SQL Azure DatabaseUnder the hood
Jeff CurrierSenior Dev LeadMicrosoft Corporation
SVC12
Agenda> Service Review> SQL Azure Architecture & Workflows> Service Resilience> Service Monitoring > Attack Vectors/Security considerations> Wrap up
Review – Conceptual model> Subscription
> Used to map service usage to the billing instrument
> Users may have many subscriptions> Logical Server
> Akin to SQL Server Instance> Unit of Geo-Location & Billing> 1:1 Subscription & server
> User Database> Restricted T-SQL surface area> Additional catalog views provided e.g.
sys.billing, sys.firewall_rules, etc
SQL Azure Network TopologyApplicatio
nInternetAzure Cloud
LB
TDS (tcp)
TDS (tcp)
TDS (tcp)
Applications use standard SQL client libraries: ODBC, ADO.Net, PHP, …
Load balancer forwards ‘sticky’ sessions to TDS protocol tier
Security Boundary
SQL SQL SQL SQL SQLSQL
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway
Gateway: TDS protocol gateway, enforces AUTHN/AUTHZ policy; proxy to CloudDB
Scalability and Availability: Fabric, Failover, Replication, and Load balancing
TDS Gateway> TDS Listener
> Capability negotiation> TDS Packet inspection> Security
> Logical->Physical mapping via metadata catalog
> Enabler for multi-tenet capabilities> Isolation layer
TDS Gateway LayeringGateway Process
TDS Endpoint AdminSvc Endpoint
Protocol Parser
Provisioning Endpoint
Business Logic Services
Connection Mgmt
SQL SQL SQL SQL SQLSQL
Scalability and Availability: Fabric, Failover, Replication, and Load balancing
Provisioning > Subscription
> Coordinated across all Azure services> Executed in parallel w/retries
> Server> May occur between data centers> Point where Geo-location is established
> Database> Always occurs within a single data center> Cross node operations executed during this
process e.g. add new db to sys.databases on the master
Server Provisioning> Driven by administrator Portal> Provision request is sent to
Gateway>Metadata catalog entry created>DNS record (CNAME) created
within LiveDNS service>Master DB created
> On completion metadata catalog updated
Datacenter (Sub-Region)
SQL Azure Server Provisioning
Customer Browser
Portal LB
1
Front-end Node
Live DNS ClusterLive DNS
Svc
2 4
Gateway
Backend Node
Mgmt. Service
s
SQL ServerFabric
Backend Node Backend Node
Mgmt. Service
s
SQL ServerFabric
Mgmt. Service
s
SQL ServerFabric
Front-end NodeGateway
Front-end NodeAdmin Portal
Front-end NodeAdmin Portal
3
Gateway LB5
6
7
Database Provisioning> Gateway performs stateful TDS packet
inspection> Picks out subset of messages> Parses out args for create database
> Makes entry into Gateway metadata catalog> Unused replica set located and reserved> Replica set (UserDB) is prepped for use > Metadata catalog is updated
SQL Azure Database provisioningTDS GatewayFront-end Node
Protocol Parser
Gateway Logic
Master Cluster
Master Node
Master Node Components
1
23
5 67
Scalability and Availability: Fabric, Failover, Replication, and Load balancingScalability and Availability: Fabric, Failover, Replication, and Load balancing
4
8
TDS Session
Backend Node 1SQL Instance
SQL DB
Backend Node 2SQL Instance
SQL DB
Backend Node 3SQL Instance
SQL DB
SQL Azure Login Process> Login request arrives at the Gateway> Gateway locates MasterDb & UserDb
replica sets> Credentials are validated against
MasterDb> TDS session is opened to UserDB and
requests are forwarded
SQL Azure Login ProcessTDS GatewayFront-end Node
Protocol Parser
Gateway Logic
Global Partition Map
Master Node
Master Node Components
1
2
4 5
6
Scalability and Availability: Fabric, Failover, Replication, and Load balancingScalability and Availability: Fabric, Failover, Replication, and Load balancing
3
7
TDS Session
Backend Node 1SQL Instance
SQL DB
Backend Node 2SQL Instance
SQL DB
Backend Node 3SQL Instance
SQL DB
8
Service Resilience> Provisioning
> State machines used to coordinate activities across node (and datacenter) boundaries
> Failed provisioning attempts cleaned automatically after 10 minutes
> Login> Failovers during the login will be transparent
(<30 seconds)> Metadata catalog refresh occurs automatically
> Active Session> Surface as connection drops (due to state)
Monitoring Service Health> Metrics
> Cluster wide performance counters gather key metrics on the service
> Used to alert Operations to issues before they become a problem> Early warning system> Code issues> Capacity warnings
> Health> Exercises the service routinely looking for problems> When issues are encountered runs deep diagnostics
> Network connectivity at the node level> Validate all dependent services (Live DNS, Live ID, etc)
> Monitoring from other MSFT DC’s> Validates accessibility from multiple geographic locations> Alerts fired automatically when test jobs fail
Security/Attack Considerations> Service
> Secure channel required (SSL)> Denial Of Service trend tracking> Packet Inspection
> Server > IP allow list (Firewall) > Idle connection culling> Generated server names
> Database> Disallow the most commonly attacked user
id’s (SA, Admin, root, guest, etc) > Standard SQL Authn/Authz mode
Wrap Up> Reviewed SQL Azure Architecture &
Workflows> Provisioning (Server & DB)> Login
> Service Resilience & Health> Failure detection and correction> How we determine service health
> Security considerations> Attack vectors and mitigations
> Questions?
YOUR FEEDBACK IS IMPORTANT TO US! Please fill out session evaluation
forms online atMicrosoftPDC.com
Learn More On Channel 9> Expand your PDC experience through
Channel 9.
> Explore videos, hands-on labs, sample code and demos through the new Channel 9 training courses.
channel9.msdn.com/learnBuilt by Developers for Developers….
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.