couple of the standard security requirements recommended by auditing authorities are Encryption at-rest which means encrypting the database, backups, transaction log files on the physical disk itself Auditing which collects logs of database activities – and enables you to know who did what and when on your database. Azure Security Center allows you to identify databases and servers that have not enabled auditing and encryption at-rest and provides actionable recommendations to enable these within a few clicks – so that you can immediately meet these compliance requirements.
- #29 Second SQL security recommendation is within a feature called dynamic data masking. App displays data, some is sensitive. App users don’t need to see it. Data from DB. You want to hide or MASK. Could modify app to hide all or part of the value SQL intelligent security can help: SQL Dynamic Data Masking, built-in, limits exposure by masking in query results You define what to mask and how to mask it in the DB – and it shows up masked everywhere (apps and developer queries) Data isn’t changed – just masked on query Help = automatically discovering potentially sensitive data Actionable recommendations to mask it, that help you to secure you sensitive data within a few clicks and without changing your application code
- #30 Feedback from one of our Azure SQL Database customers who benefited from these security recommendations. This Frans, who is the CTO of New Orbit , which is a company in the UK that build cloud based applications for enterprises and financial organizations Security is major concern for New Orbit customers - and New Orbit must also comply with some official security standards Frans and his team make use of the SQL Security Recommendations - to track the security in their system and make sure all their databases comply with the requirements, and help them to pass security audits.
- #31 Follow the readme.txt in demo4_security
- #32 The last SQL security intelligent feature, I would it to share Is SQL Threat Detection which is a built-in feature in Azure SQL Database service that detects anomalous database activities indicating a possible threat to the database Its super simple to enable using Azure portal or standard API and requires no modifications to your application code Set of world-class algorithms that learn, profile application behavior, detect anomalous activity, including potential SQL injections and unusual behavior patterns. Detect something suspicious --> immediate notification over email and an alert in Azure Security Center Actionable investigation and remediation steps. Use your audit log to investigate database activities around the time of the security alert. Guidelines to remediate.
- #33 Final customer story: Richard Priest, head of technology for Missing Widget – which is a company that provides an ISV solution. Missing Widget is also a customer of Azure SQL Database. Threat Detection on their databases several alerts about vulnerabilities to SQL injection in their application. Able to find and track down the exact vulnerabilities in their code – and based on the guidelines we provide in the documentation they were able to quickly fix the vulnerabilities in their code. Guides everyone on the team to turn on Auditing and Threat Detection on all their projects – as this is a simple and effective way to give another layer of protection for their system.
- #34 Follow the readme.txt in demo5_threatdetection
- #35 We’ve seen powerful intelligent features in Azure SQL Database can improve performance, manage costs and secure your data Can I benefit from this? Can my application make use of this? YES – not just Azure portal, your own or standard APIs Manage maintenance actions and automate via Powershell – standard set of Azure APIs Security related: Azure Security Center Whatever your preferred way of managing your Azure environment – make use of useful recommendations + intelligent features of Azure SQL DB. Finally - not using MS stack? Azure SQL database comes with full set of drivers for all of the most popular languages and frameworks. Beyond .Net: Java, Ruby, PHP, Node.js, Python Frameworks: Entity Framework, but also Hibernate, Rails, Django…. Move backend to SQL DB, and app benefits from intelligence built-in, regardless of technology it’s built on.
- #36 Summarize and recap : Azure SQL Database built-in intelligent features work around the clock for you – We help you configure and optimize and tune your database within minutes, without requiring YOU to be the expert. We’ve seen how in Performance the SQL Database Advisor provides actionable recommendations and automatic tuning to help you speed up your application and prevent performance incidents. Elastic Pools and Query Insights help you configure your database SKUs in an optimal way, whether for one database or for thousands of databases! Query Insights – helps you understand resource bottlenecks + tune Intelligent security features secure your data – detect and prevent attacks that can expose your most precious resource (your sensitive data) and jeopardize your business. 4. Easy to use – each of the demos only took a couple of clicks, and very little effort on your part. 5. No need to change your application - and it’s available and consumable anywhere. 6. Examples of global companies choosing Azure SQL DB and benefiting 7. You can move your database to Azure SQL DB – and benefit from the power of the cloud – using advanced algorithms to learn from millions of other apps and providing you with a customized and tailored experience to help improve your app, with very little effort on your part. 8. So you can spend your time focusing on your application logic and what’s important for your business to succeed