This document summarizes Charley Hanania's presentation on auditing and policy-based management in SQL Server 2012. Hanania is a principal consultant and former production product owner at UBS Investment Bank. The presentation covers the SQL Server audit framework, including enhancements in SQL Server 2012. It also covers the policy-based management framework for creating conditions, facets, and policies to manage SQL Server properties. Hanania demonstrates both features and takes questions at the end regarding auditing enterprise roles, which editions support auditing, which support policy-based management, and the performance impact of changing the audit queue delay setting.

1. IT Pro Day
Auditing in SQL Server
2012
Charley Hanania
Principal Consultant, QS2 AG – Quality Software Solutions
www.qs2.ch

2. Now:
• Database Consultant at QS2 AG
Formerly:
• Production Product Owner of MS SQL Server Platform at UBS Investment Bank
IT Professional since 1992
SQL Server Certified since 1988
• On SQL Server since 1995
• Version 4 on OS/2
Community
• Microsoft MVP: SQL Server
• PASS Chapter Leader – Switzerland
• PASS Regional Mentor – Europe
• European PASS Conference Lead
• International Event Speaker
• MCT Regional Lead (Switzerland)
• Database Days Conference Switzerland Lead
B.Sc (Computing), MCP, MCDBA, MCITP, MCTS, MCT, Microsoft MVP: SQL Server, MCT Regional Lead (Switzerland)

3. Agenda
Chapter 2/4

4. Agenda
Overview
SQL Server Audit Framework
Policy Based Mgt Framework
Wrap-Up

5. Overview of regulatory standards and

6. The Compliance
and Policy
EcosystemWhy all this is so important…

7. 1. Identify Issues and Risks
2. Develop Policies to mitigate them
3. Architect Procedures & Solutions
(frameworks) to meet (comply with) Policies
4. Implement methods to report compliance
levels
5. Implement methods & countermeasures for
exceptions and comprised systems
6. Implement Process Improvement
methodologies for framework maturity

8. Major frameworks
used for establishing IT controls…

9. • AICPA/CICA Trust Services, Principles, and
Criteria
• Carnegie Mellon University Software Engineering
Institute (CMU/SEI) OCTAVE
• CICA CoCo – Criteria of Control Framework
• CICA IT Control Guidelines
• CMMI – Capability Maturity Model Integration
• CobiT – Control Objectives for Information and
related Technology
• COSO – Internal Control Integrated Framework
• GAISP – Generally Accepted Information
Security Principles
• ISF Standard of Good Practice for Information
Security
• ISO 17799:2005
• ISO 9000
• ITIL – the IT Infrastructure Library
• Malcolm Baldridge National Quality Program
• Organization for Economic Cooperation and
Development (OECD) Principles of Corporate
Governance
• OPMMM – Organizational Project Management
Maturity Model
• Six Sigma
• OECD - Organization for Economic Cooperation
and Development Guidelines on the Protection of
Privacy and Transborder Flows of Personal Data
• NIST SP 800-53 - Recommended Security
Controls for Federal Information Systems
• The FFIEC Information Technology Examination
Handbook series
The major players in the IT framework arena are:
source: www.unifiedcompliance.com
Note:
 There is no single framework that is all encompassing and "complete"
 Some frameworks focus on process maturity analysis and others focus more on standardised policies and
checklists.
 These frameworks are used to bring organisations closer to compliance with one or more regulatory standards

10. Relevant
Technology
Componentswithin SQL Server

11. • Complex DBMS :: packed with features.

12. SQL Server Audit Framework

13. Feature
OverviewSQL Server Audit Framework

14. • Based on Extended Events
• Components:
SQL Server Audit

15. • sys.fn_get_audit_file
• sys.sp_audit_write
• System Views
SQL Server Audit

16. Enhancements in
SQL Server 2012
SQL Server Audit Framework

17. • SQL Server Auditing is more resistant to auditing destination
failures
• Audit log records additional T-SQL stack frame information when
available
• Audit information is filtered before it is written into the audit target
• Maximum number of audit files available
• Stored procedure - sp_audit_write
• New columns in audit related views and functions

18. Demo
SQL Server Audit Framework

19. Policy Based Mgt Framework

20. Feature
OverviewPolicy Based Mgt Framework

21. •A framework which exposes sql server's properties
as facets, allows you to create conditions which
report back the status of those facets, and then
create policies around those conditions.
•You can just report on those or enforce them. You
can also import and export them and apply them to
multiple servers.
Policy Based Management

22. Conditions
Facets
Policies
Policy Based Management

23. Demo
Policy Based Mgt Framework

24. Wrap-Up

25. Summary
Wrap-Up

26. The Audit Feature is enhanced in SQL Server
2012
It is a tool in the “Security and Compliance”
arsenal
It needs to be architected into the overall
operational strategy, alongside strategic
tools, policies and processes.

27. REGISTER NOW AND
GET 10% OFF
DISCOUNT CODE:
CHMTD12
(Valid until December 10, 2012)
• A Preconference Day with 5-7 parallel
technical workshops, focussed on critical
role-based skills for Data Professionals.
• Two days of conference seminars across 3
technical tracks:
- Database Administration
- Business Intelligence
- Data Platform Application Development.
Check out www.databasedays.com

28. Questions?
Wrap-Up

29. Can Enterprise Roles be Audited? Eg
Administrators?
• yes, but not out of the box. A
deeper look at how AD groups
and segregations of rights are
implemented is needed, and the
application of auditing against
these should then be done.
Which Editions is audit available on?
• All editions, but with limitations.
Enterprise Edition allows for
more granular auditing that is
unavailable in the other SKU’s
Which SKU’s is PBM available on?
Why would reducing the queue delay to 0
in the Audit properties have an negative
effect on performance?
• Reducing the delay to 0 tells the
audit feature to work in synchronous
mode, so every write to the log
needs to be persisted before it is
released. This essentially has a
similar effect to what the transaction
log has on the system from a commit
perspective.
• Also, if flushes occur too frequently, it
may have detrimental effects as the
disk subsystem may be slow or
overloaded.
• When set to say 10,000 (10 seconds) it
will only flush the buffer if it is full, or
it has reached the timer value
specified.

30. Contact Info
Wrap-Up

31. Email: Charley.Hanania@sqlpass.org
Website: http://www.sqlpass.ch
Twitter: http://www.twitter.com/CharleyHanania
Blog: http://blogs.mssqltips.com/blogs/charleyhanania
Linked-in: http://www.linkedin.com/in/charleyhanania
Database Days: http://www.databasedays.com