Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

IDERA Slides: Managing the Transition to Hybrid Cloud

219 Aufrufe

Veröffentlicht am

Companies are struggling to understand the various cloud deployment options and how they will effectively manage their environment. As organizations transition to using cloud solutions for part or all of their database configurations, the IT teams need to understand what choices they must make for ensuring they can meet business expectations for performance, security, and availability. IDERA’s Rob Reinauer shares insights into managing SQL Server environments from cloud to ground so that you can make confident decisions for your database deployments and mitigate the added data risks cloud environments can introduce.

Veröffentlicht in: Daten & Analysen
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

IDERA Slides: Managing the Transition to Hybrid Cloud

  1. 1. Rob Reinauer Director, SQL Product Management IDERA November 19, 2019 Managing the transition to Hybrid Cloud
  2. 2. Managing the transition to hybrid cloud Topic Overview • Private vs Public vs Hybrid Clouds • Deployment Patterns for SQL Server In Cloud Environments • Advantages and Risks of utilizing cloud infrastructure • Performance • Security • Compliance • Hybrid Cloud Design Challenges • Cloud Network Connectivity • Hybrid Cloud Network Connectivity • Tools to help mitigate cloud deployment risks
  3. 3. Managing the transition to hybrid cloud • Public Cloud vs Private Cloud Environments On premise Private Cloud Environments Hoster. Azure / EC2 VMs Azure / EC2 Managed Database Public Cloud Environments VM VM VM VM VM VM VM VM Cloud Technology Overview
  4. 4. Managing the transition to hybrid cloud 4 • Private Cloud Environments • On premises management of server and storage farms to achieve management efficiency and lower cost of ownership • Cloud based servers, storage and network infrastructure partitioned off from public cloud components. • VMWare, System Center, Azure Stack On premise Private Cloud Environments Hoster. Cloud Provider Cloud Technology Overview
  5. 5. Managing the transition to hybrid cloud • SQL Server In Public Cloud Environments Azure VM / AWS EC2 IaaS SQL Server Instance Database Db1 Database Db2 SQL Server Agent SQL Jobs - Backup - Defrag 3rd Party Tools SSMS Azure SQL Managed Instance Amazon RDS (PaaS) SQL Server Instance Database Db1 Database Db2 SQL Server Agent SQL Jobs - Backup - Defrag Azure SQL Database Single / Elastic Pool (DBaaS) Databases Db1 DB2 DB3 DB4 Database Db1 Database Db2 • Essentially 100% compatibility with private cloud deployments. • SQL Agent & 3rd party tools available. • Multi-database capable. • VMs Deployed into subnets in Virtual networks • Greatly increased compatibility with private cloud deployments. • Multi-database capable • SQL Agent available • Azure MI Deployed into private subnets in Virtual networks • Fully managed database as a service. • Somewhat constrained syntax • Single databases or elastic pools • No SQL Agent • Service endpoints deployed into subnets Cloud Technology Overview Cloud VMs Managed Instances Cloud Database
  6. 6. Managing the transition to hybrid cloud On premise Hoster. Public Cloud Environments Private Cloud Environments Azure / EC2 Managed Database VM VM VM Cloud Provider • Hybrid Cloud Environments Cloud Technology Overview SQL Server Database Database SQL Server Database Database SQL Server Database Database SQL Server Database Database SQL Server Database Database SQL Server Database Database SQL Server Database Database SQL Server Database Database SQL Server Database Database SQL Server Database Database VM VM VM SQL Server Database Database VM SQL Server Database Database VM SQL Server Database Database Azure / EC2 Virtual Machines
  7. 7. Managing the transition to hybrid cloud The Business Necessity for Utilizing Cloud Infrastructure For execution environment evaluation and optimization: • Performance, Sizing, Capacity planning, short duration tests Cloud infrastructure offers an easy order of magnitude increase in productivity and agility.
  8. 8. Managing the transition to hybrid cloud The Business Necessity for Utilizing Cloud Infrastructure For execution environment evaluation and optimization: • Performance, Sizing, Capacity planning, short duration tests For bursty, large scale environments: Scenarios are enabled which just wouldn’t be practical in the data center • Thousands of nodes built on Thurs • Run analysis Friday and Saturday • Tear down and discard Saturday night Cost advantages can be obtained which just wouldn’t be possible on-prem Cloud infrastructure offers an easy order of magnitude increase in productivity and agility.
  9. 9. Managing the transition to hybrid cloud The Business Necessity for Utilizing Cloud Infrastructure For execution environment evaluation and optimization: • Performance, Sizing, Capacity planning, short duration tests For bursty, large scale environments: Scenarios are enabled which just wouldn’t be practical in the data center • Thousands of nodes built on Wed • Run analysis Thursday and Friday • Tear down and discard Friday night Cost advantages can be obtained which just wouldn’t be possible on-prem Much of the agility and velocity advantages accrue because development staff have the ability to implement changes directly. Cloud infrastructure offers an easy order of magnitude increase in productivity and agility.
  10. 10. Managing the transition to hybrid cloud The Business Necessity for Utilizing Cloud Infrastructure For execution environment evaluation and optimization: • Performance, Sizing, Capacity planning, short duration tests For bursty, large scale environments: Scenarios are enabled which just wouldn’t be practical in the data center • Thousands of nodes built on Wed • Run analysis Thursday and Friday • Tear down and discard Friday night Cost advantages can be obtained which just wouldn’t be possible on-prem Much of the agility and velocity advantages accrue because development staff have the ability to implement changes directly. Cloud infrastructure offers an easy order of magnitude increase in productivity and agility.
  11. 11. Managing the transition to hybrid cloud 11 • Performance and behavioral impacts and differences • Data Security • Certification of Regulatory Compliance • Loss of the ultimate control of your data • Potential for tool profusion and siloed monitoring environments SQL Server deployments to the public cloud introduces new complexities, and increased performance and data risks Cloud Deployment Risk Elements
  12. 12. Managing the transition to hybrid cloud The Danger of Utilizing Cloud Infrastructure • Cloud infrastructure provides elegant, easily accessible mechanisms to setup and configure incredibly complex execution environments. • Data Center computing is reasonably safe and reliable because of decades of IT experience, largely informed by failures and bad outcomes. • For cloud deployed infrastructure, these accepted IT procedures and best practices are still evolving. • Modern cloud infrastructures expose all aspects of an incredibly complex execution environment.
  13. 13. Managing the transition to hybrid cloud Flexibility & Complexity: Network Elements For a Single VM Network Interface
  14. 14. Managing the transition to hybrid cloud • Virtual Networks • Azure: Azure Virtual Network • Amazon: Virtual Private Cloud • Address range isolated from other virtual networks • Typically contain multiple subnets • Can attach VPN gateways • Subnets • Provide traffic isolation within a virtual private network • Can have public facing IP address attached • For can add Azure service endpoints • CIDR address designations define subnets Cloud Network Connectivity Overview Azure / EC2 VMs Vnet1 / Subnet 1 Azure / EC2 VMs Vnet2 / Subnet 1 Virtual Private Gateway Virtual Network 1 Virtual Network 2
  15. 15. Managing the transition to hybrid cloud • Virtual Network Gateways • Azure: Virtual Network Gateway • Amazon: Routing tables & Services • Allows communication between virtual networks • Peering or VPN • Azure Virtual Private Network (VPN) Gateways • VPN Gateways – Utilize Internet • ExpressRoute Gateways – Utilize Azure ExpressRoute • Amazon AWS Virtual Private Gateways • VPN Gateways – Utilize Internet • Direct Connect Gateways – Utilize AWS Direct Connect Cloud Network Connectivity Overview Virtual Network 1 Virtual Network 2 Azure / EC2 VMs Vnet1 / Subnet 1 Azure / EC2 VMs Vnet2 / Subnet 1 Virtual Private Gateway
  16. 16. Managing the transition to hybrid cloud • Virtual Networks Addressing • Definition of Virtual network specifies an IP address range • Each member subnet contain subsets of that address space • CIDR blocks define those address spaces • Entities in different subnets within the same virtual network have routes to each other • Entities in different virtual networks, by default, do not have routes to each other Virtual Network 1 Azure / EC2 VMs Subnet 1 VMa VMb VMc Azure / EC2 VMs Subnet 2 Address Space: 10.6.0.0/16 - 64K Addresses Address Space: 10.6.0.0/20 4096 – 6 = 4090 addresses Address Space: 10.6.16.0/24 256 – 5 = 251 addresses VMd VMe VMf Cloud Network Connectivity Overview
  17. 17. Managing the transition to hybrid cloud 9 • IPV4 CIDR Blocks • CIDR: Classless Inter-Domain Routing • V4 IP address is 32 bits • CIDR blocks specify how many bits are assigned to the network prefix and how many are assigned to host addresses • The remaining bits after network prefix are bits for unique addresses • Unique available address = 2(remaining bits) – overhead addresses • For example: • CIDR block: 200.100.10.0/24 indicates: • 24 bits are assigned to the network prefix • 32 – 24 = 8 bits provides for 256 unique host addresses • CIDR block: 200.100.0.0/16 indicates: • 16 bits are assigned to the network prefix • 32 – 16 = 16 bits provides for 65,536 unique host addresses Cloud Network Connectivity Overview
  18. 18. Managing the transition to hybrid cloud Virtual Network 1 Azure / EC2 VMs Subnet 1 VMa VMb VMc Azure / EC2 VMs Subnet 2 Address Space: 10.6.0.0/16 - 64K Addresses Address Space: 10.6.0.0/20 4096 – 6 = 4090 addresses Address Space: 10.6.16.0/24 256 – 5 = 251 addresses VMd VMe VMf Virtual Network 2 Azure VMs Subnet 1 VM1 VM2 Azure Managed Instance 1 Subnet 2 Address Space: 10.5.0.0/24 - 256 Addresses Address Space: 10.5.0.16/28 16 – 5 = 11 addresses Address Space: 10.5.0.0/28 16 – 5 = 11 addresses • Peering between Virtual Networks • Two Virtual Networks: 10.6.0.0/16 10.5.0.0/24 • Without a peering relationship: Vma-f cannot connect to VM1-2 or MI1 Cloud Network Connectivity Overview
  19. 19. Managing the transition to hybrid cloud Creating a peering relationship through the Azure Portal • Executed between Vnets • In the context of Vnet1 add peering to Vnet2 • Status of peering will be initiated • Then in the context of Vnet2 add peering to Vnet1 • Status of peering will be connected Cloud Network Connectivity Overview
  20. 20. Managing the transition to hybrid cloud Virtual Network 1 Azure / EC2 VMs Subnet 1 Peering Relationship VMa VMb VMc Azure / EC2 VMs Subnet 2 Address Space: 10.6.0.0/16 - 64K Addresses Address Space: 10.6.0.0/20 4096 – 6 = 4090 addresses Address Space: 10.6.16.0/24 256 – 5 = 251 addresses VMd VMe VMf Virtual Network 2 Azure VMs Subnet 1 VM1 VM2 Azure Managed Instance 1 Subnet 2 Address Space: 10.5.0.0/24 - 256 Addresses Address Space: 10.5.0.16/28 16 – 5 = 11 addresses Address Space: 10.5.0.0/28 16 – 5 = 11 addresses Cloud Network Connectivity Overview
  21. 21. Managing the transition to hybrid cloud Internet Private Network Connection Locale Cloud Provider / Partner Private Network Customer Provided Private Network Connection Public Network Connectivity Private Network Connectivity Cloud Provider ISP networks Customer ISP network • Public Networks • Internet • Private Networks • Azure ExpressRoute • AWS Direct Connect Hybrid Cloud Network Connectivity – decisions: • VPN protocols: • OpenVPN • Secure Socket Tunneling Protocol • IKEv2 • VPN Appliances • Software vs Hardware Virtual Network 1 Virtual Network 2 Azure / EC2 VMs Vnet1 / Subnet 1 Azure / EC2 VMs Vnet2 / Subnet 1 Virtual Private Gateway
  22. 22. Managing the transition to hybrid cloud • Hub & spoke architectures • Virtual Network dedicated to Azure or AWS account • VPN tunnels can be overlaid for fully secure site to site communications Site to Site traffic routed by Virtual Private Gateway Hybrid Cloud Network Connectivity Virtual Network 1 Virtual Network 2 Azure / EC2 VMs Vnet1 / Subnet 1 Azure / EC2 VMs Vnet2 / Subnet 1 Virtual Private Gateway
  23. 23. Managing the transition to hybrid cloud Azure ExpressRoute & AWS Direct Connect Termination Locales Azure locales Amazon Locales Hybrid Cloud Network Connectivity
  24. 24. Managing the transition to hybrid cloud • Migration of data and compute infrastructure to the cloud, can obviously magnify existing but undiagnosed vulnerabilities. • Within a corporate data center protected by firewalls, managed by experienced IT staff, misconfigured or under secured servers and storage often will have no impact what so ever. • Many areas of exposure are not known and will not be known until they are migrated to cloud infrastructure. • The best practices and established IT procedures for Cloud deployed infrastructures are still evolving. The Danger of Utilizing Cloud Infrastructure
  25. 25. Managing the transition to hybrid cloud Generally speaking, the big three cloud infrastructure platforms have rock solid security and reliability • Through 2025, 99% of cloud security failures will be the customer’s fault. • Through 2025, 90% of the organizations that fail to control public cloud use will inappropriately share sensitive data. • Through 2024, the majority of enterprises will continue to struggle with appropriately measuring cloud security risks. Is The Cloud Secure? Gartner Research, October 10, 2019 The Danger of Utilizing Cloud Infrastructure ( The Real Concern )
  26. 26. Managing the transition to hybrid cloud The advantages are too compelling to ignore • “CIOs need to ensure that their security teams are not holding back cloud initiatives with unsubstantiated cloud security worries,” • “Exaggerated fears can result in lost opportunity and inappropriate spending.” • When formulating a cloud computing strategy, organizations must make calculated decisions about what they will and will not do to mitigate cloud risks based on budget and risk appetite. • Tools and automation are the key to managing cloud complexity The costs for the risk mitigations should be included in the all up front cloud strategy The Danger of Not Utilizing Cloud Infrastructure
  27. 27. Managing the transition to hybrid cloud
  28. 28. Managing the transition to hybrid cloud
  29. 29. Managing the transition to hybrid cloud
  30. 30. Managing the transition to hybrid cloud
  31. 31. Managing the transition to hybrid cloud • Identify vulnerabilities in SQL Server deployments • Harden security policies across all of your SQL Server Instances & databases • Analyze and report on user permissions across database objects • Deploy in cloud or in datacenter – monitor cloud or datacenter deployments or both Identify Vulnerabilities • Discover who has access to what • Identify user’s effective rights across all SQL databases • Browse and analyze all files, directories and registry settings associated with SQL Server • Determine ownership, explicit and inherited security rights Set Strong Security Policies • View a complete history of SQL Server security settings • Designate baselines for future comparison and forensic analysis Automated Security Snapshot capture • Security snapshots captured on regular schedule • Automated alerts and email notifications configurable by severity of security findings Prevent Security Violations • Pre-defined templates leveraging CIS & MS Best Practices Analyzer guidelines • Identifies top security vulnerabilities on your databases and servers IDERA SQL Secure
  32. 32. Managing the transition to hybrid cloud • Deploy SQL Secure in the cloud or datacenter • Monitor deployments in cloud, datacenter or both IDERA SQL Secure Deployment Patterns - Designed for the Hybrid Cloud -
  33. 33. Managing the transition to hybrid cloud • Audit sensitive data to see who did what, when, where and how • Monitor and alert on suspicious activity to detect and diagnose • Easily satisfy audits across multiple industry regulatory requirements • Select from 25 pre-defined compliance reports as well as unlimited custom views Audit sensitive data • Discover and define the most sensitive data in your DB • Audit this data and database operations down to the column and field level • Define sensitive data sets spanning multiple tables Stop potential threats • Track all access and changes to database data • Evaluate query row counts • Compare before and after data for all modifications • Customize alerts and notifications on suspicious activities Pass regulatory audits with ease • Preconfigured templates for GDPR, PCI DSS, DISA STIG, NERC, CIS, SOX, HIPAA, FERPA help you meet compliance requirements Rich Reporting Capabilities • 25 pre-defined compliance reports • Developed with industry compliance experts to address critical security auditing & compliance report requirements. • Flexible customization capabilities • MS Reporting Services compatible IDERA SQL Compliance Manager
  34. 34. Managing the transition to hybrid cloud Configuring SQL Server for compliance with regulatory guidelines can be incredibly complex. ▪ SQL Compliance Manager makes regulatory compliance configuration single button simple The following compliance regulations are preconfigured: ▪ CIS Center for Internet Security ▪ SOX Sarbanes-Oxley ▪ HIPAA Health Insurance Portability and Accountability ▪ PCI DSS Payment Card Data Security Standard ▪ DISA STIG Defense Information Security Agency ▪ NERC North American Electric Reliability ▪ FERPA Family Educational Rights & Privacy ▪ GDPR* General Data Protection Regulation IDERA SQL Compliance Manager Regulatory Compliance Standards
  35. 35. Managing the transition to hybrid cloud • Deploy SQL Compliance Manager in the cloud or datacenter • Audit deployments in cloud, datacenter or both IDERA SQL Compliance Manager Deployment Patterns - Designed for the Hybrid Cloud -
  36. 36. Managing the transition to hybrid cloud Most storage volumes in Azure and AWS will be networked and virtualized This results in sometimes different behaviors than on prem SANs • Generally higher latency, but, often more deterministic than typical SAN • Both bandwidth and IOPs are constrained on a per VM basis • With block sizes relevant to SQL Server, IOPs typically hit before bandwidth I/O virtualization provides some benefit on a per volume basis • Larger volumes will provide benefits over smaller volumes Attach multiple I/O channels to multiple volumes • OS Level storage spaces and striped volumes scale almost linearly Cloud Storage Technology Overview
  37. 37. Managing the transition to hybrid cloud Comparison of data read scaling by larger volumes vs striped volumes • Incremental IOPs benefit from larger Azure volume sizes • Near linear IOPs benefit from striping multiple volumes or filegroups Cloud Storage Technology Overview
  38. 38. Managing the transition to hybrid cloud Comparison of data read scaling by striping volumes Azure vs on prem Direct Attached Storage • Near linear IOPs growth for both Azure and DAS striped volumes • Throughput grows at much slower rate for Azure vs DAS striped volumes Cloud Storage Technology Overview
  39. 39. Managing the transition to hybrid cloud • Monitor hundreds of SQL Instances • Receive instant notification of problems and alerts defined by templates or the administrator • Drill down to instance level details and statistics • Monitor & analyze queries and query plans to determine causes of blocks and deadlocks • Deploy in cloud or in datacenter – Monitor deployments in cloud, datacenter or both Managing SQL Server Performance, Health and Availability with IDERA DM for SQL Server IDERA SQL Diagnostic Manager for SQL Server
  40. 40. Managing the transition to hybrid cloud Monitor and analyze continuously • Detailed drill down for each instance • SQL Server resource usage • Statement, batch and transaction throughput by database • Session details • Lock waits • Operating system performance details Automated Alerting Infrastructure • Predefined alert settings based on industry best practices • Automatically calibrated and configured baseline alerts to minimize noise and false alerts • Automated alert responses: email, SQL scripts, PowerShell, and more. IDERA SQL Diagnostic Manager for SQL Server
  41. 41. Managing the transition to hybrid cloud Query plan viewer • The interactive visual representation of queries enables better drill down and understanding of query behavior. • Quickly identify the costliest operators Discover and display query bottlenecks • View queries stripped of parameters or in full statement mode • Quickly compare CPU, Disk I/O and elapsed time consumed by top queries • Compare performance of queries over time • Query store utilization provides more efficient and detailed query history IDERA SQL Diagnostic Manager for SQL Server
  42. 42. Managing the transition to hybrid cloud Receive Expert Query Tuning Advice • Award winning SQL Doctor capabilities built-in and automated • Quickly improve query performance through deep tuning insights • Updated for each new version of SQL Server • Intuitive interface makes sophisticated tuning decisions accessible to a broad range of users IDERA SQL Diagnostic Manager for SQL Server
  43. 43. Managing the transition to hybrid cloud • Deploy SQL Diagnostic Manager in the cloud or datacenter • Monitor deployments in cloud, datacenter or both IDERA SQL Diagnostic Manager Deployment Patterns - Designed for the Hybrid Cloud -
  44. 44. Managing the transition to hybrid cloud • Target backups to cloud VHDs, cloud buckets & BLOBs and Datacenter volumes • Save time and space with dynamic compression and optional encryption • Instant restore allows databases to go online in minutes while restore operations are still underway • Deploy in cloud or in datacenter – backup cloud or datacenter deployments or both Highest speed backups • Advanced compression • Multi-threaded, parallel volume write scheduling Policy based automated backup, restore and log shipping • Fully automated backup life cycle with defined targets Flexible cloud and data center backup & restore support • Amazon EC2 and S3 buckets • Azure VHDs and Blobs • Tivoli Storage manager • EMC Tolerate and recover from cloud network latencies • Backup and restore throttle and pause during latencies • Avoid excessive retries and time outs Easy to use point-in-time • Graphical time scale makes precise recoveries quick and easy • Identifies top security vulnerabilities on your databases and servers IDERA SQL Safe Backup
  45. 45. Managing the transition to hybrid cloud • Deploy SQL Safe Backup in the cloud or datacenter • Target backups to cloud VHDs, cloud buckets & BLOBs as well as Datacenter storage systems IDERA SQL Safe Backup Deployment Patterns - Designed for the Hybrid Cloud -
  46. 46. Managing the transition to hybrid cloud • SQL Secure scans and monitors SQL Server deployments for vulnerabilities with instant notification of problematic settings. • SQL Compliance Manager provides the ability to easily certify regulatory compliance and pass data audits in both cloud and data center deployments. • SQL Diagnostic Manager monitors 1000s of SQL Server Instances to provide instant notification of problems, query degradation and detailed drilldown and query analysis tools. • SQL Safe Backup provides industry leading performance in backups and gets SQL Server back online long before any other backup solutions on the market. IDERA database management tools help manage the complexities and mitigate the risks of cloud deployment
  47. 47. Managing the transition to hybrid cloud https://www.idera.com/productssolutions/it-database-management-tools IDERA Database Management Tools For SQL Server
  48. 48. Managing the transition to hybrid cloud ▪ All IDERA SQL products are available for free 14 day trial usage ▪ Live demos driven by IDERA Engineers on request ▪ Fully functional, no credit card or approvals required. IDERA SQL Diagnostic Manager https://www.idera.com/productssolutions/sqlserver/sqldiagnosticmanager#getStartedForm IDERA SQL Compliance Manager https://www.idera.com/productssolutions/sqlserver/sqlcompliancemanager/freetrialsubscriptionform IDERA SQL Secure https://www.idera.com/productssolutions/sqlserver/sqlsecure/freetrialsubscriptionform IDERA SQL Safe Backup https://www.idera.com/productssolutions/sqlserver/sqlsafebackup/freetrialsubscriptionform The Products We Discussed: Free fully functional trial downloads
  49. 49. Managing the transition to hybrid cloud Thank You! Rob Reinauer Director, SQL Product Management IDERA rob.reinauer@idera.com

×