* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download PowerPointova predstavitev
Survey
Document related concepts
Data vault modeling wikipedia , lookup
Entity–attribute–value model wikipedia , lookup
Business intelligence wikipedia , lookup
Expense and cost recovery system (ECRS) wikipedia , lookup
Tandem Computers wikipedia , lookup
Concurrency control wikipedia , lookup
Versant Object Database wikipedia , lookup
Microsoft Access wikipedia , lookup
Database model wikipedia , lookup
Clusterpoint wikipedia , lookup
Relational model wikipedia , lookup
Open Database Connectivity wikipedia , lookup
Transcript
Seminar Windows Azure Bootcamp za razvijalce Rok Bermež, Kompas Xnet Nivo 300 SQL Azure • • • Nivo 300 Azure…Where’s my stuff? • Local Storage • Unstructured • Blob Storage • Tables • Queues • (NOT relational) BUT we want RELATIONAL! Hello SQL Azure… Nivo 300 History of SQL Server Departmental Server Local Server Enterprise Server Cloud Server Nivo 300 A Server is not a Machine Nivo 300 How it Works Applications Tools ODBC ADO.NET TDS SQL Azure Server Connection Routing Billing Provisioning SQL Server SQL Server SQL Server SQL Azure Fabric SQL Azure Fabric SQL Azure Fabric Server Server Server Nivo 300 Set up a server... • Browse to http://windows.azure.com Nivo 300 SQL Azure Firewall Internet IP Address-based access control for SQL Azure • No IP authorized by default Configurable using the SQL Azure Portal Option to disable/enable access from applications hosted in Windows Azure Nivo 300 Set up a SQL Azure Server demo Nivo 300 Management Portal for SQL Azure • Replaces Database Manager for SQL Azure • Two Workspaces: • Database Schema • Create/Alter/Update tables, views, stored procedures. • Query Editor for Working with T-SQL Queries • Database Lifecycle • Create and Drop databases • Extract data-tier applications from existing SQL Server databases • Deploy DAC packages Nivo 300 Nivo 300 Connecting with SSMS Nivo 300 Create SQL Azure database demo Nivo 300 Considerations... Application connectivity Compatibility Migration Administration & Security Price, Size and Edition Code Near vs. Code Far vs. Hybrid Partitioning, Sharding and Federation Backup and Replication SQL Server Reporting Services Nivo 300 Connecting to SQL Azure • SQL Azure connection strings follow normal SQL syntax • Applications connect directly to a database • “Initial Catalog = <db>” in connection string • No support for context switching (no USE <db>) • Some commands must be in their own batch • Create/Alter/Drop Database & Create/Alter/Drop Login, & Create/Alter USER with FOR/FROM LOGIN • Encryption security • Set Encrypt = True, only SSL connections are supported • TrustServerCertificate = False, avoid Man-In-The-Middle-Attack! • Format of username for authentication: • ADO.Net: Data Source=server.database.windows.net; User ID=user@server;Password=password;... • Setup your firewall rules first! Nivo 300 SQL Azure Compatibility Currently Supported Not Currently Supported Tables, indexes and views Stored Procedures Triggers Constraints Table variables, session temp tables (#t) • Spatial types, HierarchyId • Data Types • • • • • • Sparse Columns, Filestream • Partitions • Full-text indexes • SQL-CLR Tables require clustered indexes Nivo 300 SQL Azure Security Traditional SQL Server vs SQL Azure • • • • • • SQL (native) and Windows Integrated authentication Authorization based on database users and roles Server roles such as serveradmin, securityadmin and dbcreator Access via TDS + SSL on port TCP 1433 Firewall and IP blocking using host firewall Support for native encryption (TDE) • • • • • • SQL (native) authentication only, no Windows authentication Authorization based on database users and roles Adds login manager and dbmanager roles in Master DB to simulate relevant server roles Access via TDS + SSL on port TCP 1433 Native SQL Azure firewall for IP blocking No native encryption support Nivo 300 SQL Azure Security Authentication and Authorization Model Used to authenticate access at the server level SQL Server Logins Database Users Database Roles Used to grant access at the database level Used to group users and grant access at the database level Nivo 300 Authorization, Auditing and Encryption Support • Database-level permission model in SQL Azure is same as on-premise SQL Server • Logins associated to users in databases • Users may be part of one or more database roles • Permissions granted to roles or directly to users • Auditing is not supported in the current version of SQL Azure • No native encryption support (TDE) yet • Azure requires SSL encryption and offers optional certificate validation connection string • Encrypt=True;TrustServerCertificate=Fals Nivo 300 Migration Options • Generate Script Wizard • Produce a SQL script compatible with SQL Azure, Schema and/or data • SQL Server Migration Assistants (downloadable) Schema LOGICAL Tables, Views, Constraints, SProcs, UDFs, PHYSICAL Users, Logins, Indexes Future - DAC Deployment Profile Deployment Requirements, Management Policies, Failover Policies • Import/Export • DAC export and import operations to copy databases between SQL Azure servers, or to migrate databases between SQL Server an SQL Azure. Nivo 300 Unit of Deployment • MySQL, Oracle, Access, SQL Server... • Data-tier Application Component (DAC) • New unit of deployment for T-SQL apps. • Supports Install, Uninstall • Supports DAC features in SQL Server 2012 More Migration Options • SSIS • Migrates data, not schema • Be careful of SQL Azure throttling • BCP • Migrates data, not schema • Can be slow • SQLAzureMW • Useful for catching unsupported features in SQL Azure • Moves data efficiently • Unofficially supported Nivo 300 Migration Demo Using DAC demo Nivo 300 Security Model Uses regular SQL security model Authenticate logins, map to users and roles Authorize users and roles to SQL objects Support for standard SQL Auth logins Username + password Security model is compatible with on-premise SQL Nivo 300 Size Matters Nivo 300 Pricing Database Size Price Per Database Per Month 0 to 100 MB $4.995 > 100 MB to 1 GB $9.99 > 1 GB to 10 GB $9.99 for the first GB, $3.996 for each additional GB > 10 GB to 50 GB $45.954 for the first 10 GB; $1.998 for each additional GB > 50 GB to 150 GB $125.874 for first 50 GB; $0.999 for each additional GB Data transfer at standard rates North America and Europe: $0.12 Asia Pacific: $0.19 Nivo 300 Scale-out with SQL Azure Today Elastic Provisioning of Databases CREATE DATABASE and go No VMs, no servers Pay-as-you-go business model Don’t need it --- DROP it Zero Physical Administration Built-in High Availability, patching, maintenance Database Copy, SQL Azure Data Sync Nivo 300 Backups • Database Copy • Enzo Backup for SQL Azure • Red-Gate Nivo 300 Database Copy • Makes a transactional copy of your database to a database with a new name on the same server, or to another server • No downtime on the source database • Transactional equivalent at the END of the copy • Only works within the same datacenter • Must have matching credentials on the servers • Must have db_owner on source and dbmanager on destination Nivo 300 Database Copy CREATE DATABASE destination_database_name AS COPY OF [source_server_name.]source_database_name To See progress: SELECT * FROM sys.dm_database_copies Nivo 300 Enzo Backup for SQL Azure • • • • • • • • • Backup SQL Azure Restore to SQL Azure or on-premise Schedule backup jobs Backup single schema Restore specific tables Run backup entirely in cloud using cloud agent Backup are transactionally consistent Uses Blobs http://www.bluesyntax.net/backup.aspx Nivo 300 Red-Gate • Backup and Copy a SQL Azure database to Azure Blob or SQL Server • Automate and schedule Azure backups via stand-alone .exe Nivo 300 Backup Demo demo Nivo 300 Connection management Dead Lock Lost Connection / timeouts SQL Azure Throttling Engine DB Quota – oversize Idle connections – connection pool Transaction timeout – 24h DoS attacks Failover Nivo 300 Retry Logic SELECT null try {} catch {} Windows Azure CAT – Transient Retry Logic ITransientErrorDetectionStrategy Code or app/web.config IEnumerable vs. ICollection Nivo 300 Summary SQL Azure IS SQL Server…a TDS endpoint Create DB’s and manage using what we already know Data Migration strategies to fit specific needs Considerations and futures paint exciting picture of what to expect looking forward Nivo 300 Windows Azure Services - Nivo 300 Motivating Challenges • How do you integrate with components outside your corporate network? • How do you expose your software to users outside of your organization? • Can they use their existing identities? Social identities? • What about smaller, non-enterprise customers? • How do you reduce latency and increase performance? • <the list goes on…> Nivo 300 Windows Azure Services • Comprehensive building block services for developing, deploying, and managing applications • Higher level Platform-as-a-Service (PaaS) capabilities • Increase developer productivity • Bridge existing applications to the cloud Windows Azure Services Caching Service Bus Access Control Integration Applications (WF, WCF) Nivo 300 Identity in the Cloud is Hard Outside of identity domains Too many islands of identity Current technology hard or not interoperable Managing 3rd party accounts in your system is risky Nivo 300 Three geeks walk into a bar… Nivo 300 What is Access Control? • Used to authenticate and authorize users • Integration Single Sign On and centralized authorization into your web applications • Standards-based identity providers • Enterprise directories (e.g. Active Directory Federation Server v2.0) • Web identities (e.g. Windows Live ID, Google, Yahoo!, and Facebook) Nivo 300 Access Control Website Sequence Browser Identity Provider Access Control Application Nivo 300 Access Control Features • Integrates with Windows Identity Foundation and tooling • Claims-based access control • Support for OAuth WRAP, OAuth 2.0, WS-Trust, and WS-Federation protocols • Support for the SAML 1.1, SAML 2.0, and Simple Web Token formats • Integrated and customizable Home Realm Discovery • OData-based Management Service to ACS configuration Nivo 300 ACS Demo demo Nivo 300 Service Bus • Interconnect services across networks • Naming and Discovery • Connectivity w/ NAT and Firewall Traversal • Access Control Integrated Authorization • Cloud-Based Message-Oriented Middleware • Next Generation Message Queue Technology • Rich Publish/Subscribe with Filtering • Transaction Integration Nivo 300 What is the Caching service? • A distributed, in-memory cache for applications running in Windows Azure • Simple administration; end-user doesn’t bother with configuration, deployment, or management • Provides a scalable solution with low latency and high throughput • Based on Windows Server AppFabric Caching Nivo 300 Latency Pyramid Memory Network Disk Nivo 300 Caching Features • ASP.NET providers for session state and page output caching • Cache any managed object • 8MB object size limits • No serialization costs for local caching • Easily integrates into existing applications • Secured by Access Control Nivo 300 Caching demo demo Nivo 300 Diagnostics and Service Management - Nivo 300 How do you do diagnostics today? How do you manage your applications and services today? Nivo 300 Challenges with diagnostics in the cloud Many instances They move around Massive amount of data Can’t remote desktop in to 10 machines at once without going bezerk Users move across instances Try tracing a user session across those... Nivo 300 The Diag engine brings all of the sources together for you. Enable it by adding the diagnostics import MonAgentHost.exe started on each instance Listener wired up in app/web.config Need to define a storage account connection string Add perf counters, logs, ... in diagnostics.wadcfg Nivo 300 How does it work (in a nutshell)? Role Instance Role Instance Starts Diagnostic Monitor Starts** Monitor is configured Imperatively at Start time Remotely any time Monitor buffers data locally User can set a quota (FIFO) User initiates transfer to storage Scheduled Role Diagnostic Monitor Local directory storage Nivo 300 Diagnostics sources Data Source Default Destination Trace Logs Enabled Azure Table Diagnostic Infrastructure Logs Enabled Azure Table IIS Logs Enabled Blob Performance Counters Disabled Azure Table Windows Event Logs Disabled Azure Table IIS Failed Request Logs Disabled Blob Crash Dumps Disabled Blob Arbitrary Files Disabled Blob Nivo 300 The Escape Hatch Allows you to collect any file that is in a defined directory Can be used for: If you’re using another logging framework Collecting custom audit files Any source of data Usage data for billing Nivo 300 Loading the Diagnostic Agent The agent is loaded as an Azure module in the ServiceDefinition.csdef Nivo 300 Loading the Diagnostic Agent The module expects a connection string named: A production connection string must be HTTPS. Tip: put diagnostics in a separate account to mitigate throttling Nivo 300 Write to Trace Output Nivo 300 Common Patterns Get Config From default Current running Make a change to the config Start the Diag agent with new config Nivo 300 Changing Config Can change from within the instance Affects only that instance Then start the agent immediately Can change from outside for all roles Change the central file Agent notices a change and reloads Affects all instances of that role Nivo 300 Remote Configuration Poll Interval Role Instance Role Diagnostic Monitor Local directory storage Nivo 300 Get the Current Configuration Nivo 300 Make changes to the config Nivo 300 Commit the change Nivo 300 Sample Results Nivo 300 Log Filters Does not filter data collected Only filters what is transferred transferOptions.LogLevelFilter = LogLevel.Error; Nivo 300 Visualizing the data Nivo 300 Visualizing the data Nivo 300 Visualizing the data Nivo 300 Schedule Transfers Each source is assigned its own schedule Data is transferred at the right time Set interval to 0 to disable transfer Nivo 300 On Demand Transfers Handy for responding to events Handled like an external config change Requests are handled asynchronously Returns a request id when submitted Can report success to a queue Nivo 300 Service Management API Allows us to do almost anything the portal can do Nivo 300 API Authentication All API calls must be signed with a registered administrative certificate Nivo 300 Deploying Services • Delete/Create Deployment • Visual Studio does this. • VIP will change • Service Model Updates don’t matter • VIP Swap • Bring up another environment in Staging and swap • Only Input Endpoints (external ports) matter • In-Place Upgrade • Rolling upgrade across roles • Slightly more restrictive on changes (capacity / availability limited). • Web Deploy* Nivo 300 Deployment Options Summary Changes Permitted In-Place Update VIP Swap Delete & ReDeploy? OS Version Yes Yes Yes .NET trust level Yes Yes Yes VM Size Yes Yes Yes Yes Yes Warning: Changing VM size will destroy local data. Requires SDK 1.5 or later. Local storage settings Yes Increase only. Requires SDK 1.5 or later. Add or remove roles in service Yes Yes Yes Number of instances of a role Yes Yes Yes Number or type of endpoints for a service Yes No Yes Warning: Availability may be temporarily lost as endpoints are updated. Requires SDK 1.5 or later. Names & values of configuration settings Yes Yes Yes Values (not names) of configuration settings Yes Yes Yes Add new certificates Yes Yes Yes Change existing certificates Yes Yes Yes Deploy new code Yes Yes Yes Nivo 300 Configuring VS2010 Nivo 300 Deployment Environments • Two Environments to choose from • Nearly Identical… • <servicename>.cloudapp.net • <deploymentID>.cloudapp.net • VIP Swap between them Nivo 300 If the cube is Gray, You’re OK. If the cube is Blue, a bill is due. Even when you ‘suspend’ your service, you will still be charged. Suspend only disables inbound traffic. The code is actually still running. Nivo 300 Worried about leaving something running? Download the Grey Box Application GreyBox.CodePlex.com Open source, originally written by Strategic Data Systems and Mike Wood Reminds you if you have apps running, and helps you stop them Avoids overrun of MSDN allocation Nivo 300 Grey Box Nivo 300 MOCP will notify you MOCP will send an email to the Live ID of the subscriber when compute reaches: 75% 100% 125% Only works for committed hours, not for pay as you grow hours Nivo 300 VIP Swap Upgrades Swap Virtual IPs between the two slots Production becomes Staging Staging becomes Production Instances are not affected DNS and LB remains intact Happens very fast Can only use when the service model hasn’t changed Nivo 300 VIP Swap Worker Role Load Balancer: Prod Stage Worker Role VM VM VM VM Nivo 300 In-Place Upgrades Rolling upgrades are IT Nirvana Difficult to do in traditional IT Leverages Upgrade Domains Service model must be identical (ie. No new roles, no changes in .csdef, etc.) For Each Upgrade Domain Stop instances Update Start instances Nivo 300 In Place Upgrade Load Balancer: #1 #2 Worker Role Worker Role #1 #2 Nivo 300 Fault and Upgrade Domains • Fault Domains • Represent groups of resources anticipated to fail together • i.e. Same rack, same server • Fabric spreads instances across fault domains • Default of 2 • Upgrade Domains • Represents groups of resources that will be upgraded together • Specified by upgradeDomainCount in ServiceDefinition • Default of 5 • Fabric splits Upgrade Domains across Fault Domains and Across Roles Nivo 300 Upgrade Domains Defined in .csdef Instances evenly distributed Isolated Hardware Isolated Hardware Isolated Hardware Upgrade Domain 1 Role A Instance 1 Role B Instance 2 Role C Instance 3 Upgrade Domain 2 Role B Instance 1 Role C Instance 2 Role A Instance 3 Upgrade Domain 3 Role C Instance 1 Role A Instance 2 Role B Instance 3 Fault Domain 1 Fault Domain 2 Fault Domain 3 Nivo 300 How? Can be done via portal or the management API Upgrade Mode: Automatic or Manual Manual waits for human intervention to confirm upgrade is ok before proceeding Nivo 300 Changing Configuration Change any setting in .cscfg Change the number of instances running Three approaches: Edit on portal Upload new file in portal Upload new file with management API By default, changing the number of instances does not affect running instances. Any other config restarts the instances. Nivo 300 Deployment and Management Tools Visual Studio* CSManage.exe Windows Azure MMC Windows Azure Service Management (WASM) cmdlets SCOM 3rd Party tools Nivo 300 Windows Azure Service Set of PowerShell cmdlets Wraps management REST API and diagnostics API Enables building of sophisticated deployment scripts Works with the rest of the .NET CLR Nivo 300 Windows Azure MMC MMC Snapin providing graphical view of services, diagnostics, and storage Built on top of WASM Cmdlets Plugin-based, extensible Remotely configure diagnostics Download and view diagnostics Nivo 300 Monitoring Windows Azure Diagnostics (Cerebrata.com) System Center Monitoring Pack for Windows Azure Applications Monitors Health, Scales, and more http://www.microsoft.com/download/en/details.aspx?displaylang= en&id=11324 Nivo 300 Autoscaling Windows Azure does not autoscale What is ‘busy’ for your app is different than someone else Windows Azure gives you the tools Not an easy problem to crack Define inputs Define rules to determine busy or stagnant state Make adjustments Don’t run amok, put a human in somewhere Nivo 300 WASABi Windows Azure Autoscaling Application Block Part of Enterprise Library Scales based on a variety of reactive rules http://blogs.msdn.com/b/agile/archive/2011/09/12/annou ncing-windows-azure-autoscaling-block-preview.aspx http://entlib.codeplex.com/wikipage?title=WASABiBetaRel easeNotes&referringTitle=EntLib5Azure Nivo 300 VPRAŠANJA? Po zaključku predavanja, prosimo, izpolnite vprašalnik. Vprašalniki bodo poslani na vaš e-naslov, dostopni pa bodo tudi preko profila na spletnem portalu konference www.ntk.si. Najlepša hvala! Nivo 300