Tag: "pass summit"

Sessions submitted for major conferences 2016. Topics: Security – Performance – In-Memory

Vorträge für die großen Konferenzen 2016 eingereicht. Themen: Sicherheit - Performance - In-Memory

Nach dem tollen Verlauf der deutschen SQLKonferenz im Februar, wo ich die Ehre hatte, zusammen mit Joachim Hammer, dem Program Manager der Security-Teams für die relationalen SQL Engines bei Microsoft in Redmond die neuen Sicherheitsfeatures des SQL Server 2016 vorzustellen (mehr Infos), habe ich nun endlich Zeit gefunden, die nächsten großen Konferenzen dieses Jahres anzugehen.

After the great success of the German SQLKonferenz in February, where I had the honor of presenting the new security features of SQL Server 2016 together with Joachim Hammer, the Program Manager of the security teams of the relational SQL Engines at Microsoft in Redmond (more info), I finally found time to go about the next big conferences this year.

Für den PASS Summit 2016, der wieder in Seattle/USA stattfindet, und auch für den SQLServerGeeks Annual Summit 2016, der in Bangalore/Indien stattfindet habe ich insgesamt 6 Sessions aus den Themengebieten „Sicherheit“, „Performance Analyse“ und „In-Memory“ ausgearbeitet und eingereicht. Dazu kommen 2 ganztägige PreCons zum Thema „Sicherheit“ und „In-Memory“.
Wen es interessiert, zu sehen, was ich diesmal „in Petto“ habe, kann die Abstracts hier einsehen.

For the PASS Summit 2016 which is again taking place in Seattle/USA as well as for the SQLServerGeeks Annual Summit 2016 which is taking place in Bangalore/India, I worked out and submitted 6 sessions altogether from the subject areas “Security,” “Performance Analysis” and “In-Memory.” Added to that 2 full-day PreCons with the topics “Security” and “In-Memory.”
For whoever is interested to see what I have “up my sleeve” this time, can review the abstracts here.



SQL Server Security black belt – attack, protect and keep secure

Security Hardening is a subject which, sooner or later, every DBA will face. Microsoft SQL Server, according to the NIST vulnerability database the most secure RDBMS for years, contains many features that help keep the data secure on different layers. At the same time, ever-new applications which use databases on your servers, support-personnel, deployment-processes, auditors, and other processes and real people are constantly demanding access to your Server.

At this full-day pre-conference you will see how external and internal attackers can gain access to sensitive data. You will then learn how to secure the different attack surfaces of a typical SQL Server, and protect not only Data at Rest but also Data in Use and Data in Transit and learn best practices to prevent common vulnerabilities.

In the second part you will get to know fundamental security principles such as

  • Least Privilege;
  • Segregation of Duties;
  • Reconstruction of Events;
  • Delegation of Authority;

and you will learn how to use built-in functionalities of SQL Server (some limited to v2016) to build your own security frameworks to secure Deployment and Monitoring, separate Job-permissions; how to implement time-based permissions and which techniques can help reconstruct security-relevant events.

If you are in charge of creating or implementing security concepts or need a full picture of attack surface protection and concepts, this session is exactly right for you.


In-Memory in SQL Server 2016 – from 0 to Operational Analytics Hero

The Columnstore Index technology came with SQL Server 2012 in the form of Nonclustered Columnstore, and SQL Server 2014 brought us updatable Clustered Columnstore Indexes and a completely new In-Memory Engine for memory optimized table & indexes.

SQL Server 2016 is adding the updatable Nonclustered Columnstore Indexes that can both operate on row store as well as on memory-optimized tables, called In-Memory Operational Analytics. With the In-Memory engine being extensively improved in terms of both scalability and T-SQL language support, In-Memory will become a viable option in many projects.

On this training day, attendees will be given a complete picture on the current state of technology and how and where to use either In-Memory OLTP or ColumnStore or both for efficient queries and data store.


General sessions:

Extended Events – The Top Features for efficient Traces

Extended Events, which entered the product in SQL Server 2008, are replacing the old SQL Trace & Profiler - and there are many good reasons for that. In this session you will see a selection of the most fascinating possibilities using this Tracing Framework. If you want to find out how to trace in a flexible and lightweight way, how to do advanced analysis directly inside the GUI, how to audit Database and Table-access without Auditing, how to analyze deadlocks without old-fashioned TraceFlags based on the built-in system_health session, this session is just for you. You will also learn how to use the GUI in an effective way for top-down-analysis and what is possible with some XQuery scripting.


Performance Analyzing SQL Server workloads with DMVs and XEvents

This session you will be lead you through an example performance-analysis using mainly DMVs and Extended Events. You will see how a top-down analysis using built-in tools can be conducted. This will include wait statistics on different scopes to identify performance problems and bottlenecks up to identifying query plan changes – with & without using the Query Store of SQL Server 2016. If you are new to performance analyzing this session will give you a practical insight into how to methodically approach performance troubleshooting.


SQL Server 2016 – the evolution of In-Memory technologies

For SQL Server 2014 a completely new In-Memory Engine for memory optimized table & indexes was integrated into SQL Server with in fact very limited functionality.

For SQL Server 2016 the In-Memory engine is being extensively improved in terms of both scalability as well as T-SQL language support. Moreover the ColumnStore index technology has been improved and can now even be combined with memory-optimized tables.

This session will provide an overview of the new possibilities and demonstrate where a particular technology may help – or where you cannot expect benefits. If you are planning to go on SQL Server 2016 any time soon, this session shows you two of the most important features that SQL Server 2016 brings.



SQL Server Security black belt series: Securing Data

You have installed SQL Server and have heard about several “best practices,” maybe renamed the sa account, but now what?

In this session you will see demos of several methods how an attacker can get access to data in Use & in Transit and see which available built-in technologies provide help in mitigating such attacks. You will be given guidance on how to systematically identify possible threats and ne given best practices at hand.

Among the technologies that can be seen are Network sniffing, a Threat Modeling Tool, TDE and the new Always Encrypted technology of SQL Server 2016. This session is mainly targeting Administrators but many concepts and samples should be valuable knowledge for developers as well.


SQL Server Security black belt series: Securing Operations

You got SQL Server up and running and thought you could easily secure it by completely denying all access to everybody else except you and your co-admin, but you realize that there are many more individuals demanding access for daily or weekly operations. You have heard about “Segregation of Duties” and “Least Privilege” and are looking into how you can properly implement it with SQL Server.

In this session you will learn about techniques and approaches on how to implement secure processes in order to ensure both “Least Privilege” and “Segregation of Duties” and at the same time “Reconstruction of Events.” Among the techniques shown are “time based-permissions” and custom server roles for performance analysis and job-monitoring.


“SQL Attack…ed” – SQL Server under attack via SQL Injection

One of the most frequently attacked targets is the data that resides in a database server. SQL Server is considered “secure by default,” but this is only relevant until the first databases and configurations have been changed. This is why most of the exploited weaknesses are due to misconfiguration or weak coding practices as opposed to security bugs in SQL Server itself, of which we had only a few in the last 10 years.

In this purely demo-based session you will see samples of several real-life attacks, from mere reading up to disrupting service availability via various types of manual and automated SQL Injection, including a broadly unknown elevation of privileges attack for a non-sa account.

If you have a database-server which is accessible by processes beyond your direct control or which even can be reached by some kind of frontend applications, and you are unsure what the possible security implications to watch out for, this session is meant for you.


Ich werde natürlich posten, wenn meine Vorträge für 2016 feststehen. Vielleicht sieht man sich ja auf der einen oder anderen Konferenz. :-)

Of course I will post when my presentations for 2016 are fixed. Maybe you can meet me at one or another conference. :-)



Upcoming conferences end of 2014: Microsoft Technical Server Summit, MVP Summit, PASS Summit, Microsoft Technical Summit


Das Jahresende nähert sich in raschen Schritten. In den nächsten 3 Monaten stehen wieder mehrere Konferenzauftritte an.

The end of year is approaching fast. For the next three months, several conferences are scheduled.

Nach der Vorstellung des SQL Server 2014 (SQL Server 2014 - Highlights in der Datenbank-Engine im Überblick) auf der BASTA im September in Mainz, geht es weiter im Oktober auf dem Microsoft Technical Server Summit in Düsseldorf mit einem Vortrag zu Neue Speicherformen in SQL Server 2014:

After the introduction of SQL Server 2014 at the BASTA in September in Mainz/Germany, I am continuing in October with a presentation on New Storage-Types in SQL Server 2014 at the Microsoft Technical Server Summit Düsseldorf/Germany:



Clustered Columnstore für DW und In-Memory OLTP - technische Hintergründe und Herausforderungen

Mit dem SQL Server 2014 kommt eine komplett neue Storage-Engine in den SQL Server: XTP mit Memory-optimierten Tabellen & Indexen. Und bereits seit der Version 2012 ist auch das ColumnStore-Format in die Engine integriert, welche in 2014 entscheidende Verbesserungen erfährt. In dieser Session wird der Microsoft Certified Master, Andreas Wolter, die technischen Hintergründe der neuen Speicherformen- & Engines beleuchten und ihre Vorteile demonstrieren. Ebenfalls aufgezeigt werden die technischen Herausforderungen dieser teilweise noch brandneuen Technologien, so dass Sie ein gutes Verständnis für die jeweils optimalen Einsatzszenarien und möglichen Migrationsaufwand mitnehmen können.


Anfang November folgt dann das alljährliche Highlight: Nach dem MVP Summit, wo ich hoffe die neuesten Entwicklungen hinsichtlich der nächsten Version des SQL Server zu erfahren, bin ich wie seit 2009 jedes Jahr auf dem PASS Summit in Seattle/USA.
Der Summit ist die erste Anlaufstelle für alle diejenigen, die immer auf dem Neusten Stand sein möchten. Was hier verkündet wird, wird die Inhalte der nächsten 1-2 Jahre auf anderen, kleineren Konferenzen und den Regionalgruppen der PASS weltweit bestimmen.
Dazu kommt der wertvolle direkte Kontakt zu den Entwicklern des SQL Servers vor Ort.
Auch dieses Jahr trage ich wieder selber vor, allerdings nur einen Kurzvortrag, und zwar zu dem Reporting Services Map Reports & Dynamic ZOomiNG:

This is followed by the annual highlight at the beginning of November: After the MVP Summit, at which I’m hoping to learn about the most recent developments in terms of the forthcoming SQL Server, I will be attending the PASS Summit in Seattle/USA, which has become an annual habit since 2009.
The summit is the first point of contact for all those who want to always be up-to-date.  The topics raised here will determine the content of the next one to two years at other, smaller-scale conferences as well at the regional groups of PASS worldwide.

Furthermore, the summit provides the valuable opportunity to connect directly with the developers of SQL Server on site.

This year, too, I will be presenting myself; however, just a short presentation, which will be on Reporting Services Map Reports & Dynamic ZOomiNG:

Reporting Services Map Reports & Dynamic ZOomiNG:

With the advent of Power Map, Reporting Services maps seem even more static than they already were. But do maps really have to be that static?

While we will not be able to spin the globe within a report, there are at least a few ways to get some action inside a map.

In this session, we will look at an implementation of how to dynamically zoom in and out of a reporting services map without the use of subreports. Add this to your tool kit to increase the interactive experience of your geospatial reports.

Kaum zurück in Deutschland bin ich in Berlin auf dem Microsoft Technical Summit, wo auch der neue CEO von Microsoft, Satya Nadella eine Keynote halten wird.
Dort werde ich zusammen mit Patrick Heyde, Microsoft (Blog), das neueste zu der nächsten SQL Server Version präsentieren, soweit bis dahin schon für die Öffentlichkeit freigegeben ist. Zusätzlich dazu werde ich einen Deep Dive-Vortrag in In-Memory geben.

Once back in Germany, my next stop will be the Microsoft Technical Summit in Berlin where Microsoft’s new CEO, Satya Nadella, will be giving a keynote speech.

There, I will be presenting the latest on the forthcoming SQL Server version together with Patrick Heyde, Microsoft (Blog) - as far as already released for the public. Additionally I will be giving a Deep Dive-presentation in In-Memory.


Die genauen Inhalte der Session werden kurzfristig bekanntgegeben. Soviel sei verraten: Gezeigt werden Neuigkeiten rund um die nächste Version von SQL Server. Die Szenarien reichen von der Datenbank-Engine bis in die Cloud (Microsoft Azure) und decken On-Premise- und Cloud-Umgebungen ab. Seien sie also gespannt auf die kommenden Möglichkeiten mit On-Premise-, Hybrid- und Cloud-Only-Szenarien.

Im Dezember der würdige Abschluss mit dem alljährlichen PASS Camp, ebenfalls zum Thema In-Memory: In-Memory vNext and lessons learned
Hier spreche ich seit 2011 das 4. Mal in Folge.

December will see the worthy finale with the annual PASS Camp, likewise on the topic of In-Memory: In-Memory vNext and lessons learned. Here I am speaking the fourth time in a row since 2011


 I hope to see some of you around somewhere,


Upcoming Conferences 2013 – die nächsten SQL Server Konferenzen dieses Jahr

Das Jahr 2013 dürfte das bislang am meisten mit Konferenzen durchsetzte Jahr für mich sein. Das liegt nicht zuletzt an den SQLSaturdays, die mittlerweile fest in der SQL Server-Welt etabliert sind, und mit ihrem kostenlosen aber dennoch, durch viele bekannte Experten, hochwertigen Charakter immer mehr Interessenten anziehen.

So ist dann auch die nächste Konferenz diesen Sommer in Deutschland der SQLSaturday #230 am 13.Juli in St. Augustin bei Bonn – der 2. deutsche SQLSaturday!

- Diesmal darf ich wieder einmal mein Spezialgebiet, Sicherheit, aufgreifen. In der Session „SQL Server under Attack – Angriffsszenarien“ gehe ich SQL Server an den Kragen und zeige auch einige unbekanntere Schwachpunkte, aus denen hoffentlich hervorgeht, warum „Best Practices“ das Mindeste sein sollten.

- Letztes Jahr hatte ich in Unterschleißheim bei München auf dem SQLSaturday #170 die Extended Events als Nachfolger von SQL Trace & Profiler vorgestellt („Tracing with SQL Server 2012 Extended Events“ )

Außerdem gibt es dieses Mal sogar eine Precon mit 3 parallelen Workshop-Tracks. Wer sich noch nicht mit dem Nachfolger von SQL Trace/Profiler auseinandergesetzt hat, bekommt in der Session „From SQL Traces to Extended Events. The next big switch.“ einen Überblick über die bisherigen Monitoring Tools wie SQL Trace und Event Notifications, bis hin zu einem halben Tag input in Sachen Extended Events! Mehr dazu hier: http://sqlsaturday230.eventbrite.de

Am 24. September findet in Mainz die BASTA mit dem SQLday statt.

- Dort spreche ich - wer hätte das gedacht -  auch über Sicherheit. Diesmal vor allem für Entwickler: Security Essentials und Best Practices für SQL-Server-Entwickler


Im Oktober (15.-18.10.) folgt der Höhepunkt mit dem PASS Summit 2013, dieses Jahr in Charlotte, NC USA, der größten SQL Server Konferenz überhaupt, wo ich die wiederholte Ehre, als einziger deutscher Sprecher auftreten zu dürfen, habe. (einen gewissen Stolz hierüber will ich gar nicht leugnen)

UPDATE: Wie ich gerade erfahren habe, sind meine Kollegen Oliver Engels und Julian Breunung von der PASS RG Rhein/Main nachträglich als Sprecher eingeladen! Superb! - Der alljährliche "Steak-Abend" mit den deutschen Kollegen ist gewiss. :-)

Und zwar mit dem Thema: From Locks to No Locks – Concurrency in SQL Server

- Mit einer kleinen Variante dieses Vortrages war ich dieses Jahr bereits in mehreren deutschen Regionalgruppen auf “Rundtour”.


Die nächste Runde der SQL Server Master-Classes mit spannenden ein- bis zweit-tägigen intensiven Trainings & Workshops mit Themen von Extended Events über Indexing bis Hochverfügbarkeit plane ich für November 2013.

Stay tuned unter: www.sarpedonqualitylab.com/SQL_Master-Classes.htm


Vom 3. -5. Dezember bin ich dann auch wieder auf dem PASS Camp im Lufthansa Conference Center in Seeheim bei Darmstadt.

Das Besondere an diesem Event, das rein von der deutschen PASS e.V. veranstaltet wird, ist sein „Hands-On“-Konzept. D.h. alle Themen beinhalten praktische Übungen, die von den Sprechern begleitet werden. Im Gegensatz zu den amerikanischen „Workshops“ also kein „lecture-only“. Ein absoluter Tipp für SQL Server Profis und solchen, die tiefer in die Materie eintauchen möchten.

Mit dem
SQLzaterdag #221 in Veenedal/Holland: „Tracing with Extended Events. – Adios Profiler

SQLSaturday #196 in Kopenhagen/Dänemark, ebenfalls mit „Tracing with Extended Events. - Adios Profiler

und den Frankfurter Datenbanktagen, bei denen ich in buchstäblich letzter Minute mit dem Thema Hochverfügbarkeitstechniken in SQL Server 2013 eingesprungen bin (mehr dazu hier: Conferences 2013: Frankfurter Datenbanktage und einige “Oracle-Momente”)
sind das – bislang - 8 Konferenzen + eine PreCon, auf denen ich dieses Jahr als Sprecher aufgetreten sein werde. (!)

– Bislang? - Vielleicht schaffe ich ja noch die SQLRally Nordic, die dieses Jahr vom 4.-6. November in Stockholm stattfindet :-). Mein Eindruck der SQL Rally letztes Jahr - mit dem Thema Sicherheit in SQL Server dabei - war jedenfalls überaus positiv. (Upcoming Conferences 2012: PASS SQLSaturday in Munich, SQLCon in Mainz, PASS SQLRally in Copenhagen, PASS Summit in Seattle, PASS Camp in Darmstadt)

Ich würde mich freuen, einige meiner Leser auf der einen oder anderen Konferenz anzutreffen – einfach „Hallo“ sagen ;-)

CU in St. Augustin, Mainz, Charlotte USA, Seeheim, oder auf einem Regionalgruppentreffen


- Ach ja, und nächste Woche, vom 25. bis zum 28. Juni bin ich auf der TechEd Europe in Madrid am Microsoft-Stand anzutreffen.



Upcoming Conferences 2012: PASS SQLSaturday in Munich, SQLCon in Mainz, PASS SQLRally in Copenhagen, PASS Summit in Seattle, PASS Camp in Darmstadt

After I already launched the SQL Server 2012 together with Microsoft at Cologne this February, this year’s second half I will be speaker at 5 Conferences almost in a row:


SQLSaturday #170 - Munich 2012


Basta! 2012 Speaker


SQL PASS Rally Nordic


  • From October 22nd – 25th I will hold several sessions on:
    AlwaysOn and ReadOnly Routing”, “Data Corruption Survival with CHECKDB”,  “Security” and “Tracing with Extended Events
    in the track
    SQL Server 2012 Toolbelt for DBA’s and Developer
    in Seeheim, close to Darmstadt, Germany at the PASS Camp


SQL PASS Summit 2012


what a year..!

I hope to see you around at some of those places.

Preview of SQL Server 2012, Codename Denali CTP 1 presented at PASS Summit 2010 in Seattle

This year’s PASS Summit again surpassed the former year’s one. And this was not only because of even more sessions, internationally well-known speakers and even more attendees. This November, the next release of SQL Server was officially being introduced to the public, and the first CTP is ready for download for the broad public.

The improvements and features are enormous. Developers can look forward to a new Development Environment (Project Juneau), and new capabilities and performance using the new Filetable-Feature, as well as super fast response through the new Column-Based Query Accelerator technology.

Analysis Services will be receiving a new engine, based on the Vertipaq (known from PowerPivot), called BI Semantic Model for easier development for less complex BI Projects. (The UDM will stay as an alternative)
Here is a link to the Technet article on “Analysis Services – Roadmap for SQL Server “Denali” and Beyond”.

Integration Services ware becoming a true windows service for central execution and management.


Reporting Services users and developers can look forward to an web-integrated report designer together with interactive and dynamic charts. (Project Crescent)

Administrators gain new possibilities regarding security with customizable Server roles and database-only users. Database-only users are especially meant to support the new “Contained database”-Feature, which eases the deployment and movement of databases together with the depending objects from server scope.
(You can find a good high-level overview on the log-on process of database-only users at this msdn blog-post: http://blogs.msdn.com/b/sqlsecurity/archive/2010/12/08/contained-database-authentication-in-depth.aspx. And here is a great blog-post, going through different scenarios with this feaure: http://sqlblog.com/blogs/aaron_bertrand/archive/2010/11/16/sql-server-v-next-denali-contained-databases.aspx.)

High Availability will be eased by combining the log-shipping, database-mirroring and Clustering features under a new concept of “Always on” technologies, which can be used to form a so called “Availability Group”.

Steffen Krause from Microsoft Germany has some more info on the Denali release and also shows demos in his webcasts: http://blogs.technet.com/b/steffenk/archive/2010/11/15/sql-server-denali-ctp-1-verf-252-gbar-was-ist-neu.aspx

If you want to check out the CTP yourself, here is the link: http://www.microsoft.com/sqlserver/en/us/product-info/future-editions.aspx



Sarpedon Quality Lab

1 2