Tag: "pass summit"
Sessions submitted for major conferences 2016. Topics: Security – Performance – In-Memory
Mar 2nd
Vorträge für die großen Konferenzen 2016 eingereicht. Themen: Sicherheit - Performance - In-Memory
|
(DE) |
(EN) |
|
Für den PASS Summit 2016, der wieder in Seattle/USA stattfindet, und auch für den SQLServerGeeks Annual Summit 2016, der in Bangalore/Indien stattfindet habe ich insgesamt 6 Sessions aus den Themengebieten „Sicherheit“, „Performance Analyse“ und „In-Memory“ ausgearbeitet und eingereicht. Dazu kommen 2 ganztägige PreCons zum Thema „Sicherheit“ und „In-Memory“. |
For the PASS Summit 2016 which is again taking place in Seattle/USA as well as for the SQLServerGeeks Annual Summit 2016 which is taking place in Bangalore/India, I worked out and submitted 6 sessions altogether from the subject areas “Security,” “Performance Analysis” and “In-Memory.” Added to that 2 full-day PreCons with the topics “Security” and “In-Memory.” |
Pre-Conferences:
SQL Server Security black belt – attack, protect and keep secure
Security Hardening is a subject which, sooner or later, every DBA will face. Microsoft SQL Server, according to the NIST vulnerability database the most secure RDBMS for years, contains many features that help keep the data secure on different layers. At the same time, ever-new applications which use databases on your servers, support-personnel, deployment-processes, auditors, and other processes and real people are constantly demanding access to your Server.
At this full-day pre-conference you will see how external and internal attackers can gain access to sensitive data. You will then learn how to secure the different attack surfaces of a typical SQL Server, and protect not only Data at Rest but also Data in Use and Data in Transit and learn best practices to prevent common vulnerabilities.
In the second part you will get to know fundamental security principles such as
- Least Privilege;
- Segregation of Duties;
- Reconstruction of Events;
- Delegation of Authority;
and you will learn how to use built-in functionalities of SQL Server (some limited to v2016) to build your own security frameworks to secure Deployment and Monitoring, separate Job-permissions; how to implement time-based permissions and which techniques can help reconstruct security-relevant events.
If you are in charge of creating or implementing security concepts or need a full picture of attack surface protection and concepts, this session is exactly right for you.
In-Memory in SQL Server 2016 – from 0 to Operational Analytics Hero
The Columnstore Index technology came with SQL Server 2012 in the form of Nonclustered Columnstore, and SQL Server 2014 brought us updatable Clustered Columnstore Indexes and a completely new In-Memory Engine for memory optimized table & indexes.
SQL Server 2016 is adding the updatable Nonclustered Columnstore Indexes that can both operate on row store as well as on memory-optimized tables, called In-Memory Operational Analytics. With the In-Memory engine being extensively improved in terms of both scalability and T-SQL language support, In-Memory will become a viable option in many projects.
On this training day, attendees will be given a complete picture on the current state of technology and how and where to use either In-Memory OLTP or ColumnStore or both for efficient queries and data store.
General sessions:
Extended Events – The Top Features for efficient Traces
Extended Events, which entered the product in SQL Server 2008, are replacing the old SQL Trace & Profiler - and there are many good reasons for that. In this session you will see a selection of the most fascinating possibilities using this Tracing Framework. If you want to find out how to trace in a flexible and lightweight way, how to do advanced analysis directly inside the GUI, how to audit Database and Table-access without Auditing, how to analyze deadlocks without old-fashioned TraceFlags based on the built-in system_health session, this session is just for you. You will also learn how to use the GUI in an effective way for top-down-analysis and what is possible with some XQuery scripting.
Performance Analyzing SQL Server workloads with DMVs and XEvents
This session you will be lead you through an example performance-analysis using mainly DMVs and Extended Events. You will see how a top-down analysis using built-in tools can be conducted. This will include wait statistics on different scopes to identify performance problems and bottlenecks up to identifying query plan changes – with & without using the Query Store of SQL Server 2016. If you are new to performance analyzing this session will give you a practical insight into how to methodically approach performance troubleshooting.
SQL Server 2016 – the evolution of In-Memory technologies
For SQL Server 2014 a completely new In-Memory Engine for memory optimized table & indexes was integrated into SQL Server with in fact very limited functionality.
For SQL Server 2016 the In-Memory engine is being extensively improved in terms of both scalability as well as T-SQL language support. Moreover the ColumnStore index technology has been improved and can now even be combined with memory-optimized tables.
This session will provide an overview of the new possibilities and demonstrate where a particular technology may help – or where you cannot expect benefits. If you are planning to go on SQL Server 2016 any time soon, this session shows you two of the most important features that SQL Server 2016 brings.
SQL Server Security black belt series: Securing Data
You have installed SQL Server and have heard about several “best practices,” maybe renamed the sa account, but now what?
In this session you will see demos of several methods how an attacker can get access to data in Use & in Transit and see which available built-in technologies provide help in mitigating such attacks. You will be given guidance on how to systematically identify possible threats and ne given best practices at hand.
Among the technologies that can be seen are Network sniffing, a Threat Modeling Tool, TDE and the new Always Encrypted technology of SQL Server 2016. This session is mainly targeting Administrators but many concepts and samples should be valuable knowledge for developers as well.
SQL Server Security black belt series: Securing Operations
You got SQL Server up and running and thought you could easily secure it by completely denying all access to everybody else except you and your co-admin, but you realize that there are many more individuals demanding access for daily or weekly operations. You have heard about “Segregation of Duties” and “Least Privilege” and are looking into how you can properly implement it with SQL Server.
In this session you will learn about techniques and approaches on how to implement secure processes in order to ensure both “Least Privilege” and “Segregation of Duties” and at the same time “Reconstruction of Events.” Among the techniques shown are “time based-permissions” and custom server roles for performance analysis and job-monitoring.
“SQL Attack…ed” – SQL Server under attack via SQL Injection
One of the most frequently attacked targets is the data that resides in a database server. SQL Server is considered “secure by default,” but this is only relevant until the first databases and configurations have been changed. This is why most of the exploited weaknesses are due to misconfiguration or weak coding practices as opposed to security bugs in SQL Server itself, of which we had only a few in the last 10 years.
In this purely demo-based session you will see samples of several real-life attacks, from mere reading up to disrupting service availability via various types of manual and automated SQL Injection, including a broadly unknown elevation of privileges attack for a non-sa account.
If you have a database-server which is accessible by processes beyond your direct control or which even can be reached by some kind of frontend applications, and you are unsure what the possible security implications to watch out for, this session is meant for you.
|
Ich werde natürlich posten, wenn meine Vorträge für 2016 feststehen. Vielleicht sieht man sich ja auf der einen oder anderen Konferenz. :-) |
Of course I will post when my presentations for 2016 are fixed. Maybe you can meet me at one or another conference. :-) |
Andreas
Upcoming conferences end of 2014: Microsoft Technical Server Summit, MVP Summit, PASS Summit, Microsoft Technical Summit
Oct 15th
|
(DE) |
(EN) |
|
Nach der Vorstellung des SQL Server 2014 (SQL Server 2014 - Highlights in der Datenbank-Engine im Überblick) auf der BASTA im September in Mainz, geht es weiter im Oktober auf dem Microsoft Technical Server Summit in Düsseldorf mit einem Vortrag zu Neue Speicherformen in SQL Server 2014: |
After the introduction of SQL Server 2014 at the BASTA in September in Mainz/Germany, I am continuing in October with a presentation on New Storage-Types in SQL Server 2014 at the Microsoft Technical Server Summit Düsseldorf/Germany: |
Clustered Columnstore für DW und In-Memory OLTP - technische Hintergründe und Herausforderungen
Mit dem SQL Server 2014 kommt eine komplett neue Storage-Engine in den SQL Server: XTP mit Memory-optimierten Tabellen & Indexen. Und bereits seit der Version 2012 ist auch das ColumnStore-Format in die Engine integriert, welche in 2014 entscheidende Verbesserungen erfährt. In dieser Session wird der Microsoft Certified Master, Andreas Wolter, die technischen Hintergründe der neuen Speicherformen- & Engines beleuchten und ihre Vorteile demonstrieren. Ebenfalls aufgezeigt werden die technischen Herausforderungen dieser teilweise noch brandneuen Technologien, so dass Sie ein gutes Verständnis für die jeweils optimalen Einsatzszenarien und möglichen Migrationsaufwand mitnehmen können.
|
Anfang November folgt dann das alljährliche Highlight: Nach dem MVP Summit, wo ich hoffe die neuesten Entwicklungen hinsichtlich der nächsten Version des SQL Server zu erfahren, bin ich wie seit 2009 jedes Jahr auf dem PASS Summit in Seattle/USA. |
This is followed by the annual highlight at the beginning of November: After the MVP Summit, at which I’m hoping to learn about the most recent developments in terms of the forthcoming SQL Server, I will be attending the PASS Summit in Seattle/USA, which has become an annual habit since 2009. Furthermore, the summit provides the valuable opportunity to connect directly with the developers of SQL Server on site. This year, too, I will be presenting myself; however, just a short presentation, which will be on Reporting Services Map Reports & Dynamic ZOomiNG: |
Reporting Services Map Reports & Dynamic ZOomiNG:
With the advent of Power Map, Reporting Services maps seem even more static than they already were. But do maps really have to be that static?
While we will not be able to spin the globe within a report, there are at least a few ways to get some action inside a map.
In this session, we will look at an implementation of how to dynamically zoom in and out of a reporting services map without the use of subreports. Add this to your tool kit to increase the interactive experience of your geospatial reports.
|
Kaum zurück in Deutschland bin ich in Berlin auf dem Microsoft Technical Summit, wo auch der neue CEO von Microsoft, Satya Nadella eine Keynote halten wird. |
Once back in Germany, my next stop will be the Microsoft Technical Summit in Berlin where Microsoft’s new CEO, Satya Nadella, will be giving a keynote speech. There, I will be presenting the latest on the forthcoming SQL Server version together with Patrick Heyde, Microsoft (Blog) - as far as already released for the public. Additionally I will be giving a Deep Dive-presentation in In-Memory. |
Die genauen Inhalte der Session werden kurzfristig bekanntgegeben. Soviel sei verraten: Gezeigt werden Neuigkeiten rund um die nächste Version von SQL Server. Die Szenarien reichen von der Datenbank-Engine bis in die Cloud (Microsoft Azure) und decken On-Premise- und Cloud-Umgebungen ab. Seien sie also gespannt auf die kommenden Möglichkeiten mit On-Premise-, Hybrid- und Cloud-Only-Szenarien.
|
Im Dezember der würdige Abschluss mit dem alljährlichen PASS Camp, ebenfalls zum Thema In-Memory: In-Memory vNext and lessons learned |
December will see the worthy finale with the annual PASS Camp, likewise on the topic of In-Memory: In-Memory vNext and lessons learned. Here I am speaking the fourth time in a row since 2011 |
I hope to see some of you around somewhere,
Andreas
Upcoming Conferences 2013 – die nächsten SQL Server Konferenzen dieses Jahr
Jun 19th
Das Jahr 2013 dürfte das bislang am meisten mit Konferenzen durchsetzte Jahr für mich sein. Das liegt nicht zuletzt an den SQLSaturdays, die mittlerweile fest in der SQL Server-Welt etabliert sind, und mit ihrem kostenlosen aber dennoch, durch viele bekannte Experten, hochwertigen Charakter immer mehr Interessenten anziehen.
So ist dann auch die nächste Konferenz diesen Sommer in Deutschland der SQLSaturday #230 am 13.Juli in St. Augustin bei Bonn – der 2. deutsche SQLSaturday!
- Diesmal darf ich wieder einmal mein Spezialgebiet, Sicherheit, aufgreifen. In der Session „SQL Server under Attack – Angriffsszenarien“ gehe ich SQL Server an den Kragen und zeige auch einige unbekanntere Schwachpunkte, aus denen hoffentlich hervorgeht, warum „Best Practices“ das Mindeste sein sollten.
- Letztes Jahr hatte ich in Unterschleißheim bei München auf dem SQLSaturday #170 die Extended Events als Nachfolger von SQL Trace & Profiler vorgestellt („Tracing with SQL Server 2012 Extended Events“ )
Außerdem gibt es dieses Mal sogar eine Precon mit 3 parallelen Workshop-Tracks. Wer sich noch nicht mit dem Nachfolger von SQL Trace/Profiler auseinandergesetzt hat, bekommt in der Session „From SQL Traces to Extended Events. The next big switch.“ einen Überblick über die bisherigen Monitoring Tools wie SQL Trace und Event Notifications, bis hin zu einem halben Tag input in Sachen Extended Events! Mehr dazu hier: http://sqlsaturday230.eventbrite.de
Am 24. September findet in Mainz die BASTA mit dem SQLday statt.
- Dort spreche ich - wer hätte das gedacht - auch über Sicherheit. Diesmal vor allem für Entwickler: Security Essentials und Best Practices für SQL-Server-Entwickler
Im Oktober (15.-18.10.) folgt der Höhepunkt mit dem PASS Summit 2013, dieses Jahr in Charlotte, NC USA, der größten SQL Server Konferenz überhaupt, wo ich die wiederholte Ehre, als einziger deutscher Sprecher auftreten zu dürfen, habe. (einen gewissen Stolz hierüber will ich gar nicht leugnen)
UPDATE: Wie ich gerade erfahren habe, sind meine Kollegen Oliver Engels und Julian Breunung von der PASS RG Rhein/Main nachträglich als Sprecher eingeladen! Superb! - Der alljährliche "Steak-Abend" mit den deutschen Kollegen ist gewiss. :-)
Und zwar mit dem Thema: From Locks to No Locks – Concurrency in SQL Server
- Mit einer kleinen Variante dieses Vortrages war ich dieses Jahr bereits in mehreren deutschen Regionalgruppen auf “Rundtour”.
Vorankündigung:
Die nächste Runde der SQL Server Master-Classes mit spannenden ein- bis zweit-tägigen intensiven Trainings & Workshops mit Themen von Extended Events über Indexing bis Hochverfügbarkeit plane ich für November 2013.
Stay tuned unter: www.sarpedonqualitylab.com/SQL_Master-Classes.htm
Vom 3. -5. Dezember bin ich dann auch wieder auf dem PASS Camp im Lufthansa Conference Center in Seeheim bei Darmstadt.
Das Besondere an diesem Event, das rein von der deutschen PASS e.V. veranstaltet wird, ist sein „Hands-On“-Konzept. D.h. alle Themen beinhalten praktische Übungen, die von den Sprechern begleitet werden. Im Gegensatz zu den amerikanischen „Workshops“ also kein „lecture-only“. Ein absoluter Tipp für SQL Server Profis und solchen, die tiefer in die Materie eintauchen möchten.
Mit dem
SQLzaterdag #221 in Veenedal/Holland: „Tracing with Extended Events. – Adios Profiler“
dem
SQLSaturday #196 in Kopenhagen/Dänemark, ebenfalls mit „Tracing with Extended Events. - Adios Profiler“
und den Frankfurter Datenbanktagen, bei denen ich in buchstäblich letzter Minute mit dem Thema Hochverfügbarkeitstechniken in SQL Server 2013 eingesprungen bin (mehr dazu hier: Conferences 2013: Frankfurter Datenbanktage und einige “Oracle-Momente”)
sind das – bislang - 8 Konferenzen + eine PreCon, auf denen ich dieses Jahr als Sprecher aufgetreten sein werde. (!)
– Bislang? - Vielleicht schaffe ich ja noch die SQLRally Nordic, die dieses Jahr vom 4.-6. November in Stockholm stattfindet :-). Mein Eindruck der SQL Rally letztes Jahr - mit dem Thema Sicherheit in SQL Server dabei - war jedenfalls überaus positiv. (Upcoming Conferences 2012: PASS SQLSaturday in Munich, SQLCon in Mainz, PASS SQLRally in Copenhagen, PASS Summit in Seattle, PASS Camp in Darmstadt)
Ich würde mich freuen, einige meiner Leser auf der einen oder anderen Konferenz anzutreffen – einfach „Hallo“ sagen ;-)
CU in St. Augustin, Mainz, Charlotte USA, Seeheim, oder auf einem Regionalgruppentreffen
- Ach ja, und nächste Woche, vom 25. bis zum 28. Juni bin ich auf der TechEd Europe in Madrid am Microsoft-Stand anzutreffen.
Andreas
Upcoming Conferences 2012: PASS SQLSaturday in Munich, SQLCon in Mainz, PASS SQLRally in Copenhagen, PASS Summit in Seattle, PASS Camp in Darmstadt
Sep 5th
..ough
After I already launched the SQL Server 2012 together with Microsoft at Cologne this February, this year’s second half I will be speaker at 5 Conferences almost in a row:
- On September 15th I will hold
“Tracing with SQL Server 2012 Extended Events”
in Unterschleißheim, close to Munich, Germany at SQLSaturday #170
- On September 19th I will hold 2 sessions:
“SQL Server 2012 AlwaysOn und Active Secondaries“
and again
”Tracing mit Extended Events”
in Mainz, Germany at the BASTA! / SQLCon
- On October 2/3rd I will hold the session
SQL Server 2012 Security for Developers
in Copenhagen, Denmark at the PASS SQLRally
- From October 22nd – 25th I will hold several sessions on:
”AlwaysOn and ReadOnly Routing”, “Data Corruption Survival with CHECKDB”, “Security” and “Tracing with Extended Events”
in the track
”SQL Server 2012 Toolbelt for DBA’s and Developer”
in Seeheim, close to Darmstadt, Germany at the PASS Camp
- In November I will hold the session:
“SQL Server 2012 Security for Developers”
in Seattle, USA at the PASS Summit
what a year..!
I hope to see you around at some of those places.
Preview of SQL Server 2012, Codename Denali CTP 1 presented at PASS Summit 2010 in Seattle
Dec 5th
This year’s PASS Summit again surpassed the former year’s one. And this was not only because of even more sessions, internationally well-known speakers and even more attendees. This November, the next release of SQL Server was officially being introduced to the public, and the first CTP is ready for download for the broad public.
The improvements and features are enormous. Developers can look forward to a new Development Environment (Project Juneau), and new capabilities and performance using the new Filetable-Feature, as well as super fast response through the new Column-Based Query Accelerator technology.
Analysis Services will be receiving a new engine, based on the Vertipaq (known from PowerPivot), called BI Semantic Model for easier development for less complex BI Projects. (The UDM will stay as an alternative)
Here is a link to the Technet article on “Analysis Services – Roadmap for SQL Server “Denali” and Beyond”.
Integration Services ware becoming a true windows service for central execution and management.
Reporting Services users and developers can look forward to an web-integrated report designer together with interactive and dynamic charts. (Project Crescent)
Administrators gain new possibilities regarding security with customizable Server roles and database-only users. Database-only users are especially meant to support the new “Contained database”-Feature, which eases the deployment and movement of databases together with the depending objects from server scope.
(You can find a good high-level overview on the log-on process of database-only users at this msdn blog-post: http://blogs.msdn.com/b/sqlsecurity/archive/2010/12/08/contained-database-authentication-in-depth.aspx. And here is a great blog-post, going through different scenarios with this feaure: http://sqlblog.com/blogs/aaron_bertrand/archive/2010/11/16/sql-server-v-next-denali-contained-databases.aspx.)
High Availability will be eased by combining the log-shipping, database-mirroring and Clustering features under a new concept of “Always on” technologies, which can be used to form a so called “Availability Group”.
Steffen Krause from Microsoft Germany has some more info on the Denali release and also shows demos in his webcasts: http://blogs.technet.com/b/steffenk/archive/2010/11/15/sql-server-denali-ctp-1-verf-252-gbar-was-ist-neu.aspx
If you want to check out the CTP yourself, here is the link: http://www.microsoft.com/sqlserver/en/us/product-info/future-editions.aspx
Enjoy,
Andreas
