Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managed Instance – Dark Secrets

Published byEdith Hardy Modified over 6 years ago

Similar presentations

Presentation on theme: "Managed Instance – Dark Secrets"— Presentation transcript:

1

2 Managed Instance – Dark Secrets
Session Managed Instance – Dark Secrets Jovan Popovic Microsoft Development Center Serbia

3 Agenda Introducing Azure SQL Managed Instance Architecture
Migration to Managed Instance

4 We take care of your database chores
6/27/ :37 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. PaaS benefits Your work so far How SQL Database helps Hardware purchasing and management Built-in scale on-demand Protect data with backups (with health checks and retention) Built-in point-in-time restore High availability implementation Built-in 99.99% SLA and auto-failover Disaster recovery implementation Built-in geo-redundancy and geo-replication Ensure compliance with standards on your own Built-in easy to use features Secure your data from malicious users and mistakes Role out updates and upgrades Built-in updates and upgrades Monitor, troubleshoot, and manage at scale Tune and maintain for predictable performance In addition to the built-in intelligence, Azure SQL Database is a fully-managed service, which means Microsoft operates SQL Server for customers and ensures availability and performance. Features that come with SQL Database include, but are not limited to: provisioning and resizing (w/ Azure Portal experience), built-in auto HA (99.99%), automatic backup, point-in-time-restore (database-level), and active geo-replication. Because Microsoft assumes much of the daily maintenance, administration and infrastructure costs, your customer’s IT organization can quickly realize cost and operational benefits that they may not have otherwise experienced with their on-premises or hosted solution. In fact, Microsoft commissioned a study with Forrester Consulting that found that organizations who modernized their databases from SQL Server to SQL Database Managed Instance realized up to a 212% ROI over three years.1 1The Total Economic Impact of Microsoft Azure SQL Database Managed Instance, Forrester Consulting, September 2018 We take care of your database chores

5 Modernization opportunities
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. Build 2015 6/27/ :37 AM Modernization opportunities Platform (as a Service) Infrastructure (as a Service) On-premises Intelligent performance/security On-premise costs tends to be driven by hardware and data center management costs Infrastructure-as-a-Service reduces cost categories related to data center and compute Platform-as-a-Service off-loads customers’ most administrative tasks to Azure, further improving efficiency with machine-learning capabilities for performance and security Managed Instance: instance-level deployment for lift-shift existing apps to Azure, fully backward compatible Single database: database-level deployment for new apps Applications Applications Applications Data Data Data High availability /DR/Backups High availability /DR/Backups High Availability/ DR/Backups Database Provision/ Patch/Scaling Database Provision/ Patch/Scaling Database Provision/ Patch/Scaling O/S provision /patching O/S O/S Virtualization Virtualization Virtualization Hardware Hardware Hardware Datacenter Management Datacenter Management Datacenter Management SQL Server 2017/2019 Azure SQL VMs Azure SQL Database (Managed Instance, Single DB) Managed by customer Managed by Microsoft Machine-learning capability

6 Azure SQL PaaS options Azure SQL Database
Single Elastic Pool Managed Instance Database-scoped deployment option with predictable workload performance Shared resource model optimized for greater efficiency of multi-tenant applications Instance-scoped deployment option with high compatibility with SQL Server and full PaaS benefits Best for apps that require resource guarantee at database level Best for SaaS apps with multiple databases that can share resources at database level, achieving better cost efficiency Best for modernization at scale with low friction and effort Introducing Azure SQL Database Managed Instance SQL Database Managed Instance is an expansion of the existing SQL Database service designed to enable database migration to a fully-managed database service, without re-designing the application. It’s important to note that Managed Instance isn’t a new service – it is a third resource type within Azure SQL Database, sitting alongside single databases and elastic pools. As part of Azure SQL Database, Microsoft’s fully managed cloud database service, it inherits all its built-in features. Each standalone database is assigned a certain amount of resources via performance tiers: Basic, Standard, and Premium. The emphasis of this offering focuses on a simplified database-scoped programming model and applications with a predictable pattern and relatively stable workload. An elastic database pool is a shared resource model that enables higher resource utilization efficiency, and all the databases within an elastic pool share predefined resources within the same pool. The emphasis of this offering is on a simplified database-scoped programming model for multi-tenant SaaS apps. The workload pattern is well-defined and is highly cost-effective in multi-tenant scenarios. For ISVs with SaaS apps, the savings can be significant, in the hundreds of thousands of dollars or more. A SQL Database Managed Instance offers a simplified instance-scoped programming model that is like an on-premises SQL Server instance. The databases in a SQL Database Managed Instance share the resources allocated to the Managed Instance, and the Managed Instance also represents the management grouping for these databases. The emphasis of this offering is on high compatibility with the programming model of an on-premises SQL Server and out-of-box support for a large majority of SQL Server features and accompanying tools/services.

7 Why Managed Instance? CLR? RESTORE?
Cloud migration requires some changes. There are dependencies on the existing features. SQL Agent? Lift & shift Fully managed Isolation Business model Fully-fledged SQL instance with nearly 100% compatibility with on-prem SQL Server High availability Backups All PaaS features Native VNET implementation Private IP addresses Competitive Transparent Frictionless

8 Isolation and connectivity of Managed Instance
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. 6/27/ :37 AM Isolation and connectivity of Managed Instance Web app (public IP) IaaS hosted app App subnet VNet 2 VPN/Express route gateway VNet-to- VNet Management access Network isolation (customer VNET) SQL instance #1 SQL instance #2 Tenant isolation (virtual private cluster) SQL instance #3 MI Subnet See Key points: Enable full isolation from other tenants without resource sharing Promote secure communication over private IP addresses with native VNET integration Enable your on-premise identities on cloud instances, through integration with Azure Active Directory and AD Connect To two levels of isolation are provided: Cluster (tenant ring) level: Managed Instances for a tenant are fully isolated from other tenants. No connectivity or resource sharing is possible between different tenants. Networking level: joining instances to a subnet in a VNET and restricting access to private IP addresses only provides full isolation from public Internet. SQL Database Managed Instance provides complete workload isolation of your workloads through native VNET support. We use virtual data clusters to describe the degree of isolation that customer workloads will experience with SQL Database Managed Instance. During service provisioning (on Azure Portal or through REST API), you can choose the virtual network (VNET) and the subnet to achieve full networking isolation for your Managed Instances. Once created, instances in the VNET can be reached using Azure networking mechanisms (VPN and Express Route gateways). VNet On-premises

9 We assume breach… Virtual cluster VNet TLS ILB Virtual cluster TLS TLS
© Microsoft Corporation VNet Virtual cluster SQL VM GW VM TDS endpoint  (Private IP) ILB TLS GW Windows Firewall mymi.<clusterid>.database.windows.net Azure VM SQL Server DB Engine TLS TLS GW LB SQL Management (Public IP) Management Agent We assume breach… Enhanced monitoring of our Azure Assets Collection of low-fidelity anomalous activity (automated hunting) Monitoring PERF for traits of crypto currency mining … and large set of other detections that we don’t talk about publicly Attack team, SQL Red Team, tries to get in, gain a foothold, escalate privileges, and maintain persistence SQL Blue Team practices defense-in-depth When we detect something, e.g., failed login attempts, we defend… If it involves customer, we will notify Many times this is the customer’s own security and compliance scanners!  SQL Management (public IP) TDS endpoint (private IP)

10 General Purpose Business Critical Hyper Scale Service tiers
Generic workloads Business Critical Low-latency workloads Fast recovery Free read-only replica Hyper Scale VLDB (~100TB) OLTP workloads Read-only replicas

11 General Purpose Architecture
Active compute node Cloud Database Architecture Separation of compute and storage Stateless compute VM TempDB on local Azure Premium Storage Replicated remote files Redundant node Scaled node Disk size 128 GiB 256 GiB 512 GB 1 TiB 2 TB IOPS per blob 500 1100 2300 5000 7500 Throughput per blob 100 MiB/sec 125 MiB/sec 150 MiB/sec 200 MiB/sec 250 MiB/sec Azure storage account

12 General Guidelines Short transactions Batch updates
Table/index partitioning Potentially higher RTO (Preview) Accelerated database recovery

13 Business Critical Architecture
Primary endpoint (read-write) All databases on local SSD Failed node is replaced with the spare - Seeding populated state on local SSD Transaction processing - Primary replica is updated - Log record sent to all secondaries - 2 of 3 nodes must acknowledge - Update is confirmed - All secondaries apply log record - Avg. latency < 3ms Always On AG Super-fast SSD Secondary replica Primary replica Secondary replica Spare node Secondary replica Secondary replica Secondary endpoint (read-only)

14 Business Critical – Upgrade SLO
Primary endpoint (read-write) Always On AG Always On AG Super-fast SSD Super-fast SSD Secondary replica Primary replica Secondary replica Primary replica Secondary replica Secondary replica Secondary replica Secondary replica Secondary endpoint (read-only)

15 HyperScale (H2 2019) 100 TB storage Snapshot backups SQL SQL SQL …..
Read Only RBPEX Data Cache Secondary Compute sqlservr.exe RBPEX Data Cache Secondary Compute sqlservr.exe RBPEX Data Cache Primary Compute sqlservr.exe RBPEX Data Cache Secondary Compute sqlservr.exe Log Service Compute Log Cache Page Servers 1 TB data file Covering RBPEX Data Cache SQL SQL SQL Covering RBPEX Data Cache ….. Covering RBPEX Data Cache 1 TB data file 1 TB data file 100 TB storage Snapshot backups Data Pages Data Pages Data Pages ….. Data Pages File Snapshots File Snapshots File Snapshots Azure Storage

16 Migration Assessment Assessment Environment check Full Recovery Model
Data Migration Assistant Benchmark tools/HammerDB Migration Native restore Data Migration Service Transactional Replication Assessment Full Recovery Model Transparent Data Encryption Memory/CPU ratio Small log files Compatibility level Legacy cardinality estimator Windows authentication

17 SQL Server on VM/on-prem
Native RESTORE – Offline Migration SQL Instance SQL Server on VM/on-prem 2 RESTORE 1 BACKUP TO AZURE storage account MANAGED RESTORE 3 Management Service

18 Migrate Server objects - @psdbatools
6/27/ :37 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. Migrate Server objects Install-Module dbatools Copy-DbaSysDbUserObject -Source $src -Destination $dest Copy-DbaDbMail -Source $src -Destination $dest Copy-DbaAgentOperator -Source $src -Destination $dest Copy-DbaAgentJobCategory -Source $src -Destination $dest Copy-DbaAgentSchedule -Source $src -Destination $dest Copy-DbaAgentJob -Source $src -Destination $dest Get-DbaLogin -SqlInstance $src -SqlCredential $srcLogin | Where-Object { $_.LoginType -eq "SqlLogin" -and $_.IsDisabled -ne $true } | Copy-DbaLogin -Destination $dest -DestinationSqlCredential $destLogin -ExcludeSystemLogins

19 DMS – Online Migration 1 Provide existing backups in network share
Virtual Network ( VNET ) Subnet used for MI 4 Azure Blob Storage 2 Azure Subnet used for DMS 1 SQL DB Managed Instance Provide existing backups in network share 3 2 DMS upload backup files to Azure storage 3 DMS initiate the migration to Azure SQL MI 4 Full backup restored and Transaction log backups continuously applied until cutover SMB Network Share 1 On-Premises Provide Tail-Log backup, initiate cutover in DMS and change the application connection strings

20 Transactional Replication – Online Migration

21 Tran. Repl. – Migration from instance

22 Maintenance tools Database engine Management tools
Query store, DMV, Xevent Automatic tuning/plan correction Management tools Azure CLI, AzureRm.Sql PowerShell PsDbaTools Maintenance scripts (community) Index maintenance solution (Ola Hallengren) Adaptive Index defrag (Sql Tiger tools) First Responder Kit BpCheck (Sql Tiger Tools)

23 Questions? jovanpop@microsoft.com Twitter: @jovanpop_msft
sqlcommunity.slack.com #azure-sql-managedinstance SQL Managed Instance Feedback Azure SQL Database Documentation

Download ppt "Managed Instance – Dark Secrets"

Similar presentations

Low Control | Low Maintenance Shared Lower cost Dedicated Higher cost High Control | High Maintenance Hybrid On premises Off premises SQL Server Physical.

Low Control | Low Maintenance Shared Lower cost Dedicated Higher cost High Control | High Maintenance Hybrid On premises Off premises SQL Server Physical.
Windows Azure Migrating Applications and Workloads Speaker Title Organization.

Windows Azure Migrating Applications and Workloads Speaker Title Organization.
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.

20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
Hosting Websites and Web Applications with Microsoft ® SQL Server ® 2008.

Hosting Websites and Web Applications with Microsoft ® SQL Server ® 2008.
Brian Lauge Pedersen Senior DataCenter Technology Specialist Microsoft Danmark.

Brian Lauge Pedersen Senior DataCenter Technology Specialist Microsoft Danmark.
Microsoft Dynamics NAV Dynamics NAV 2016 one Azure SQL Dmitry Chadayev Microsoft.

Microsoft Dynamics NAV Dynamics NAV 2016 one Azure SQL Dmitry Chadayev Microsoft.
Architecting Enterprise Workloads on AWS Mike Pfeiffer.

Architecting Enterprise Workloads on AWS Mike Pfeiffer.
Clouding with Microsoft Azure

Clouding with Microsoft Azure
Migrate SQL Server Apps to SQL Azure Cloud DB

Migrate SQL Server Apps to SQL Azure Cloud DB
Calgary Oracle User Group

Calgary Oracle User Group
Microsoft Azure Speed >> Economics Scale. Microsoft Azure Speed >> Economics Scale.

Microsoft Azure Speed >> Economics Scale. Microsoft Azure Speed >> Economics Scale.
Managing a database environment in the cloud

Managing a database environment in the cloud
Use relational database as a service

Use relational database as a service
Dev and Test Solution reference architecture.

Dev and Test Solution reference architecture.
1/26/2018 Hosting Windows Desktops and Applications Using Remote Desktop Services and Azure Windows Server 2016 + Azure Resource Manager © 2014 Microsoft.

1/26/2018 Hosting Windows Desktops and Applications Using Remote Desktop Services and Azure Windows Server Azure Resource Manager © 2014 Microsoft.
Azure Site Recovery For Hyper-V, VMware, and Physical Environments

Azure Site Recovery For Hyper-V, VMware, and Physical Environments
Run Azure Services in your datacenter

Run Azure Services in your datacenter
Chapter 6: Securing the Cloud

Chapter 6: Securing the Cloud
Business Continuity & Disaster Recovery

Business Continuity & Disaster Recovery
Scalable Web Apps Target this solution to brand leaders responsible for customer engagement and roll-out of global marketing campaigns. Implement scenarios.

Scalable Web Apps Target this solution to brand leaders responsible for customer engagement and roll-out of global marketing campaigns. Implement scenarios.

Similar presentations

Ads by Google