Microsoft TechNet Academy

UPDATING YOUR SQL

y

QSERVER 2005 SKILLS TO SQL SERVER 2008SQL SERVER 2008

SQL Server 2008 Security Enhancements

• Encrypting Databases

• SQL Server Audit

Encrypting Databases

• Secure Data Scenarios

• Encryption in Previous Releases

• What Is Transparent Data Encryption?

• How to Encrypt a Database

• What Is Extensible Key Management?

Secure Data Scenarios

Defense in depth

Defense in depth

Even if attackers get through your firewall, they should have to get through line after line of defencepp line of defence

To ensure adequate disaster recovery, backups are often stored offsite. Sensitive data that is stored offsite must be

Remote backup storage

Remote backup storage protectedstoragestorage

Encrypt data transparently so that applications can work with encrypted data without modification

Transparent data

encryption

Transparent data

encryption without modificationencryptionencryption

Encryption in Previous Releases

• In SQL Server 2000 and earlier:

No encryption is provided

E ti t b ti l id d b Encryption must be entirely provided by applications

• In SQL Server 2005:

Encryption is included

Encryption and decryption must be performed by Transact-SQL statementsTransact SQL statements

There is increased application complexity over unencrypted data

What Is Transparent Data Encryption?

• Database-level encryption

• Encryption and decryption performed automatically by SQL ServerServer

• Transparent to users and applications

• Requires no additional code or functionality for an Requires no additional code or functionality for an application to use encrypted data:

The process of accessing encrypted data is identical to the process of accessing unencrypted datap ocess o access g u e c ypted data

How to Encrypt a Database

1. Create a master keyCREATE MASTER KEY ENCRYPTION BY PASSWORD = 'Pa$$w0rd'

2. Create a server-level certificateCREATE CERTIFICATE ServerCertificate WITH SUBJECT = 'Server level certificate'

3. Create a database encryption key by using the server certificate

USE AdventureWorksUSE AdventureWorksGOCREATE DATABASE ENCRYPTION KEYWITH ALGORITHM = AES_128

4. Alter the database and set the Encryption option to On

ENCRYPTION BY SERVER CERTIFICATE ServerCertificate

ALTER DATABASE Ad t W kALTER DATABASE AdventureWorksSET ENCRYPTION ON

What Is Extensible Key Management?

• External key management by third-party vendors

• Typically enterprise-wide

• Supports HSMs

Hardware-based key management

Ph i l ti f k d d tPhysical separation of keys and data

SQL Server Audit

• What Is SQL Server Audit?

• Scenarios for SQL Server Audit

• How to Create an Audit

• How to Create an Audit Specification

What Is SQL Server Audit?

• SQL Server Audit captures activity in the database server and stores it in a log

• Audit information can be stored in the following Audit information can be stored in the following destinations:

File

Windows Application log

Windows Security log

SQL Server Audit consists of an Audit object and an audit • SQL Server Audit consists of an Audit object and an audit specification

Scenarios for SQL Server Audit

• Increased security:

Monitor failed logon attempts

M it f l l tt t t h k f ti it t Monitor successful logon attempts to check for activity at unusual times of the day

• Regulatory compliance:

Log data changes and maintain a version history of data

Regulations may require you to keep all versions of a record

How to Create an Audit

• Use the CREATE SERVER AUDIT statement:

Specify the destination

CREATE SERVER AUDIT HIPAA_File_AuditTO FILE ( FILEPATH=’\\SQLPROD_1\Audit\’ )

CREATE SERVER AUDIT HIPAA AppLog AuditCREATE SERVER AUDIT HIPAA_AppLog_AuditTO APPLICATION_LOGWITH ( QUEUE_DELAY = 500, ON_FAILURE = SHUTDOWN)

How to Create an Audit Specification

• Server audit specification

CREATE SERVER AUDIT SPECIFICATION Failed Login SpecFailed_Login_SpecFOR SERVER AUDIT HIPAA_File_Audit

ADD (FAILED_LOGIN_GROUP)

• Database audit specification

CREATE DATABASE AUDIT SPECIFICATION Sales Audit SpecSales_Audit_SpecFOR SERVER AUDIT HIPAA_AppLog_Audit

ADD (DATABASE_OBJECT_CHANGE_GROUP),ADD (INSERT, UPDATE, DELETE

ON Schema::SalesBY SalesUser, SalesAdmin)

SQL Server 2008 Database Development Enhancements

• Developer Tool Enhancements

• Data Type Enhancements

• Working with Spatial Data

Developer Tool Enhancements

• IntelliSense in SQL Server Management Studio

• The Error List in SQL Server Management Studio

• Object Explorer Enhancements

IntelliSense in SQL Server Management Studio

• Similar to Microsoft Visual Studio IntelliSense functionality

• Complete Word feature

• Auto List feature

• Unavailable when:

There are code errors above

Inside comments

Inside string literalsInside string literals

The feature is switched off

The Error List in SQL Server Management Studio

• Similar to the Visual Studio Error List

• Displays errors and warnings during script editing

• Double-click an error to locate it in the script

Object Explorer Enhancements

• New configurable options on the shortcut menu:

Select Top x Rows

Edit T REdit Top y Rows

• Configuration options

Data Type Enhancements

• Date and Time Data Types

• The User-Defined Table Data Type

• The Hierarchyid Data Type

• FILESTREAM Data

Date and Time Data Types

Larger range and more accurate than datetime datetime2datetime2

Date portion of datetime2datedate

Time portion of datetime2timetime

datetime2 plus support for time zone offsetdatetimeoffsetdatetimeoffset datetime2 plus support for time-zone offsetdatetimeoffsetdatetimeoffset

DECLARE @newDateTime datetime2SET @ D t Ti SYSDATETIME()DECLARE @newDate dateSET @ D t SYSDATETIME()DECLARE @newTime time(3)SET @ Ti SYSDATETIME()DECLARE @newDateTime datetimeoffsetSET @ D t Ti SYSDATETIMEOFFSET()SET @newDateTime = SYSDATETIME()PRINT @newDateTime

-- OUTPUT-- 2008-02-24 20:50:46.7892464

SET @newDate = SYSDATETIME()PRINT @newDate

-- OUTPUT-- 2008-02-24

SET @newTime = SYSDATETIME()PRINT @newTime

-- OUTPUT-- 20:50:46.789

SET @newDateTime = SYSDATETIMEOFFSET()PRINT @newDateTime

-- OUTPUT-- 2008-01-24 20:50:46.7892464 -08:002008 02 24 20:50:46.78924642008 02 2420:50:46.7892008 01 24 20:50:46.7892464 08:00

The User-Defined Table Data Type

• A user-defined type that represents a table

• Use as parameters for stored procedures and functions and in place of table variables

CREATE TYPE ProductionHistory AS TABLE(TransactionID int,-- Remaining column definitions here

and in place of table variables

• Restrictions include:

You cannot use the user-defined table type as a column or a -- Remaining column definitions here)

CREATE PROCEDURE usp_ArchiveHistory@PH ProductionHistory

ypfield in a structured user-defined type

You cannot use the [NOT FOR REPLICATION] option in the definition

@PH ProductionHistoryAS -– Remaining SP definition here

DECLARE @PH AS ProductionHistory

You cannot specify a DEFAULT value in the definition

You cannot modify the table type definition after creation

INSERT INTO @PH –- Populate table here

EXEC usp_ArchiveHistory @PH;GOGO

The Hierarchyid Data Type• Use to represent the position of an item in a hierarchyUse to represent the position of an item in a hierarchy

• Members:

GetRoot—returns the root of the hierarchy

Get Level—returns an integer that represents the depth of the node

GetAncestor—returns the hierarchyid of the specified ancestor

GetDescendant—returns a child node of the specified nodeGetDescendant returns a child node of the specified node

Read—returns the binary representation of a node

Parse—converts the string representation of a hierarchyid to a hierarchyid valuehierarchyid value

Write—writes a binary representation of a node

GetReparentedValue—moves a node of a hierarchy to a new location in the hierarchy

CREATE TABLE OrgTable(OrgNode hierarchyid, EmpID int, EmpName varchar(50)

)

INSERT INTO OrgTableVALUES (hierarchyid::GetRoot(), 0, ‘Darren’)

DECLARE @NodeLevel hierarchyidSELECT @NodeLevel = OrgNode FROM OrgTable WHERE EmpName = ‘Darren’

DECLARE @Manager hierarchyid

INSERT INTO OrgTableVALUES (@NodeLevel.GetDescendant(@Manager, null), 1, ‘Dominic’)

SELECT OrgNode.ToString(), OrgNode, EmpID, EmpName

location in the hierarchy

)DECLARE @Manager hierarchyidSELECT @Manager = max(OrgNode) FROM OrgTable WHERE OrgNode.GetAncestor(1) = @NodeLevel

g g(), g , p , pFROM OrgTable

FILESTREAM Data

• Use to store unstructured data on the NTFS file system, but manage it by using SQL Server

• Data stored as BLOBs on the file systemData stored as BLOBs on the file system

• To store FILESTREAM data:

Enable the FILESTREAM

Create a FILESTREAM filegroup

Create a column of type varbinary(max) FILESTREAM

Use a unique identifier for the table

Use Transact-SQL or Win32 APIs to access FILESTREAM data

EXEC sp_configure filestream_access_level, 2RECONFIGURECREATE DATABASE Applicants ON PRIMARY(...),FILEGROUP FSGroup1 CONTAINS FILESTREAM(NAME=ApplicantsBLOBData, FILENAME=N‘C:\SQLData’)

CREATE TABLE ResumeData(ApplicantID int,Resume varbinary(max) FILESTREAM,

CREATE TABLE ResumeData(ApplicantID int,Resume varbinary(max) FILESTREAM,

INSERT INTO ResumeDataVALUES (1, CAST(‘Resume Text’ AS varbinary(max)), newid()( pp , \ Q )

LOG ON (...)

y( ) ,. . .)

y( ) ,ResumeID UNIQUEIDENTIFIER ROWGUIDCOL NOT NULL UNIQUE)

y)

Working with Spatial Data

• What Is Spatial Data?

• The Geometry and Geography Data Types

• How to Create Spatial Data Instances

• How to Perform Spatial Queries and Operations

• What Are Spatial Indexes?

• How to Create Spatial Indexes

What Is Spatial Data?

• Information about the location and shape of a geometric object:

Store locations

Sales regions

Customer sites

Area within a specific distance of a location

• Two types:

Planar (or Euclidean) data for coordinate points on a flat, bounded surface. Distances are measured directly between points

Geodetic (or ellipsoidal) data for latitude and longitude points on the surface of the Earth. Distances are measured taking into account the curvature of the ellipsoidal surface

The Geometry and Geography Data Types

SQL S t t ti l d t t• SQL Server supports two spatial data types:geometry for planar spatial data

geography for ellipsoidal spatial data

• Both data types:Are implemented as .NET Framework common language runtime types

Can store points, lines, and areas

Provide members to perform spatial operations

• Common uses:

geometry—localized geospatial datasuch as street maps

geography—locations on the Earth’ssurface and integration with geospatial systems

How to Create Spatial Data Instances

• To create a column to store spatial data:

Declare the column as either the geometry or geographytype

• To insert data into a geometry column:

Use geometry methods to convert a text string, a WKB d i ti GML t i t li ldescription, or GML to a point, line, or polygon

• To insert data into a geography column:

Use geography methods to convert latitude and longitude

INSERT INTO StoreVALUES (. . ., geometry::STPointFromText

INSERT INTO StoreVALUES (. . ., geography::STGeomFromText

CREATE TABLE Store(StoreID int IDENTITY PRIMARY KEY,

Use geography methods to convert latitude and longitude coordinates or a WKB description to a point, line, or polygon

('POINT(100 100)', 0)

INSERT INTO StoreVALUES (. . ., geometry::STPolyFromText('POLYGON((5 5 10 5 10 10 5 5))' 0)

('POINT(37.603926 -122.084552)', 4326))

INSERT INTO StoreVALUES (. . ., geography::STGeomFromWKB(0x0101000000EF535568206E4640DC4603780B5557C0

. . .StoreLocation geography)

CREATE TABLE Store(StoreID int IDENTITY PRIMARY KEY( POLYGON((5 5, 10 5, 10 10, 5 5)) , 0)(0x0101000000EF535568206E4640DC4603780B5557C0,

4326))(StoreID int IDENTITY PRIMARY KEY,. . .StoreLocation geometry)

How to Perform Spatial Queries and Operations

• STIntersection—creates a new instance from the intersection of two existing instances

• STIntersects—determines whether two instances STIntersects determines whether two instances intersect

• STDistance—determines the shortest distance between two pointstwo points

• STNumPoints—determines the number of points that constitute an instance

• STLength—determines the length of a line

• STSrid—sets or returns the SRID of the instanceDECLARE @NWRegion geometrySET @NWRegion = SELECT geo FROM Regions WHERE RegionID = 1SELECT @NWRegion.STArea()

What Are Spatial Indexes?

• Querying spatial data can take time and processing power

• Spatial indexes can help to improve performance

• A spatial index is defined by dividing an area into up to four grids and then indexing the cells in each grid that a spatial value touches

• For geography data, the spatial index maps the area onto a two-dimensional plane before the indexing process begins

• Spatial indexes require a primary key

How to Create Spatial Indexes

• Use the CREATE SPATIAL INDEX statement

• For geometry data, use the BOUNDING_BOX parameter

• For both spatial data types:

GRIDS specifies the density of each grid, with LOW being 4*4, MEDIUM being 8*8, and HIGH being 16*16

CELLS_PER_OBJECT specifies the maximum number of cells that can be used for a single object in the index

Other standard index options are available including

Create a spatial index on a geography column

Other standard index options are available, including PAD_INDEX and FILLFACTOR

Create a spatial index on a geometry column-- Create a spatial index on a geography columnCREATE SPATIAL INDEX SIndx_Store_StoreLocationON Stored(StoreLocation)WITH (GRIDS = (LEVEL_2 = HIGH, LEVEL_1 = MEDIUM),

CELLS_PER_OBJECT = 8192)

-- Create a spatial index on a geometry columnCREATE SPATIAL INDEX SIndx_Store_StoreLocationON Stored(StoreLocation)WITH (BOUNDING_BOX = (0, 0, 200, 500),

GRIDS = (LEVEL_2 = HIGH, LEVEL_1 = MEDIUM),_ _ )( _ , _ ),CELLS_PER_OBJECT = 8192)

SQL Server 2008 Availability Enhancements

• Always-on Technologies

• Transactional Peer-to-Peer Replication

Always-on Technologies

• What Is Hot Add CPU?

• Database Mirroring Performance Enhancements

• Automatic Page Recovery from Mirror Servers

• Clustering Enhancements

What Is Hot Add CPU?

• Add CPUs to supported systems while system is running:

No downtime

I d il bilitIncreased availability

Requires Windows Server 2008

Extends the hot add memory capabilities of SQL Server 2005Extends the hot add memory capabilities of SQL Server 2005

Database Mirroring Performance Enhancements

• Page-level mirroring:

If a page on the principal or mirror server is corrupt, it is automatically replaced with the corresponding copy on its partner

• Compressed data flow:

D t fl b t th i i l d i i Data flow between the principal and mirror server is now compressed to improve performance

• Manual failover:

Manual failovers no longer require a database restart

• Log performance:

Write-ahead on the incoming log stream on the mirror server

Improved use of log send buffers

Page read-ahead during the undo phase after a failover

Automatic Page Recovery from Mirror Servers

If th i i l i i t it i • If a page on the principal or mirror server is corrupt, it is automatically replaced with the corresponding copy on its partner

Clustering Enhancements

• SQL Server 2008 removes the requirement to have one drive letter for each SQL Server instance

• Windows Server 2008 provides enhanced clustering:Windows Server 2008 provides enhanced clustering:

Supports up to 16 nodes in a cluster

Supports clustering over multiple subnets

Supports OR dependencies:

• For example, by ensuring that the network name resource is available if either of two IP address resources is availableis available if either of two IP address resources is available

Is easier to set up and manage

Contains a cluster validation tool:

• Ensures hardware, software, and network compatibility

Transactional Peer-to-Peer Replication

• Configure Peer-to-Peer Topology Wizard

• Adding New Replication Nodes

• Automatic Conflict Detection

Configure Peer-to-Peer Topology Wizard

Simplifies the configuration of peer-to-peer replication

Adding New Replication Nodes

• Add nodes with the Configure Peer-To-Peer Topology Wizard

• Add nodes while keeping the replication process online:Add nodes while keeping the replication process online:

Improves availability

Automatic Conflict Detection

• Detects accidental conflicts when multiple replication nodes update the same row

• Prevents inconsistent data across nodesPrevents inconsistent data across nodes

• Treats a conflicting change as a critical error that causes the failure of the Distribution Agent

• Keeps the topology in an inconsistent state until the conflict is resolved

QUESTIONS?Q