CSE 136 Lecture 2   Database design steps for the enterprise     Logical Design Overview     Physical Design     Logic...
Database Design Step  ER Model                       Using MS SQL 2008
Logical Design Overview 1
Logical Design Overview 2
Logical Design Overview 3
Logical Design Overview 4
Physical Design
Conceptual Modeling - generalization
Conceptual Modeling -relationships connectivity
Model to SQL schema   Data Definition Language   Why use data definition language?     Multiple database designers modi...
Model to SQL 1
Model to SQL 2
Enrollment example
Enrollment example
SQL Security   Secure Configuration   Authentication     login/password   Authorization     What  you can access     ...
SQL Security - Secure Configuration   Physically secure the server behind firewall   Enable only the minimum network pro...
SQL Security - Authentication   Use simple connection strings containing user names    and passwords during development  ...
SQL Security - Authorization   After authentication, what can you access?   Depends on your roles (owner, admin,    oper...
SQL Security - Principal   Windows-level principals       Domain, local, group   SQL Server-level principals       SQL...
SQL Security - Securables
SQL Security – Dynamical SQL   Execute(@sql)     @sql      is a dynamically generate SQL statement         @sql = ‘sele...
SQL Security – Encryption   Built-in SQL encryption methods:     EncryptByPassPhrase(),   DecryptByPassPhrase()     Enc...
Review question   Difference between db logic design and    physical design?   Difference between deny vs revoke?   Can...
Break time
Enterprise DB – availability & load   Availability = (Total Units of Time – Downtime) /    Total Units of Time     8,760...
Enterprise DB - architecture   Clustering   Log shipping   Mirroring   Snapshot replication   Merge replication   Pe...
Enterprise DB - clustering
Enterprise DB - log shipping
Enterprise DB - mirroring
Enterprise DB – snapshot replication
Enterprise DB – merge replication
Enterprise DB – peer-to-peer
DB Architecture comparison
Enterprise DB – cluster & mirror
Enterprise DB – cluster & log-shipping
Enterprise DB – cluster & replication
DB for Continuous Integration   Database needs to be built locally     For individual C# developers coding locally     ...
Review question   Difference between fail-over and load    balance?   What are the pros and cons of clustering?   What ...
Demo   SQL Mixed mode   Create SQL user   Show Day 2 tutorial   Run .cmd to generate db
Assignment   Due Day 4     Create   a database in SQL 2008     Create a database diagram     Create SQL Stored Procedu...
References   Database Modeling and Design   Pro SQL Server 2008 Failover Clustering
Upcoming SlideShare
Loading in …5
×

Day2

295 views
212 views

Published on

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
295
On SlideShare
0
From Embeds
0
Number of Embeds
12
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Day2

  1. 1. CSE 136 Lecture 2 Database design steps for the enterprise  Logical Design Overview  Physical Design  Logical design in detail  Conceptual Modeling  Model to Schema Database Security Enterprise Database Environment Continuous Integration DB – build DB project
  2. 2. Database Design Step ER Model Using MS SQL 2008
  3. 3. Logical Design Overview 1
  4. 4. Logical Design Overview 2
  5. 5. Logical Design Overview 3
  6. 6. Logical Design Overview 4
  7. 7. Physical Design
  8. 8. Conceptual Modeling - generalization
  9. 9. Conceptual Modeling -relationships connectivity
  10. 10. Model to SQL schema Data Definition Language Why use data definition language?  Multiple database designers modifying DDL  Version Control  Build the database script from scratch (for unit testing) Examples  Create table  Alter table  Drop table  Create/drop view
  11. 11. Model to SQL 1
  12. 12. Model to SQL 2
  13. 13. Enrollment example
  14. 14. Enrollment example
  15. 15. SQL Security Secure Configuration Authentication  login/password Authorization  What you can access after you login Data Encryption  Protectingsensitive data from internal and external hackers
  16. 16. SQL Security - Secure Configuration Physically secure the server behind firewall Enable only the minimum network protocols required Use Windows Update to apply patches Surface Area Configuration - turn off default SQL features  CLR Integration  Database mirroring  Debugging  Service broker  E-Mail functions
  17. 17. SQL Security - Authentication Use simple connection strings containing user names and passwords during development  Create SQL user for test-user (shows password in web.config & app.config) Use windows authentication in production with more security SQL 2008 uses encryption of the channel by default (avoid data sniffing) Windows Group Policy  password complexity  password history  password age expiration  lockout after failed attempts
  18. 18. SQL Security - Authorization After authentication, what can you access? Depends on your roles (owner, admin, operator, reader, etc) Principal  Anyindividual, group, or process that can request access to a protected resource Securable  object that you can secured by granting or denying of permissions
  19. 19. SQL Security - Principal Windows-level principals  Domain, local, group SQL Server-level principals  SQL login  login mapped to a windows login  login mapped to a certificate  login mapped to a asymmetric key Database-level principals  Database user  user mapped to SQL server login  user mapped to windows login, certificate, asymmetric key  Database role  Application role  etc...
  20. 20. SQL Security - Securables
  21. 21. SQL Security – Dynamical SQL Execute(@sql)  @sql is a dynamically generate SQL statement  @sql = ‘select * from course where name = ‘’‘ + @search + ‘’’’  Open for SQL injection attack  @search = ‘cse’’’; delete from users‘ Use sp_executesql (@sql, @search_text)
  22. 22. SQL Security – Encryption Built-in SQL encryption methods:  EncryptByPassPhrase(), DecryptByPassPhrase()  EncryptByCertificate(), DecryptByCertificate() Encryption side-effects:  Storage(encrypted values are larger size)  Performance  Create Index on encrypted data  Create Index on hash value
  23. 23. Review question Difference between db logic design and physical design? Difference between deny vs revoke? Can you think of a generalization scenario for your project? How many entities will you have in your db design? Can you identify where you would need indexes in your db? What db objects would you want to provide more security in your db design?
  24. 24. Break time
  25. 25. Enterprise DB – availability & load Availability = (Total Units of Time – Downtime) / Total Units of Time  8,760 hours (365 days 24 hours) in a calendar year  100 hours of downtime during the year  (8760 – 100) / 8,760 (98.9% uptime) Fail-over  When one db fails, another becomes active DB Load Balance  Distribute data across different servers (multiple active databases)
  26. 26. Enterprise DB - architecture Clustering Log shipping Mirroring Snapshot replication Merge replication Peer-to-peer replication (transactional) Combinations  Cluster & mirror  Cluster & log-shipping  Cluster & replication
  27. 27. Enterprise DB - clustering
  28. 28. Enterprise DB - log shipping
  29. 29. Enterprise DB - mirroring
  30. 30. Enterprise DB – snapshot replication
  31. 31. Enterprise DB – merge replication
  32. 32. Enterprise DB – peer-to-peer
  33. 33. DB Architecture comparison
  34. 34. Enterprise DB – cluster & mirror
  35. 35. Enterprise DB – cluster & log-shipping
  36. 36. Enterprise DB – cluster & replication
  37. 37. DB for Continuous Integration Database needs to be built locally  For individual C# developers coding locally  For running unit tests locally  Database code needs to be in the source control (version control)  Nightly builds on the server Solution:  Database Solution in VS 2010 (cse 136)  Database build script (*.sql)  Command shell (CreateDB.cmd)
  38. 38. Review question Difference between fail-over and load balance? What are the pros and cons of clustering? What scenario would you recommend logging shipping instead of mirroring? What scenario would you recommend mirroring instead of replication?
  39. 39. Demo SQL Mixed mode Create SQL user Show Day 2 tutorial Run .cmd to generate db
  40. 40. Assignment Due Day 4  Create a database in SQL 2008  Create a database diagram  Create SQL Stored Procedures based on your activity diagram(s) for your entire project’s features.  Create a database solution using VS 2010 (see day 2 tutorial)  Run the db command script
  41. 41. References Database Modeling and Design Pro SQL Server 2008 Failover Clustering

×