IDERA Slides: Managing the Transition to Hybrid Cloud

Rob Reinauer
Director, SQL Product Management
IDERA
November 19, 2019
Managing the transition
to Hybrid Cloud

Managing the transition to hybrid cloud
Topic Overview
• Private vs Public vs Hybrid Clouds
• Deployment Patterns for SQL Server In Cloud Environments
• Advantages and Risks of utilizing cloud infrastructure
• Performance
• Security
• Compliance
• Hybrid Cloud Design Challenges
• Cloud Network Connectivity
• Hybrid Cloud Network Connectivity
• Tools to help mitigate cloud deployment risks

• Public Cloud vs Private Cloud Environments
On premise
Private Cloud Environments
Hoster.
Azure / EC2 VMs Azure / EC2 Managed Database
Public Cloud Environments
VM
VM
VM
VM
VM
VM
VM
VM
Cloud Technology Overview

4
• Private Cloud Environments
• On premises management of server and storage farms to
achieve management efficiency and lower cost of ownership
• Cloud based servers, storage and network infrastructure
partitioned off from public cloud components.
• VMWare, System Center, Azure Stack
On premise
Hoster. Cloud Provider

• SQL Server In Public Cloud Environments
Azure VM / AWS EC2
IaaS
SQL Server
Instance
Database
Db1
Database
Db2
SQL Server
Agent
SQL Jobs
- Backup
- Defrag
3rd Party
Tools
SSMS
Azure SQL Managed Instance
Amazon RDS
(PaaS)
SQL Server
Instance
Database
Db1
Database
Db2
SQL Server
Agent
SQL Jobs
- Backup
- Defrag
Azure SQL Database
Single / Elastic Pool
(DBaaS)
Databases
Db1
DB2
DB3
DB4
Database
Db1
Database
Db2
• Essentially 100% compatibility with
private cloud deployments.
• SQL Agent & 3rd party tools available.
• Multi-database capable.
• VMs Deployed into subnets in Virtual
networks
• Greatly increased compatibility with
private cloud deployments.
• Multi-database capable
• SQL Agent available
• Azure MI Deployed into private
subnets in Virtual networks
• Fully managed database as a service.
• Somewhat constrained syntax
• Single databases or elastic pools
• No SQL Agent
• Service endpoints deployed into
subnets
Cloud VMs Managed Instances Cloud Database

On premise Hoster.
Public Cloud Environments
Azure / EC2 Managed Database
VM VM
VM
Cloud Provider
• Hybrid Cloud Environments
SQL
Server
Database
Database
SQL
Server
Database
Database
SQL
Server
Database
Database
SQL
Server
Database
Database
SQL
Server
Database
Database SQL
Server
Database
Database
SQL
Server
Database
Database
SQL
Server
Database
Database
SQL
Server
Database
Database
SQL
Server
Database
Database
VM
VM
VM
SQL
Server
Database
Database
VM
SQL
Server
Database
Database
VM
SQL
Server
Database
Database
Azure / EC2 Virtual Machines

The Business Necessity for Utilizing Cloud Infrastructure
For execution environment evaluation and optimization:
• Performance, Sizing, Capacity planning, short duration tests
Cloud infrastructure offers an easy order of magnitude increase in
productivity and agility.

For bursty, large scale environments:
Scenarios are enabled which just wouldn’t be practical in the data center
• Thousands of nodes built on Thurs
• Run analysis Friday and Saturday
• Tear down and discard Saturday night
Cost advantages can be obtained which just wouldn’t be possible on-prem

For bursty, large scale environments:
Scenarios are enabled which just wouldn’t be practical in the data center
• Thousands of nodes built on Wed
• Run analysis Thursday and Friday
• Tear down and discard Friday night
Cost advantages can be obtained which just wouldn’t be possible on-prem
Much of the agility and velocity advantages accrue because
development staff have the ability to implement changes directly.

11
• Performance and behavioral impacts and differences
• Data Security
• Certification of Regulatory Compliance
• Loss of the ultimate control of your data
• Potential for tool profusion and siloed monitoring environments
SQL Server deployments to the public cloud introduces
new complexities, and increased performance and data risks
Cloud Deployment Risk Elements

The Danger of Utilizing Cloud Infrastructure
• Cloud infrastructure provides elegant, easily accessible mechanisms to
setup and configure incredibly complex execution environments.
• Data Center computing is reasonably safe and reliable because of decades
of IT experience, largely informed by failures and bad outcomes.
• For cloud deployed infrastructure, these accepted IT procedures and best
practices are still evolving.
• Modern cloud infrastructures expose all aspects of an incredibly complex
execution environment.

Flexibility & Complexity: Network Elements For a Single VM
Network Interface

• Virtual Networks
• Azure: Azure Virtual Network
• Amazon: Virtual Private Cloud
• Address range isolated from other virtual networks
• Typically contain multiple subnets
• Can attach VPN gateways
• Subnets
• Provide traffic isolation within a virtual
private network
• Can have public facing IP address attached
• For can add Azure service endpoints
• CIDR address designations define subnets
Cloud Network Connectivity Overview
Azure / EC2 VMs
Vnet1 / Subnet 1
Azure / EC2 VMs
Vnet2 / Subnet 1
Virtual Private
Gateway
Virtual Network 1
Virtual Network 2

• Virtual Network Gateways
• Azure: Virtual Network Gateway
• Amazon: Routing tables & Services
• Allows communication between virtual networks
• Peering or VPN
• Azure Virtual Private Network (VPN) Gateways
• VPN Gateways – Utilize Internet
• ExpressRoute Gateways – Utilize Azure ExpressRoute
• Amazon AWS Virtual Private Gateways
• VPN Gateways – Utilize Internet
• Direct Connect Gateways – Utilize AWS Direct Connect
Virtual Network 1
Virtual Network 2
Azure / EC2 VMs
Vnet1 / Subnet 1
Azure / EC2 VMs
Vnet2 / Subnet 1
Virtual Private
Gateway

• Virtual Networks Addressing
• Definition of Virtual network specifies an IP address range
• Each member subnet contain subsets of that address space
• CIDR blocks define those address spaces
• Entities in different subnets within the same virtual network have routes to each
other
• Entities in different virtual networks, by default, do not have routes to each
other
Virtual Network 1
Azure / EC2 VMs
Subnet 1
VMa VMb VMc
Azure / EC2 VMs
Subnet 2
Address Space: 10.6.0.0/16 - 64K Addresses
Address Space: 10.6.0.0/20
4096 – 6 = 4090 addresses
256 – 5 = 251 addresses
VMd VMe VMf

9
• IPV4 CIDR Blocks
• CIDR: Classless Inter-Domain Routing
• V4 IP address is 32 bits
• CIDR blocks specify how many bits are assigned to the network prefix and how
many are assigned to host addresses
• The remaining bits after network prefix are bits for unique addresses
• Unique available address = 2(remaining bits) – overhead addresses
• For example:
• CIDR block: 200.100.10.0/24 indicates:
• 24 bits are assigned to the network prefix
• 32 – 24 = 8 bits provides for 256 unique host addresses
• CIDR block: 200.100.0.0/16 indicates:
• 16 bits are assigned to the network prefix
• 32 – 16 = 16 bits provides for 65,536 unique host addresses

Virtual Network 1
Azure / EC2 VMs
Subnet 1
VMa VMb VMc
Azure / EC2 VMs
Subnet 2
4096 – 6 = 4090 addresses
256 – 5 = 251 addresses
VMd VMe VMf
Virtual Network 2
Azure VMs
Subnet 1
VM1 VM2
Azure Managed Instance 1
Subnet 2
Address Space: 10.5.0.0/24 - 256 Addresses
16 – 5 = 11 addresses
• Peering between Virtual Networks
• Two Virtual Networks: 10.6.0.0/16 10.5.0.0/24
• Without a peering relationship: Vma-f cannot connect to VM1-2 or MI1

Creating a peering relationship
through the Azure Portal
• Executed between Vnets
• In the context of Vnet1 add peering
to Vnet2
• Status of peering will be initiated
• Then in the context of Vnet2 add
peering to Vnet1
• Status of peering will be connected

Virtual Network 1
Azure / EC2 VMs
Subnet 1
Peering
Relationship
VMa VMb VMc
Azure / EC2 VMs
Subnet 2
4096 – 6 = 4090 addresses
256 – 5 = 251 addresses
VMd VMe VMf
Virtual Network 2
Azure VMs
Subnet 1
VM1 VM2
Azure Managed Instance 1
Subnet 2
Address Space: 10.5.0.0/24 - 256 Addresses

Internet
Private Network
Connection
Locale
Cloud Provider /
Partner Private
Network
Customer
Provided Private
Network
Connection
Public Network Connectivity
Private Network Connectivity
Cloud Provider
ISP networks
Customer ISP
network
• Public Networks
• Internet
• Private Networks
• Azure ExpressRoute
• AWS Direct Connect
Hybrid Cloud Network Connectivity – decisions:
• VPN protocols:
• OpenVPN
• Secure Socket Tunneling Protocol
• IKEv2
• VPN Appliances
• Software vs Hardware
Virtual Network 1
Virtual Network 2
Azure / EC2 VMs
Vnet1 / Subnet 1
Azure / EC2 VMs
Vnet2 / Subnet 1
Virtual Private
Gateway

• Hub & spoke architectures
• Virtual Network dedicated to Azure or AWS account
• VPN tunnels can be overlaid for fully secure site to site communications
Site to Site traffic routed by
Virtual Private Gateway
Hybrid Cloud Network Connectivity
Virtual Network 1
Virtual Network 2
Azure / EC2 VMs
Vnet1 / Subnet 1
Azure / EC2 VMs
Vnet2 / Subnet 1
Virtual Private
Gateway

Azure ExpressRoute & AWS Direct Connect Termination Locales
Azure locales Amazon Locales
Hybrid Cloud Network Connectivity

• Migration of data and compute infrastructure to the cloud, can
obviously magnify existing but undiagnosed vulnerabilities.
• Within a corporate data center protected by firewalls, managed by
experienced IT staff, misconfigured or under secured servers and
storage often will have no impact what so ever.
• Many areas of exposure are not known and will not be known until
they are migrated to cloud infrastructure.
• The best practices and established IT procedures for Cloud deployed
infrastructures are still evolving.
The Danger of Utilizing Cloud Infrastructure

Generally speaking, the big three cloud infrastructure platforms have rock
solid security and reliability
• Through 2025, 99% of cloud security failures will be the customer’s fault.
• Through 2025, 90% of the organizations that fail to control public cloud
use will inappropriately share sensitive data.
• Through 2024, the majority of enterprises will continue to struggle with
appropriately measuring cloud security risks.
Is The Cloud Secure?
Gartner Research, October 10, 2019
The Danger of Utilizing Cloud Infrastructure ( The Real Concern )

The advantages are too compelling to ignore
• “CIOs need to ensure that their security teams are not holding back cloud
initiatives with unsubstantiated cloud security worries,”
• “Exaggerated fears can result in lost opportunity and inappropriate
spending.”
• When formulating a cloud computing strategy, organizations must make
calculated decisions about what they will and will not do to mitigate cloud
risks based on budget and risk appetite.
• Tools and automation are the key to managing cloud complexity
The costs for the risk mitigations should be included in the all up front cloud
strategy
The Danger of Not Utilizing Cloud Infrastructure

• Identify vulnerabilities in SQL Server deployments
• Harden security policies across all of your SQL Server Instances & databases
• Analyze and report on user permissions across database objects
• Deploy in cloud or in datacenter – monitor cloud or datacenter deployments or both
Identify Vulnerabilities
• Discover who has access to what
• Identify user’s effective rights across all SQL databases
• Browse and analyze all files, directories and registry
settings associated with SQL Server
• Determine ownership, explicit and inherited security
rights
Set Strong Security Policies
• View a complete history of SQL Server security settings
• Designate baselines for future comparison and forensic
analysis
Automated Security Snapshot capture
• Security snapshots captured on regular schedule
• Automated alerts and email notifications
configurable by severity of security findings
Prevent Security Violations
• Pre-defined templates leveraging CIS & MS Best
Practices Analyzer guidelines
• Identifies top security vulnerabilities on your
databases and servers
IDERA SQL Secure

• Deploy SQL Secure in the cloud or datacenter
• Monitor deployments in cloud, datacenter or both
IDERA SQL Secure Deployment Patterns
- Designed for the Hybrid Cloud -

• Audit sensitive data to see who did what, when, where and how
• Monitor and alert on suspicious activity to detect and diagnose
• Easily satisfy audits across multiple industry regulatory requirements
• Select from 25 pre-defined compliance reports as well as unlimited custom views
Audit sensitive data
• Discover and define the most sensitive data in your DB
• Audit this data and database operations down to the
column and field level
• Define sensitive data sets spanning multiple tables
Stop potential threats
• Track all access and changes to database data
• Evaluate query row counts
• Compare before and after data for all modifications
• Customize alerts and notifications on suspicious
activities
Pass regulatory audits with ease
• Preconfigured templates for GDPR, PCI DSS, DISA STIG,
NERC, CIS, SOX, HIPAA, FERPA help you meet
compliance requirements
Rich Reporting Capabilities
• 25 pre-defined compliance reports
• Developed with industry compliance experts to
address critical security auditing & compliance report
requirements.
• Flexible customization capabilities
• MS Reporting Services compatible
IDERA SQL Compliance Manager

Configuring SQL Server for compliance with regulatory
guidelines can be incredibly complex.
▪ SQL Compliance Manager makes regulatory
compliance configuration single button simple
The following compliance regulations are preconfigured:
▪ CIS Center for Internet Security
▪ SOX Sarbanes-Oxley
▪ HIPAA Health Insurance Portability and
Accountability
▪ PCI DSS Payment Card Data Security Standard
▪ DISA STIG Defense Information Security Agency
▪ NERC North American Electric Reliability
▪ FERPA Family Educational Rights & Privacy
▪ GDPR* General Data Protection Regulation
IDERA SQL Compliance Manager Regulatory Compliance Standards

• Deploy SQL Compliance Manager in the cloud or datacenter
• Audit deployments in cloud, datacenter or both
IDERA SQL Compliance Manager Deployment Patterns

Most storage volumes in Azure and AWS will be networked and virtualized
This results in sometimes different behaviors than on prem SANs
• Generally higher latency, but, often more deterministic than typical SAN
• Both bandwidth and IOPs are constrained on a per VM basis
• With block sizes relevant to SQL Server, IOPs typically hit before bandwidth
I/O virtualization provides some benefit on a per volume basis
• Larger volumes will provide benefits over smaller volumes
Attach multiple I/O channels to multiple volumes
• OS Level storage spaces and striped volumes scale almost linearly
Cloud Storage Technology Overview

Comparison of data read scaling by larger volumes vs striped volumes
• Incremental IOPs benefit from larger Azure volume sizes
• Near linear IOPs benefit from striping multiple volumes or filegroups

Comparison of data read scaling by striping volumes Azure vs on prem Direct Attached Storage
• Near linear IOPs growth for both Azure and DAS striped volumes
• Throughput grows at much slower rate for Azure vs DAS striped volumes

• Monitor hundreds of SQL Instances
• Receive instant notification of problems and alerts defined by templates or the administrator
• Drill down to instance level details and statistics
• Monitor & analyze queries and query plans to determine causes of blocks and deadlocks
• Deploy in cloud or in datacenter – Monitor deployments in cloud, datacenter or both
Managing SQL Server Performance, Health and Availability with IDERA DM for SQL Server
IDERA SQL Diagnostic Manager for SQL Server

Monitor and analyze continuously
• Detailed drill down for each instance
• SQL Server resource usage
• Statement, batch and transaction throughput by database
• Session details
• Lock waits
• Operating system performance details
Automated Alerting Infrastructure
• Predefined alert settings based on industry best
practices
• Automatically calibrated and configured baseline alerts
to minimize noise and false alerts
• Automated alert responses: email, SQL scripts,
PowerShell, and more.

Query plan viewer
• The interactive visual representation of queries enables
better drill down and understanding of query behavior.
• Quickly identify the costliest operators
Discover and display query bottlenecks
• View queries stripped of parameters or in full statement
mode
• Quickly compare CPU, Disk I/O and elapsed time
consumed by top queries
• Compare performance of queries over time
• Query store utilization provides more efficient and
detailed query history

Receive Expert Query Tuning Advice
• Award winning SQL Doctor capabilities built-in and
automated
• Quickly improve query performance through deep
tuning insights
• Updated for each new version of SQL Server
• Intuitive interface makes sophisticated tuning
decisions accessible to a broad range of users

• Deploy SQL Diagnostic Manager in the cloud or datacenter
• Monitor deployments in cloud, datacenter or both
IDERA SQL Diagnostic Manager Deployment Patterns

• Target backups to cloud VHDs, cloud buckets & BLOBs and Datacenter volumes
• Save time and space with dynamic compression and optional encryption
• Instant restore allows databases to go online in minutes while restore operations are still underway
• Deploy in cloud or in datacenter – backup cloud or datacenter deployments or both
Highest speed backups
• Advanced compression
• Multi-threaded, parallel volume write scheduling
Policy based automated backup, restore and log shipping
• Fully automated backup life cycle with defined
targets
Flexible cloud and data center backup & restore support
• Amazon EC2 and S3 buckets
• Azure VHDs and Blobs
• Tivoli Storage manager
• EMC
Tolerate and recover from cloud network latencies
• Backup and restore throttle and pause during
latencies
• Avoid excessive retries and time outs
Easy to use point-in-time
• Graphical time scale makes precise recoveries quick
and easy
• Identifies top security vulnerabilities on your
databases and servers
IDERA SQL Safe Backup

• Deploy SQL Safe Backup in the cloud or datacenter
• Target backups to cloud VHDs, cloud buckets & BLOBs as well as Datacenter storage systems
IDERA SQL Safe Backup Deployment Patterns

• SQL Secure scans and monitors SQL Server deployments for vulnerabilities
with instant notification of problematic settings.
• SQL Compliance Manager provides the ability to easily certify regulatory
compliance and pass data audits in both cloud and data center deployments.
• SQL Diagnostic Manager monitors 1000s of SQL Server Instances to provide
instant notification of problems, query degradation and detailed drilldown
and query analysis tools.
• SQL Safe Backup provides industry leading performance in backups and gets
SQL Server back online long before any other backup solutions on the market.
IDERA database management tools help manage the
complexities and mitigate the risks of cloud deployment

https://www.idera.com/productssolutions/it-database-management-tools
IDERA Database Management Tools For SQL Server

▪ All IDERA SQL products are available for free 14 day trial usage
▪ Live demos driven by IDERA Engineers on request
▪ Fully functional, no credit card or approvals required.
IDERA SQL Diagnostic Manager
https://www.idera.com/productssolutions/sqlserver/sqldiagnosticmanager#getStartedForm
IDERA SQL Compliance Manager
https://www.idera.com/productssolutions/sqlserver/sqlcompliancemanager/freetrialsubscriptionform
IDERA SQL Secure
https://www.idera.com/productssolutions/sqlserver/sqlsecure/freetrialsubscriptionform
IDERA SQL Safe Backup
https://www.idera.com/productssolutions/sqlserver/sqlsafebackup/freetrialsubscriptionform
The Products We Discussed:
Free fully functional trial downloads

Thank You!
Rob Reinauer
Director, SQL Product Management
IDERA
rob.reinauer@idera.com

IDERA Slides: Managing the Transition to Hybrid Cloud

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à IDERA Slides: Managing the Transition to Hybrid Cloud

Similaire à IDERA Slides: Managing the Transition to Hybrid Cloud (20)

Plus de DATAVERSITY

Plus de DATAVERSITY (20)

Dernier

Dernier (20)

IDERA Slides: Managing the Transition to Hybrid Cloud