Download Make it real with Always Encrypted, Stretch Database and Temporal

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
Document related concepts
no text concepts found
Transcript 
[email protected]
[email protected]
[email protected]
Ever-growing databases
Existing solutions
• Massive tables (hundreds of
• Keep adding storage and
millions/billions of rows, TBs size)
• Users want to keep all their data and
datacenter capacity
•
use it too
• Closed business (cold) data accessed
infrequently but must be online
• Maintenance challenges (e.g. re-index)
• Business SLAs at risk (e.g. restore time)
Does not solve maintenance
and SLA issues (unless you put cold data
in SSDs)
• Move data to another location –
database, flat-files, backups, tapes
•
Data is near-line or offline
• Delete older data
•
Unknown if data is valuable
•
Unacceptable or illegal in some
organizations/industries
Stretch Database
Microsoft Azure
Mike Wan
ox7ff654ae6d
Stretch cold data securely from SQL
Server databases to Azure with remote
query processing
•
3/18/2005
•
Order history
Name
•
Stretch to Azure
SSN
Steve Karimi
Date
Customer data
cm61ba906fd
2/28/2005
Mike Wan
ox7ff654ae6d
Product data
3/18/2005
Sapna Matuszyk
SQL Mojoe
i2y36cg776rg
4/10/2005
Order History
nx290pldo90l
4/27/2005
Blazej Zwilling
ypo85ba616rj
5/12/2005
Cheng Jeswani
bns51ra806fd
5/22/2005
Nikhat Lindell
mci12hh906fj
6/07/2005

•
Query
App
•
Cost effective online cold data
Data is online and accessible from
existing applications
Generally no application code
changes
Addresses hard problems arising
from very large tables
Secure by default, optionally
additional security with Always
Encrypted and Row Level Security
Protects the highly sensitive data in-use
from high privileged SQL users.
Client side
encryption
Queries on
Encrypted Data
Application
Transparency
Client-side encryption of
sensitive data using keys that
are never given to the
database system.
Support for equality
comparison, incl. join, group
by and distinct operators.
Minimal application changes
via server and client library
enhancements.
Status: Generally Available
Tooling available across SSMS, SSDT (new), PowerShell (new)
Help protect data at rest and in motion, on-premises & cloud
Encrypted sensitive data and corresponding keys
are never seen in plaintext in SQL Server
SQL Server or SQL Database
Client
"SELECT Name FROM Customers WHERE SSN = @SSN",
0x7ff654ae6d
"SELECT Name FROM Customers WHERE SSN = @SSN",
"111-22-3333"
Result Set
ciphertext
ADO .NET
Result Set
Name
Name
Wayne Jefferson
0x19ca706fbd9a
dbo.Customers
trust boundary
Name
SSN
Country
0x19ca706fbd9a
0x7ff654ae6d
USA
ciphertext
Data Audit
Time Travel
Slowly Changing
Dimensions
Row-level error
correction
temporal table (current data)
history table
* Old versions
Insert / Bulk Insert
Update */ Delete */Merge*
SELECT * FROM Patients
FOR SYSTEM_TIME
AS OF '2010.01.01' WHERE PatientId = @pID
Keep data forever, offload to Azure, protect data
everywhere, query across transparently!
@pID=‘1000001'
Protect sensitive data
Automatically track data
Transparently ARCHIVE to Azure
EVERYWHERE with Always
HISTORY with Temporal Tables
with Stretch Database
Encrypted
@pID=‘1000001'
@pName=0x7ff654ae6d
@pID=‘1000001'
@pName=0x7ff654ae6d
@pID=‘1000001'
@pName=0x7ff654ae6d
Always Encrypted
Secure sensitive
data with end-toend encryption
Key resides with
application only
Temporal Table
Enable automatic
history
management and
time travel query
capabilities
Stretch Database
Move cold data
from history table
to Azure for easier
administration and
lower TCO
patientId
Name
Room
Wing
startDate
endDate
1000001
Mugunthan Zwilling
101
1
2014-12-17
2015-03-
1000002
Mike Karimi
102
3
2015-01-08
2015-05-
1000003
Mojo JoeJoe
203
2
2015-01-08
2015-01-
1000004
Brian Ullal
132
2
2015-02-01
2015-04-
1000005
Prasad Matuszyk
130
2
2015-02-01
2015-04-
1000006
Sapna Cunningham
301
3
2014-01-31
2014-02-
1000007
Steve Gianforcaro
178
2
2015-02-01
2015-04-
1000008
Blazej Jeswani
302
2
2014-12-29
2015-04-
1000009
Marina Lindell
439
2
2014-10-01
2015-01-
1000010
Cheng Allen
381
3
2014-11-06
2015-05-
1000011
Nikhat Polischuk
702
3
2014-10-13
2015-01-
1000012
Conor Wan
618
1
2014-10-01
2015-01-
1000013
Lindsey Mugundan
861
2
2014-12-14
2015-03-
……
patientId
Name
Room
Wing
startDate
patientId
endDate
Wing
startDate
endDate
0x0104670DA0D57B5E8DEE8462BC67981C284E7ADBBEAC145AFEF4D3F80B6C 101
BFBE395E9802959DAF4F4088EAB75A40DFFD4CBAA2A815E72D0D07F34CB859
C6E8A02A29938CA77A69F3706D563A2DBA3979C8ABE292C62EDCF800F80BA
13CB3019508
1
2014-12-17
2015-03-26
1200002
0x017E1A2A847402C382C7EED557DE212BD59F784C7EF5744B222466E18DF12 102
F7E018948D2B4345C7087698E3CD423EF3AED85B3FE14356D16601E80F4F9C6
700B6425E7035F9EA9FE1DD68E603798D0BFA8
3
2015-01-08
2015-05-27
1200003
0x01944F6D1414899CBDE300D9CE22B9894057A30F2224540E9558D39F863E7 203
0C65E4E512DEFC6C38E47C6915477E2C0F2CD8D01A3975DB81A8EBE72A7BDF
3E8A90C7E2B0EA42057CCCCDAA2C1550115AE90
2
2015-01-08
2015-01-15
1200004
0x01E2044EFEE762EDD0D0F60450495FABF548128A5ECA257C631DF4ECAE665 132
BF00BC98BB189A74FE837231040955E41F78EE54C3D63AAF6099D633E97C76A
F8717D52F6463FB751C14EA2AC139FE51ECE32
2
2015-02-01
2015-04-01
1200005
0x01A559C12CF8B98EF8B5C50A5B02A7E8287066B68696AD520ABD44B7DA20 130
E727AD1ACCA4528E197E7C23CCEDD96337B420FFF18374095FF2BBBB23B6FA
721C8DC3043D30A164D767A52C1574A770EA2EC2
2
2015-02-01
2015-04-01
1200006
0x0104670DA0D57B5E8DEE8462BC67981C284E7ADBBEAC145AFEF4D3F80B6C 101
BFBE395E9802959DAF4F4088EAB75A40DFFD4CBAA2A815E72D0D07F34CB859
C6E8A02A29938CA77A69F3706D563A2DBA3979C8ABE292C62EDCF800F80BA
13CB3019508
1
2014-12-17
2015-03-26
0x017E1A2A847402C382C7EED557DE212BD59F784C7EF5744B222466E18DF12 102
F7E018948D2B4345C7087698E3CD423EF3AED85B3FE14356D16601E80F4F9C6
700B6425E7035F9EA9FE1DD68E603798D0BFA8
3
2015-01-08
2015-05-27
0x01944F6D1414899CBDE300D9CE22B9894057A30F2224540E9558D39F863E7 203
0C65E4E512DEFC6C38E47C6915477E2C0F2CD8D01A3975DB81A8EBE72A7BDF
3E8A90C7E2B0EA42057CCCCDAA2C1550115AE90
2
2015-01-08
2015-01-15
1200009
0x01E2044EFEE762EDD0D0F60450495FABF548128A5ECA257C631DF4ECAE665 132
BF00BC98BB189A74FE837231040955E41F78EE54C3D63AAF6099D633E97C76A
F8717D52F6463FB751C14EA2AC139FE51ECE32
2
2015-02-01
2015-04-01
1200010
0x01A559C12CF8B98EF8B5C50A5B02A7E8287066B68696AD520ABD44B7DA20 130
E727AD1ACCA4528E197E7C23CCEDD96337B420FFF18374095FF2BBBB23B6FA
721C8DC3043D30A164D767A52C1574A770EA2EC2
2
2015-02-01
2015-04-01
1200011
0x0104670DA0D57B5E8DEE8462BC67981C284E7ADBBEAC145AFEF4D3F80B6C 101
BFBE395E9802959DAF4F4088EAB75A40DFFD4CBAA2A815E72D0D07F34CB859
C6E8A02A29938CA77A69F3706D563A2DBA3979C8ABE292C62EDCF800F80BA
13CB3019508
1
2014-12-17
2015-03-26
1200012
0x017E1A2A847402C382C7EED557DE212BD59F784C7EF5744B222466E18DF12 102
F7E018948D2B4345C7087698E3CD423EF3AED85B3FE14356D16601E80F4F9C6
700B6425E7035F9EA9FE1DD68E603798D0BFA8
3
2015-01-08
2015-05-27
1200013
0x01944F6D1414899CBDE300D9CE22B9894057A30F2224540E9558D39F863E7 203
0C65E4E512DEFC6C38E47C6915477E2C0F2CD8D01A3975DB81A8EBE72A7BDF
3E8A90C7E2B0EA42057CCCCDAA2C1550115AE90
2
2015-01-08
2015-01-15
1200014
0x01E2044EFEE762EDD0D0F60450495FABF548128A5ECA257C631DF4ECAE665 132
BF00BC98BB189A74FE837231040955E41F78EE54C3D63AAF6099D633E97C76A
F8717D52F6463FB751C14EA2AC139FE51ECE32
2
2015-02-01
2015-04-01
1200001
1000001
1000002
1000003
1000004
1000005
0x0104670DA0D57B5E8DEE8462BC67981C284E7ADB
BEAC145AFEF4D3F80B6CBFBE395E9802959DAF4F408
8EAB75A40DFFD4CBAA2A815E72D0D07F34CB859C6
E8A02A29938CA77A69F3706D563A2DBA3979C8ABE
292C62EDCF800F80BA13CB3019508
101
0x017E1A2A847402C382C7EED557DE212BD59F784C
7EF5744B222466E18DF12F7E018948D2B4345C70876
98E3CD423EF3AED85B3FE14356D16601E80F4F9C670
0B6425E7035F9EA9FE1DD68E603798D0BFA8
102
0x01944F6D1414899CBDE300D9CE22B9894057A30F
2224540E9558D39F863E70C65E4E512DEFC6C38E47C
6915477E2C0F2CD8D01A3975DB81A8EBE72A7BDF3E
8A90C7E2B0EA42057CCCCDAA2C1550115AE90
203
0x01E2044EFEE762EDD0D0F60450495FABF548128A5
ECA257C631DF4ECAE665BF00BC98BB189A74FE8372
31040955E41F78EE54C3D63AAF6099D633E97C76AF8
717D52F6463FB751C14EA2AC139FE51ECE32
132
0x01A559C12CF8B98EF8B5C50A5B02A7E8287066B68
696AD520ABD44B7DA20E727AD1ACCA4528E197E7C
23CCEDD96337B420FFF18374095FF2BBBB23B6FA721
C8DC3043D30A164D767A52C1574A770EA2EC2
130
1
3
2
2
2014-12-17
2015-01-08
2015-01-08
2015-02-01
2015-03-26
2015-05-27
2015-01-15
2015-04-01
1200007
1200008
2
2015-02-01
2015-04-01
….
Name
Room
Stretch Database @ MSDN
Always Encrypted @ MSDN
Getting Started with Temporal Tables
[email protected]
[email protected]
[email protected]
www.microsoft.com/itprocareercenter
www.microsoft.com/itprocloudessentials
www.microsoft.com/mechanics
https://techcommunity.microsoft.com
http://myignite.microsoft.com
https://aka.ms/ignite.mobileapp
Related documents