Nov 092016
 

I’m very happy to be presenting for the PASS Security Virtual Chapter on Thursday, November 17, 2016 at 10:00am Pacific!

I’ll be presenting my session entitled SQL Server Encryption Basics. This is an introductory-level session on the encryption capabilities of SQL Server, how they work, and when and where you may want or need to deploy them.

High-profile attacks by hackers have made the news more and more the past few years, and your database is a prized target! Fortunately SQL Server offers many possible layers of protection, one of which is encryption. This session will cover SQL Server’s encryption capabilities, how they work, and what they have to offer. Topics discussed will include certificates, encryption algorithms, backup encryption, transparent database encryption, and column-level encryption. Attend this session and learn how SQL Server can help you hide your data in plain sight!

I’m really happy to be delivering this session, and look forward to seeing you there! You can register at this link:

https://attendee.gotowebinar.com/register/1806816841365466115

 

Aug 012016
 

I’m extremely fortunate to have been selected to speak at PASS Summit, “the world’s largest gathering of SQL Server and BI professionals.” PASS has once again put together a fantastic lineup, and I’m extremely proud to have made the cut. As many have already done, I’d like to share the abstracts I submitted along with the feedback I received.

I submitted a total of 5 general sessions (the maximum allowed), with one being accepted. I will cover each of them here, along with the notes I received from the reviewers.

Supercharging Backups and Restores For Fun and Profit (Accepted)

Level: 300
Track: Enterprise Database Administration & Deployment
Topic: Backup / Restore, Disaster Recovery

Abstract:
Super-fast queries are an essential part of any business process, but speed will never be more important than during a disaster when you need to restore from backup. Come and see how both backups and restores can be tuned just like a query. In this demo-intensive session, we will discuss the different phases of the backup and restore processes, how to tell how long each of them is taking, and which are the easiest to significantly speed up. You just might be surprised how simple it is to achieve dramatic results – cutting your backup and restore times by 75% or more is absolutely possible using the methods covered here.

Preqrequisites:
Attendees should have a solid understanding of SQL Server backup and restore operations.

Goals:

  • Learn tips and tricks for speeding up backup and restore processes and methods for tuning them that can have dramatic results.
  • Understand what happens during backups and restores, and which phases of their execution can have the most time shaved off of them.
  • Learn trace flags that expose extra information about the backup process and how to leverage this knowledge for maximum benefit.

Feedback I Received:

  • Abstract: well written, engaging
    Topic: draws attention
    Subjective: personally never been in a position where an emergency restore could be considered fun, but interested to here when it was
  • I would like to attend this session. The title is eye catching, The experience level is good but those DBA with less experience could attend and learn easily based on the information listed.
  • The outline seems well developed. The goals appear to be interesting for attendees. There appears to be a reasonable amount of live demonstrations in relation to the topic being presented.
  • high level, 75% of demo and minimum slides. And important topic. Very interesting session

My Comments:
I’m very happy this topic was accepted; I’ve presented it at several SQL Saturdays and have been wanting to to it at PASS Summit for several years now. Tuning queries is always seen as a common task and I’ve always thought that tuning backups and restores is a logical progression of that. In response to the first reviewer’s question, I think an emergency restore can be fun when you’re prepared for it. When you’ve practiced your disaster scenarios, have all your scripts ready, and know how long the restore will take, there’s not a whole lot left to be stressed about. As for the “high level” of demos, this is a demo-heavy session. You can only talk about backups for so long before it becomes worth it to actually start doing them. Not to mention it’s very helpful to show the audience how dramatic the results can be with some demos.

 

Good Migrations: Moving Maximum Data with Minimum Impact (Not Accepted)

Level: 300
Track:
Enterprise Database Administration & Deployment
Topic:
Database Maintenance

Abstract:
A database at rest tends to stay at rest, until it needs to move. This session will cover various methods available to migrate a SQL Server database from one location to another. Whether moving to a new storage system, a new server, or even to the cloud, there are a multitude of options available, many of which involve little to no user impact. Lack of SQL Server Enterprise Edition isn’t always a problem – many of these methods work for Standard Edition servers as well. We will discuss how to determine the most appropriate migration option based on your environment’s constraints, the pros and cons of each method, and planning and testing your migration. Come see how moving a multi-terabyte database with only a few minutes of downtime is completely possible.

Preqrequisites:
A good understanding of SQL Server files, filegroups, and index rebuild processes would be helpful.

Goals:

  • Be able to determine which migration method is most appropriate for given uptime requirements and organizational/environmental constraints.
  • Learn how to plan and test a database migration to maximize chances of success long before any queries are run.
  • Understand the many different techniques for moving databases, filegroups, and objects between different servers and/or storage, and the advantages and disadvantages of each.

Feedback I Received:

  • Abstract: Clearly written abstract with well aligned goals.
    Topic:Interesting topic that will attract DBA’s on the operations side of the fence.
    Subjective: I’d attend this session, as it sounds like a great topic.
  • Abstract – Outline is well developed. Level seems a bit high. Goals are well developed
    Topic – Title is good but would like to see if this is for which version of SQL 2012/2014/2016?
    Subjective – Would like to see presentation not only with moving data but imports as well aside from SQL Partitioning. Would like to see more demos but didn’t downgrade for that.
  • Abstract: detailed, compelling
    Topic: relevant, useful
    Subjective rating: interesting
  • Demo % seems to be low for 300 level session

My Comments:
Having worked on a system for many years that has grown more quickly than its storage budget, I’ve had to do a lot of creative things to move data around on-the-fly. This session covers a bunch of those tricks, which as you can imagine, end up being a little more interesting than a simple online index rebuild. I don’t include partitioning because that’s an entirely different topic and could easily take up an entire presentation on its own. As for the low amount of demos (25%), a lot of these operations are rather time-consuming and really wouldn’t fit well into a 75-minute session. I’d love to present this topic at the summit someday; I think attendees would get a lot out of it. Also I’ve yet to see something similar to this on the schedule, so it could definitely be something different.

 

Manage & Visualize Your Application Logs with Logstash & Kibana (Not Accepted)

Level: 200
Track:
Enterprise Database Administration & Deployment
Topic:
Management Tools

Abstract:
The logs kept by Windows, SQL Server, and other applications contain a treasure trove of information about the health and activities of a system. However, as an environment grows in size and complexity, the number of logs quickly starts to become unmanageable. Fortunately there is a group of free open-source tools: Elasticsearch, Logstash, and Kibana, known collectively as the “ELK” stack.

This session will demonstrate how to use Logstash to manage all application and error logs in your environment, regardless of format or operating system. You will learn how to configure Logstash to capture logs from SQL Server or any other system, organize and archive them in real-time with Elasticsearch, and create helpful web-based dashboards in Kibana. Don’t miss this opportunity to unlock the hidden power of all your application logs with the ELK stack!

Preqrequisites:
Attendees would benefit from a general understanding of the SQL Server error log and how it behaves.

Goals:

  • Learn about the components of the ELK stack, what they do, and how they interact with each other.
  • Understand how Logstash works and how to configure it to collect log information from any file format or logging method, using SQL Server error log files as an example.
  • See how to build dashboards in Kibana to quickly visualize errors and warnings across your environment.

Feedback I Received:

  • Abstract: Abstract is clear and well written.
    Topic: Topic is interesting and useful. Not sure if there would be enough demand for this topic.
    Subjective: I would like to attend this session. Seems like a good way to leverage other stacks for ease of admin.
  • Abstract: The outline and details of this abstract are well written!
    Topic: This is very interesting topic
    Subjective: I will attend this session
  • Well developed. I would like to attend this session.

My Comments:

This is absolutely a niche topic so I can understand why it wouldn’t get accepted. Sure sounds like the reviewers thought it was intriguing though. I run my ELK stack in Linux and use it to ingest system and application logs from a wide variety of machines. While this session would be more tailored to monitoring your SQL Server logs, it would also address monitoring virtually any log on any platform. This isn’t really database-centric, and certainly isn’t exclusive to SQL Server. While I think it would be very useful, I absolutely understand why this one didn’t make the cut.

 

Automating Your DBA Checklist with Policy-Based Management (Not Accepted)

Level: 200
Track:
Enterprise Database Administration & Deployment
Topic:
Policy Based Management

Abstract:
Manually reviewing database compliance checklists is an excellent way to ensure that processes are followed consistently, but it is also extremely time-consuming. Let’s automate the process! SQL Server’s Policy-Based Management is a powerful and simple-to-configure feature that can ensure that all of your best practices and data policies are consistently enforced throughout your environment.

Come see how easy it is to make sure all your SQL Servers comply with Microsoft’s recommendations or any other constraints your deployment requires. This session is loaded with demos to show you how to write policies, evaluate them across groups of instances, and even set up automated reporting so you can have a list of non-compliant servers delivered to you. Years after its introduction, Policy-Based Management is still one of SQL Server’s best-kept secrets. Attend this session and learn how to work smarter, not harder, by leveraging Policy-Based Management to simplify your day-to-day tasks!

Preqrequisites:
Attendees should have a basic understanding of SQL Server administration, maintenance processes, and why they are necessary.

Goals:

  • Understand the capabilities of Policy-Based Management and how it can be used to uniformly enforce settings and other aspects of SQL Server.
  • Learn how to author policies, evaluate them both manually and automatically across multiple servers, and configure automated reporting of them using the Enterprise Policy Management Framework.
  • Leave with a checklist of best practices to automate on your servers, as well as knowledge of Microsoft’s included scripts that can help get you started.

Feedback I Received:

  • The outline seems to clearly describe the contents of the presentation. The title appears to reflect the content described in the abstract. The topic and goals should be compelling to attendees. The topic and goals appear to deliver an appropriate amount of material for the time allotted.
  • Abstract: clearly stated, interesting
    Topic: good title
    Subjective: interesting subject, and something I use often
  • good content. It would draw people to attend this session.
  • Very interesting topic, From one perspective is a basic of basics but from another we still need teach how to use PBM.

My Comments:
Policy-Based Management is incredibly useful in that it allows you to easily author “sanity checks” to make sure your databases are in compliance with whatever standards the business decides are necessary. However PBM isn’t really sexy and it’s certainly not that new – it’s had very few changes since it was released along with SQL Server 2008. As one reviewer said “it’s a basic of basics”. It is, but so many systems I see still don’t use it, typically because the DBA isn’t aware of it. From what I can tell, no sessions covering PBM were chosen this year. That’s a shame, because it could help a lot of people. But in an industry where new things always get the most attention, and at a conference with a finite number of presentation slots, it’s understandable why you won’t see any sessions on it.

 

SHA, Right! SQL Server Encryption Basics (Not Accepted)

Level: 200
Track:
Enterprise Database Administration & Deployment
Topic:
Security: Access / Encryption / Auditing / Compliance

Abstract:
High-profile attacks by hackers have made the news more and more the past few years, and your database is a prized target! Fortunately SQL Server offers many possible layers of protection, one of which is encryption. This session will cover SQL Server’s various encryption capabilities, how they work, and their advantages and limitations.

You will learn what certificates are and why they matter, which encryption algorithms are available and which should be used, and how Transparent Database Encryption works and when to enable it. More recent features such as backup encryption and SQL Server 2016 Always Encrypted will also be explained. Restoring servers and recovering data can be thought of as difficult, but they are nothing compared to rebuilding your customers’ trust and repairing your reputation. Attend this session and learn how SQL Server can help you protect your data from prying eyes both inside and outside of your organization.

Preqrequisites:
Attendees should have basic knowledge of SQL Server and a desire to learn about encryption.

Goals:

  • Learn about all the different ways SQL Server can protect your data through encryption.
  • Understand the strengths and weaknesses of each encryption technology, and the scenarios where each would be an appropriate solution.
  • Learn tips for designing databases where security through encryption is a prerequisite, not an afterthought.

Feedback I Received:

  • Encryption. Important and lovely topics. Worth to see it!
  • Abstract: detailed
    Topic: relevant, sql server 2016 is covered
    Subjective rating: interesting
  • OK, I’m in the dark — what is SHA?
  • Abstract – Good detail in abstract. Great opener and strong conclusion.
    Topic – Good goals. Attendees will be interested and seems compelling for attendees even if they don’t know in-depth security or encryption.
    Subjective – This is a great abstract. Session Prerequisites and Level match and since its previously presented the topic should be able to fit within the time frame allowed.
  • Abstract: it’s punny! good topic
    Topic: well written and informative of what will be covered and why
    Subjective: definitely interested in this session
  • Abstract: Great abstract supported by clearly defined goals. Abstract goes into an appropriate level of detail on deliverables.
    Topic:Great topic. Encryption is an ongoing concern and likely to be a solid draw.
    Subjective: I would attend this session Sounds like a great introductory conversation.

My Comments:
All the other sessions I submitted had 3 or 4 pieces of feedback (I’m assuming from 3 or 4 people). This one has 6! Encryption is a hot topic as of late, I wonder if that has something to do with the reviewer interest in this session. This is a rather basic presentation, and while it’s done rather well at several SQL Saturdays, I’m not sure it would be as popular at the summit anyway. Not being chosen kind of solidified my thoughts. Having a few sessions with deeper dives on a more narrow scope would probably be more popular, though I doubt any of those sessions would cover the basics in the depth that I do here.

 

Thanks so much to the members of the Program Committee who volunteered their time to review abstracts. I know they do not have an easy time reviewing or selecting sessions for the schedule. (As a member of the Program Committee for several years now, I can speak from experience.) I value all feedback, and look forward to incorporating it into any future submissions.

May 122016
 

For the past few years I’ve had the annual goal of attending a SQL Saturday in a location that’s totally new to me. For 2016, that new place is Maine. The closest I’ve ever gotten to there is Boston, so I’m really looking forward to this trip and honored to be among the presenters at SQL Saturday Maine 2016!

I’ll be giving my talk entitled “Introduction to SQL Server Encryption”, the same one I delivered in Madison earlier this year and went quite well. If your organization is investigating deploying any of SQL Server’s encryption features, this is the session for you! Please bring your questions and I’ll look forward to seeing you there!

If you still haven’t signed up for SQL Saturday in Portland, Maine, there’s still spots available as of when this post went live. The organizing team has built an amazing schedule, and it’s sure to be a great day of education and networking!

Feb 292016
 

Thank you so much to the wonderful organizing committee of SQL Saturday Madison 2016 for selecting me to present!

I’m a huge fan of Madison – it’s a great city that’s not-too-terribly far from my house. I’ve had amazing times at their previous SQL Saturdays in 2012, 2013, and 2015, and I can only assume it will be just as awesome this year. They’ve put together a wonderful schedule with amazing presenters both local and from afar.

The presentation I’ll be giving is an introduction to SQL Server Encryption. Security is only getting more important as time goes on, and encryption continues to play an increasing role across the board. While it was once seen as necessary only at the client level, the calls for databases to be encrypted as well are becoming more and more frequent. This session will cover SQL Server’s encryption capabilities and what they have to offer, including certificates, encryption algorithms, backup encryption, transparent database encryption, and column-level encryption.

Registration for SQL Saturday Madison is still open right now, so if you’d like to see a day’s worth of amazing presenters cover Microsoft’s Data Platform technologies, sign up today!

Jul 212015
 

I’m extremely honored to once again be part of the speaker lineup for PASS Summit. This will be my 4th year in attendance and my 3rd year speaking, and the joy of being there never gets old. It’s an incredible gathering of people from all over the world who are passionate about data, and returning each year feels like a family reunion.

This time around I will be presenting about security, a topic near and dear to the hearts of many, especially with the number of newsworthy security breaches that have occurred the past few years. I’ve always wanted to present a beginner-level topic, and this year I got my wish. I’ll be talking about the basics of security in SQL Server: how to make sure everyone requiring access to data gets exactly what they need and nothing more, and that people with no business seeing certain data have no ability to. Here’s the abstract:

SQL Server Security Basics
The past few years seem to have had more than their fair share of high-profile data breaches, not all of which were caused by sophisticated hacking attempts. This session explains basic methods for securing your SQL Server by making sure you’re not leaving the proverbial front door unlocked (or in some cases, wide open). We will discuss the different levels and methods that can be used for granting and restricting rights, as well as the pros and cons of each. You learn steps you can take to design databases with securability in mind from the beginning, so that you can better protect your data later. We also demonstrate scripts that can help audit user rights and make sure logins don’t have any more permissions than they need. Security doesn’t need to be scary! Attend this session and gain a solid foundation on which to build your DBA career.

If you haven’t signed up for PASS Summit yet, register today! There’s still time to negotiate with your employer and see if they can help cover some or all of the cost. It’s an incredible investment in your career. If you want to learn from some of the best in the world, this is where you go to do it. I really hope to see you there!