20
PARTIALLY CONTAINED DATABASES Steve Verschaeve

Partially Contained Databases

Tags:

Embed Size (px)

DESCRIPTION

Speaker: Steve VerschaeveDownload SQL Server 2012: http://www.microsoft.com/sqlserver/en/us/get-sql-server/try-it.aspx

Citation preview

Page 1: Partially Contained Databases

PARTIALLY CONTAINED DATABASES

Steve Verschaeve

Page 2: Partially Contained Databases

ABOUT ME

• Sr. SQL Server Consultant at KOHERA• Webmaster & board member at SQLUG.BE• Co-organiser at SQLServerDays.be• Microsoft Extended Expert Team member• MCP, MCTS, MCITP, MCT• [email protected]• Blog.steveverschaeve.be• @sql_lazywriter

mailto:[email protected]
Page 3: Partially Contained Databases

AGENDA

• What is a (partially) contained database• Features within/outside Application Model• Authentication• Collation• Identifying database containment• Threats against partially contained databases• Demos• Resources• Q&A

Page 4: Partially Contained Databases

WHAT IS A (PARTIALLY) CONTAINED DATABASE

• Scenario: Deploy to production; HA & DR

DB DB

Instance A Instance B

Backup/Copy/Restore

LoginsLinked ServersAgent jobs…

?

Page 5: Partially Contained Databases

WHAT IS A (PARTIALLY) CONTAINED DATABASE

• Improved dependency management• Include all settings + metadata• No login authentication at database engine level• Isolated from the database engine• Improved transition between environments

• Not yet fully contained• Moving to SQL Azure• Fully contained• Uncontained features disabled

by default

• All SQL Server editions

Page 6: Partially Contained Databases

FEATURES WITHIN/OUTSIDE APPLICATION MODEL

Within the Application Model [1]Contained

Outside the Application Model [2]Non-Contained

System Viewssys.indexes, sys.types, …

Catalog Viewssys.servers, sys.server_role_members…

Data TypesAll data types excluding CLR data types

T-SQLBackup, Restore, Set Ansi_Nulls, …

Dynamic Management Viewssys.dm_db_uncontained_entities

Built-in Functions@@servername, loginproperty, …

T-SQLHaving, Rollback Transaction, …

System Functionssys.fn_get_sql, sys.fn_cdc_get_min_lsn, ...

Built-in Functions@@rowcount, Getdate, IsNull, …

OtherLinked servers, Full-Text Search, Synonyms, …

System Stored Proceduressp_helptext, sp_columns, sp_addrole, …

Replication, Change data capture, Change tracking

DBCC StatementsCHECKDB, SHOW_STATISTICS, …

http://msdn.microsoft.com/en-us/library/ff929188(v=sql.110).aspx
http://msdn.microsoft.com/en-us/library/ff929118(v=sql.110).aspx
Page 7: Partially Contained Databases

ENABLE PARTIALLY CONTAINED DATABASES

• Instance level

EXEC sys.sp_configure N’contained database authentication’,N’1’;GO

• Database level

CREATE DATABASE [PartialCDB] CONTAINMENT = PARTIAL [NONE];GO

• New syntax

ALTER DATABASE CURRENT ...

Page 8: Partially Contained Databases

DEMO

Enable & Convert non-contained DB to Partial-CDB

Page 9: Partially Contained Databases

AUTHENTICATION

• Contained users connect without server level authenticating• Contained SQL User with password syntax

CREATE USER Giselle WITH PASSWORD = ‘xyz’;GO

• Multiple users with same name for different databases• Normal users tied to login coexist with

contained users in same database [1]

http://blogs.msdn.com/b/sqlsecurity/archive/2010/12/08/contained-database-authentication-in-depth.aspx
Page 10: Partially Contained Databases

DEMO

• Authentication

Page 11: Partially Contained Databases

COLLATION

• Two types of collation: DATABASE_DEFAULT & CATALOG_DEFAULT• New catalog collation Latin1_General_100_CI_AS_WS_KS• Syntax

CREATE TABLE T1 (Name nvarchar(max) COLLATE CATALOG_DEFAULT);GO

• Same collation for all contained databases and instances• Cannot be changed

Page 12: Partially Contained Databases

COLLATION

Item Non-Contained Database Contained Database

User data (default)

DATABASE_DEFAULT DATABASE_DEFAULT

Temp Data (default)

TempDB Collation DATABASE_DEFAULT

Metadata DATABASE_DEFAULT / CATALOG_DEFAULT CATALOG_DEFAULT

Temp Metadata TempDB Collation CATALOG_DEFAULT

Variables Instance Collation CATALOG_DEFAULT

Goto Labels Instance Collation CATALOG_DEFAULT

Cursor Names Instance Collation CATALOG_DEFAULT

Page 13: Partially Contained Databases

DEMO

• Collation

Page 14: Partially Contained Databases

IDENTIFYING DATABASE CONTAINMENT

• Sys.dm_db_uncontained_entities• View• Potentially uncontained entities• Static

• Cdb_uncontained_usage • Extended Event• When uncontained entity is detected and identified at run time• Dynamic

Page 15: Partially Contained Databases

DEMO

• Sys.dm_db_uncontained_entities• Cdb_uncontained_usage

Page 16: Partially Contained Databases

THREATS AGAINST PART. CONTAINED DATABASES

• Who can change containment settings• Users in a converted DB can create new users with password• Prevent a DB from being contained• Prevent connections from users with passwords• No rechecked passwords• Users with password cannot use Kerberos authentication• Offline dictionary attack• Auto_Close database property

http://specialops.sqlpass.org

Page 17: Partially Contained Databases

RESOURCES

• SQL Server v.Next(Denali): Contained Databases (Aaron Bertrand)• SQL Server 2012: Sometimes Partial Is Preferable (Denny Ch

erry)• Partially Contained Databases (TechNet)• SQL Server 2012 Partially Contained Databases (Steve Versc

haeve)• Contained Database Authentication in depth (Lyudmila Fokin

a)

http://sqlblog.com/blogs/aaron_bertrand/archive/2010/11/16/sql-server-v-next-denali-contained-databases.aspx
http://sqlblog.com/blogs/aaron_bertrand/archive/2010/11/16/sql-server-v-next-denali-contained-databases.aspx
http://technet.microsoft.com/en-us/magazine/hh534404.aspx
http://technet.microsoft.com/en-us/magazine/hh534404.aspx
http://technet.microsoft.com/en-us/library/ff929071(SQL.110).aspx
http://blog.steveverschaeve.be/2012/01/25/partially-contained-database-part-1-setup/
http://blog.steveverschaeve.be/2012/01/25/partially-contained-database-part-1-setup/
http://blogs.msdn.com/b/sqlsecurity/archive/2010/12/08/contained-database-authentication-in-depth.aspx
http://blogs.msdn.com/b/sqlsecurity/archive/2010/12/08/contained-database-authentication-in-depth.aspx
Page 18: Partially Contained Databases

Q&A

Page 19: Partially Contained Databases

THANK [email protected]@sql_lazywriter

mailto:[email protected]
Page 20: Partially Contained Databases

© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after

the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.


Partially Contained Atmospheric Neutrino Analysis Andy Blake Cambridge University March 2004

Partially Contained Atmospheric Neutrino Analysis Andy Blake Cambridge University March 2004

Documents
CSCC43H: Introduction to Databases Lecture 8aboulsaadat.com/wael/teaching/c43/lectures/lec8... · Lecture 8 Wael Aboulsaadat Acknowledgment: these slides are partially based on Prof

CSCC43H: Introduction to Databases Lecture 8aboulsaadat.com/wael/teaching/c43/lectures/lec8... · Lecture 8 Wael Aboulsaadat Acknowledgment: these slides are partially based on Prof

Documents
NoSQL: Graph Databases. Databases Why NoSQL Databases?

NoSQL: Graph Databases. Databases Why NoSQL Databases?

Documents
Partially Contained Atmospheric Neutrino Analysis

Partially Contained Atmospheric Neutrino Analysis

Documents
PARTIALLY COHERENT PHOTON BEAMS FROM Partially Coherent … · 2019. 3. 29. · 1 Partially Coherent Light Beams from Storage Ring Undulators PARTIALLY COHERENT PHOTON BEAMS FROM

PARTIALLY COHERENT PHOTON BEAMS FROM Partially Coherent … · 2019. 3. 29. · 1 Partially Coherent Light Beams from Storage Ring Undulators PARTIALLY COHERENT PHOTON BEAMS FROM

Documents
Chapter 1: Study Area Description · Ecoregional Assessment (WBEA) area. The assessment name is derived from the largest ecoregion of the four that are wholly or partially contained

Chapter 1: Study Area Description · Ecoregional Assessment (WBEA) area. The assessment name is derived from the largest ecoregion of the four that are wholly or partially contained

Documents
SCHEDA TECNICA / DATA SHEET Code 80100 · No pictures contained in this catalogue can be reproduced, even partially. The Company reserves the right to change technical and aesthetical

SCHEDA TECNICA / DATA SHEET Code 80100 · No pictures contained in this catalogue can be reproduced, even partially. The Company reserves the right to change technical and aesthetical

Documents
Process Safety Management - Chemical Processing€¦ · Material contained in this publica-tion is in the public domain and may be reproduced, fully or partially, without permission

Process Safety Management - Chemical Processing€¦ · Material contained in this publica-tion is in the public domain and may be reproduced, fully or partially, without permission

Documents
Partially Subsidised Device Schedule - Hearing …hearingservices.gov.au/hsoViewWEB/file/partially...Partially Subsidised Device Schedule Manufacturer Device Code Device Type Model

Partially Subsidised Device Schedule - Hearing …hearingservices.gov.au/hsoViewWEB/file/partially...Partially Subsidised Device Schedule Manufacturer Device Code Device Type Model

Documents
How to Take Advantage of Contained Databases in SQL Server 2012 Steve Jones SQLServerCentral Red Gate Software

How to Take Advantage of Contained Databases in SQL Server 2012 Steve Jones SQLServerCentral Red Gate Software

Documents
SCOPe: Structural Classification of Proteins—extended ... · The ASTRAL compendium (5–7) is a collection of software and databases, partially derived from SCOP, that aid research

SCOPe: Structural Classification of Proteins—extended ... · The ASTRAL compendium (5–7) is a collection of software and databases, partially derived from SCOP, that aid research

Documents
Text Databases. Outline Spatial Databases Temporal Databases Spatio-temporal Databases Data Mining Multimedia Databases Text databases Image and video

Text Databases. Outline Spatial Databases Temporal Databases Spatio-temporal Databases Data Mining Multimedia Databases Text databases Image and video

Documents
* Partially sponsored by IARPA SPAR * Partially sponsored by DARPA PROCEED

* Partially sponsored by IARPA SPAR * Partially sponsored by DARPA PROCEED

Documents
An introduction to database systemstailieudientu.lrc.tnu.edu.vn/Upload/Collection/brief/...databases, and object-relational databases together provide an exceptionally clear, self-contained

An introduction to database systemstailieudientu.lrc.tnu.edu.vn/Upload/Collection/brief/...databases, and object-relational databases together provide an exceptionally clear, self-contained

Documents
Part 1 - Web viewThe information contained in this CHA references information contained in government heritage databases and similar sources and is, to the best knowledge of Benchmark

Part 1 - Web viewThe information contained in this CHA references information contained in government heritage databases and similar sources and is, to the best knowledge of Benchmark

Documents
Databases and types of databases

Databases and types of databases

Technology
Evolving Business Intelligence Using Column Store Databases · 2017-01-02 · cv The Information Contained In This Presentation Is Confidential And Proprietary To MicroStrategy. The

Evolving Business Intelligence Using Column Store Databases · 2017-01-02 · cv The Information Contained In This Presentation Is Confidential And Proprietary To MicroStrategy. The

Documents
Proto BioCompiler Jacob Beal October, 2011 Work partially sponsored by DARPA; the views and conclusions contained in this document are those of the authors

Proto BioCompiler Jacob Beal October, 2011 Work partially sponsored by DARPA; the views and conclusions contained in this document are those of the authors

Documents
Understanding and Selecting a Database Assessment Solution...Assessing databases is a very different challenge than OS and network level scans. This is due partially to the complexity

Understanding and Selecting a Database Assessment Solution...Assessing databases is a very different challenge than OS and network level scans. This is due partially to the complexity

Documents
HP Photosmart R707 Digital Camera with HP Instant Share · The information contained in this document is subject to change without notice. ... camera, it will be partially charged,

HP Photosmart R707 Digital Camera with HP Instant Share · The information contained in this document is subject to change without notice. ... camera, it will be partially charged,

Documents
[Dean Vitner] SQL Server “Denali” Contained Databases

[Dean Vitner] SQL Server “Denali” Contained Databases

Documents
Online Databases for Academic Libraries EBSCO Publishing Academic Databases Business Databases Medical Databases Linking Services VISUAL SEARCH

Online Databases for Academic Libraries EBSCO Publishing Academic Databases Business Databases Medical Databases Linking Services VISUAL SEARCH

Documents
Partially Exempt Industries

Partially Exempt Industries

Health & Medicine
Partially Contained Atmospheric Neutrino Analysis Andy Blake + John Chapman Cambridge University January 2004

Partially Contained Atmospheric Neutrino Analysis Andy Blake + John Chapman Cambridge University January 2004

Documents
Properties of Partially Stabilized Zirconia … OF PARTIALLY STABILIZED ZIRCONIA COMPONENTS ... a sintering study ... Properties of Partially Stabilized Zirconia Components Fabricated

Properties of Partially Stabilized Zirconia … OF PARTIALLY STABILIZED ZIRCONIA COMPONENTS ... a sintering study ... Properties of Partially Stabilized Zirconia Components Fabricated

Documents
Validation and Improvement of Heat and Mass Transfer …ia-e.org/images/proceedings_pdf/IAE1116440.pdf · When water contained in a coffee bean is allowed to evaporate partially,

Validation and Improvement of Heat and Mass Transfer …ia-e.org/images/proceedings_pdf/IAE1116440.pdf · When water contained in a coffee bean is allowed to evaporate partially,

Documents
Invited Review Mammalian spermatogenesis investigated by ... · spermatogenesis was partially recovered and about one third of the tubules contained elongated spermatids and even

Invited Review Mammalian spermatogenesis investigated by ... · spermatogenesis was partially recovered and about one third of the tubules contained elongated spermatids and even

Documents
Archetypoid analysis for sports analytics · Archetypoid analysis for sports analytics ... This work has been partially supported by Grant DPI2013-47279-C2-1-R. The databases and

Archetypoid analysis for sports analytics · Archetypoid analysis for sports analytics ... This work has been partially supported by Grant DPI2013-47279-C2-1-R. The databases and

Documents
BUILDING THE CHECKERS 10-PIECE ENDGAME - … · BUILDING THE CHECKERS 10-PIECE ENDGAME DATABASES ... that 6-piece chess endgame databases are ... The databases contained secrets that

BUILDING THE CHECKERS 10-PIECE ENDGAME - … · BUILDING THE CHECKERS 10-PIECE ENDGAME DATABASES ... that 6-piece chess endgame databases are ... The databases contained secrets that

Documents
Indexing Time Series. Outline Spatial Databases Temporal Databases Spatio-temporal Databases Multimedia Databases Time Series databases Text databases

Indexing Time Series. Outline Spatial Databases Temporal Databases Spatio-temporal Databases Multimedia Databases Time Series databases Text databases

Documents