Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Partially Contained Databases

Speaker: Steve Verschaeve

Download SQL Server 2012:

  • Be the first to comment

  • Be the first to like this

Partially Contained Databases

  2. 2. ABOUT ME• Sr. SQL Server Consultant at KOHERA• Webmaster & board member at SQLUG.BE• Co-organiser at• Microsoft Extended Expert Team member• MCP, MCTS, MCITP, MCT••• @sql_lazywriter
  3. 3. AGENDA• What is a (partially) contained database• Features within/outside Application Model• Authentication• Collation• Identifying database containment• Threats against partially contained databases• Demos• Resources• Q&A
  4. 4. WHAT IS A (PARTIALLY) CONTAINED DATABASE• Scenario: Deploy to production; HA & DR DB DB Backup/Copy/Restore Instance A Instance B ? Logins Linked Servers Agent jobs …
  5. 5. WHAT IS A (PARTIALLY) CONTAINED DATABASE• Improved dependency management • Include all settings + metadata • No login authentication at database engine level • Isolated from the database engine • Improved transition between environments• Not yet fully contained• Moving to SQL Azure • Fully contained • Uncontained features disabled by default• All SQL Server editions
  6. 6. FEATURES WITHIN/OUTSIDE APPLICATION MODELWithin the Application Model [1] Outside the Application Model [2]Contained Non-ContainedSystem Views Catalog Viewssys.indexes, sys.types, … sys.servers, sys.server_role_members…Data Types T-SQLAll data types excluding CLR data types Backup, Restore, Set Ansi_Nulls, …Dynamic Management Views Built-in Functionssys.dm_db_uncontained_entities @@servername, loginproperty, …T-SQL System FunctionsHaving, Rollback Transaction, … sys.fn_get_sql, sys.fn_cdc_get_min_lsn, ...Built-in Functions Other@@rowcount, Getdate, IsNull, … Linked servers, Full-Text Search, Synonyms, …System Stored Procedures Replication, Change data capture, Changesp_helptext, sp_columns, sp_addrole, … trackingDBCC StatementsCHECKDB, SHOW_STATISTICS, …
  7. 7. ENABLE PARTIALLY CONTAINED DATABASES• Instance level EXEC sys.sp_configure N’contained database authentication’,N’1’; GO• Database level CREATE DATABASE [PartialCDB] CONTAINMENT = PARTIAL [NONE]; GO• New syntax ALTER DATABASE CURRENT ...
  8. 8. DEMOEnable & Convert non-contained DB to Partial-CDB
  9. 9. AUTHENTICATION• Contained users connect without server level authenticating• Contained SQL User with password syntax CREATE USER Giselle WITH PASSWORD = ‘xyz’; GO• Multiple users with same name for different databases• Normal users tied to login coexist with contained users in same database [1]
  10. 10. DEMO• Authentication
  11. 11. COLLATION• Two types of collation: DATABASE_DEFAULT & CATALOG_DEFAULT• New catalog collation Latin1_General_100_CI_AS_WS_KS• Syntax CREATE TABLE T1 (Name nvarchar(max) COLLATE CATALOG_DEFAULT); GO• Same collation for all contained databases and instances• Cannot be changed
  12. 12. COLLATIONItem Non-Contained Database Contained DatabaseUser data (default) DATABASE_DEFAULT DATABASE_DEFAULTTemp Data (default) TempDB Collation DATABASE_DEFAULTMetadata DATABASE_DEFAULT / CATALOG_DEFAULT CATALOG_DEFAULTTemp Metadata TempDB Collation CATALOG_DEFAULTVariables Instance Collation CATALOG_DEFAULTGoto Labels Instance Collation CATALOG_DEFAULTCursor Names Instance Collation CATALOG_DEFAULT
  13. 13. DEMO• Collation
  14. 14. IDENTIFYING DATABASE CONTAINMENT• Sys.dm_db_uncontained_entities • View • Potentially uncontained entities • Static• Cdb_uncontained_usage • Extended Event • When uncontained entity is detected and identified at run time • Dynamic
  15. 15. DEMO• Sys.dm_db_uncontained_entities• Cdb_uncontained_usage
  16. 16. THREATS AGAINST PART. CONTAINED DATABASES• Who can change containment settings• Users in a converted DB can create new users with password• Prevent a DB from being contained• Prevent connections from users with passwords• No rechecked passwords• Users with password cannot use Kerberos authentication• Offline dictionary attack• Auto_Close database property
  17. 17. RESOURCES• SQL Server v.Next(Denali): Contained Databases (Aaron Bertrand)• SQL Server 2012: Sometimes Partial Is Preferable (Denny Cherry)• Partially Contained Databases (TechNet)• SQL Server 2012 Partially Contained Databases (Steve Verschaeve)• Contained Database Authentication in depth (Lyudmila Fokina)
  18. 18. Q&A
  19. 19. THANK
  20. 20. © 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.