MS SQL Server

ByHariharan Rajendran

Access Azure Virtual Machine Applications Outside of Network

AzureVM

This article explains that how you can access virtual machine applications outside of network with the help of DNS.

For example,

Consider you have installed SQL Server on Azure Virtual machine and created few databases on the server. If you want to access those databases on your local machine, then you need to follow the below steps.

  • DNS Configuration in Azure Portal
  • Enable the TCP port with 1433 in Azure portal
  • Enable the TCP 1433 in virtual Machine
  • Create a SQL Server login and enable the mixed mode authentication

Once you have configured all the above steps, you can access your databases on another machine in SQL Server Management Studio.

Refer the below link to know in detail about the above steps.

https://social.technet.microsoft.com/wiki/contents/articles/36674.access-azure-vm-sql-server-outside-of-network.aspx

ByHariharan Rajendran

PowerBI Reports in SQL Server Reporting Services

Recently, Microsoft released a Technical Preview of PowerBI in SQL Server Reporting services. It has opened a door to create and deploy PowerBI reports within the Reporting services.

This will be a great feature that who are all searching for great report representations in SQL Server Reporting services itself.

This article illustrates, the new look and feel of SQL Server Reporting Services portal and diverse approaches to publish the PowerBI reports.

As we have PowerBI Desktop tool from PowerBI Team, we need to use this tool to develop the PowerBI Reports. It means, we need to use two different tools for developing and publishing reports, i.e. regular SSRS reports from Visual Studio data tools and PowerBI reports from PowerBI Desktop.

Look and Feel

As you know, the look and feel of SQL Server Reporting Services Portal has changed from SQL Server 2016.

In this technical preview, there is a new section added at the bottom to hold all the PowerBI Reports but still we can manage inside our regular report folders.

PowerBi

 

Approaches to publish PowerBI Reports to the portal,

Approach 1:

Develop reports in PowerBI Desktop and perform “Save As” to directly publish (deploy) to portal.

Bi1

 

BI2

Approach 2:

Save the report in local folder and upload manually to the portal.

Bi3

ByHariharan Rajendran

Custom Report for SSMS

It is very easy to create a custom report and use it inside SQL Server Management Studio.

As we know, we have standard reports from Microsoft to monitor the Server and Database information.

These reports are available for instance and database level, If you are not aware of this standard reports, please check it below to access those reports.

 

image

image

Steps to use custom report in SQL Server Management Studio.

Just created a Report as like below,

image

We need to adjust the data source properties to use inside SSMS. Modify the data source like below. Once modified the data source, save the report. We will take this rdl file and attach in SSMS.

image

image

image

Once added the report, open and see the information.

image

Now, you can refresh the report and see the real time information and even you can build a report to specific database for monitoring purpose.

Happy Learning.

ByHariharan Rajendran

Update on Azure Stretch Database

Previously, when we configure the stretch database in SQL Server 2016, the database created in Azure and it was using one of the Azure SQL Database pricing tier (Basic, Standard &  Premium). Microsoft has done recent changes in pricing tier of stretch database. Now, we have new pricing tier for compute and storage. This might resemble the same as Azure SQL Data Warehouse.

We can control the compute power based on required performance. The default compute level is 100 DSU. Compute power is charged per hour basis.

Storage of data will be charged at standard disk rates. Data storage includes the size of the stretch database and backup snapshots. All stretch database have 7 days of incremental backup snapshots.

The look and feel of the stretch database in Azure Portal.

image

 

image

image

ByHariharan Rajendran

Stretch Database – Filter

We can easily filter the rows to migrate the data to azure  through T-SQL statement. Need to associate that filter function with the script to enable the data migration to azure.

This article explains the same filter concept through wizard. we can easily apply the filter with few clicks.

1. Right click your database->Tasks->Stretch->Enable

2. Choose the table and look for a column “Migrate” and click the hyperlink “Entire Table”

image

3. Filter the rows in the below window

image

image

image

ByHariharan Rajendran

Always Encrypted–PowerShell Scripts Part-2

Applying the encryption to the table column is easy with the PowerShell. Please make sure to follow the below steps before run the below scripts.

1. Connect to SQL Server from PowerShell

2. Create column master key & column encryption key   – You can create by using wizard or PowerShell Scripts

Wizard method

PowerShell Script

3. Choose the column which you want to apply the encryption.

4. Defined the encryption type

 

Run the below script just continue with this script

$ces = @()
$ces += New-SqlColumnEncryptionSettings -ColumnName “dbo.Patients.SSN” -EncryptionType “Deterministic” -EncryptionKey “CEK1”

Set-SqlColumnEncryption -InputObject $database -ColumnEncryptionSettings $ces

You can append multiple encryption by adding + symbol, like below

$ces = @()
$ces += New-SqlColumnEncryptionSettings -ColumnName “dbo.Patients.SSN” -EncryptionType “Deterministic” -EncryptionKey “CEK1”
$ces += New-SqlColumnEncryptionSettings -ColumnName “dbo.Patients.BirthDate” -EncryptionType “Randomized” -EncryptionKey “CEK1”
Set-SqlColumnEncryption -InputObject $database -ColumnEncryptionSettings $ces

ByHariharan Rajendran

Always Encrypted–PowerShell Scripts

We have discussed that how to create a Always encrypted columns and steps to create custom column master key & column encryption key.

This article explains about the creation of keys with the help of PowerShell scripts.

Latest PowerShell Cmdelt’s update from Microsoft, https://blogs.technet.microsoft.com/dataplatforminsider/2016/06/30/sql-powershell-july-2016-update/

Pre-Requisites:

Since Always Encrypted feature introduced in SQL Server 2016, we need to upgrade our SQLPS.exe. If you use the older version of SQLPS then that will not recognize the some of the below cmdlets. So make sure to upgrade SQLPS.exe first.

You can upgrade by installing the latest version of SSMS (SQL Server management studio) 2016.

Check for the below modules installed in PowerShell,

#List directory wise installed modules

Get-Module –ListAvailable

image

Check for SQLASCMDLETS & SQLPS. If there is no modules then make sure you have SQLPS.exe file available in below location

C:\Program Files (x86)\Microsoft SQL Server\130\Tools\PowerShell\Modules

# Import the SQL Server Module.
Import-Module Sqlps -DisableNameChecking;

 

Steps to Create a Column Master Key & Column Encryption Key.

In the Below script, we need to specify following information,

  • Server Name
  • Database Name
  • Column Master Key Name
  • Column Encryption Key Name

First Connect to the Server and Database using PowerShell Script

# Connect to your database.
$serverName = “<server name>”
$databaseName = “<database name>”

$connStr = “Server = ” + $serverName + “; Database = ” + $databaseName + “; Integrated Security = True”
$connection = New-Object Microsoft.SqlServer.Management.Common.ServerConnection
$connection.ConnectionString = $connStr
$connection.Connect()
$server = New-Object Microsoft.SqlServer.Management.Smo.Server($connection)
$database = $server.Databases[$databaseName]

As we know, we have different key stores available. This below script using “Windows Certification Store – Current User”.

# Create a column master key in Windows Certificate Store.
$cert1 = New-SelfSignedCertificate -Subject “AlwaysEncryptedCert” -CertStoreLocation Cert:CurrentUser\My -KeyExportPolicy Exportable -Type DocumentEncryptionCert -KeyUsage DataEncipherment -KeySpec KeyExchange

In the above script, you can check the “CertStoreLocation”. To identify the location, you can check in T-SQL Statement to create master key. I just highlighted in below script for understanding purpose.

USE [Sample_Encrypt]
CREATE COLUMN MASTER KEY [test1]
WITH
(
    KEY_STORE_PROVIDER_NAME = N’MSSQL_CERTIFICATE_STORE’,
    KEY_PATH = N’CurrentUser/My/55A4DDAF58D274547B9C3BA5ABA154662CDF62D0′
)

GO

# Create a SqlColumnMasterKeySettings object for your column master key.
$cmkSettings = New-SqlCertificateStoreColumnMasterKeySettings -CertificateStoreLocation “CurrentUser” -Thumbprint $cert1.Thumbprint

# Create column master key metadata in the database.
$cmkName = “<cmk name>”
New-SqlColumnMasterKey -Name $cmkName -InputObject $database -ColumnMasterKeySettings $cmkSettings

# Generate a column encryption key, encrypt it with the column master key and create column encryption key metadata in the database.
$cekName = “<cek name>”
New-SqlColumnEncryptionKey -Name $cekName -InputObject $database -ColumnMasterKey $cmkName

Verify the keys in SQL Server Database Security folder.

ByHariharan Rajendran

Always Encrypted–Key Stores

As you know, we can create “Column Master Key” & “Column Encryption Key” to encrypt the column values. You can check here to learn about key creation. Usually these keys are associated with the certificate which includes the details like,

Issued To, Issued By, Expiration Date, Thumbprint & etc.

In Always encryption, we have four different Key store options are available which helps us to secure our keys. These keys are associated with the table columns. We can decrypt the values using these keys so we need to make sure to secure the keys.

Key stores,

  1. Windows Certificate Store – Current User
  2. Windows Certificate Store – Local Machine
  3. Azure Key Vault
  4. Key Storage Provider (CNG)

image

 

Widows Certificate Store – Current User

This type of certificate store is local to current user on the computer. This is located in the registry of the computer, specifically on HKEY_CURRENT_USER root

We need to compare the current user certificate store with local machine certificate store. Current user certificate always inherit the content of the local machine certificate.

image

We can generate the certificate by our self and that will be available for one year and we can use that to encrypt the column values.

T-SQL Statement to create a master key, we can select the certificate (Thumbprint) which I highlighted.

image

Windows Certificate Store – Local Machine

This will be available on the computer which is global to all users on the computer. This is located under HKEY_LOCAL_MACHINE registry.

This will list out all the available certificates in your computer and choose for encryption.

 

image

Azure Key Vault

This should be used to safeguard the keys in cloud (Azure). It requires a Azure subscription.

 

Key Storage Provider (CNG)

It provides different providers,

  1. Microsoft Passport Key Storage Provider
  2. Microsoft Smart Card Key Storage Provider
  3. Microsoft Software Key Storage Provider

We can choose any of the above provider, for more information about the algorithm, key length & etc., check Microsoft article here.

image