Presentation is loading. Please wait.

Presentation is loading. Please wait.

Policy Based Management: Introduction & implementation

Published byBaldwin Simon Modified over 6 years ago

Similar presentations

Presentation on theme: "Policy Based Management: Introduction & implementation"— Presentation transcript:

1 Policy Based Management: Introduction & implementation
Done! With Ryan Brickey

2 Done!

3 Who is this guy? Ryan Brickey Networking SQL Saturday speaker
MCITP: SQL Server Database Administrator 2008 (since 2012) Wells Fargo: Database Analyst (2013 – present) SQL Sentry: Software Support Engineer (2010 – 2013) Living Well Health Solutions: Data Analyst (2007 – 2010) Networking SQLBrickey Done!

4 What are we going to look at
What is Policy-Based Management My business case for using with Policy-Based Management Benefits Terms and concepts Scenario breakdowns DEMO Implementation architecture Recap / Questions Resources Done!

5 Before we start….. How many people have never used Policy-Based Management? Who is currently using Policy-Based Management in some way?

6 What is Policy-Based Management
The ability to evaluate policies (rules) against SQL Server instance(s) in an environment When was it introduced? SQL Server 2008 Can be created via GUI / T-SQL

7 My Business case for using policies
Why did I start using policies? Annual SQL Server policy updates New servers coming online that needed to comply with policies Audit-Prep How did I get started? Trial and error PASS Summit Blogs – links included at the end Done!

8 Benefits of Policies based mgmt.
Compliance / Audit Prep Consistent Implementation Removes tribal knowledge Cost / Time Great Performance Review / Bonus / Raise

9 Key Terms & Concepts Facet: Set of logical properties which can be evaluated Condition: Expression that sets or compares a facet to a value Policy: Evaluates configured condition(s) in an environment Evaluation modes: On Demand – Ad-Hoc On Schedule – Scheduled through Agent job On Change: Prevent DDL events ONLY Requires the enabled nested triggers feature on SQL Server On Change: Log only On Demand > ad-hoc / On Schedule > agent job / On Change: Prevent > DDL trigger / On Change: Log > Event Notifications Policy must include: name / target / facet / condition / eval mode

10 Scenario - 1 We want to audit all servers to make sure that the SA account is disabled. Policy: Confirm that the ‘SA’ account is disabled by comparing the Login = ‘SA’ condition to the Login Option – IsDisabled = True condition Condition: Login – Name = ‘SA Login Option – IsDisabled = True Facet: Login Login Options On Demand > ad-hoc / On Schedule > agent job / On Change: Prevent > DDL trigger / On Change: Log > Event Notifications Policy must include: name / target / facet / condition / eval mode

11 Scenario - 1 We want to audit all servers to make sure that the SA account is disabled. Policy: Confirm that the account is disabled Condition: Login = ‘SA; Login Option = Disabled Facet: Login Login Options On Demand > ad-hoc / On Schedule > agent job / On Change: Prevent > DDL trigger / On Change: Log > Event Notifications Policy must include: name / target / facet / condition / eval mode

12 Scenario - 1 We want to audit all servers to make sure that the SA account is disabled. Policy: Confirm that the account is disabled Condition: Login = ‘SA; Login Option = Disabled Facet: Login Login Options On Demand > ad-hoc / On Schedule > agent job / On Change: Prevent > DDL trigger / On Change: Log > Event Notifications Policy must include: name / target / facet / condition / eval mode

13 Scenario - 1 We want to audit all servers to make sure that the SA account is disabled. Policy: Confirm that the account is disabled Condition: Login = ‘SA; Login Option = Disabled Facet: Login Login Options On Demand > ad-hoc / On Schedule > agent job / On Change: Prevent > DDL trigger / On Change: Log > Event Notifications Policy must include: name / target / facet / condition / eval mode

14 Scenario - 1 We want to audit all servers to make sure that the SA account is disabled. Policy: Confirm that the account is disabled Condition: Login = ‘SA; Login Option = Disabled Facet: Login Login Options On Demand > ad-hoc / On Schedule > agent job / On Change: Prevent > DDL trigger / On Change: Log > Event Notifications Policy must include: name / target / facet / condition / eval mode

15 Scenario - 1 We want to audit all servers to make sure that the SA account is disabled. Policy: Confirm that the account is disabled Condition: Login = ‘SA; Login Option = Disabled Facet: Login Login Options On Demand > ad-hoc / On Schedule > agent job / On Change: Prevent > DDL trigger / On Change: Log > Event Notifications Policy must include: name / target / facet / condition / eval mode

16 Scenario - 1 We want to audit all servers to make sure that the SA account is disabled. Policy: Confirm that the account is disabled Condition: Login = ‘SA; Login Option = Disabled Facet: Login Login Options On Demand > ad-hoc / On Schedule > agent job / On Change: Prevent > DDL trigger / On Change: Log > Event Notifications Policy must include: name / target / facet / condition / eval mode

17 Scenario - 2 Due to performance concerns we must ensure that Auto-Shrink is disabled. Policy: Verify Auto-Shrink is disabled against all databases Condition: Auto-Shrink = False Facet: Database On Demand > ad-hoc / On Schedule > agent job / On Change: Prevent > DDL trigger / On Change: Log > Event Notifications Policy must include: name / target / facet / condition / eval mode

18 Scenario - 3 New naming convention to use RPT schema to qualify all reporting stored procedures and remove ‘rpt%’ from the names. Policy: Verify that no current stored procedures begin with ‘rpt’ and no NEW stored procedures begin with ‘rpt’ Condition: Procedure names are not like ‘rpt%’ Facet: Stored Procedure USE [RVS_VIP] GO CREATE PROCEDURE [dbo].[rpt_TestPolicy] AS BEGIN SET NOCOUNT ON; select * FROM MIDE.APPR WHERE APPR_RCV_DT >= GETDATE()-30 END

19 USE [RVS_VIP] GO CREATE PROCEDURE [dbo].[rpt_TestPolicy] AS BEGIN SET NOCOUNT ON; select * FROM MIDE.APPR WHERE APPR_RCV_DT >= GETDATE()-30 END

20 Implementation Architecture
Locally Managed Policies Allows for policies specific to the server hosting it Supports evaluation modes: On Demand; On Schedule, On Change – Prevent; and On Change - Log only Central Management Server (CMS) Leverages registered servers Offers ability to evaluate multiple servers at once Provides central location for all policies Supports evaluation mode: On Demand

21 Implementation Architecture
Locally Managed Policies On Demand SSMS > Object Explorer

22 Implementation Architecture
Locally Managed Policies On Demand SSMS > Object Explorer On Schedule Policy Properties

23 Implementation Architecture
Locally Managed Policies On Demand SSMS > Object Explorer On Schedule Policy Properties On Change: Prevent On Change: Log Only

24 Implementation Architecture
Central Management Server (CMS) On Demand – All registered servers SSMS > Registered Servers

25 USE [RVS_VIP] GO CREATE PROCEDURE [dbo].[rpt_TestPolicy] AS BEGIN SET NOCOUNT ON; select * FROM MIDE.APPR WHERE APPR_RCV_DT >= GETDATE()-30 END

26 Potential policies & Uses
Auto Shrink Disabled Authentication Mode SQL Password Expiration SQL Password Policy Guest Permissions Last Backup Time Enforce Naming Convention Database Compatibility Level Database Encryption Is Trustworthy Option Login Auditing Database Mail Enabled Extended Stored Procedures Disabled Backup Compression Agent jobs have notification on failure Monitor SQL Agent Jobs Leveraging PowerShell to Schedule OnDemand Evlauations against CMS registered groups!!!

27 Links/Scripts Books Online:
Jens Suessmeyer Colin Stasuik: Author: Pro SQL Server Policy Based Management Ryan Adams Policy-Based Management White Paper ( CMS White Paper ( Enterprise Policy Management

28 Thanks Everyone slide deck is available on SQLSaturday
Thanks Everyone slide deck is available on SQLSaturday.com & Please complete a survey 10th chair

Download ppt "Policy Based Management: Introduction & implementation"

Similar presentations

Your Data Any Place, Any Time Manageability. SQL Server 2008 Manageability Challenges Challenges face database administrators today : Managing complex.

Your Data Any Place, Any Time Manageability. SQL Server 2008 Manageability Challenges Challenges face database administrators today : Managing complex.
Module 12: Auditing SQL Server Environments

Module 12: Auditing SQL Server Environments
Week 6: Chapter 6 Agenda Automation of SQL Server tasks using: SQL Server Agent Scheduling Scripting Technologies.

Week 6: Chapter 6 Agenda Automation of SQL Server tasks using: SQL Server Agent Scheduling Scripting Technologies.
Brian Alderman | MCT, CEO / Founder of MicroTechPoint Pete Harris | Microsoft Senior Content Publisher.

Brian Alderman | MCT, CEO / Founder of MicroTechPoint Pete Harris | Microsoft Senior Content Publisher.
Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.

Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.
1 Introduction 2 SQL Server 2008 Policy-Based Management Central Management Servers Extending with Windows PowerShell.

1 Introduction 2 SQL Server 2008 Policy-Based Management Central Management Servers Extending with Windows PowerShell.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Administering Your.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Administering Your.
VMware vCenter Server Module 4.

VMware vCenter Server Module 4.
Chapter 10.

Chapter 10.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Maintaining a Microsoft SQL Server 2008 Database SQLServer-Training.com.

Maintaining a Microsoft SQL Server 2008 Database SQLServer-Training.com.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
DONE-10: Adminserver Survival Tips Brian Bowman Product Manager, Data Management Group.

DONE-10: Adminserver Survival Tips Brian Bowman Product Manager, Data Management Group.
It is one of the techniques to create a stand by server. Introduced in SQL 2000,enhanced in 2005. It is a High Availability as well as Disaster recovery.

It is one of the techniques to create a stand by server. Introduced in SQL 2000,enhanced in It is a High Availability as well as Disaster recovery.
CSI-E Computer Security Investigator – Enterprise.

CSI-E Computer Security Investigator – Enterprise.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide.

Chapter 6 : Designing SQL Server Service-Level Security MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide.
Chokchai Junchey Microsoft Product Specialist Certified Technical Training Center.

Chokchai Junchey Microsoft Product Specialist Certified Technical Training Center.

Similar presentations

Ads by Google