5. Introduction Highly scaled out relational database as a service A massively scaled Multi-tenant relational database service Built on commodity hardware Not database hosting
13. Enterprise SIs & Internal MS Properties T-SQL (TDS) SQL Azure Database MS Datacenter - AD Federation (LiveId /.NetSvcs ACS)
14. Service Provisioning Model Each account has zero or more servers Azure wide, provisioned in a common portal Billing instrument Each server has one or more databases Contains metadata about the databases Unit of authentication Unit of Geo-location Each database has standard SQL objects Unit of consistency Contains users, tables, views, indices, etc… Account Server Database
15. Compatibility Support common application patterns Logical/policy based administration Patterns work for SQL Azure and SQL Server Multi-tenancy considerations Throttling and load balancing Limits on DB size, duration of transaction, etc Version 1: Address the needs of 95% or more web and departmental application
16. Compatibility Included in version 1 Out of Scope for version 1 Tables, indexes and views Stored Procedures Triggers Constraints Table variables, session temp tables (#t) … Distributed Transactions Distributed Query CLR Service Broker Spatial Physical server or catalog DDL and views
21. Gateway Gateway Process TDS Endpoint Admin Service Endpoint Provisioning Endpoint Protocol Parser Business Logic Services Connection Management
22. Windows AzureFabric VM Control VM VM VM WS08 Hypervisor Service Roles Control Agent Out-of-band communication – hardware control WS08 In-band communication – software control Load-balancers Node can be a VM or a physical machine Switches Highly-available Fabric Controller
23. Fabric Controller Fabric Controller Fabric Controller (FC) Maps declarative service specifications to available resources Manages service life cycle starting from bare metal Maintains system health and satisfies SLA What’s special about it Enables utility-model shared fabric Automates hardware management “What” is needed Make it happen Fabric Switches Load-balancers
24. Fabric Controller Owns all the data center hardware Uses the inventory to host services Similar to what a per machine operating system does with applications Provisions the hardware as necessary Maintains the health of the hardware Deploys applications to free resources Maintains the health of those applications
27. Service Resilience Provisioning State machines used to coordinate activities across node (and datacenter) boundaries Failed provisioning attempts cleaned automatically after 10 minutes Login Failovers during the login will be transparent (<30 seconds) Metadata catalog refresh occurs automatically Active Session Surface as connection drops (due to state)
28. Health Monitoring Metrics Cluster wide performance counters gather key metrics on the service Used to alert Operations to issues before they become a problem Early warning system Code issues Capacity warnings Health Exercises the service routinely looking for problems When issues are encountered runs deep diagnostics Network connectivity at the node level Validate all dependent services (Live DNS, Live ID, etc) Monitoring from other MSFT Data Center’s Validates accessibility from multiple geographic locations Alerts fired automatically when test jobs fail
39. Limit one per subscriptionDatabase will be available/reachable, external connectivity Proper requests will be processed successfully All usage at standard rates No limit in the number of subscriptions Charged only for what you use Web Edition 1 GB DB space $9.99 Business Edition 10 GB DB space $99.99 Additional 5% promotional discount available to partners (Except storage and bandwidth) > 99.9% + BW World-wide presence in CY’09: Asia Pacific, EMEA, North America (2) Additional data centers scheduled for 1H CY’10
40. Database sharding “Shared-nothing” partitioning scheme Partition large database in multiple small databases Think of broken glass Use parallel fan-out queries To obtain data Map-Reduce pattern
42. Security Model Uses regular SQL security model Authenticate logins, map to users and roles Authorize users and roles to SQL objects Limited to standard SQL Auth logins Username + password Future AD Federation, WLID, etc as alternate authentication protocols Security model is 100% compatible with on-premise SQL
44. Network Access Control Each server defines a set of firewall rules Determines access policy based on client IP By default, there is NO ACCESS to server Controlled using Firewall API (masterDB) sys.firewall_rules, sys.sp_merge_firewall_rule and sys.sp_delete_firewall_rule
45. More SecurityMeasures Service Secure channel required (SSL) Denial Of Service trend tracking Packet Inspection Server IP allow list (Firewall) Idle connection culling Generated server names Database Disallow the most commonly attacked user id’s (SA, Admin, root, guest, etc) Standard SQL Authentication / Authorization mode