Features of SQL Server 2008:

Data Protection Features in SQL Server 2008

Lesson Overview

SQL Server 2008 includes several new features such as transparent data encryption and external key management that enable you to encrypt and protect data. The comprehensive data auditing in SQL Server 2008 enables you to monitor all events at the server and database levels. SQL Server 2008 also provides new security auditing features such as the AUDIT command to protect data more effectively.
Lesson Objectives

After completing this lesson, you will be able to:

Describe the methods for data encryption. Describe security auditing in SQL Server 2008.

Database Encryption: Transparent Database Encryption(TDE) The database level encryption feature in TDE enables you to encrypt data without affecting applications that consumed the data. You can also encrypt an entire database. Both data and the log files of a database are encrypted on the disk and are decrypted when they are read into the memory. Typically, database applications attempt to minimize their I/O as it is a costly operation. Hence, tying encryption and decryption to I/O helps existing application design optimizations to minimize the performance impact of encryption. TDE provides encryption at a coarser granularity level. SQL Server 2008 provides cell-level encryption. The algorithms used in TDE are available in cell-level encryption; hence, both cell encryption and granular-level encryption offer the same encryption strength. Database encryption with TDE is performed by using the database encryption key (DEK). You can use the standard Data Definition Language (DDL) to manage DEK.

The actual state of encryption can be turned ON or OFF by using the ALTER DATABASE statement and the new clause: SET ENCRYPTION [ON | OFF].
BackUp Encryption:

SQL Server 2008 uses encryption to provide secure backups against data disclosure or data tampering. You can limit the number of people allowed to restore a backup. This ensures that the contents of the backup are reliable.

External Key Management:

The earlier versions of SQL Server enable you to manage encryption keys only within SQL Server. However, SQL Server 2008 enables you to manage keys both internally and externally by using third-party products. SQL Server 2008 can support Hardware Security Modules (HSM), which are third-party hardware solutions used to store keys in a separate location from the protected data. For example, if you are involved with credit card processing, or with the Payment Card Industry (PCI) compliance, you can use the appropriate third-party hardware security module (HSM) to manage keys externally.

Security Auditing

The SQL Trace feature in SQL Server 2005 provides security auditing to verify whether a user has logged on or whether any permission has changed. You can implement security auditing by using triggers. However, SQL Server 2005 does not provide data auditing. SQL Server 2008 provides several methods for data protection in addition to data encryption. System or Data Auditing Auditing has become an integral part of many database environments. Audit logs must be able to record all events occurring on the database server, while being flexible enough to

configure auditing of only required events. In SQL Server 2008, auditing events also provide details of the modified data and the number of failed login attempts. In SQL Server 2008, you can take advantage of the comprehensive data auditing to monitor all events at the server and database levels, and across the enterprise. You can also consolidate enterprise-wide auditing records from multiple sources. In addition, you can deploy auditing settings from one SQL Server to other SQL Servers in your enterprise, which makes an enterprise-wide auditing solution easier to deploy and manage. When auditing is deployed across the enterprise, the Auditing Data Collector consolidates auditing reports to provide a rich analysis of trends across the enterprise. Data Protection SQL Server 2008 uses encryption to provide secure backups against data disclosure or data tampering. You can limit the number of people allowed to restore a backup and thus ensure that the contents of the backup are reliable. A robust permissions hierarchy allows administrators to assign permissions at a granular level by limiting access to only those users who require it. In addition to standard permissions used to grant users with access to data, SQL Server allows greater management flexibility by allowing administrators to assign specific permissions. These permissions are required by assistant administrators to perform only the tasks that have been assigned to them. SQL Server 2008 also provides password complexity and expiration policies that protect your data by deterring brute force attacks. SQL Server 2008 also supports full encryption of sensitive communication between client applications and the server. In SQL Server 2008, you can implement auditing by using a simple AUDIT command. You can audit a large variety of operations, including data-oriented commands such as UPDATE and even SELECT statements. For example: AUDIT UPDATE(Salary) ON Employee TO MyAuditFolder WHERE Salary>200000AUDIT LOGON TO MyAuditFolder You can use a logical list of audit records to audit data. SQL Server 2008 allows users to create and manage auditing by using Data Definition Language (DDL).The following code shows how you can use the AUDIT statement.
The following code shows how you can use the AUDIT statement to implement security auditing. CREATE AUDIT SERVER PACKAGE HR_Audit_Package WITH SINK=MyWindowsSecurityLog STATE=STARTED ADD AUDIT GROUP SYS_FAILED_LOGIN, ADD AUDIT GROUP SYS_DATABASE_OBJECT_MANAGEMENT ON AdventureWorks ALTER AUDIT SERVER PACKAGE HR_Audit_Package ADD SINK=LocalFileSystemLogSink

What do you mean by ? TDE provides encryption at a coarser granularity level. SQL Server 2008 provides cell-level encryption. The algorithms used in TDE are available in cell-level encryption; Also the above script.

Data Monitoring Features in SQL Server 2008

Lesson Overview

SQL Server 2008 has several new data monitoring features when compared with SQL Server 2005. The resource management features allows you to manage the database, impose resource consumption bounds, and limit the utilization of resources. Plan freezing, also a new feature, optimizes the performance of queries in SQL Server 2008. The Performance Studio tool enables you to effectively monitor the performance of the database system. SQL Server 2008 also provides the Service Broker feature with new enhancements. These enhancements enable Service Broker to prioritize a conversation and diagnose configuration and run-time problems in Service Broker applications.
Lesson Objectives

After completing this lesson, you will be able to:

Describe the Change Data Capture feature in SQL Server 2008. Describe the resource management features in SQL Server 2008. Describe plan freezing in SQL Server 2008. Describe the system analysis features available for data collection and database system analysis. Describe the enhanced features of Service Broker in SQL Server 2008.

Server Management Features The Server Management features in SQL Server 2008 help you in automating standard administrative tasks and managing data effectively. Some of these features are related to DMF, SQL Server Management Studio, Dynamic SystemInitiative (DSI), streamlined installation, and clustering enhancements.

DMF DMF in SQL Server 2008 allows database administrators to define configuration policies that can be applied to servers, databases, tables, and other targets across the enterprise. These policies can monitor system configuration and prevent changes, thereby, reducing the time for daily maintenance tasks. You can use triggers to enforce the policies proactively, or use Service Broker to handle policy application after the changes occur. You can also use the SQL Server Agent to

schedule policy enforcement. SQL Server 2008 also allows you to use ad hoc execution to check objects against policies in real time. The DMF delivers the following benefits:

Ensures compliance with policies for system configuration Reduces total cost of ownership by simplifying administration tasks Detects compliance issues in SQL Server Management Studio

SQL Server Management Studio SQL Server Management Studio provides an integrated environment for accessing, managing, configuring, and developing databases and database servers. SQL Server Management Studio also provides a graphical environment and rich scripting capabilities. In addition, you can use this application to manage local and remote servers.
DSI

Software models for hardware and software can be created in the form of management packs for Microsoft Operations Manager (MOM). The DSI involves building a software system that documents a designers knowledge about the systems, the environment in which the systems operate, the IT policies that govern the systems, and the user experience associated with the systems. This data is captured by using software models and a variety of authoring and development tools. In SQL Server 2008, the models used in the DMF are compliant with the Service Modeling Language (SML) specification. SML is a new industry standard of leading database vendors to manage the distributed systems. SML also enables SQL Server 2008 to be monitored and managed by the new System Center family of Microsoft products, including Microsoft System Center Operations Manager and Microsoft System Center Configuration Manager. DSI reduces the time taken by database administrators to monitor tasks, write complex codes, or run standard database maintenance tasks. The following are the benefits of DSI:

Simplifies the process of database management by removing the need for detailed knowledge and providing the right level of automation Allows scalability to thousands of servers that need to be managed in a large enterprise

In addition to these initiatives, SQL Server 2008 allows easy installation and configuration of Best Practice Analyzers such as Surface Area Configurator (SAC) and Upgrade Advisor (UA). Streamlined installation The setup and installation process has been enhanced in SQL Server 2008. The configuration data and engine bits have been separated for creating a disk image of a basic, unconfigured system. This is to ease the process of distributing SQL Server 2008 across various servers.

The latest updates can be retrieved from the Microsoft Web site during the installation process. In addition, SQL Server 2008, service pack, and patches can be installed in a single step. Clustering enhancements Organizations may require solutions that protect the entire SQL Server instance. To meet this requirement, SQL Server 2008 can participate in a Microsoft Cluster Service Cluster group. A failover cluster appears to a client as a single instance of SQL Server 2008 but provides failover from one server to another after the present server becomes unavailable. The clustering solution in earlier versions of SQL Server 2008 required use of a single drive letter at each instance of SQL Server and all nodes in the cluster to be positioned on the same subnet. Clustering in SQL Server 2008 removes this limitation by offering a more flexible clustering configuration. In addition, SQL Server 2008 supports mission-critical application and larger environments by providing support for clusters of up to 16 nodes. The cluster validation tool provides greater flexibility for organizations to choose the hardware for their clustering solutions. This tool can be used by organizations to test the validity of their hardware configuration without having to reply on a list of whole system solutions available on the Windows Catalog for Clustered Solution. New Data Types SQL Server 2008 includes new data types such as large user defined types (UDTs), date and time, FILESTREAM storage, hierarchyid, and spatial data. The T-SQL enhancements include the sparse columns and filtered indexes, and table-value parameters. By using these new data types and T-SQL enhancements, you can manage both relational and non-relational data to build global applications. New date and time SQL Server 2008 not only improves the usage of the new data types in applications, but also enhances the storage of these data types in the relational database engine. The following are the new data types for storing date and time values:

Date. This data type allows you to store dates without a time component from 000101-01 to 9999-01-01 in the Gregorian calendar. Time. This data type supports data related to time specifications up to 100 nanoseconds. DateTime2. This data type supports data related to time specifications with an option to specify fractional precision up to 100 nanoseconds. However, this data type is not time-zone aware. DateTimeOffset. This data type allows you to store time-zone aware or preserved Universal Coordinated Time (UTC) date or time with an option to specify fractional precisions up to 100 nanoseconds.

New hierarchyid Hierarchyid is a new data type that can store values that represent nodes in a hierarchy tree. The data type, which has a flexible programming model, can be implemented as a Common Language Runtime User Defined Type (CLR UDT). The CLR UDT exposes several efficient built-in methods for creating and operating on hierarchy nodes. New User Defined Table type A user-defined table type represents the definition of a table structure. You can use a userdefined table type to declare table-valued parameters for stored procedures or functions. You can use this table type to declare table variables that are to be used in a batch or in the body of a stored procedure or function. To ensure that the data in the table type meets specific requirements, you should create unique constraints and primary keys on the table type. Spatial data SQL Server 2008 provides new data types that can be used to store different kinds of geographical elements. These data types provide properties and methods that you can use to perform spatial operations such as calculating distances between locations and finding geographical features. The following are the types of spatial data types:

Geography Data Type. This data type, defined by latitude and longitude coordinates, provides a storage structure for spatial data. This kind of data is typically used for physical structures, or for geographical features, such as vector data, or for calculating true great circle distances and trajectories. Geometry Data Type. This data type provides a storage structure for spatial data that is defined by coordinates on an arbitrary plane. This type of data is commonly used in regional mapping systems. This data type can also be used for maps and interior floor plans. The geometry data type provides properties and methods that are aligned with the Open Geospatial Consortium (OGC) Simple Features Specification for SQL. This data type can be used to perform operations on geometric data that produce industrystandard behavior.

UDTs In SQL Server 2005, UDTs are restricted to 8,000 bytes and are stored in a single page in system memory. In SQL Server 2008, there is no restriction on the size of a UDT. This new memory model enables you to store large UDTs and provides developers with more flexibility in creating UDTs. FILESTREAM storage The file stream data type allows you to store unstructured data directly in the file system. You can use the new storage type VARBINARY(MAX) FILESTREAM to define table columns and store large binary data as files in the file system instead of storing it as a Binary Large

Object (BLOB). In addition, you can use T-SQL statementsSELECT, INSERT, UPDATE, or DELETEto query and modify file stream data. You can use the rich set of streaming APIs provided by Win32 for better streaming performance, while maintaining transactional consistency. You can also apply SQL Server functionalities to file stream data such as triggers, full-text search, backup and restore, SQL permissions, Database Console Command (DBCC) checks, and replication. Sparse columns and filtered indexes This feature provides an efficient method to manage empty data in a database by allowing NULL data to consume no physical space. For example, sparse columns allow object models that typically contain several null values to be stored in a SQL Server 2008 database with minimal space costs. Table-value parameters Table-value parameters are declared by using user-defined table types. You can use tablevalue parameters to send multiple rows of data to a Transact-SQL statement or a routine, without creating a temporary table or multiple parameters. Table-value parameters are like parameter arrays in Object Linking and Embedding Database (OLE DB) and Open Database Connectivity (ODBC), but offer better flexibility and closer integration with Transact-SQL. These parameters can also be used in set-based operations.

Table-Value Parameters
Table-value parameters allow you to pass user defined tables between queries and also between client and server. In SQL Server 2008, you can use table-value parameters to pass an entire set of data into functions and procedures. By using table-value parameters, you can declare a table variable, populate it with standard routines, such as INSERT, and then pass it into a procedure or a function. The database engine handles this data by using a reference marked with the READONLY property to ensure that the data does not get copied again. Table-value parameters have two primary componentsa SQL Server type and a parameter. The following are the steps to create and use table-value parameters: 1. 2. 3. 4. 5. Create a table type and define the table structure. Declare a routine that has a parameter of the table type. Declare a variable of the table type and then reference the table type. Fill the table variable by using an INSERT statement. Pass the variable to a routine.

The following code shows how you can create and use table-value parameters.
USE AdventureWorks;

GO /* Create a table type. */ CREATE TYPE LocationTableTypeAS TABLE (LocationName VARCHAR(50), CostRate INT); GO /* Create a procedure to receive data for the table-value parameter.*/ CREATE PROCEDURE usp_InsertProductionLocation @TVP LocationTableType READONLY AS SET NOCOUNT ON INSERT INTO [AdventureWorks].[Production].[Location] ([Name], [CostRate], [Availability], [ModifiedDate]) SELECT *, 0, GETDATE() FROM @TVP; GO /* Declare a variable that references the type. */ DECLARE @LocationTVP AS LocationTableType; /* Add data to the table variable. */ INSERT INTO @LocationTVP (LocationName, CostRate) SELECT [Name], 0.00 FROM [AdventureWorks].[Person].[StateProvince]; /* Pass the table variable data to a stored procedure. */ EXEC usp_InsertProductionLocation @LocationTVP; GO
Table-value parameters offer more flexibility and better performance than temporary tables to pass a list of parameters. Table-value parameters do not acquire locks for the initial population of data from a client and do not cause a statement to recompile.

Table-value parameters offer the following benefits: Provide a simple programming model. Enable inclusion of complex business logic in a single routine. Reduce round trips to the server. Include a table structure of different cardinality. Enable strongly typed and set-oriented queries. Enable the client to specify sort order and unique keys.

Table-value parameters have the following restrictions: Statistics are not maintained on columns of table-value parameters. Table-value parameters must be passed as input READONLY parameters to Transact-SQL routines. DML operations such as UPDATE, DELETE, or INSERT cannot be performed on a table-value parameter in the body of a routine. Table-value parameters cannot be used as target of a SELECT INTO or INSERT EXEC statement. Table-value parameters can be in the FROM clause of SELECT INTO or in the INSERT EXEC string or stored-procedure.

Replication Enhancements in SQL Server 2008

In earlier versions of SQL Server, the data changes to the replication system activities have to be stopped while adding a new node in a peer-to-peer replication topology. However, stopping system activity may not be feasible in mission-critical databases. SQL Server 2008 allows you to add new nodes to the replication topology without stopping system activity. This ensures that large mission-critical databases can function even during the installation of new nodes. An organization can add copies of a database at a remote site to increase site autonomy in a peer-to-peer replication topology. A read-only copy of a database for reporting can also be added at a remote site. The data changes pertaining to each location can be made at the respective location and then replicated to other locations. Earlier versions of SQL Server required extensive configuration for implementing replication activity. SQL Server 2008 provides several tools to assist you in configuring and implementing the replication process. The Peer-to-Peer Topology Wizard and Topology Viewer help you to set up and configure peer-to-peer transactional replication. The Topology Viewer helps you to visualize the existing topology. The Peer-to-Peer Topology Wizard helps you to easily create and modify the replication topology. The Replication Monitor tool in SQL Server 2008 allows you to monitor the overall health of the replication topology. Replication Monitor provides details about the status and performance of publications and subscriptions. The following are the usability improvements in Replication Monitor:

In most Replication Monitor grids, you can select particular columns to view, sort by multiple columns, and filter rows in the grid, based on column values.

The Common Jobs tab for the publisher node has been renamed as Agents. The Agents tab provides a centralized location to view information about all agents and jobs that are associated with publications at the selected Publisher.

The following are the Agents and Jobs that are associated with publications:

The Snapshot Agent and Maintenance jobs are used by all publications. The Log Reader Agent is used by all transactional publications. The Queue Reader Agent is used by transactional publications that are enabled for queued updating subscriptions. The Distribution Agent and Merge Agent are associated with subscriptions to publications. The Warnings and Agents tab for the publication node has been split into Warnings and Agents tabs. The tabs have been separated to focus on the difference between administering performance warnings and monitoring replication agents. The Agents tab refreshes automatically, but the Warnings tab has to be refreshed manually.