Index
A
AAD. See Azure Active Directory
Active Directory Federation Services (ADFS) 23
Active Directory Integrated 25
Active Directory Password Authentication 25
Active Directory Universal Authentication 25
ACUs. See Azure Compute Units
adaptive joins
batch mode 9
Add-AzureRmSqlServerKeyVaultKey cmdlet 139
ADFS. See Active Directory Federation Services
agent jobs 37
associating with operators 169–170
events generating 166
strategy for 171
Alerts and Operators nodes 163–164
ALTER DATABASE statement 138, 174
ALTER INDEX statement 271
Always Encrypted
benefits of 106
keys 106, 110–112, 116, 119, 123
management considerations 123–124
AlwaysOn Availability Groups 36, 70, 85–87
application logs 166
application permissions 107
ARM. See Azure Resource Manager
ASR. See Azure Site Recovery
ASYNC_NETWORK_IO wait type 224
auditing
authentication 23
Always Encrypted 107
multi-factor 23
authenticators 127
automation
of database maintenance tasks 258–263
availability
Availability Groups (AGs) 36–38
Azure
virtual machines. See virtual machines (VMs)
Azure Active Directory (AAD) 22–25
Azure Command Line Interface (CLI) 11, 13, 208
setting firewall rules using 15
Azure Compute Units (ACUs) 43
Azure Files 191
Azure Key Vault 80, 107, 111–112, 115, 118, 120
Azure PowerShell
Azure Recovery Services 19
Azure Recovery Vault 19
Azure Resource Manager (ARM) 47–48, 70–71
Azure Site Recovery (ASR) 87
Azure SLQ Database
deployment of
elastic pool configuration 25–31
Azure SQL Database
Azure Active Directory and 23–25
benchmark information 7
connecting to, from inside Azure 16
creating servers and databases 12–22
Always Encrypted configuration 106–123
transparent data encryption 135–139
sizing 2
Azure storage
access keys 211
account overview 211
creating 209
B
frequency of 240
location 56
restoring 19
storage 20
system databases 270
to Azure Blob storage 58
Bash Shell 102
batch mode adaptive join 9
batch mode memory grant feedback 9
binary collations 117
binary files 55
Blob Service 82
Blob Storage Account 210
Bring Your Own Key (BYOK) 136–137
bring your own license (BYOL) 33–34
BYOK. See Bring Your Own Key
C
caching policy 58
cardinality estimation 162–163
catalog views
Query Store 150
CEK. See column encryption key
cell-level encryption (CLE) 123–127
central processing unit (CPU) 41
certificates 136
creation of 124
Check Database Integrity Task 267–268
CHECKDB function 239, 268–270, 272
checksum 270
CLE. See cell-level encryption
cloud computing 72
CMK. See column master key
collations 117
column encryption key (CEK) 106
column master key (CMK) 106
column statistics 264
Compatibility Level setting 180
compliance practices 16
configuration
file shares 193
Power Plan 142
transparent data encryption 135–139
configuration files 68
contained database users 37
continued standard service tier 219
core based licensing model 32
corruption, database 239, 269–272
Cost Threshold for Parallelism 144–146
CPU 41
Create Certificate statement 124
Create New Database dialog 172
CREATE STATISTICS statement 264
credit card masking 130
Cumulative Update (CU) 158
CXPACKET wait type 223
D
DACPAC. See Data-Tier Application Package
database encryption key (DEK) 135
Database Engine Tuning Advisor 249, 256–259
database-level firewall rules 104–105
Database Engine Tuning Advisor 256–259
maintenance plans 259–261, 267–268
Maintenance Plan Wizard 249–255
recovery from database corruption 269–272
verifying database integrity 266–269
Database Overview page 97
database performance settings 140–154
Database Read-Only setting 179
databases. See also Azure SQL Database
backups 56, 84, 239–240, 270–271
bottlenecks 73
integrity of, verifying 266–269
isolation of 218
shrinking 56
workload utilization 26
database scope
Legacy Cardinality Estimation configuration setting 162–163
Query Optimized Fixes configuration setting 158–159
Database Transaction Units (DTUs) 2, 4–7, 219–223
data compression 55
data definition language (DDL) 73
data disks
maximum number of 42
data encryption. See encryption
data file management 56
data files 58
Data-Tier Application Package (DACPAC) 73–76
DBCC CHECKDB function 239, 268–270, 271, 272
DecryptByKey function 126
default masks 130
delayed durable transactions 179
deterministic encryption 116
developer edition 32
Azure Site Recovery 87
disk caching 55
disk usage 40
DMFs. See dynamic management functions
DMVs. See dynamic management views
DS_V2 series 45
DTUs. See Database Transaction Units
Dynamic Data Masking (DDM)
components 132
using T-SQL 133
dynamic management functions (DMFs) 40
dynamic management views (DMVs) 40, 223, 224–226
E
elastic Database Transaction Unit (eDTU) 2, 25
elastic pools
changing sizes of 30
geo-replication and 31
email masking 130
enclosure awareness 233
EncryptByKey function 125
encryption
deterministic 116
ES_v3 series 44
existing applications
Express Edition 32
ExpressRoute 84
F
failed storage
failover
Availability Groups 85
process 21
Failover Cluster Instances 36–38
fatal errors 166
File and Storage Services 229
primary data 172
secondary data 172
virtual log 178
file shares
configuration 193
creating 193
viewing 194
firewalls
fixed provisioning 234
fragmentation 177, 235, 250–251
Free space in tempdb (KB) counter 168
Front-Ends 207
FULL CONTROL permissions 191, 195
G
geo-redundant storage (GRS) 48
geo-replication 20–21, 22, 135–136
elastic pools and 31
Get-AzureRmSqlDatabaseDaaMaskingRule cmdlet 133
Get-AzureRmSqlDatabaseDataMaskingPolicy cmdlet 133
Get-AzureRmSqlDatabaseTransparentDataEncryptionActivity cmdlet 139
Get-AzureRmSqlDatabaseTransparentDataEncryption cmdlet 138
Get-AzureRmSqlServerFirewallRule cmdlet 100
Get-AzureRmSqlServerKeyVaultKey cmdlet 139
Get-AzureRmSqlServerTransparentDataEncryptionProtector cmdlet 139
GitHub 72
GracePeriodWithDataLossHours parameter 22
GS series 46
H
hardware reliability 238
HashBytes function 127
high availability 20
hot data 195
hotfixes 158
hybrid network connections 84–85
I
IaaS. See Infrastructure as a Service
index statistics 264
Infrastructure as a Service (IaaS) 2
installation of SQL Server on 63–68
INSERT INTO statement 134
instances. See SQL Server instances
instant file initialization 56
interleaved execution 9
Internal Load Balancer 86
internal objects 183
I/O Operations Per Second (IOPs) 39
I/O-related indexes 245
IP addresses 105
Is Read Committed Snapshot On setting 179
J
“just-in-time” allocation 235
L
latency 39
LCK_* wait type 223
Legacy Cardinality Estimation configuration setting 162–163
locked pages in memory 57
Locked Pages In Memory 154
logical file names 172
login-azurermaccount cmdlet 86
login issues 105
logins 24
M
maintenance plans 259–261, 267–268
Maintenance Plan Wizard 249–254, 259, 267
masking functions 132
masking rules 128–130, 132, 134
Maximum Degree of Parallelism (MaxDOP) 143–146, 157–158
Max plans per query option 150
max server memory
batch mode memory grant feedback 9
locked pages in 57
VM 42
multi-factor authentication 23
N
Net Use command 193
network address translation (NAT) 105
network bandwidth 43
network connections
New-AzureRmSqlDatabaseDataMaskingRule cmdlet 133
New-AzureRmSqlServerFirewallRule cmdlet 100, 101
New-AzureRmStorageAccount cmdlet 208
NTFS allocation unit size 55
NUMA (Non-Uniform Memory Access) 143
O
object-based storage 47
OLEDB wait type 224
online analytical processing databases (OLAP) 41
online transaction processing (OLTP) 7
on-premises environments
deployment of SQL Server instances in 59–63
operating system file names 172
operators
associating alerts with 169–170
optimize-storagepool cmdlet 54
O/S disks 58
Overall Resource Consumption view 148
over-indexing 247
P
PaaS. See Platform as a Service
PAGEIOLATCH_* wait type 223
PAGELATCH_* wait type 224
page life expectancy (PLE) 40
pages 174
Page Verify setting 179
paired regions 20
Partition Layer 207
pass-through authentication 23
password issues 105
peak workloads 26
performance
performance analysis of logs (PAL) tool 36
performance conditions 167–168
Performance Monitor 34–36, 40, 87, 141, 168
permissions
application 107
cell-level encryption 124
SELECT 131
physical file names 173
plan change regression analysis 10–11
Platform as a Service (PaaS) 1, 12
PLE. See page life expectancy
Point to Site VPNs 84
portals
PowerShell
Azure Key Vault configuration with 115
deploying Azure VM using 70–72
maintenance automation using 262–263
setting firewall rules using 15
premium service tier 2, 3, 220
primary data files 172
primary filegroups 174
primary servers 22
Q
Queries with Forced Plans view 148
Queries with High Variation view 148
query execution plans 146
Query Optimized Fixes configuration setting 158–159
Query Performance Insight 6, 7
Query Store 6, 7, 10, 90–91, 146–151
catalog views 150
R
RAID (Redundant Array of Independent Disks) 47
randomized encryption 116, 117
random number masking 130
read-access geo-redundant storage (RA-GRS) 18, 48
recovery
from database corruption 269–272
Recovery Model setting 180
Remove-AzureRmSqlDatabaseDataMaskingRule cmdlet 133
Remove-AzureRmSqlServerFirewallRule cmdlet 100
Remove-AzurermSqlServerKeyVaultKey cmdlet 139
REPAIR_ALLOW_DATA_LOSS parameter 269
replicas 37
replication options 210
Resource Manager deployment model 210
resource manager model 72
Rest API 11
Restrict Access setting 179
retention policy 19
row versions 183
S
SaaS. See Software as a Service
secondary data files 172
secondary servers 22
security. See also encryption
security patches 57
SELECT INTO statement 134
SELECT permissions 131
Server/Client Access License (CAL) model 32
server-level firewall rules 96–103
Server Management Objects (SMOs) 262
Server Manager 229
Server Overview page 97
servers
primary 22
secondary 22
service level agreement (SLA) 10
choosing 218
choosing initial 10
Database Transaction Units 4–7
performance levels 2–4, 219–223
Set-AzureRmSqlDatabaseDataMaskingPolicy cmdlet 133
Set-AzureRmSqlDatabaseDataMaskingRule cmdlet 133
Set-AzureRmSqlDatabaseTransparentDataEncryption cmdlet 138, 139
Set-AzureRmSqlServerFirewallRule cmdlet 100
Set-AzureRmSqlServerTransparentDataEncryptionProtector cmdlet 139
shared access signatures 83
shared access signatures (SAS) 215
Sign-On URLs 107
Site to Site VPNs 84
SMB (Server Message Block) protocol 190–195
social security number masking 130
Software as a Service (SaaS) 14, 26
Software Assurance 32
SOS_SCHEDULER_YIELD wait type 224
sp_delete_database_firewall_rule 104
sp_delete_firewall_rule 99
sp_set_database_firewall_rule 104
sp_set_firewall_rule 99
SqlConnectionStringBuilder class 120
SQL Database Benchmark 7
SqlParameter objects 120
SQL Server
Azure Site Recovery and 87
databases
bottlenecks 73
editions 32
events 166
instances
changing name of 63
migration of existing applications to 34–36
templates
SQL Server Authentication 25
SQL Server Data Tools 73
SQL Server Management Studio 66, 83, 172
max server memory configuration in 155
SQL Server Reporting Services 64
Standard Edition 32
standard performance tier 3
statistics
column 264
index 264
STATS_DATE function 266
storage
backups 20
geo-redundant 48
changing service tiers 218–223
object-based 47
read-access geo-redundant 48
size 12
planning, based on performance requirements 47–55
Storage Stamps 207
stored procedures
parameter sniffing and 161–162
Stream Layer 207
Stretch Database
benefits of 195
enabling 196
identifying databases and tables for 205
Stretch Database Monitor 203–204
symmetric keys 135
creation of 124
sys.database_files 173
sys.database_firewall_rules 104
sys.database_query_store_options 150
sys.dm_db_column_store_row_group_physical_stats 154
sys.dm_db_file_space_usag 241
sys.dm_db_index_operation_stats 154
sys.dm_db_index_physical_stats 154, 246
sys.dm_db_index_physical_stats system function 250
sys.dm_db_index_usage_stats 154, 246
sys.dm_db_missing_index_columns 151, 152, 246
sys.dm_db_missing_index_details 151, 152, 153, 246
sys.dm_db_missing_index_groups 151
sys.dm_db_missing_index_group_stats 151, 152
sys.dm_db_operation_stats 242
sys.dm_db_partition_stats 242
sys.dm_db_resources_stats 242
sys.dm_db_session_space_usage 242
sys.dm_db_stats_properties 265
sys.dm_exec_connections 243, 244
sys.dm_exec_query_plan 243
sys.dm_exec_query_stats 243
sys.dm_exec_requests 224, 243, 244
sys.dm_exec_session 244
sys.dm_exec_sessions 243
sys.dm_exec_session_wait_stats 243
sys.dm_exec_session_wait_status 223
sys.dm_exec_sql_text 224, 243, 244
sys.dm_exec_text_query_plan 225, 243
sys.dm_io_pending_io_requests 246
sys.dm_io_virtual_file_stats 246
sys.dm_os_waiting_tasks 223
sys.dm_os_wait_stats 223
sys.dm_tran_active_transactions 247
sys.dm_tran_current_transactions 247
sys.dm_tran_database_transactions 247
sys.dm_tran_session_transactions 247
sys.firewall_rules 99
sysprep 59
sys.query_context_settings 150
sys.query_store_plan 150
sys.query_store_query 150
sys.query_store_query_text 150
sys.query_store_stats 150
sys.query_store_wait_stats 150
system backups 270
T
table valued functions (TVFs) 9
TDE. See transaction data encryption
TempDB workloads 58
templates
for Azure features 72
SQL
temporary disks 58
temporary user objects 183
temp storage 42
THREADPOOL wait type 224
Top Resource Consuming Queries view 148
trace files 56
Tracked Queries view 148
transaction log backups 239, 270
transaction log files 172
Transactions object 168
Transact-SQL (T-SQL) 96
creating alerts with 170
DDM using 133
enabling Query Store via 147
firewall rules 99–100, 104–105
max server memory configuration in 156–157
operator creation with 165
Query Store configuration 150
TDE using 138
transparent data encryption (TDE) 127
using T-SQL 138
troubleshooting
TVFs. See table values functions
U
Unwrap Key permission 113
USE PLAN query hint 146
user-defined filegroups 174
V
vCPU 42
virtual disks
size of 236
Virtual Log Files (VLFs) 178
virtual machines (VMs)
compute units 43
deployment
manual installation of SQL Server on 63–68
migration of on-premises SQL Server database to 81–87
provisioning to host SQL Server instances 68–72
W
warm data 195
Windows Azure Service Management API 108
Windows Server Failover Cluster (WSFC) 36
Wrap Key permission 113
WRITELOG wait type 224