Sql server lesson8
Download as PPTX, PDF0 likes68 views
Policy Based Management in SQL Server 2008 allows administrators to define standard configuration policies and enforce compliance across multiple database instances. Key components of PBM include facets, conditions, policies, targets, and categories. Facets define object types or configuration options that can be controlled. Conditions specify allowed values for facet properties. Policies enforce conditions and can be scheduled, prevent changes, or log violations. Categories group related policies and a mandate setting enforces compliance when an instance subscribes to a category.
Sql server lesson8
- 1. R2
- 2. Designing Policy Based Management
- 3. Designing Policies SQL Server 2008 has a new feature called Policy Based Management, also known as the Declarative Management Framework (DMF), to tackle the problem of standardizing your SQL Server instances. Policy Based Management introduces the following new objects that are used to design and check for compliance: Facets Conditions Policies Policy Targets Policy Categories (PBM) helps DBAs to define standard rules or policies and enforce these rules for configuring and managing SQL Server databases throughout the enterprise.
- 4. Facets and Conditions Policies are created from a predefined set of facets. Facets define the type of objects or option to be checked , such as database, surface Area, or login. SQL Server ships with 74 facets, implemented as .NET assemblies, each with a unique set of properties. Each facet contains a subgroup of SQL Server 2008 configuration settings and other events that you can control. You pair these facets with conditions in order to create a policy. Conditions are the values that are allowed for the properties of a facet, the configuration settings, or other events contained within that facet. Facets are A set of logical properties that model the behavior or characteristics for certain types of managed targets. The number and characteristics of the properties are built into the facet and can be added or removed by only the maker of the facet.
- 5. Facets and Conditions The facet definitions, meaning the description and properties that make up the facet, can be found in Object Explorer Right-Clicking any facet and selecting Properties displays the Facet Properties dialog
- 6. Facets and Conditions Facet dialog for database. This allows you to choose which facet you want to view for the selected object.
- 7. Policies Policies are created for a single condition and set to either enforce or check compliance. The execution mode can be set as follows : on demand Evaluates the policy when directly executed by a user on change, prevent Creates data definition language (DDL) triggers to prevent a change that violates the policy on change, log only Checks the policy automatically when a change is made using the event notification infrastructure on schedule Creates a SQL Server Agent job to check the policy on a defined schedule If a policy contains a condition that was defined using the advanced editor, the only available execution mode is On Demand
- 8. Policies Categories Policy categories can be used to group one or more policies into a single compliance unit. If not specified, all policies belong to the DEFAULT category. To check or enforce policies, you create a subscription to one or more policies. Subscription occurs at two levels: instance and database. A member of the sysadmin role can subscribe an instance to a policy category. Once subscribed, the owner of each database within the instance can subscribe their database to a policy category. Each policy category has a Mandate property that applies to databases. When a policy category is set to Mandate and a sysadmin subscribes the instance to a policy category, all databases that meet the target set are controlled by the policies within the policy category. A policy subscription to a policy category set to Mandate cannot be overridden by a database owner
- 10. Policy Compliance Because you cannot set all policies to enforce compliance you need to check policies manually that cannot be enforced on a regular basis. Defining a Condition to be used as a policy target is a critical component to well-defined policies. A policy fails during a check if the object does not conform to the criteria and if the property does not exist.
- 11. Central Management Server Policy Based Management Would be limited to SQL Server 2008 and be very tedious if you had to do any of the following: Duplicate policies on every instance, Create subscriptions to each instance in your environment individually. Check compliance for each instance individually.
- 12. 1) Target entity - Database or database object on which you would like to enforce your policy. 2) Facet - SQL server 2008 already has a predefined set of rules under the facets sub node. You just need to select the appropriate facet while creating a condition. Each facet contains a list of properties. For example, the auto shrink database option is a property. 3) Condition - An expression that will return either true or false value. Your policy-based management will test whether a condition has returned true or false. 4) Policy - You can create a new policy by right clicking on the policies node and selecting new option. While creating a new policy you need to select a predefined condition and execution mode. You can schedule a policy using SQL agent (by creating a Job). For on demand execution, select the policy from Object Explorer and select evaluate. Summary To define a new policy from SQL Server Management Studio you need to set following:
- 13. Review 1) You have defined several policies that you want applied to all databases within an instance. How do you ensure that a database owner is not allowed to avoid the policy check with the least amount of administrative effort? A. Create a condition that checks all databases. B. Add the policy to a user-defined policy category and set the Mandateproperty. C. Add the policy to the default policy category. D. Check the policies manually against the instance
- 14. Answer 1) Correct Answer: C A. Incorrect: Even if you create a condition that checks all databases, a database owner can choose not to subscribe to a policy unless you have mandated compliance. B. Incorrect: While you could create a policy category that has the Mandateproperty enabled and add the policy to the category, it requires more effort than just adding the policy to the default policy category. C. Correct: The default category is configured with the Mandateproperty enabled. In addition, you cannot disable the Mandateproperty. D. Incorrect: While you could check the policies manually, this requires more effort that adding the policy to the default category