3. Explore Everything PASS Has to Offer
Free SQL Server and BI Web Events
Regional Event
This is Community
Business Analytics Training
Local User Groups Around the World
Session Recordings
3
Free 1-day Training Events
PASS Newsletter
Free Online Technical Training
4. Session Evaluations
Submit by 5pm
Friday Oct. 18 to
WIN prizes
Your feedback is
important and valuable.
ways to access
Go to
passsummit/evals
4
Download the GuideBook
App and search: PASS
Summit 2013
Follow the QR code link
displayed on session
signage throughout the
conference venue and in
the program guide
7. Microsoft’s Response
Enterprise Email and Document Storage: If we receive a government
demand for data held by a business customer, we take steps to redirect
the government to the customer directly, and we notify the customer
unless we are legally prohibited from doing so. We have never provided
any government with customer data from any of our business or
government customers for national security purposes.
In terms of criminal law enforcement requests, we made clear in our Law
Enforcement Requests Report that throughout 2012 we only complied
with four requests related to business or government customers. In three
instances, we notified the customer of the demand and they asked us to
produce the data.
http://blogs.technet.com/b/microsoft_on_the_issues/archive/2013/07/16/respon
ding-to-government-legal-demands-for-customer-data.aspx
7
9. Agenda
•
•
•
•
•
9
Story About the Cloud
Defining Disaster Recovery
Windows Azure Virtual Machines
Why use the Cloud?
Cloud DR Scenarios using AlwaysOn
12. Defining Disaster Recovery
Start With RPO and RTO
Backup and Recovery
Backing up your data isn’t enough
Regularly test recovery processes
(great use case for Azure)
RPO—How much data can you
afford to lose for a given system?
RTO—How long can you system
be down without business impact?
Technology Decisions should be
driven by these metrics
Write everything down and get
executive sign off
Have a solid process—process is
far more important than technology
• If you don’t test
recovery, save the
space and don’t
back up your
databases!
Send backups to multiple locations
12
12
13. Disaster Recovery--Summary
• HA =! DR—Most HA solutions have single points of
failure
• The Business Needs should define the technology
• Have a Disaster Recovery Plan—keep it up to date
• Protect your backups by sending them multiple places,
and…
• TEST YOUR RESTORATION PROCESS
REGULARLY
13
14. Cloud Computing—Brief Review
Types of Cloud Computing
Software as a Service (SAAS)—
Examples like Gmail,
Salesforce.com
Infrastructure as a Service
(IAAS)—Windows Azure VMs,
Amazon AWS, Rackspace
Platform as a Service (PAAS)—
Microsoft Windows Azure SQL
Database (WASD), Amazon RDS
(Relational Database Service)
14
14
15. Windows Azure
Since June 2012 (GA as of May
2013), Azure Virtual Machines
became available
This is an infrastructure as a
service model
VMs are available preconfigured,
or users can supply their own
images
Can connect to on premises Active
Directory and/or DNS via VPN
connectivity
As of June 2013—available freely
for development use with MSDN
subscription
15
15
17. So Why Go to the Cloud?
• Logistics
• Redundancy
• Costs
• A live full-time DR site is expensive
• Site Rent and Maintenance
• Idle Hardware
• Ops
• Many smaller orgs do not have near time DR at
all
• Not for everyone or every system
17
18. Cloud Pros/Cons
Is this your workload?
Or is this your workload?
If so, you probably want your own
If so, you’re probably a good fit for using
dedicated hardware.
Azure virtual machines
18
19. Azure VM Sizes and Costs
High Memory Instances
COMPUTE
VIRTUAL
INSTANCE
CORES
COMPUTE
NAME VIRTU
RAM
INSTANCE
AL
RAM
NAME
CORES
Extra
768
Shared
Small (A0)
MB
A6
4
Small (A1)
A7
Medium
(A2)
8
Large (A3)
Extra
Large (A4)
19
1
2
4
8
28
GB
WEB
WEB
$0.065/hr
$1.065/hr
(~$48/month)
(~$792/mont
1.75
$0.135/hr
h)
STANDARD
STANDARD
ENTERPRISE
ENTERPRISE
$0.57/hr
(~$424/month)
$2.12/hr
(~$1,577/month)
$2.19/hr
(~$1,629/month)
$1.57/hr
(~$1,168/month)
$3.12/hr
(~$2,321/month)
GB
56
GB
(~$100/month)
$0.64/hr
(~$476/month)
7 GB
$0.405/hr
(~$301/month)
$0.91/hr
(~$677/month)
$2.46/hr
(~$1,830/month)
14 GB
$0.81/hr
(~$603/month)
$1.82/hr
(~$1,354/month
)
$4.92/hr
(~$3,660/month)
$2.13/hr
$3.14/hr
$6.24/hr
(~$1,585/mo
3.5
$0.225/hr (~$2,336/month)
$0.73/hr
$2.28/hr
(~$4,643/month)
nth)
GB
(~$167/month)
(~$543/month) (~$1,696/month)
20. Costs Equation
On-premises
Azure VM
SQL Server Enterprise License—$27,496
Physical Server--$5000
•
•
•
Four cores
16 GB RAM
$14,629-17,257/yr (Prepaid)
Lease on Second Data Center--$ A LOT
*http://www.itbusinessedge.com/cm/community/features/guestopinions/blog/thebusiness-value-of-server-virtualization/?cs=17105
20
20
4 Cores (Large)
7 GB RAM (Large)
Bandwidth Outbound: .114/GB
Windows Server License--$1764
Software Assurance--$4389/yr
Power and Cooling--$589/yr*
Total--$38,707
Total Cost $21,960/yr (Month to Month)
Large Memory VMs (56 GB) -- $$
21. Security in the Cloud
• Biggest question I’ve run into
with clients is security
• Azure Data Centers comply
with ISO 27001:2005
• SSAE 16/ISAE 3402 Attestation
• HIPPA Business Associate
Agreement
• VPN connections encrypt data
end to end
21
23. Site to Site VPN
Domain
Controller
SQL
Servers
VPN
Appliance
On-premises (Your DC/Colo)
Windows Azure
Creating Site to Site VPN Connection (MS)
Configuring Windows Server 2012 to Use RRAS to Azure
28. AlwaysOn
Availability Groups
•
•
•
•
•
•
•
•
•
•
Requires SQL Server Enterprise Edition
Windows Cluster
All servers in same Windows Domain
Databases Failover as a group
No Shared Storage Needed
Async and Sync Modes
Automatic and Manual Failover
Supports up to 4 replica copies
Replicas can be read
Backups on secondary copies
29. Benefits of Availability Groups
• These apply to both on-premises and hybrid Ags
• Read Scaling—Can read secondary copies of data
•
•
Offload Read workload to Azure
Connect reporting/BI apps or migrate apps
• Offload backups
•
29
In the hybrid solution—offload backups to Azure storage to
meet offsite backup requirements
30. Azure SQL Server HA/ DR
Options
Data Protection in the Cloud
30
October 15-18, 2013 | Charlotte, NC
31. SQL Server HA/DR Scenarios
•
•
•
•
Availability of SQL Server in Azure VM
Protection from issues impacting SQL Server or VM
Using another SQL Server VM in same Azure DC
•
•
•
Ensure availability of on-premises SQL Server (physical or virtual)
Protection from issues impacting on-premises DC
Using a SQL Server VM in Azure
•
•
•
Availability of SQL Server in Azure VM
Protection from issues impacting the Azure DC
Using another SQL Server VM in different Azure DC
•
•
32. Hybrid Availability Group Requirements
• VPN connection between your data center and Windows
Azure
• Can be point-to-point or point-to-site
• Point-to-point requires hardware VPN
• Point-to-site mainly used for early dev/test/demo
• Currently only one replica in Azure
• Virtual Network Limited to one Azure Data Center
• Can have multiple on-premises replicas
32
33. 10.1.1.0 Subnet
Cloud DC
137.135.45.56
Service Input Endpoint
10.0.1.0 Subnet (VPN)
SQL in Cloud
10.0.1.0 Subnet (VPN)
Azure Gateway
137.135.45.101
10.0.0.0 Subnet
Internet
On-Premise DC
33
SQL On Premise
34. Hybrid Availability Group
SQL Instance
1
SQL
Instance 2
On-premises
Windows Server Failover Cluster (Same AD Domain)
34
34
38. Resources
• Configuring a Point to Site VPN
• AlwaysOn Availablity Groups in Hybrid IT
• Listener Configuration for AlwaysOn Availability Groups
in Windows Azure
• High Availability and Disaster Recovery for SQL Server in
Windows Azure Virtual Machines
39. Summary
• Microsoft Azure Virtual Machines and Storage offer the
same HA and DR options that we have on-site
• Point to Site VPN allows for testing from our machines
• Provider connect makes the networking easy(er)
• Good model for smaller shops that have critical systems
39
41. Session Evaluations
Submit by 5pm
Friday Oct. 18 to
WIN prizes
Your feedback is
important and valuable.
ways to access
Go to
passsummit/evals
41
Download the GuideBook
App and search: PASS
Summit 2013
Follow the QR code link
displayed on session
signage throughout the
conference venue and in
the program guide
42. Thank you
for attending this session and the
2013 PASS Summit in Charlotte, NC
42
October 15-18, 2013 | Charlotte, NC
Editor's Notes
A little bit about myself, I’m a solutions architect for Anexinet Corporation, based out of Philadelphia, Pennsylvania, in the US. I’ve been working with SQL Server since 1999, and also work on a variety of RDBMS and Data Store Platforms.You can find me on twitter at jdanton, and that is probably the best place to reach me. If you are in the SQLPASS community and not active on Twitter, you are missing out on great resources and troubleshooting.My email address is jdanton1@yahoo.com, if you have any questions about this presentation, you can reach me there.Lastly, I blog at joedantoni.wordpress.com, on a variety of database topics. I do have a large number of blog posts on Availability Groups and DR located there. The slides for this session and the recording will be up on the PASS site.
So for today’s session, we are going to talk a little bit about some of the principals of disaster recovery. It’s a challenge for many organizations, and it’s also on the first items that is cut during any sort of budget crisis. But we want to make sure as DBAs that we have a firm understanding of how to manage expectations.Next we’ll talk about Windows Azure Virtual Machines—this was a feature of Azure that went live in April 2013, and was a real game changer for the Azure platform. Previously, Microsoft had only offered Platform as a Service offerings (for example Windows Azure SQL Database (formerly known as SQL Azure) and Windows Azure. In those solutions our ability to interact with the on-premises solutions we had in our data centers was quite limited. With the introduction of Azure VMs, we have a great deal of flexibility in how we can figure these solutions.We can’t implement any sort of hybrid solution without the help of our Active Directory and network teams, so we will discuss the requirements that are needed there. As a database professional you don’t need to be an expert in this space, you just need to know the high level, and how to explain to the implementers.Lastly, we will get to see a demo environment where we will walk through the implementation of an AlwaysOn Availability Group across an on-premises server and onto Windows Azure.
I’ve always cared a lot about disaster recovery. I think it started because I grew up in New Orleans, and my first real job was with the utility company there. Electric power is something that definitely needs to be AlwaysOn, so I started learning about DR solutions early. I then moved on to work for another fairly important business role—vaccine plants—in both North Carolina and Puerto Rico. Two places are very much in danger of hurricanes. What both of those positions really taught me was the importance of a well written, clearly defined disaster recovery plan. Every company (and key business system in that company) should have a DR plan—this doesn’t mean you have to have very expensive real time solutions. A perfectly acceptable plan is to say in the event of the disaster, we will proceed without application X, but we need to have application Y online within 2 hours. Additionally the plan needs to cover people and hardware/software resources, and how to put them in place. This is key to good uptime, no matter your solutions.What isn’t acceptable is to have this be your disaster recovery plan…
I do a lot of presentations in the SQL Failover Clustering and Availability Group space, and I really love clustering as a high availability solution. It’s rock solid, relatively easy to implement, and fairly robust. However, it is by no means a disaster recovery solution. I’ve never actually heard this in reality, but I’ve heard it discussed—”we don’t need backups, we have a cluster”. Well clusterings’ major weakness is that the shared storage it uses is a single point of failure. There are some solutions to avoid this (our sponsor SIOS has a nice solution), but unless you are going to a second physically disparate data center, it’s not a disaster recovery solution. Most importantly, remember all good disaster recovery solutions involve a solid backup, and way more importantly recovery strategy. For companies with limited on-site resources this can be a really good use of cloud resources—you can ship your backups to a cloud provider, and periodically test restores in VMs that you are only paying for when you use them.
So when crafting your disaster recovery plans, you see need to start with RPO and RTO. RPO is recovery point object, and RTO is recovery time objective. In a nutshell, RPO is how much data you can lose before impacting a business system, and RTO is how long your system can be down before impacting the business. Any technology systems should be driven by these business systems—the technology shouldn’t drive the business.After you’ve made these decisions, you should write every thing down (and they should be made on a business system level, not a general company level), then you should write them down, and get executive sign off. And don’t forget to keep these things up to date. Systems and business priorities change, and your DR plans should reflect this.I touched on this in the last slide, but I can’t emphasize this enough—you need to test your restoration process regularly. One of my former employers had a 55 TB database, that was doing about 3 TB of transactions a day. The applications team was complaining that they didn’t have real time DR. We were in meetings with the team, and asked them the last time they tested a database restore. The answer was never—the app team was shocked when we suggested they stopped doing backups (in this case the data were reproducible), but we were serious. Particularly with large data sets, you have to test restores.Lastly, send your backups to multiple locations—another great use case for Azure, in this case blog storage. Or a 3rd party like Iron Mountain
To summarize—with disaster recovery. Remember, HA does not equal DR, they are two different types of solutions. Define RPO and RTO, and do it at a business system level, and remember get your executive sign off on your DR plan. Send your backups to multiple sites—this is a requirement for most publically traded companies.Lastly, test your restoration process regularly—I can’t emphasize this enough. Without there is no basis for DR.
Just a brief review on cloud computing terms. In general there are several types of cloud computing. Software as a service is the most extracted level—this is basically an application presented to your as a service. A great example of this is Gmail or Salesforce, or any application we use on our phones.The next step, is Infrastructure as a Service—this is where we are going to be today, specifically talking about Windows Azure VMs. Amazon and Rackspace have very similar offerings in this space. One really cool thing about Azure, is that if you have MSDN, you get some free VMs to play with. A nice use case for this is testing new releases, for example there are prebuilt templates of SQL 2014 running on Windows Server 2012 R2.The last major type of resource, is platform as a service. According to MS this is where they see things moving eventually, but acknowledge right now, that IaaS is the current solution. Specific database resources available on these platforms are Windows Azure SQL Database (formerly known as SQL Azure) and Amazon RDS (relational database service)—these are just a database that exists in the cloud. Currently we don’t have a way to extend our on-premises solutions into this model.
So for a while, Amazon was the only way to go if you wanted to a Virtual Machine in the could. The Microsoft offering was Windows Azure, which only allowed a block of space to run program code in the cloud—it could talk to (at the time) SQL Azure, but wasn’t the same thing as what Amazon was offering in AWS.Starting in June of last year, Microsoft started offering a Infrastructure as a Service model, as they acknowledged that the market was in really heading in that space. Very similar to Amazon, preconfigured VMs (like the SQL 2014 one I mentioned earlier) are available. Also, these are powershell extensible—meaning you can you develop an automated process to expand out VM farms. For example, if you have a web site, and a lot of application servers, and you are experiencing a period of high load, you may be able to roll out new servers behind a load balancer to handle the traffic, and then remove them as load goes down.We can connect to an on-premises domain controller and/or DNS, though the best practice for availability is to put a Domain Controller and DNS server within Windows Azure, in case the connection does get broken.Lastly, as of June 2013—all MSDN users get monthly credit towards using VMs in the Windows Azure space.
So why go to the cloud? We talked a lot about logistics-required for a good DR plan, and these aren’t available to a lot of smaller companies. Things like redundant SANs and data centers is extremely expensive, and many of those resources are sitting idle most of the time.My last company had 3 major data centers, and a couple of smaller satellite operations—this made DR a lot easier, however most companies don’t have solutions like this. Nor do they have operations teams to manage a second site. Many smaller organizations have no real options if a disaster were to hit their primary data center site. I acknowledge the cloud isn’t the solution for every company or every system, some systems need performance that the cloud can’t offer, and some firms can be overly paranoid about security, which leads us to our next slide. (Actually, for companies that are scared of cloud security—I hope they are as good internally as the cloud providers are). If you are an edge.
I mentioned in the slide before—the cloud and Windows Azure isn’t for every workload.
Microsoft License Mobility through Software AssuranceWith License Mobility through Software Assurance, you can:Deploy certain server application licenses purchased under your Volume Licensing agreement in Windows Azure data centers.Extend the value of your server application licenses by deploying them on-premisess or in the cloud.Take advantage of the low cost computing infrastructure for changing business priorities.
The biggest question I get from all clients, regarding the Azure, are questions about security. Microsoft has worked really hard, enhancing their own procedure to align with many industry standards. The data centers meet all of the requirements leveraged by Sarbanes Oxley. Additionally, Microsoft has ensured that the data in their data centers in compliance with all EU privacy mandates (which are the strictest in the world).Lastly—you are connecting over an encrypted VPN connection. While there are a small percentage of shops that may do things better than what Microsoft is doing, I can say in my experience, most companies aren’t.
Availability Groups have lots of benefits over database mirroring. We can read the secondary replicas—we couldn’t do that in the database mirroring model. Additionally we can offload read workload—in this hybrid model we can send our read workloads, or perhaps our BI applications into the cloud. Additionally, many compliance requirements require backups to be taken offsite—using Azure blob storage, to meet this requirement.
A little bit about myself, I’m a solutions architect for Anexinet Corporation, based out of Philadelphia, Pennsylvania, in the US. I’ve been working with SQL Server since 1999, and also work on a variety of RDBMS and Data Store Platforms.You can find me on twitter at jdanton, and that is probably the best place to reach me. If you are in the SQLPASS community and not active on Twitter, you are missing out on great resources and troubleshooting.My email address is jdanton1@yahoo.com, if you have any questions about this presentation, you can reach me there.Lastly, I blog at joedantoni.wordpress.com, on a variety of database topics. I do have a large number of blog posts on Availability Groups and DR located there. The slides for this session and the recording will be up on the PASS site.