Transcript Architecting Scalable, Flexible and Secure Database Systems
Architecting Scalable, Flexible and Secure Database Systems with SQL Server 2005 Dragoslav Ogar SC Akademija
Architectural Benefits
SQL Server 2005 provides all the "big company" benefits all the latest technology while minimizing total cost of ownership When you invent "the next big thing" your database systems can grow with your business without a total system rewrite don't re-architect when you outgrow hardware Scaling is incremental pay as you go
What features make this happen?
When can I use them?
Take Advantage When?
How much work to leverage the technology?
Upgrade Immediate
Security by Policy Secure Metadata Granular Permissions Support for Advanced OS/Hardware features Relational Engine Speed-ups Notification Services Integration
User/Schema Separation Cache Sync SQLCLR Procedures LOB Data Types T-SQL TRY/CATCH New T-SQL Statements Data Paging XML Processing Design and Architect
Service Broker Web Services Data Encryption and Key Management Execute Context for Procedures XML Type UDTs/UDAggregates
Improving Security and Scalability from Installation to Design Availability in Layers to allow re-architecting in stages
Start Small...
Web Server in DMZ Secure Connections
Secure By Default, now...
Scale Up?
Scale Out?
Caching?
More Data Formats?
More Robust?
Database Server Your Internal Network Secure Data And Metadata
Or Start Big...
Web Server
Secure By Default
Scale Up
Scale Out – Messaging Performance – Caching More Data Formats More Robust
New, Bigger Database Server Database Server
SQL Server 2005 supports advanced hardware and OS features
As You Grow
Secure By Default Scale Up
Scale Out – Messaging
Performance – Caching More Data Formats More Robust Order
Inv
Reliable transactional messaging with SQL Server Service Broker
Bill
As You Grow
Bill
Secure By Default Scale Up Scale Out – Messaging
Performance – Caching
More Data Formats More Robust Order
Inv
Master data management and better performance with Query Notifications
As You Grow
Bill
Secure By Default Scale Up Performance – Caching Scale Out – Messaging
More Data Formats
More Robust Order
Inv
Native XML storage Improved LOB types Custom data types and aggregates
As You Grow
Bill
Secure By Default Scale Up Performance – Caching Scale Out – Messaging More Data Formats
More Robust
Order
Inv BEGIN TRY ...
END TRY BEGIN CATCH ...
END CATCH
Exception Handling in Transact-SQL
Improved Security From the Ground Up
Security
SQL Server is part of the Trustworthy Computing initiative Whether your company is small, medium, or large, security is not optional Data is your company's view of "reality" You must be secure for accurate picture Database security consists of Security by design - integrated with policy Security by default Secure deployment and maintenance Secure communications and storage
Off by Default
SQL Server Surface Area Configuration
Secure Data & Metadata
User-schema separation - database objects need not be tied to users Fixes "user leaves company" problem Allows DBA to allow installation of packages with owners other than DBO Allows separation of database object owners even within a single database Secure Metadata You can only see what you can access Consolidation without seeing others' data All Permissions Grantable Granular permissions
Encryption and Privilege
Some industries require encryption Encryption keys securely stored in database Instance key protected by DPAPI Logins are always encrypted Procedures can be signed or run as certain accounts Principle of least privilege Original login always available for auditing Proxy accounts for SQL Agent jobs
Cryptography
Symmetric Key Encryption Encryption 1234-5678-1234-5678 0x0088840517080E4FA2… Decryption Asymmetric Key Encryption Encryption with public key 1234-5678-1234-5678 0x0088840517080E4FA2… Private Key Public Key Decryption with private key
SQL Server Encryption
Good Scenario:
Encrypting secrets during login Using asymmetric keys to generate session keys Using symmetric keys for data encryption Using SQL Server certificates from trusted sources Encrypting data as required by law
Bad Scenario:
Encrypting all network traffic inside an organization Using asymmetric keys for data encryption (slow) Using symmetric keys for main key distribution mechanism Using SQL Server as a certificate server Encrypting all data (SLOW, and data can't be used for indexes and joins)
Encapsulating Encryption
low-priv Credit View Has access to view Low-priv needs access to both keys Credit Card #
Execute As and Encryption
low-priv Credit View Has access to view Low-priv needs access to both keys Credit Card # low-priv Credit View Has access to view
Decrypt Helper
EXECUTE AS DBO Low-priv has no access to keys Credit Card #
Data Security
Defense in Depth
Using a layered approach: Increases an attacker’s risk of detection Reduces an attacker’s probability of success Data Application Host Internal Network Perimeter Physical Security Policies, Procedures, & Awareness Permissions, encryption, secure metadata Execute As, signed procs, schemas SQLOS/SQLCLR hardening SSL, session keys, cert security Firewalls, packet filters Guards, locks, tracking devices, HSM, tamper-evident labels Password policies, off by default
Summary: Security
Technology Off by Default & Password Policies Metadata security All permissions grantable User/Schema Separation Keys and Encryption Execution Context Signed Procs Improves
Greater security at install time Integrated Windows/SQL policies Less exposed surface area Permissions easier to manage No recoding when staff change Separate DBO and developers Compliance with privacy requirements Secure communications Principle of least privilege Auditability
When
Upgrade Immediate Upgrade Immediate Upgrade Immediate Minimal Work to Leverage Design And Architect
SQL Server 2005 Scales
With Hardware and Operating System With Database Features With Application Design
Scaling - Hardware Options
SQL Server optimized for hardware & OS Known as the "SQLOS" abstraction This enables better support on 64 bit architectures
Dual core support
Non-Uiform Memory Access (NUMA) systems Threads managed as tasks Enables SQL Server use of new OS features Windows Server 2003
Windows Server 2003 Enabled
Password policy check for SQL passwords Hot add memory Dynamic AWE Native 64 bit support SOAP support Instant file initialization 8 node SQL Server failover cluster
Scaling Data with Services
Functionality built-in to SQL Server Asynchronous Operations - Service Broker Cache coherency - Cache Sync Request-response - Web Services Service Programs can be T-SQL or SQLCLR
SQL Service Broker
Platform for building reliable, asynchronous, loosely coupled database applications Queues are database objects Input in one transaction/context, execute in a different one Queue locking reduces conflicts and deadlocks Locks are based on dialogs (point-to-point conversation) Dialogs give unprecedented message ordering Reliable, durable, sequenced communications session between services Ordering even across transactions New DDL and DML for messaging Use the same API’s and tools as vanilla SQL Activation - the right number of readers running To service the queues
Dialogs
Dialogs
provide two-way messaging between two services Dialogs offer: Guaranteed delivery Exactly-once delivery In-order delivery Secure communications Dialogs: May be long-lived (years) or short-lived (seconds) Are light-weight Are persistent sessions
Customer Service Travel Service
Dialog Database A Database B
Messaging with Service Broker
Inbound messages arrive on protocol pipe Message is: Authenticated Dispatched to appropriate queue Service Programs: Pick up work from queue Run in different context than incoming message May run inside or outside server May send additional messages
X System continues to run if service program or queue is unavailable!
Message Message
Service Broker
Query Notifications
Notify Caches When Master Data Changes built into SQL Server 2005 based on indexed view notifications built into ADO.NET
built into ASP.NET
automatic cache invalidation cache listeners can be scaled to multiple machines using SQL Express delivery via Service Broker Known as Cache Sync two lines of code
multiple granular replicas master data
CacheSync
Web Request Query Results Subscription
CacheSync
Web Request Subscription
CacheSync
UPDATE dbo.Products SET …
Subscription
CacheSync
Web Services and SQL Server
SQL Server 2005 can Be used for HTTP-based web services on any OS that supports HTTP in the kernel Execute any stored procedure and return results using SOAP packets Allow custom WSDL to support heterogeneous clients Use to wrap internal legacy systems asynchronous access Use SQL Express and Web Services as a network input to a Service Broker application
Summary: Scalability
Technology SQLOS Service Broker Messaging Cache Sync Web Services SQL Server Notification Services Improves
Advanced hardware support Advanced OS feature support Reliable system, even with partial outage Scalability - service based Large scale transaction messaging Load balance over machines and time Granular synchronization Master data management Two lines of ASP.NET code Heterogeneous integration Complement to Service Broker Pre-built architecture component Scales to larger number of events Useable over multiple machines
When
Upgrade Immediate Design and Architecture Minimal Work To Leverage Design and Architecture Upgrade Immediate
Storage Options Programming Options Deployment Options
Flexibility
IT Manager Dilemma
Computation & Framework access Relational data access
T-SQL CLR XML
Semi-structured data access
Storage Options Programming Options Deployment Options
Flexibility
Data Type Options
The relational data types serve enterprise applications well but...
There's always been a tension with large data In database or file systems?
XML becoming common for all industries In B2B, B2C, data exchange XML is a standard for data on the web To evolve and integrate your business(es) you may need to support XML Domain-specific types used by some industries
Data Type Enhancements
Relational is native for SQL Server Relational "open-schema" helped by PIVOT Assists sparse population & name-value pairs Hierarchical queries with common table expressions Large value type support is better MAX data types subsume TEXT and IMAGE XML is new built-in alternative Through XML data type and query Custom types and aggregates available Through SQLCLR UDT for custom scalars Through SQLCLR custom aggregates
Large Object Storage
New LOB support VARCHAR(MAX)/NVARCHAR(MAX), VARBINARY(MAX) work like (N)VARCHAR, VARBINARY support most T-SQL manipulation functions extended support for large data through extension methods (WRITE method) up to 2gb in size, extendable in future
XML Support
XML is a first class data type in SQL Server 2005 Native XML storage no need to store XML as TEXT no hassles integrating with XML on file system document-centric or data-centric XML XML Schema support validation on input and update schema collections support schema versioning Native XQuery query in place - no need to retrieve over network XML Indexes XML processing uses same query processor as SQL
XML Data Type & Schema
XML Query
XQuery is the standard language for XML and databases Implemented with XML data type methods exist(), value(), query() operate on XML nodes() produces rowsets from XML modify() changes XML in place Uses XPath for data selection Can be used with T-SQL sql:variable and sql:column available in XQuery Can be combined with fulltext search
Scenario for XML Development
Good Scenario: Data is semi-structured, small core of fixed data with many, sparsely populated extended attributes Multi-value Property bags Complex Property bags “WordXML” Fixed data can be stored as relational columns Documents are large but rarely updated Indexing will pay off Data is hierarchical path expressions are well suited for finding data Bad Scenario: “Database in a Cell” Documents are large and updated frequently Document update contention is likely Data is fully structured & populated schema candidate for conversion to relational Data contains large binary objects (2GB limitation)
Improved Support for...
Model Schema Query
SQL
Extension
T-SQL SQLCLR Hierarchical
SQL
Semi Or Markup Unstructured XML MAX Datatypes UDT XML Schema
IFilter
Custom XQuery FullText
FullText
SQL PIVOT T-SQL SQLCLR Custom Methods
Summary: Data Types
Technology XML Support SQL Enhancements New LOBs User-Defined Types and Aggregates Improves
Semi-structured data mgmt Markup language document mgmt Validation/integration of XML and SQL XML Indexes can improve performance Support for hierarchical data Open schema processing Sparse attribute data models In-database aggregation Data just over the VARCHAR limit Programming with large data Buffer management for large rows Domain-specific data management Domain-specific formulas Inter-database interoperability
When
Design and Architect Upgrade Immediate Minimal Work to Leverage Design and Architect
Data Type Options Programming Options Deployment Options
Flexibility
T-SQL and SQLCLR
SQL is the language of relational database Procedural code can be T-SQL Native usage of logic with SQL statements Built into SQL Server since its inception Continuing enhancements with each release SQLCLR .NET framework code running in SQL Server Enhances and compliments T-SQL Not a replacement for T-SQL or set based operations
T-SQL Enhancements
T-SQL is the language of 99% of pre-SQL Server 2005 procedural code Procedural enhancements Robust structured error handling comes to T-SQL Output clause in SQL SQL enhancements Standard hierarchical recursive queries Better support for sparse attributes (PIVOT) Ranking, Row Numbering functions INTERSECT and EXCEPT Others
T-SQL Enhancements
Programmability
.NET Integration Key Differences CLR Runs in SQL Server Process Space: SQL Server manages memory access etc Calls to SQL never Cross the Process Boundary Assemblies Stored in SQL Server, not the file system All CLR Objects get included in: Backups Replication Mirroring Clustering Security Integration of SQL and CLR security Three levels of code access security Safe, External-Access (verifiable), Unsafe
SQLCLR and SQLOS
SQL Server 2005 Engine
Integrated Resource Management built-in, not grafted on Applications SQLCLR CLR Hosting Transact-SQL
SQLOS - System Services Diverse Hardware /Windows Operating Systems
Assemblies stored in the database, not the file system
Summary: Programmability
Technology T-SQL Enhancements SQLCLR Procedures Improves
More robust error handling Row numbering and ranking in DB Using large rowsets without cursors Logic intensive procedures Complex mathematics Functions that are .NET built-ins
When
Minimal Work to Leverage Design and Architect
Data Type Options Programming Options Deployment Options
Flexibility
Deployment Options
There's always been a choice between in database and middle tier/client logic Sometimes the topology changes over time Machine power vs machine numbers Network bandwidth Smart client Programming toolkits may facilitate moving processing around (more agile system) T-SQL usually best in DB .NET code can move from DB <-> middle tier XML can be processed in either tier too
Flexible Deployment with SQLCLR code
Prod_Sched
run in middle tier to ease pressure on database
Prod_Sched
...or run in database for locality of data and logic
Summary
More secure by default Better security integration with policies Secure code, data, metadata More scalable Scale up with SQLOS Scale out with Service Orientation in design More data models Relational, XML, Large Data, Custom Types More robust query models Procedural alternatives
Architectural Enhancements
Technology Security Service Broker XML Support SQLCLR Procedures T-SQL Enhancements Improves
Integrated, built-in security policy Secure data and metadata Enables principle of least privilege Queues and dialogs with transactional consistency The way to build scalable, resilient large-scale systems Storage, schema, query, indexing Business data and documents Native Web Service support Logic intensive service programs Adjunct to Transact-SQL Data access language of SQL Server Robust exception handling
When
Upgrade Immediate Design and Architect Design and Architect Design and Architect Minimum Work to Leverage
Take Advantage When?
How much work to leverage the technology?
Upgrade Immediate
Security by Policy Secure Metadata Granular Permissions Support for Advanced OS/Hardware features Relational Engine Speed-ups
User/Schema Separation Query Notifications SQLCLR Procedures LOB Data Types T-SQL TRY/CATCH New T-SQL Statements Data Paging XML Processing Design and Architect
Service Broker Web Services Data Encryption and Key Management Execute Context for Procedures XML Type UDTs/UDAggregates
Improving Security and Scalability from Installation to Design Availability in Layers to allow re-architecting in stages