Microsoft Azure SQL Database Business Continuity and Auditing Deep Dive

Jan EngelsbergEyal Carmel

DBI-B313

Agenda

Business ContinuityAuditing

Business ContinuityScenariosBCDR ModelHigh availability platformDatabase backup based solutionsDatabase replication based solutions

Business Continuity ProblemEnabling the application to continuously operate during unplanned and planned disruptive events

BCDR Tiered Model

B

Transactions per hour

Transactions per minute

Transactions per second

Point In Time Restore (“oops” recovery)

Geo-Restore (restore last daily backup to another region)

RTO<24h*, RPO<24h

RTO<24h*, RPO<24h

RTO<24h*, RPO<24h

Standard geo-replication (offline secondary, fixed DR pairing)

RTO<2h RPO<30m

RTO<2h RPO<30m

Active geo-replication (up to 4 online secondaries, configurable regions)

RTO<1h, RPO<5m

* Target only, actual time depends on the data size and scale of restores

Azure SQL Database

Geo-distributed service Customer metadata protection and recovery Transparent high availability and data protection from local platform failuresAutomatic geo-distributed backups Automatic data synchronization of geo-replicated databases Platform compliance testing and certificationAlerting impacted customers about their servers’ degradation during regional failures

Customer (subscription owner)

Detecting user errors and initiating point in time restorePlanning, database prioritization and region selection for disaster recoveryInitiating geo-restore to the selected regionInitiating failover of the geo-replicated databasesApplication DR drills

Roles and responsibilities

Reads are completed at the primary

Writes are replicated to secondaries

DB

Single LogicalDatabase

P

SS WriteWrite

AckAck

ReadValue WriteAck

P

S

S

S

P

High availability platform

• Critical capabilities:Create new

replicaSynchronize

data Stay consistentDetect failuresFail over99.99%

availability

Point In Time RestoreAutomatic BackupFull backups weekly, diff backup daily, log backups every 5 minDaily and weekly backups automatically uploaded to geo-redundant Azure Storage

Self-service restoreREST API, PowerShell or PortalCreates a new database in the same logical server

Tiered Retention PolicyBasic - 7 daysStandard - 14 daysPremium - 35 days

sabcp01bl21

sabcp02bl21

sabcp03bl21

Restore as a new

database from local backups

LS XYZ

Copy backups to Azure Storage

DB

DB1

RA-GRS

Backups

Backups

US East

US Westsabcp01bl21

sabcp02bl21 sabcp03bl2

1

LS ABC

Restore to any server

when needed

US West

DB

sabcp01bl21

sabcp02bl21 sabcp03bl2

1

LS XYZ

Automatic copies of

daily backups

DB

RA-GRSRA-GRS

Storage geo-replication

• Self-service restore API• Restores last daily backup• No extra cost, no capacity guarantee• RTO>=24h, RPO=24h• Database URL will change after restore

Geo-restore

East US

LS ABC

Failover and activation of secondary

(during incident)

West US

DB

LS XYZ

DB

Geo-replication

• RTO<2h, RPO<30m • REST and PowerShell API to opt-in and failover• Automatic data replication and synchronization• DMV+REST to monitor and guide failover decisions• Single offline secondary with matching performance level in the DR

paired region

North Central US

LS OPQ

DB

Standard geo-replication

Geo-replication

LS ABC

South Central US

West US

Failover and activation of secondary (any time)

East US

Geo-re

plicat

ion

DB1

LS XYZ LS OPQ

• RTO<1h, RPO<5m• REST and PowerShell API to opt-in and

failover• DMV+REST to monitor and guide failover

decisions• Automatic data replication and

synchronization• Up to 4 online secondary databases with

matching performance level in any region

DB1 DB1.old

North Central US

LS DFE

DB1

Geo-replic

ation

Geo-replication

DB1

Active Geo-replication

DEMO

Point in time restore and geo-replication

Auditing

Why Auditing?Regulatory compliance - A massive demand for cloud application to meet regulatory compliance recommended by regulating/auditing authorities (PCI-DSS, SOX,

HIPAA)Security incidents - DBAs and security officers wish to gain insight into discrepancies and anomalies that could indicate business concerns or suspected security violationsOperational Insights - Stakeholders are increasingly focusing on

understanding database activity

Auditing - Overview

Where to start?

Auditing - Overview

Retain Report Insights

New Auditing Feature in Azure SQL DBConfigurable to track & log database

activity

Dashboard views in the portal for at-a-glance insights

Interactive & customizable Power View and Power Pivot reports for deep analysis on Audit log data

Audit logs reside in your Azure Storage account

Available in Basic, Standard, and Premium

SQL Database

Auditing

Auditlog

Application data

Azure Storage

Setting up AuditingServer Default Per DB

Server

DB1

DB2

DB3

Combination of the two…

Azure Table

Default

Policy

*-------

*-------

*-------

*-------

Server

DB1

DB2

DB3

Azure Table

DB Policy

*-------

*-------

DB Policy

*-------

*-------

DB Policy

*-------

*-------

Demo

Azure SQL DB - Auditing

Related content

Find Me Later At. . . Wednesday, October 29 - 8:00 PM-11:00 PM

Country Drinks, Barceloneta Beach

Thursday, October 30 - 6:30 PM-8:00 PM

Ask the Experts, Hall 5

Related Sessions:DBI-B315: Microsoft Azure SQL Database Performance and Scale Out Deep Dive

Signup to Auditing Preview

Track resources

Get started with Auditing in Azure SQL DB

Auditing in Azure SQL Database

Download Excel Template

27 Hands on Labs + 8 Instructor Led Labs in Hall 7

DBI Track resources

Free SQL Server 2014 Technical Overview e-book

microsoft.com/sqlserver and Amazon Kindle StoreFree online training at Microsoft Virtual Academy

microsoftvirtualacademy.com Try new Azure data services previews!Azure Machine Learning, DocumentDB, and Stream Analytics

Resources

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

Developer Network

http://developer.microsoft.com

TechNet

Resources for IT Professionals

http://microsoft.com/technet

Sessions on Demand

http://channel9.msdn.com/Events/TechEd

Please Complete An Evaluation FormYour input is important!TechEd Schedule Builder CommNet station or PC

TechEd Mobile appPhone or Tablet

QR code

Evaluate this session

© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.