Database Administration for Azure SQL DB Martin Cairney SQL Saturday #582, Melbourne 11 th February 2017
Housekeeping Mobile Phones Please set to stun during sessions Evaluations Please complete a session Evaluation to provide feedback to our wonderful speakers! Also complete the Event Evaluation forms please fill them in and return them at the end of the day Coffee There a Coffee cart provided by WardyIT outside the Microsoft & Sandisk rooms if you need a caffeine hit before the next session
Housekeeping SQL Clinic Don t forget to check out the SQL Clinic to talk directly to Microsoft staff and MVP s about your biggest pain points or suggestions for the next versions of SQL Server Lunchtime Sponsor Sessions Learn more over lunch, come hear presentations from our gold sponsors including WardyIT, SanDisk and Insight Enterprises Sponsor Bingo Visit the sponsors desks to get your Bingo Card stamped and enter the prize draw
Martin Cairney Microsoft Data Platform MVP Microsoft Certified Trainer Organiser SQL Saturday Melbourne (http://bit.ly/1mz9lye) martin.cairney@lobsterpot.com.au @martin_cairney http://au.linkedin.com/in/martincairney
Agenda How is it Different? Server Level Concepts Cloud Specific Concepts Mapping the Management Tasks Security Backups and Restores Scheduled Maintenance Alerts Auditing Monitoring The Azure DBA Role
How is it Different?
How is it Different? https://docs.microsoft.com/en-us/azure/sql-database/sql-database-paas-vs-sql-server-iaas
How is it Different As a DBA there are new challenges since some familiar functionality is not there No Profiler support Replication only as a Subscriber Restricted CLR functionality FILESTREAM / FILE TABLES No Linked Servers No cross-database queries
Server Level Concepts Is an Azure SQL Server the same as On-Premises? =
Server Level Concepts In Azure, the SQL Server is only a logical container What is doesn t do No guarantee your DB is on the same physical host Does not expose Instance Level features No MSDB No SQL Agent No DBMail No Policy Management No Linked Servers
Server Level Concepts In Azure, the SQL Server is only a logical container What it does do Provides access to metadata for the contained resources (vis DMVs) Provides a scope for management features (audit, firewall, etc) Provides the scope for versioning Provides the scope for quotas <- reconfirm what these are
Cloud Specific Concepts Service Tiers and Resources Provides scalability in performance (and some functionality for now) Tier identifies the maximum DTU, size and concurrency available DTU is a measure of the CPU, memory and IOPS available to the SQL DB Elastic Pools and Sharding Combine multiple SQL DBs into a group where the resource limits apply Allows a single SQL DB to use all the pool resources (if available) Provides a scale-out architecture to allow the application DB to surpass the single SQL DB limits Elastic Jobs allow admin operations across all SQL DBs in the Elastic Pool Elastic Transactions allow transactions to span several SQL DBs Elastic Query allows queries or reports to run across many SQL DBs and to access remote data stored in many SQL DBs in your pool at once
Cloud Specific Concepts (continued) Contained Databases and Users A SQL DB is its own boundary - e.g. doesn t natively permit cross database access unless using the Elastic Tools Users are fully contained and provide the security context for access to a single SQL DB Automated backups and HA Backups are run automatically and continuously to provide point-in-time restores up to the Tier Level Retention Period Active Geo-Replication provides up to 4 readable secondaries in the same or different Azure Regions Asynchronous replication of committed transactions Comes with a guaranteed SLA from Microsoft All Service Tiers have an uptime SLA of 99.99%
Mapping the Management Tasks
Security No Server Roles in SQL DB Only the Administrator has access across all SQL DBs on the Azure SQL Server No role permission is granted automatically master Database Roles dbmanager can create/delete databases on the Azure SQL Server & are dbo for the SQL DBs they create loginmanager can create/delete logins within the master database
Security Initial Administrator account is a SQL login We then add an Azure AD Group or User as the Active Directory Admin Now we can create users either as SQL users or as AD users
Security Firewall Rules Server Level Firewall Used for administrative access allows access to all SQL DBs on the server Can be set using the Portal, API, Powershell or T-SQL (NB can t use T-SQL for the first rule) Database Level Firewall Make access more restrictive Can block access from the Server Level Firewall if the ranges do not overlap Are created using T-SQL (sp_set_database_firewall_rule name, start_ip, end_ip )
Backup & Restores Automatic Backups NO control over type and frequency NO control over storage backup location (for regular backups) Process Full, Differential and Transaction Log backups are taken to ensure point-in-time recovery Backups are sent to RA-GRS (read-access geo-redundant storage) No additional charge for the storage (up to 2 x provisioned SQL DB size) Retention Basic Tier : Standard Tier: Premium Tier: 7 days 35 days 35 days
Backup & Restores Long-Term Retention Can extend the retention to up to 10 years Copies the weekly FULL backups into the Azure Backup Service Vault Still automatically managed backups older than the retention policy are deleted Must be in same region and resource group as the SQL DB Restore Options Must restore to a NEW SQL DB (unless original SQL DB was deleted) Restore deleted SQL DB if it was deleted within the retention period for the Tier Restore to point-in-time within retention period or to a specific long term backup Geo-Restore to a new region and SQL Server
Backup & Restores DEMO
Scheduled Maintenance No in-built job scheduler in SQL DB, so what can we do? Azure Automation Execute a Powershell script on a scheduled basis Need to do our own logging and analysis of outputs Can be complex to set up Elastic Jobs Current version is a customer-hosted Azure Cloud Service needs to be installed -> additional cost Jobs are created using the portal or Powershell no T-SQL Can log into a central table Elastic Jobs Private Preview version Doesn t need a Cloud Service only a SQL DB (S2 minimum) kinda like having an MSDB Familiar T-SQL procedures and tables Currently Private Preview and restricted to only 1 job step per job
Scheduled Maintenance DEMO
Alerts Defined at the SQL DB level Metrics include: Firewall Connections CPU Deadlocks DTU Log IO Data IO Sessions and Workers DB Size In-Memory Usage
Alerts Delivery Can be selective over notifications Can trigger additional actions through the use of Webhooks
Alerts DEMO
Auditing Auditing of events similarly to On-Premises Configure at either the Server or individual SQL DB level Effectively runs an XE session to capture the audit events Blob Auditing Logs to Azure Blob Storage When enabled on a primary is automatically enabled on secondary in Geo-Replicated SQL DB Uses Storage Access Keys may be subject to periodic regeneration Can t select specific events default selection implemented Explore logs from Portal or download from Storage Account and open.xel file in SSMS
Auditing Table Auditing Logs to Azure Table Storage Requires changes to connection strings and Endpoint IP Addresses (xxx.database.secure.windows.net) Allows different audits of primary & secondary in Geo-Replicated SQL DB Allows the selection of Audit Event Categories with success/failure options Explore logs from Portal or download the Excel Report Template (uses PowerQuery to load data) Table Auditing is also a pre-requisite to enable Threat Detection Current Preview monitors for SQL Injection (actual or potential) and Anomalous Client Logins Emails information when an event that meets the criteria occurs
Auditing DEMO
Monitoring Azure Portal SQL DB/Overview/Monitoring Metrics DMVs some specific for SQL DB, some removed others same or similar SQL Database Advisor Missing Indexes Duplicate Indexes Schema Issues (e.g. missing columns in a query) Parameterisation Recommendations Performance Insights Visualisation based on Query Store
Tuning Database Advisor Suggestions New and Duplicate Indexes, Paramterisation and Schema Errors Review Performance Insights Extended Events Subset of XE features in On-Premises SQL Server NOTE still in Preview Database scoped rather than Server scoped Targets Ring Buffer, Event Counter & Azure Storage for file, but no ETW
Monitoring & Tuning DEMO
The Azure DBA Role 1) TUNING reduce your resource usage 2) TUNING reduce your costs if you can reduce your Tier 3) ALERTS base them on resource usage and trigger Automation Actions from them 4) BACKUPS use what s needed for you DB and compliance don t use LTS unless you need to 5) EXTENDED EVENTS if you d been hanging on to Profiler, now s the time to change 6) SECURITY especially as SQL DB has a public internet address no VNETs yet 7) CHANGE VELOCITY new features that help, like the new Elastic Jobs
Questions?
Sponsors Please make sure you visit our fantastic sponsors to get your card stamped to be in the running for a raffle prize:
How did we do? Please complete an Evaluation to provide feedback to our wonderful speakers! SQL Clinic Don t forget to check out the SQL Clinic to talk directly to Microsoft staff and MVP s about your biggest pain points or suggestions for the next versions of SQL Server Lunchtime Sponsor Sessions Learn more over lunch, come hear presentations from our gold sponsors including WardyIT, SanDisk and Insight Enterprises Evaluations Also complete the Event Evaluation forms please fill them in and return them at day the end of the