SlideShare ist ein Scribd-Unternehmen logo

Securing and maintaining azure sql

Als PPTX, PDF herunterladen
S
Stas Lebedenko

Azure SQL usage seems to be easy and straightforward, but there are set of steps to make it truly reliable and properly secured. This talk is about following three important topics. IaaS is essential part of Azure and proper set of the environment scripts can really save the day, also you can do useful stuff with T-SQL instead of Azure portal. Are you ready for disaster, are your team take a proper drill? I`m sure you do, but in case you need a few tips and check list - you will obtain it. Usually, proper monitoring(including network impact), profiling and alerts are introduced after the first production issue. Security seems to be hot topic these days and there are few steps to secure your Elastic cluster proper way, plain Azure SQL Server firewall might be not enough. Security measures overview with best practices, vNet, user roles isolation, encryption at rest, secret maintenance with KeyVault, Security center.

Software
1 von 36
Securing and maintaining Azure SQL Stanislav Lebedenko Senior software developer @ Sigma Software
SQLSat Kyiv Team Eugene Polonichko Mykola Pobyivovk Yevhen Nedashkivskyi Oksana Tkach Oksana Borysenko Denis Reznik Anton Artomov
Sponsor Sessions are at 12:30 and 13:00 Don’t miss them, they might be providing some interesting and valuable information! 12:30 Congress Hall DevArt 12:30 Conference Hall Infopulse 12:30 Room AC Materialize 13:00 Congress Hall DB Best 13:00 Conference Hall Eleks
Sponsors
Session will begin very soon :) Please complete the electronic evaluation form for this session and for the event. Your feedback will help us to improve future conferences and speakers will appreciate your feedback! Enjoy the conference!
Infrastructure as a service via Transact-SQL and Azure CLI
Script them all Don't rely on UI Script your environments Script your processes Test all your infrastructure scripts.
Know business continuity requirements 01 | Point in time recovery (PITR). 02 | Long time backup retention (LTR). 03 | Mean time to recovery (MTTR). 04 | Restore of the deleted database. 05 | How long are backups kept. 06 | Active geo-replication. 07 | Auto-failover groups. 08 | Script them all :).
Use T-SQL for platform maintenance 01 | Scale up and scale down with plain Transact SQL ALTER DATABASE MyAzureDb MODIFY (Edition='basic', Service_objective='basic') 02 | Know your options, i.e. special views in master DB Sys.dm_operation_status 03 | Setup your Azure firewall via T-SQL Sys.firewall_rules 04 | Always test your T-SQL on copy Clone and test your system T-SQL scripts on periodic basis.
Know the difference Easiest of three Portal Primary tool Azure CLI Command line interface via bash For all other cases Powershell Actually have everything you need, but result code is lengthier
Understand your workloads Disable Automatic tuning if you have any doubts Adjust tune levels via stored procedures. Run auto tuning on DB clones
Understand key impact factors 01 | Performance tier 02 | Performance optimization 03 | Network issues 05 | Choose your metrics 06 | Identify what you don't measure.
Azure Monitor All-in-one solution High level overview Resource group insights Log Analytics workspaces Security & ISO 27001 checks Network performance
Monitoring of Azure SQL Identify what you don't measure
Database monitoring 1 Create dedicated Azure Log Analytics workspaces. 2 Enable diagnostics telemetry and stream it. 3 Setup audit logging and disable after setup. 4 Add your custom metrics and alerts 5 Same steps for SQL Server too 6 Disable everything you don't need, to save costs.
Database auditing 1 Use separate Azure Log Analytics workspace. 2 Relatively lower impact. 3 Setup audit logging and disable after setup. 4 Enable Advanced Data Security. 5 Create alerts for your metrics. 6 Consider impact and cost twice, before disabling Audit.
Query Performance Insight Performance Dashboard with modern UI
Network performance Network watcher service Network performance monitor Customized Alerts Traffic analytics Network topology Diagnostic logs
Azure SQL Analytics component for Azure Monitor AzureMetrics | where ResourceProvider=="MICROSOFT.SQL" | where ResourceId contains "/ELASTICPOOLS/" | where MetricName=="cpu_percent" | summarize AggregatedValue = max(Maximum) by bin(TimeGenerated, 5m) | render timechart
Disaster recovery plans and drills
Be prepared for everything you can think of
High availability and disaster recovery HADR 01 | Check your SLA! Start with simple and cheap disaster recovery plans. 02 | Use basic backups with PTR, LTR and different region LTR. 03 | Prepare automated restore and validation jobs with infrastructure scripts. 04 | Run this jobs and receive reports on weekly basis. 05 | Design for high availability with LRS, ZRS, GRS and RA-GRS(but be realistic). 06 | Consider Geo-replication and Auto-failover groups. 07 | Test your mean time to recovery MTTR with actual drills. 08 | Run drills for DBA, DevOps and Software engineers.
Geo-replication
Securing your Azure SQL Technical debt is an "Escalating risk"
Azure security center Global picture with gamification Free and Standard tiers Advanced cloud defence Policy and compliance checks Resource security hygiene Threat protection and alerts Automation via Playbooks
General security overview
01 | Double check encryption at rest 02 | Make sure that blob storage is secured 03 | Test security alerts. 04 | SQL Server firewall is not enough 05 | Keep user access rights at minimum 06 | Use Network Security Groups (NSGs) Securing your Azure SQL
Advanced Data Security
Fix issues in Vulnerability report
Azure key vault Keep your secrets safe All-in-one solution for secrets Store connection strings Logins and passwords Use Azure managed identity for application access to keys Create your own KeyVault in separate resource group
Network security 01 | Think and Plan before Deploy NSG. 02 | Get in touch with your team. 03 | Prepare security rule set. 04 | Setup alerts 05 | Run load tests and measure response time
Discover Azure SQL internals
Summary Monitor you solution Setup proper monitoring and multi level proactive alerts Prepare HADR solution Know you SLA. Prepare adequate high availability and data recovery solution Security is a challenge Securing only Azure SQL Server in not enough anymore, learn to use tools and practices provided by Azure Be ready to troubleshoot Prepare tools and troubleshoot scenarios firsthand, dont wait for disaster to do it 01 02 03 04
Questions?

Empfohlen

Building Cloud Apps using Azure SQL Database
Building Cloud Apps using Azure SQL DatabaseBuilding Cloud Apps using Azure SQL Database
Building Cloud Apps using Azure SQL Database
WinWire Technologies Inc
 
Build modern and intelligent applications using Azure Database for PostgreSQL
Build modern and intelligent applications using Azure Database for PostgreSQLBuild modern and intelligent applications using Azure Database for PostgreSQL
Build modern and intelligent applications using Azure Database for PostgreSQL
Microsoft Tech Community
 
Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)
Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)
Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)
Manoj Kumar
 
Azure Container Apps
Azure Container AppsAzure Container Apps
Azure Container Apps
ICS
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration Testing
Cheah Eng Soon
 
20 common security vulnerabilities and misconfiguration in Azure
20 common security vulnerabilities and misconfiguration in Azure20 common security vulnerabilities and misconfiguration in Azure
20 common security vulnerabilities and misconfiguration in Azure
Cheah Eng Soon
 
Praveen Kumar Resume
Praveen Kumar ResumePraveen Kumar Resume
Praveen Kumar Resume
praveen Kothuri.Praveen
 
Dr. Jekyll and Mr. Hyde
Dr. Jekyll and Mr. HydeDr. Jekyll and Mr. Hyde
Dr. Jekyll and Mr. Hyde
webhostingguy
 

Empfohlen

Building Cloud Apps using Azure SQL Database
Building Cloud Apps using Azure SQL DatabaseBuilding Cloud Apps using Azure SQL Database
Building Cloud Apps using Azure SQL Database
WinWire Technologies Inc
 
Build modern and intelligent applications using Azure Database for PostgreSQL
Build modern and intelligent applications using Azure Database for PostgreSQLBuild modern and intelligent applications using Azure Database for PostgreSQL
Build modern and intelligent applications using Azure Database for PostgreSQL
Microsoft Tech Community
 
Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)
Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)
Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)
Manoj Kumar
 
Azure Container Apps
Azure Container AppsAzure Container Apps
Azure Container Apps
ICS
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration Testing
Cheah Eng Soon
 
20 common security vulnerabilities and misconfiguration in Azure
20 common security vulnerabilities and misconfiguration in Azure20 common security vulnerabilities and misconfiguration in Azure
20 common security vulnerabilities and misconfiguration in Azure
Cheah Eng Soon
 
Praveen Kumar Resume
Praveen Kumar ResumePraveen Kumar Resume
Praveen Kumar Resume
praveen Kothuri.Praveen
 
Dr. Jekyll and Mr. Hyde
Dr. Jekyll and Mr. HydeDr. Jekyll and Mr. Hyde
Dr. Jekyll and Mr. Hyde
webhostingguy
 
Monitoring real-life Azure applications: When to use what and why
Monitoring real-life Azure applications: When to use what and whyMonitoring real-life Azure applications: When to use what and why
Monitoring real-life Azure applications: When to use what and why
Karl Ots
 
Customer Presentation - QuikTrip
Customer Presentation - QuikTripCustomer Presentation - QuikTrip
Customer Presentation - QuikTrip
Splunk
 
FAUG Jyväskylä 28.5.2019 - Azure Monitoring
FAUG Jyväskylä 28.5.2019 - Azure MonitoringFAUG Jyväskylä 28.5.2019 - Azure Monitoring
FAUG Jyväskylä 28.5.2019 - Azure Monitoring
Karl Ots
 
Modern Web-site Development Pipeline
Modern Web-site Development PipelineModern Web-site Development Pipeline
Modern Web-site Development Pipeline
GlobalLogic Ukraine
 
Sql server security in an insecure world
Sql server security in an insecure worldSql server security in an insecure world
Sql server security in an insecure world
Gianluca Sartori
 
Windows 10 IoT-Core to Azure IoT Suite
Windows 10 IoT-Core to Azure IoT SuiteWindows 10 IoT-Core to Azure IoT Suite
Windows 10 IoT-Core to Azure IoT Suite
David Jones
 
Automatize a detecção de ameaças e evite falsos positivos
Automatize a detecção de ameaças e evite falsos positivosAutomatize a detecção de ameaças e evite falsos positivos
Automatize a detecção de ameaças e evite falsos positivos
Elasticsearch
 
Advanced Splunk Administration
Advanced Splunk AdministrationAdvanced Splunk Administration
Advanced Splunk Administration
Greg Hanchin
 
AWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceAWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the Compliance
Yury Chemerkin
 
OSDC 2019 | Simplifying Your IT Workflow with Katello and Foreman by Nikhil K...
OSDC 2019 | Simplifying Your IT Workflow with Katello and Foreman by Nikhil K...OSDC 2019 | Simplifying Your IT Workflow with Katello and Foreman by Nikhil K...
OSDC 2019 | Simplifying Your IT Workflow with Katello and Foreman by Nikhil K...
NETWAYS
 
Presentation Tier optimizations
Presentation Tier optimizationsPresentation Tier optimizations
Presentation Tier optimizations
Anup Hariharan Nair
 
Getting started with Azure Event Grid - Webinar with Steef-Jan Wiggers
Getting started with Azure Event Grid - Webinar with Steef-Jan WiggersGetting started with Azure Event Grid - Webinar with Steef-Jan Wiggers
Getting started with Azure Event Grid - Webinar with Steef-Jan Wiggers
Codit
 
DevOps in Azure :Azure Resource Manager
DevOps in Azure :Azure Resource ManagerDevOps in Azure :Azure Resource Manager
DevOps in Azure :Azure Resource Manager
Utkarsh Pandey
 
Presentation for Android OS
Presentation for Android OSPresentation for Android OS
Presentation for Android OS
Mukul Cool
 
Android architecture
Android architectureAndroid architecture
Android architecture
Srinivas Devarapalli
 
Mastering Azure Monitor
Mastering Azure MonitorMastering Azure Monitor
Mastering Azure Monitor
Richard Conway
 
Overview of Blue Medora - New Relic Plugin for Oracle Databases
Overview of Blue Medora - New Relic Plugin for Oracle DatabasesOverview of Blue Medora - New Relic Plugin for Oracle Databases
Overview of Blue Medora - New Relic Plugin for Oracle Databases
Blue Medora
 
What is going on - Application diagnostics on Azure - TechDays Finland
What is going on - Application diagnostics on Azure - TechDays FinlandWhat is going on - Application diagnostics on Azure - TechDays Finland
What is going on - Application diagnostics on Azure - TechDays Finland
Maarten Balliauw
 
CloudBrew 2017 - Security + DevOps + Azure = Awesomeness
CloudBrew 2017 - Security + DevOps + Azure = AwesomenessCloudBrew 2017 - Security + DevOps + Azure = Awesomeness
CloudBrew 2017 - Security + DevOps + Azure = Awesomeness
Karl Ots
 
Azure SQL Database
Azure SQL Database Azure SQL Database
Azure SQL Database
nj-azure
 
KoprowskiT_SQLSoton_WADBforbeginners
KoprowskiT_SQLSoton_WADBforbeginnersKoprowskiT_SQLSoton_WADBforbeginners
KoprowskiT_SQLSoton_WADBforbeginners
Tobias Koprowski
 
Azure presentation nnug dec 2010
Azure presentation nnug dec 2010Azure presentation nnug dec 2010
Azure presentation nnug dec 2010
Ethos Technologies
 

Weitere ähnliche Inhalte

Was ist angesagt?

Monitoring real-life Azure applications: When to use what and why
Monitoring real-life Azure applications: When to use what and whyMonitoring real-life Azure applications: When to use what and why
Monitoring real-life Azure applications: When to use what and why
Karl Ots
 
OSDC 2019 | Simplifying Your IT Workflow with Katello and Foreman by Nikhil K...
OSDC 2019 | Simplifying Your IT Workflow with Katello and Foreman by Nikhil K...OSDC 2019 | Simplifying Your IT Workflow with Katello and Foreman by Nikhil K...
OSDC 2019 | Simplifying Your IT Workflow with Katello and Foreman by Nikhil K...
NETWAYS
 

Was ist angesagt? (20)

Monitoring real-life Azure applications: When to use what and why
Monitoring real-life Azure applications: When to use what and whyMonitoring real-life Azure applications: When to use what and why
Monitoring real-life Azure applications: When to use what and why
 
Customer Presentation - QuikTrip
Customer Presentation - QuikTripCustomer Presentation - QuikTrip
Customer Presentation - QuikTrip
 
FAUG Jyväskylä 28.5.2019 - Azure Monitoring
FAUG Jyväskylä 28.5.2019 - Azure MonitoringFAUG Jyväskylä 28.5.2019 - Azure Monitoring
FAUG Jyväskylä 28.5.2019 - Azure Monitoring
 
Modern Web-site Development Pipeline
Modern Web-site Development PipelineModern Web-site Development Pipeline
Modern Web-site Development Pipeline
 
Sql server security in an insecure world
Sql server security in an insecure worldSql server security in an insecure world
Sql server security in an insecure world
 
Windows 10 IoT-Core to Azure IoT Suite
Windows 10 IoT-Core to Azure IoT SuiteWindows 10 IoT-Core to Azure IoT Suite
Windows 10 IoT-Core to Azure IoT Suite
 
Automatize a detecção de ameaças e evite falsos positivos
Automatize a detecção de ameaças e evite falsos positivosAutomatize a detecção de ameaças e evite falsos positivos
Automatize a detecção de ameaças e evite falsos positivos
 
Advanced Splunk Administration
Advanced Splunk AdministrationAdvanced Splunk Administration
Advanced Splunk Administration
 
AWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceAWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the Compliance
 
OSDC 2019 | Simplifying Your IT Workflow with Katello and Foreman by Nikhil K...
OSDC 2019 | Simplifying Your IT Workflow with Katello and Foreman by Nikhil K...OSDC 2019 | Simplifying Your IT Workflow with Katello and Foreman by Nikhil K...
OSDC 2019 | Simplifying Your IT Workflow with Katello and Foreman by Nikhil K...
 
Presentation Tier optimizations
Presentation Tier optimizationsPresentation Tier optimizations
Presentation Tier optimizations
 
Getting started with Azure Event Grid - Webinar with Steef-Jan Wiggers
Getting started with Azure Event Grid - Webinar with Steef-Jan WiggersGetting started with Azure Event Grid - Webinar with Steef-Jan Wiggers
Getting started with Azure Event Grid - Webinar with Steef-Jan Wiggers
 
DevOps in Azure :Azure Resource Manager
DevOps in Azure :Azure Resource ManagerDevOps in Azure :Azure Resource Manager
DevOps in Azure :Azure Resource Manager
 
Presentation for Android OS
Presentation for Android OSPresentation for Android OS
Presentation for Android OS
 
Android architecture
Android architectureAndroid architecture
Android architecture
 
Mastering Azure Monitor
Mastering Azure MonitorMastering Azure Monitor
Mastering Azure Monitor
 
Overview of Blue Medora - New Relic Plugin for Oracle Databases
Overview of Blue Medora - New Relic Plugin for Oracle DatabasesOverview of Blue Medora - New Relic Plugin for Oracle Databases
Overview of Blue Medora - New Relic Plugin for Oracle Databases
 
What is going on - Application diagnostics on Azure - TechDays Finland
What is going on - Application diagnostics on Azure - TechDays FinlandWhat is going on - Application diagnostics on Azure - TechDays Finland
What is going on - Application diagnostics on Azure - TechDays Finland
 
CloudBrew 2017 - Security + DevOps + Azure = Awesomeness
CloudBrew 2017 - Security + DevOps + Azure = AwesomenessCloudBrew 2017 - Security + DevOps + Azure = Awesomeness
CloudBrew 2017 - Security + DevOps + Azure = Awesomeness
 
Azure SQL Database
Azure SQL Database Azure SQL Database
Azure SQL Database
 

Ähnlich wie Securing and maintaining azure sql

KoprowskiT_SQLRelay2014#9_London_FromPlanToBackupToCloud
KoprowskiT_SQLRelay2014#9_London_FromPlanToBackupToCloudKoprowskiT_SQLRelay2014#9_London_FromPlanToBackupToCloud
KoprowskiT_SQLRelay2014#9_London_FromPlanToBackupToCloud
Tobias Koprowski
 
SQLSaturday#290_Kiev_WindowsAzureDatabaseForBeginners
SQLSaturday#290_Kiev_WindowsAzureDatabaseForBeginnersSQLSaturday#290_Kiev_WindowsAzureDatabaseForBeginners
SQLSaturday#290_Kiev_WindowsAzureDatabaseForBeginners
Tobias Koprowski
 
KoprowskiT_SQLAzureLandingInBelfast
KoprowskiT_SQLAzureLandingInBelfastKoprowskiT_SQLAzureLandingInBelfast
KoprowskiT_SQLAzureLandingInBelfast
Tobias Koprowski
 
Kåre Rude Andersen - Create a scombot – automate and monitor azure
Kåre Rude Andersen - Create a scombot – automate and monitor azureKåre Rude Andersen - Create a scombot – automate and monitor azure
Kåre Rude Andersen - Create a scombot – automate and monitor azure
Nordic Infrastructure Conference
 
KoprowskiT_SQLRelay2014#1_Reading_FromPlanToBackupToCloud
KoprowskiT_SQLRelay2014#1_Reading_FromPlanToBackupToCloudKoprowskiT_SQLRelay2014#1_Reading_FromPlanToBackupToCloud
KoprowskiT_SQLRelay2014#1_Reading_FromPlanToBackupToCloud
Tobias Koprowski
 
KoprowskiT_SQLRelay2014#6_Leeds_WADBForBeginners
KoprowskiT_SQLRelay2014#6_Leeds_WADBForBeginnersKoprowskiT_SQLRelay2014#6_Leeds_WADBForBeginners
KoprowskiT_SQLRelay2014#6_Leeds_WADBForBeginners
Tobias Koprowski
 
Be05 introduction to sql azure
Be05 introduction to sql azureBe05 introduction to sql azure
Be05 introduction to sql azure
DotNetCampus
 
KoprowskiT_SQLSat230_Rheinland_SQLAzure-fromPlantoBackuptoCloud
KoprowskiT_SQLSat230_Rheinland_SQLAzure-fromPlantoBackuptoCloudKoprowskiT_SQLSat230_Rheinland_SQLAzure-fromPlantoBackuptoCloud
KoprowskiT_SQLSat230_Rheinland_SQLAzure-fromPlantoBackuptoCloud
Tobias Koprowski
 

Ähnlich wie Securing and maintaining azure sql (20)

KoprowskiT_SQLSoton_WADBforbeginners
KoprowskiT_SQLSoton_WADBforbeginnersKoprowskiT_SQLSoton_WADBforbeginners
KoprowskiT_SQLSoton_WADBforbeginners
 
Azure presentation nnug dec 2010
Azure presentation nnug dec 2010Azure presentation nnug dec 2010
Azure presentation nnug dec 2010
 
KoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersKoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginners
 
KoprowskiT_SQLSat419_WADBforBeginners
KoprowskiT_SQLSat419_WADBforBeginnersKoprowskiT_SQLSat419_WADBforBeginners
KoprowskiT_SQLSat419_WADBforBeginners
 
KoprowskiT_SQLRelay2014#9_London_FromPlanToBackupToCloud
KoprowskiT_SQLRelay2014#9_London_FromPlanToBackupToCloudKoprowskiT_SQLRelay2014#9_London_FromPlanToBackupToCloud
KoprowskiT_SQLRelay2014#9_London_FromPlanToBackupToCloud
 
Azure SQL Database
Azure SQL DatabaseAzure SQL Database
Azure SQL Database
 
SQLSaturday#290_Kiev_WindowsAzureDatabaseForBeginners
SQLSaturday#290_Kiev_WindowsAzureDatabaseForBeginnersSQLSaturday#290_Kiev_WindowsAzureDatabaseForBeginners
SQLSaturday#290_Kiev_WindowsAzureDatabaseForBeginners
 
KoprowskiT_SQLSatDenmark_WASDforBeginners
KoprowskiT_SQLSatDenmark_WASDforBeginnersKoprowskiT_SQLSatDenmark_WASDforBeginners
KoprowskiT_SQLSatDenmark_WASDforBeginners
 
KoprowskiT_SQLAzureLandingInBelfast
KoprowskiT_SQLAzureLandingInBelfastKoprowskiT_SQLAzureLandingInBelfast
KoprowskiT_SQLAzureLandingInBelfast
 
Tech-Spark: Azure SQL Databases
Tech-Spark: Azure SQL DatabasesTech-Spark: Azure SQL Databases
Tech-Spark: Azure SQL Databases
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overview
 
Sergii Baidachnyi ITEM 2018
Sergii Baidachnyi ITEM 2018Sergii Baidachnyi ITEM 2018
Sergii Baidachnyi ITEM 2018
 
Microsoft Sentinel Deployment V1.pptx
Microsoft Sentinel Deployment V1.pptxMicrosoft Sentinel Deployment V1.pptx
Microsoft Sentinel Deployment V1.pptx
 
Kåre Rude Andersen - Create a scombot – automate and monitor azure
Kåre Rude Andersen - Create a scombot – automate and monitor azureKåre Rude Andersen - Create a scombot – automate and monitor azure
Kåre Rude Andersen - Create a scombot – automate and monitor azure
 
KoprowskiT_SQLRelay2014#1_Reading_FromPlanToBackupToCloud
KoprowskiT_SQLRelay2014#1_Reading_FromPlanToBackupToCloudKoprowskiT_SQLRelay2014#1_Reading_FromPlanToBackupToCloud
KoprowskiT_SQLRelay2014#1_Reading_FromPlanToBackupToCloud
 
KoprowskiT_SQLRelay2014#6_Leeds_WADBForBeginners
KoprowskiT_SQLRelay2014#6_Leeds_WADBForBeginnersKoprowskiT_SQLRelay2014#6_Leeds_WADBForBeginners
KoprowskiT_SQLRelay2014#6_Leeds_WADBForBeginners
 
Making Data Scientists Productive in Azure
Making Data Scientists Productive in AzureMaking Data Scientists Productive in Azure
Making Data Scientists Productive in Azure
 
Be05 introduction to sql azure
Be05 introduction to sql azureBe05 introduction to sql azure
Be05 introduction to sql azure
 
44spotkaniePLSSUGWRO_CoNowegowKrainieChmur
44spotkaniePLSSUGWRO_CoNowegowKrainieChmur44spotkaniePLSSUGWRO_CoNowegowKrainieChmur
44spotkaniePLSSUGWRO_CoNowegowKrainieChmur
 
KoprowskiT_SQLSat230_Rheinland_SQLAzure-fromPlantoBackuptoCloud
KoprowskiT_SQLSat230_Rheinland_SQLAzure-fromPlantoBackuptoCloudKoprowskiT_SQLSat230_Rheinland_SQLAzure-fromPlantoBackuptoCloud
KoprowskiT_SQLSat230_Rheinland_SQLAzure-fromPlantoBackuptoCloud
 

Kürzlich hochgeladen

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
ayushiqss
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
masabamasaba
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 

Kürzlich hochgeladen (20)

%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
SHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions PresentationSHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions Presentation
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
%in Durban+277-882-255-28 abortion pills for sale in Durban
%in Durban+277-882-255-28 abortion pills for sale in Durban%in Durban+277-882-255-28 abortion pills for sale in Durban
%in Durban+277-882-255-28 abortion pills for sale in Durban
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 

Securing and maintaining azure sql

  • 1. Securing and maintaining Azure SQL Stanislav Lebedenko Senior software developer @ Sigma Software
  • 2. SQLSat Kyiv Team Eugene Polonichko Mykola Pobyivovk Yevhen Nedashkivskyi Oksana Tkach Oksana Borysenko Denis Reznik Anton Artomov
  • 3. Sponsor Sessions are at 12:30 and 13:00 Don’t miss them, they might be providing some interesting and valuable information! 12:30 Congress Hall DevArt 12:30 Conference Hall Infopulse 12:30 Room AC Materialize 13:00 Congress Hall DB Best 13:00 Conference Hall Eleks
  • 5. Session will begin very soon :) Please complete the electronic evaluation form for this session and for the event. Your feedback will help us to improve future conferences and speakers will appreciate your feedback! Enjoy the conference!
  • 6.
  • 7. Infrastructure as a service via Transact-SQL and Azure CLI
  • 8. Script them all Don't rely on UI Script your environments Script your processes Test all your infrastructure scripts.
  • 9. Know business continuity requirements 01 | Point in time recovery (PITR). 02 | Long time backup retention (LTR). 03 | Mean time to recovery (MTTR). 04 | Restore of the deleted database. 05 | How long are backups kept. 06 | Active geo-replication. 07 | Auto-failover groups. 08 | Script them all :).
  • 10.
  • 11. Use T-SQL for platform maintenance 01 | Scale up and scale down with plain Transact SQL ALTER DATABASE MyAzureDb MODIFY (Edition='basic', Service_objective='basic') 02 | Know your options, i.e. special views in master DB Sys.dm_operation_status 03 | Setup your Azure firewall via T-SQL Sys.firewall_rules 04 | Always test your T-SQL on copy Clone and test your system T-SQL scripts on periodic basis.
  • 12. Know the difference Easiest of three Portal Primary tool Azure CLI Command line interface via bash For all other cases Powershell Actually have everything you need, but result code is lengthier
  • 13. Understand your workloads Disable Automatic tuning if you have any doubts Adjust tune levels via stored procedures. Run auto tuning on DB clones
  • 14. Understand key impact factors 01 | Performance tier 02 | Performance optimization 03 | Network issues 05 | Choose your metrics 06 | Identify what you don't measure.
  • 15. Azure Monitor All-in-one solution High level overview Resource group insights Log Analytics workspaces Security & ISO 27001 checks Network performance
  • 16. Monitoring of Azure SQL Identify what you don't measure
  • 17. Database monitoring 1 Create dedicated Azure Log Analytics workspaces. 2 Enable diagnostics telemetry and stream it. 3 Setup audit logging and disable after setup. 4 Add your custom metrics and alerts 5 Same steps for SQL Server too 6 Disable everything you don't need, to save costs.
  • 18. Database auditing 1 Use separate Azure Log Analytics workspace. 2 Relatively lower impact. 3 Setup audit logging and disable after setup. 4 Enable Advanced Data Security. 5 Create alerts for your metrics. 6 Consider impact and cost twice, before disabling Audit.
  • 19. Query Performance Insight Performance Dashboard with modern UI
  • 20. Network performance Network watcher service Network performance monitor Customized Alerts Traffic analytics Network topology Diagnostic logs
  • 21. Azure SQL Analytics component for Azure Monitor AzureMetrics | where ResourceProvider=="MICROSOFT.SQL" | where ResourceId contains "/ELASTICPOOLS/" | where MetricName=="cpu_percent" | summarize AggregatedValue = max(Maximum) by bin(TimeGenerated, 5m) | render timechart
  • 23. Be prepared for everything you can think of
  • 24. High availability and disaster recovery HADR 01 | Check your SLA! Start with simple and cheap disaster recovery plans. 02 | Use basic backups with PTR, LTR and different region LTR. 03 | Prepare automated restore and validation jobs with infrastructure scripts. 04 | Run this jobs and receive reports on weekly basis. 05 | Design for high availability with LRS, ZRS, GRS and RA-GRS(but be realistic). 06 | Consider Geo-replication and Auto-failover groups. 07 | Test your mean time to recovery MTTR with actual drills. 08 | Run drills for DBA, DevOps and Software engineers.
  • 26. Securing your Azure SQL Technical debt is an "Escalating risk"
  • 27. Azure security center Global picture with gamification Free and Standard tiers Advanced cloud defence Policy and compliance checks Resource security hygiene Threat protection and alerts Automation via Playbooks
  • 29. 01 | Double check encryption at rest 02 | Make sure that blob storage is secured 03 | Test security alerts. 04 | SQL Server firewall is not enough 05 | Keep user access rights at minimum 06 | Use Network Security Groups (NSGs) Securing your Azure SQL
  • 31. Fix issues in Vulnerability report
  • 32. Azure key vault Keep your secrets safe All-in-one solution for secrets Store connection strings Logins and passwords Use Azure managed identity for application access to keys Create your own KeyVault in separate resource group
  • 33. Network security 01 | Think and Plan before Deploy NSG. 02 | Get in touch with your team. 03 | Prepare security rule set. 04 | Setup alerts 05 | Run load tests and measure response time
  • 34. Discover Azure SQL internals
  • 35. Summary Monitor you solution Setup proper monitoring and multi level proactive alerts Prepare HADR solution Know you SLA. Prepare adequate high availability and data recovery solution Security is a challenge Securing only Azure SQL Server in not enough anymore, learn to use tools and practices provided by Azure Be ready to troubleshoot Prepare tools and troubleshoot scenarios firsthand, dont wait for disaster to do it 01 02 03 04