Auditing and Azure Automation with Azure SQL Database. Sanjay Nagamangalam Principal Group Program Manager, SQL Server

Transcription

1 Learn. Connect. Explore.

2 Auditing and Azure Automation with Azure SQL Database Sanjay Nagamangalam Principal Group Program Manager, SQL Server

3 Session Objectives And Takeaways We ll cover two topics in this session Part 1: Auditing in Azure SQL Database Gain insight into database events and streamline compliance-related tasks Tracking and logging database activity Part 2: Windows Azure Automation Use cases and scenarios for Windows Azure Automation Your SQL Agent in the cloud for Azure SQL Database

4 SQL Database Auditing - Overview Why Auditing? Regulatory compliance Security incidents Operational Insights A massive demand for cloud application to meet regulatory compliance recommended by regulating/auditing authorities (PCI- DSS, SOX, HIPAA) DBAs and security officers wish to gain insight into discrepancies and anomalies that could indicate business concerns or suspected security violations Stakeholders are increasingly focusing on understanding database activity

5 SQL Database Auditing - Overview Where to start?

6 SQL Database Setting up Auditing Server Default Per Database Combination of the two

7 SQL Database Auditing in Azure SQL Database Azure SQL Database now has Auditing PREVIEW Available in Basic, Standard, and Premium Configurable Auditing policy and Azure storage. At-a-glance Audit insights in the portal Interactive, customizable and deep analysis with Power View and Power Pivot reports Audit logs reside in your Azure Storage account SQL Database Auditing Application data Audit log Azure Storage Gain insight into database events and streamline compliance-related tasks

8 Demo Auditing in Azure SQL Database

9 Windows Azure Automation Process automation that simplifies cloud management Integration Integrate into existing systems with PowerShell integration modules Build additional PS modules to enable integrating into other systems Orchestration Accelerate time to value with flexible process workflows Improve service reliability across multiple tools, systems, and department silos Automation Enable service owners to focus on work that adds business value Reduce error-prone manual activities while lowering costs

10 Azure Automation Capabilities Runbook Authoring in Azure: Create runbooks to automate all aspects of cloud operations, from deployment, monitoring, and optimizations Highly Available Engine: Support requirements for scale and H/A. Built on PowerShell Workflow. Isolation for runbook jobs Integration into other systems: Import PS modules and create additional modules and runbooks for Azure services or to connect into 3 rd party systems Azure Automation Monitoring Systems Change Control Systems Anything

11 Built on PowerShell Workflow PowerShell Workflow Use Windows PowerShell syntax Multi-device management Running a single task to manage complex, end-toend processes Automated failure recovery Connection and activity retries PowerShell Workflow Centralized store Credentials / certificates Global variable Global connection for runbooks Modules Runbooks (draft / published versioning) Scheduling Centralized store Microsoft Azure Automation Highly Available Runbook servers to process jobs Odata Web service to submit / retrieve status SQL Server clustering / always on Highly Available Historical Analysis Historical view of runbook jobs Reporting through Excel PowerPivot for ROI View runbook used for all jobs Historical Analysis

12 Typical Azure Automation Scenarios Patch Azure IaaS VMs without downtime, leveraging Traffic manager. Enable regeneration of storage account keys while avoiding downtime in the application. SQL Backup on a schedule. Backup and restore IaaS VMs. Change Control & Provisioning Deploy a VM on an Azure / On- Premise cloud and enable monitoring for the VM. Deploy a new service to Azure and configure the end points for CPU and Memory alerts. Deploy application from Git, run validation tests, and swap to production if tests pass. Monitor SharePoint online for an approval to update a service and update the service once approved. Alert on a VM then turn on tracing, collect logs, upload to Azure Storage and make available in Visual Studio for troubleshooting. Monitor for when a new service gets created, and configure it for the right tracing / backup policy. Notify users of a subscription who have underutilized VMs and perform remediation.

13 Demo Use Windows Azure Automation with Azure SQL Database

14 In Review Azure SQL Database now has Auditing PREVIEW Gain insight into database events and streamline compliance-related tasks Available for Basic, Standard and Premium databases Windows Azure Automation Integrates into Azure services and external systems Implement your tasks using PowerShell workflow Your SQL Agent in the cloud for Azure SQL Database

15 References Related references for you to expand your knowledge on the subject Get started with Auditing in Azure SQL Database Get started with Windows Azure Automation technet.microsoft.com/en-in Channel9 Videos (4 videos): Azure SQL Database for Business-Critical Cloud Applications aka.ms/mva msdn.microsoft.com/

16 < QR Code will be given a week before Tech Ed > Tell us what you think Scan the QR code to evaluate this session.

17 Follow us online Facebook facebook.com/microsoftdeveloper.india Twitter twitter.com/msdevindia

18