Ing. Eduardo Castro, PhD Comunidad Windows ecastro@grupoasesor.net http://ecastrom.blogspot.com
Service Review SQL Azure Architecture & Workflows Service Resilience Service Monitoring Attack Vectors/Security considerat...
An illustration .NET Services Applications SQL Azure ...
Subscription Used to map service usage to the billing instrument Users may have many subscriptions Logical Server ...
A relational DB in the cloud SQL Azure Database ...
Reference Data Sync Data Symmetric Programming Model Data Hub Aggregation • Init...
Clear Feedback: “I want a database in the Cloud” Familiar SQL Server relational model Uses existing APIs & tools Built fo...
Application Application Application ...
Applications use standard SQL client libraries: ...
TDS Listener Capability negotiation TDS Packet inspection Security Logical->Physical mapping via metadata catalog En...
Gateway Process AdminSvc TDS Endpoint Provi...
Subscription Coordinated across all Azure services Executed in parallel w/retries Server May occur between data cent...
Driven by administrator Portal Provision request is sent to Gateway Metadata catalog entry created DNS record (CNAME) ...
Live DNS Cluster Customer Live DNS Browser ...
Gateway performs stateful TDS packet inspection Picks out subset of messages Parses out args for create database Makes...
1 TDS Gateway Front-end Node ...
Login request arrives at the Gateway Gateway locates MasterDb & UserDb replica sets Credentials are validated against Mast...
7 1 TDS Gateway ...
Provisioning State machines used to coordinate activities across node (and datacenter) boundaries Failed provisionin...
Metrics Cluster wide performance counters gather key metrics on the service Used to alert Operations to issues be...
Service Secure channel required (SSL) Denial Of Service trend tracking Packet Inspection Server IP allow list (Fir...
Reviewed SQL Azure Architecture & Workflows Provisioning (Server & DB) Login Service Resilience & Health Failure det...
http://comunidadwindows.org http://ecastrom.blogspot.com http://www.sqlazurelabs.com http://www.microsoft.com/windowsazure...
Sql azure database under the hood
Sql azure database under the hood
Upcoming SlideShare
Loading in …5
×

Sql azure database under the hood

639 views

Published on

In this presentation we present SQL Azure under the hood, we explore the internal componentes and process involved in the SQL Azure Platform.

Regards

Ing. Eduardo Castro, SQL Server MVP
http://comunidadwindows.org
http://ecastrom.blogspot.com

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
no profile picture user

  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
639
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Sql azure database under the hood

  1. 1. Ing. Eduardo Castro, PhD Comunidad Windows ecastro@grupoasesor.net http://ecastrom.blogspot.com
  2. 2. Service Review SQL Azure Architecture & Workflows Service Resilience Service Monitoring Attack Vectors/Security considerations Wrap up
  3. 3. An illustration .NET Services Applications SQL Azure Windows Azure Applications Windows Windows Windows Others Server Vista/XP Mobile
  4. 4. Subscription Used to map service usage to the billing instrument Users may have many subscriptions Logical Server Akin to SQL Server Instance Unit of Geo-Location & Billing 1:1 Subscription & server User Database Restricted T-SQL surface area Additional catalog views provided e.g. sys.billing, sys.firewall_rules, etc
  5. 5. A relational DB in the cloud SQL Azure Database Data Hub Others (Future) .NET Services SQL Services Applications Relational database as a service Live Services Windows Azure Highly available, automatically maintained Extension of the SQL Server Data Platform Applications Windows Windows Windows Others Server Vista/XP Mobile
  6. 6. Reference Data Sync Data Symmetric Programming Model Data Hub Aggregation • Initial services – core RDBMS capabilities with SQL Azure Database, Data Sync • Future Offerings • Additional data platform capabilities: Reporting, BI • New services: Reference Data
  7. 7. Clear Feedback: “I want a database in the Cloud” Familiar SQL Server relational model Uses existing APIs & tools Built for the Cloud with availability and scale Accessible to all from PHP, Ruby, and Java Focus on combining the best features of SQL Server running at scale with low friction
  8. 8. Application Application Application Browser Browser ODBC, OLEDB, Application Application REST Client REST Client SQL Client* ADO.Net PHP, Ruby, … Cloud Cloud Evolves HTTP+REST HTTP+REST HTTP HTTP TDS Windows Azure Windows Azure Data Center Data Center Web App REST (Astoria) Web App REST Client ADO.Net + EF SQL Client* REST/SOAP + ACE Model TDS + TSQL Model SDS Current SDS Next * Client access enabled using TDS for ODBC, ADO.Net, OLEDB, PHP-SQL, Ruby, …
  9. 9. Applications use standard SQL client libraries: ODBC, ADO.Net, PHP, … Application Internet Azure Cloud TDS (tcp) Security Boundary Load balancer forwards „sticky‟ sessions to TDS LB protocol tier TDS (tcp) Gateway Gateway Gateway Gateway Gateway Gateway Gateway: TDS protocol gateway, enforces AUTHN/AUTHZ policy; proxy to CloudDB TDS (tcp) L SQL SQL SQL SQL Scalability and Availability: Fabric, Failover, Replication, and Load balancing
  10. 10. TDS Listener Capability negotiation TDS Packet inspection Security Logical->Physical mapping via metadata catalog Enabler for multi-tenet capabilities Isolation layer
  11. 11. Gateway Process AdminSvc TDS Endpoint Provisioning Endpoint Endpoint Protocol Parser Business Logic Services Connection Mgmt L SQL SQL SQL SQL Scalability and Availability: Fabric, Failover, Replication, and Load balancing
  12. 12. Subscription Coordinated across all Azure services Executed in parallel w/retries Server May occur between data centers Point where Geo-location is established Database Always occurs within a single data center Cross node operations executed during this process e.g. add new db to sys.databases on the master
  13. 13. Driven by administrator Portal Provision request is sent to Gateway Metadata catalog entry created DNS record (CNAME) created within LiveDNS service Master DB created On completion metadata catalog updated
  14. 14. Live DNS Cluster Customer Live DNS Browser Svc 1 Datacenter (Sub-Region) 5 Portal LB Gateway LB 2 4 3 6 Front-end Node Front-end Node Front-end Node Front-end Node Admin Portal Admin Portal Gateway Gateway 7 Backend Node Backend Node Backend Node SQL Server SQL Server SQL Server Mgmt. Mgmt. Mgmt. Services Fabric Services Fabric Services Fabric
  15. 15. Gateway performs stateful TDS packet inspection Picks out subset of messages Parses out args for create database Makes entry into Gateway metadata catalog Unused replica set located and reserved Replica set (UserDB) is prepped for use Metadata catalog is updated
  16. 16. 1 TDS Gateway Front-end Node TDS Session Protocol Parser 2 3 Gateway Logic Master Cluster Master Node 4 Master Node Components 7 5 8 6 Backend Node 1 Backend Node 2 Backend Node 3 SQL Instance SQL Instance SQL Instance SQL DB SQL DB SQL DB Scalability and and Availability: Fabric,Failover,Replication, and Load balancing Scalability Availability: Fabric, Failover, Replication, and Load balancing
  17. 17. Login request arrives at the Gateway Gateway locates MasterDb & UserDb replica sets Credentials are validated against MasterDb TDS session is opened to UserDB and requests are forwarded
  18. 18. 7 1 TDS Gateway Front-end Node TDS Session Protocol Parser 6 2 Gateway Logic Global Partition Map Master Node 8 3 Master Node Components 4 5 Backend Node 1 Backend Node 2 Backend Node 3 SQL Instance SQL Instance SQL Instance SQL DB SQL DB SQL DB Scalability and and Availability: Fabric,Failover,Replication, and Load balancing Scalability Availability: Fabric, Failover, Replication, and Load balancing
  19. 19. Provisioning State machines used to coordinate activities across node (and datacenter) boundaries Failed provisioning attempts cleaned automatically after 10 minutes Login Failovers during the login will be transparent (<30 seconds) Metadata catalog refresh occurs automatically Active Session Surface as connection drops (due to state)
  20. 20. Metrics Cluster wide performance counters gather key metrics on the service Used to alert Operations to issues before they become a problem Early warning system Code issues Capacity warnings Health Exercises the service routinely looking for problems When issues are encountered runs deep diagnostics Network connectivity at the node level Validate all dependent services (Live DNS, Live ID, etc) Monitoring from other MSFT DC‟s Validates accessibility from multiple geographic locations Alerts fired automatically when test jobs fail
  21. 21. Service Secure channel required (SSL) Denial Of Service trend tracking Packet Inspection Server IP allow list (Firewall) Idle connection culling Generated server names Database Disallow the most commonly attacked user id‟s (SA, Admin, root, guest, etc) Standard SQL Authn/Authz mode
  22. 22. Reviewed SQL Azure Architecture & Workflows Provisioning (Server & DB) Login Service Resilience & Health Failure detection and correction How we determine service health Security considerations Attack vectors and mitigations Questions?
  23. 23. http://comunidadwindows.org http://ecastrom.blogspot.com http://www.sqlazurelabs.com http://www.microsoft.com/windowsazure/ http://sql.azure.com/

×