Post on 20-Jan-2016
Microsoft Azure SQL Database Business Continuity and Auditing Deep Dive
Jan EngelsbergEyal Carmel
DBI-B313
Agenda
Business ContinuityAuditing
Business ContinuityScenariosBCDR ModelHigh availability platformDatabase backup based solutionsDatabase replication based solutions
Business Continuity ProblemEnabling the application to continuously operate during unplanned and planned disruptive events
BCDR Tiered Model
B
Transactions per hour
Transactions per minute
Transactions per second
Point In Time Restore (“oops” recovery)
Geo-Restore (restore last daily backup to another region)
RTO<24h*, RPO<24h
RTO<24h*, RPO<24h
RTO<24h*, RPO<24h
Standard geo-replication (offline secondary, fixed DR pairing)
RTO<2h RPO<30m
RTO<2h RPO<30m
Active geo-replication (up to 4 online secondaries, configurable regions)
RTO<1h, RPO<5m
* Target only, actual time depends on the data size and scale of restores
Azure SQL Database
Geo-distributed service Customer metadata protection and recovery Transparent high availability and data protection from local platform failuresAutomatic geo-distributed backups Automatic data synchronization of geo-replicated databases Platform compliance testing and certificationAlerting impacted customers about their servers’ degradation during regional failures
Customer (subscription owner)
Detecting user errors and initiating point in time restorePlanning, database prioritization and region selection for disaster recoveryInitiating geo-restore to the selected regionInitiating failover of the geo-replicated databasesApplication DR drills
Roles and responsibilities
Reads are completed at the primary
Writes are replicated to secondaries
DB
Single LogicalDatabase
P
SS WriteWrite
AckAck
ReadValue WriteAck
P
S
S
S
P
High availability platform
• Critical capabilities:Create new
replicaSynchronize
data Stay consistentDetect failuresFail over99.99%
availability
Point In Time RestoreAutomatic BackupFull backups weekly, diff backup daily, log backups every 5 minDaily and weekly backups automatically uploaded to geo-redundant Azure Storage
Self-service restoreREST API, PowerShell or PortalCreates a new database in the same logical server
Tiered Retention PolicyBasic - 7 daysStandard - 14 daysPremium - 35 days
sabcp01bl21
sabcp02bl21
sabcp03bl21
Restore as a new
database from local backups
LS XYZ
Copy backups to Azure Storage
DB
DB1
RA-GRS
Backups
Backups
US East
US Westsabcp01bl21
sabcp02bl21 sabcp03bl2
1
LS ABC
Restore to any server
when needed
US West
DB
sabcp01bl21
sabcp02bl21 sabcp03bl2
1
LS XYZ
Automatic copies of
daily backups
DB
RA-GRSRA-GRS
Storage geo-replication
• Self-service restore API• Restores last daily backup• No extra cost, no capacity guarantee• RTO>=24h, RPO=24h• Database URL will change after restore
Geo-restore
East US
LS ABC
Failover and activation of secondary
(during incident)
West US
DB
LS XYZ
DB
Geo-replication
• RTO<2h, RPO<30m • REST and PowerShell API to opt-in and failover• Automatic data replication and synchronization• DMV+REST to monitor and guide failover decisions• Single offline secondary with matching performance level in the DR
paired region
North Central US
LS OPQ
DB
Standard geo-replication
Geo-replication
LS ABC
South Central US
West US
Failover and activation of secondary (any time)
East US
Geo-re
plicat
ion
DB1
LS XYZ LS OPQ
• RTO<1h, RPO<5m• REST and PowerShell API to opt-in and
failover• DMV+REST to monitor and guide failover
decisions• Automatic data replication and
synchronization• Up to 4 online secondary databases with
matching performance level in any region
DB1 DB1.old
North Central US
LS DFE
DB1
Geo-replic
ation
Geo-replication
DB1
Active Geo-replication
DEMO
Point in time restore and geo-replication
Auditing
Why Auditing?Regulatory compliance - A massive demand for cloud application to meet regulatory compliance recommended by regulating/auditing authorities (PCI-DSS, SOX,
HIPAA)Security incidents - DBAs and security officers wish to gain insight into discrepancies and anomalies that could indicate business concerns or suspected security violationsOperational Insights - Stakeholders are increasingly focusing on
understanding database activity
Auditing - Overview
Where to start?
Auditing - Overview
Retain Report Insights
New Auditing Feature in Azure SQL DBConfigurable to track & log database
activity
Dashboard views in the portal for at-a-glance insights
Interactive & customizable Power View and Power Pivot reports for deep analysis on Audit log data
Audit logs reside in your Azure Storage account
Available in Basic, Standard, and Premium
SQL Database
Auditing
Auditlog
Application data
Azure Storage
Setting up AuditingServer Default Per DB
Server
DB1
DB2
DB3
Combination of the two…
Azure Table
Default
Policy
*-------
*-------
*-------
*-------
Server
DB1
DB2
DB3
Azure Table
DB Policy
*-------
*-------
DB Policy
*-------
*-------
DB Policy
*-------
*-------
Demo
Azure SQL DB - Auditing
Related content
Find Me Later At. . . Wednesday, October 29 - 8:00 PM-11:00 PM
Country Drinks, Barceloneta Beach
Thursday, October 30 - 6:30 PM-8:00 PM
Ask the Experts, Hall 5
Related Sessions:DBI-B315: Microsoft Azure SQL Database Performance and Scale Out Deep Dive
Signup to Auditing Preview
Track resources
Get started with Auditing in Azure SQL DB
Auditing in Azure SQL Database
Download Excel Template
27 Hands on Labs + 8 Instructor Led Labs in Hall 7
DBI Track resources
Free SQL Server 2014 Technical Overview e-book
microsoft.com/sqlserver and Amazon Kindle StoreFree online training at Microsoft Virtual Academy
microsoftvirtualacademy.com Try new Azure data services previews!Azure Machine Learning, DocumentDB, and Stream Analytics
Resources
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
Developer Network
http://developer.microsoft.com
TechNet
Resources for IT Professionals
http://microsoft.com/technet
Sessions on Demand
http://channel9.msdn.com/Events/TechEd
Please Complete An Evaluation FormYour input is important!TechEd Schedule Builder CommNet station or PC
TechEd Mobile appPhone or Tablet
QR code
Evaluate this session
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.