Q&A with Bradley Ball: Transparent Data Encryption in SQL Server 2012

Microsoft introduced transparent data encryption (TDE) when it released SQL Server 2008, adding full database encryption rather than the limited cell-based encryption that debuted in SQL Server 2005. While there are no major new TDE features in SQL Server 2012, Microsoft has upped the ante by enabling the database master keys to use the Advanced Encryption Standard (AES) 256 encryption algorithm. The earlier versions used the Triple Data Encryption Standard (TDE).

Bradley Ball, a senior consultant at Pragmatic Works Software and upcoming sessions speaker at this year's Live! 360 event, has a deep understanding of how to use database encryption in SQL Server 2012.

Q: Are there new overall technologies that improve encryption related to security?
A: Not in this edition, but what we did get is a stabilization of the TDE code base. There were issues that SQL 2008 and 2008 R2 had with TDE -- with its use of snapshot isolation level and the version store in tempdb, for example -- that have been fixed in SQL 2012.

We're getting a more mature code base, which will benefit adopters of SQL 2012. One example is that you used to be able to drop a certificate even if it was in use. After restarting, the SQL instance of all the databases that used TDE would be placed in suspect mode, until the certificate could be replaced and the instance restarted.

In SQL Server 2012 that dependency is now enforced by code. Attempting to drop a certificate currently in use on a database will fail.

Q: Are there new technologies or techniques that encrypt while retaining performance?
A: There has always been a slight CPU penalty to TDE. If your CPU usage averages 70 percent or higher daily, then you may not want to consider TDE without performing benchmark testing in a lower lifecycle.

TDE is so dependent on I/O that if you have an I/O bottleneck it could translate into higher CPU. If you know you have an I/O bottleneck, you'd want to perform benchmark testing in a lower lifecycle using TDE before placing it into production. However, on most systems I've worked on after implementing TDE and comparing before and after baselines, I typically don't notice a difference.

Q: Can you share any best practices or tips?
A: The big thing to remember is once you start using TDE, your certificate backups are just as important as your database backups! If you don't have a certificate on hand and need to restore a backup to a new server, your backup file is tied to that certificate. Until you restore a copy of your certificate, you can't restore a copy of your backup. This includes detach and attach operations as well.

At my blog, I have the slide deck from previous presentations, as well as scripts that will assist in managing TDE once implemented -- including scripts to automate the backups of your certificates.

Q: Are there free tools or third parties you think are worth looking at?
A: Not with regard to TDE. Any other third-party product that performs encryption on data at rest interfaces with the Microsoft API at the Windows storage level. I'd rather have my writes to disk handled from cradle to grave by Microsoft than by anyone else.

If heading out to Orlando for this year's Live! 360 event in December, make sure to catch Bradley's workshop, "Transparent Database Encryption Inside and Out in SQL Server 2012."

Posted by Doug Barney on 11/05/2012 at 1:19 PM12 comments


Evaulating Windows 8's Enterprise Value

Redmond columnist Don Jones is always the voice of reason. While many have been getting emotional about Windows 8, Don calmly sits down and rationally analyzes the value of this radically new OS.

Jones sees some business reasons for the new OS and makes an argument for companies to love all those Windows Store App tiles.

DirectAccess, which replaces VPNs for remote access, works much better under Win 8.

Another plus in the business column is Windows to Go, which lets you put a full encrypted bootable Windows install in a USB drive -- and it runs from a tile. 

Jones' advice is to look at using Win 8 as a compliment to existing machines, such as using it to drive mobile while you may stick with Win 7 as your core use machine.

I'm sure we'll hear a lot more cogent words of advice from Jones as he gets deeper into the OS.

Posted by Doug Barney on 11/05/2012 at 1:19 PM3 comments


Doug's Mailbag: Is Microsoft Finished?

Readers share their thoughts on Google's Eric Schmidt assessment that Microsoft is no longer relevant:

Schmidt is delusional!

In the 1980s Microsoft took the business market away from Apple, then it took the educational market from Apple. In the 1990s, Microsoft took the server market away from Unix (leaving only the research computing market for Linux to dominate).

In the 2000s, Microsoft took a large part of the database market from a number of now-defunct companies. It also took the netbook market away from Linux and kept the Linux desktop market share at around 1 percent and the MacOSX desktop/notebook market at around 9 percent.

In 2010, Apple started to eat into the Windows consumer notebook market with the iPad and now, in 2012, Microsoft has decided to take on Apple once again with it's own tablet.

Google's Schmidt can rant all he wants but Android has been around longer than the iPad and, as a class of devices, has not made a dent in the iPad market except at the very low end. The only reason Android got any traction in smartphones was because the first three Apple iPhones were not available anywhere in the USA except on the AT&T network.

I would not declare Microsoft dead (or even breathing hard) based upon anything Schmidt says about the company.
-Marc

Always enjoy reading your column. This one had me laughing. I know Google has its hands in just about everything in the computing world. But it truly seems you hit this nail on the head with Eric Schmidt sticking his foot in his mouth.

If Microsoft weren't a real contender, particularly in light of all the points you made, why would Google be spending so much time, energy and money to overcome it? (Chrome browser, Chromebook, etc.) For a company that started as a search engine, it has certainly made headway in a lot of different areas outside of programming.

Personally, I don't think Microsoft and Google are really competing in the same marketplace anyway. Microsoft is and has for a very long time been focusing on the enterprise customer. Servers, databases and Web servers aren't something the typical home user shops for. Google may have been trying to get into the enterprise markets by advertising Gmail as an alternative to Exchange. And it has an msi package to install the Chrome browser in an enterprise. But even that is lacking real control. Does Google have anything else besides Google docs for the enterprise? (I hear from some that Google Docs is not all that. Plus, it doesn't really play nice with IE 9.)

I think it would be a nice change of pace for consumers in the enterprise and home markets if all these companies would accept that they are going to have to share our business. I may stick to my Windows box, but that doesn't mean it's my only computer and it doesn't mean I have brand loyalty.

I don't believe Microsoft or Google will outclass the other. Neither can fulfill my computing needs all on their own. They should understand that and accept it.
-Pamela

Share your thoughts with the editors of this newsletter! Write to [email protected]. Letters printed in this newsletter may be edited for length and clarity, and will be credited by first name only (we do NOT print last names or e-mail addresses).

Posted by Doug Barney on 11/02/2012 at 1:19 PM2 comments


Is Windows Share Really Slipping?

Windows has long had remarkable market share, well over 90 percent for most of its mature life. Now Forrester says that share is down to just 30 percent. So what took over? The Mac, Linux, some new-fangled PC OS? No, it is all smartphones.

This kind of math makes for a good headline, but is horrible research. A smartphone is not a PC, nor is a tablet (unless it's a Surface).

A PC is a multifunction computer capable of handling work computing tasks, documents, content creation and editing, communication and fundamental corporate computing. Phones and tablets do some of this, and are used for corporate computing on no more than a part-time basis.

I'd venture that Forrester did not craft its surveys on a tablet, crushed numbers on a smartphone version of Excel and wrote the report on a Kindle.

When you talk about Windows market share, please talk about PCs. When you talk about phones please talk about phones. And when you talk about tablets, stick to tablets.  

Instead Forrester considers almost anything with a processor and screen a personal computing device.

Yes, the computer industry is changing and new mobile OSes are challengers for Windows. But to get it all straight requires a more subtle analysis rather than tossing apples (mobile devices) and oranges (PCs) into one big mush.

Am I too hard on the number crunchers at Forrester or are they fundamentally misunderstanding what Windows market share is all about? Feel free to agree or disagree at [email protected].

Posted by Doug Barney on 11/02/2012 at 1:19 PM18 comments


Q&A with Jeremy Thake: SharePoint as a Service

Once you decide to run SharePoint in the cloud, what's the best way to present it to your various constituents as a service? Jeremy Thake, an enterprise architect at AvePoint Inc. and upcoming sessions speaker at this year's Live! 360 event, has experience working with organizations that have numerous workloads and has taken time to answer some questions for those considering taking the SharePoint plunge.

Q: Why should a shop consider online SharePoint?
A:
The main reason to look for a cloud-based provider for SharePoint is to outsource the operational and maintenance costs of running SharePoint on-premises. If you put it into perspective, while organizations are cognizant of the hardware cost of SharePoint on-premises, they often forget about the real estate, power, redundant systems and staff that are also necessary. When you take all of this into account, the reduced-cost story becomes even more compelling.

Q: What are the economics?
A:
Each provider has different pricing models, some per-user-subscription-based and some based on each tenancy you're running in their environment. For small companies, SharePoint can be extremely expensive compared to the subscription-based models.

Q: How can I trust that it's secure?
A:
All providers of SharePoint Online provide details of their privacy policies, and it's extremely important that you read them carefully in order to fully understand the risk of exposure for your company's data. Each provider offers different ways in which they ensure security -- including physical; virtual, such as the ability to quickly isolate compromised VMs from the rest of the system; and personnel, such as need-only access, regularly expiring access and so on.

Q: How do I choose a provider?
A:
From a provider perspective, Microsoft Office 365 provides SharePoint 2010 Online at a very competitive rate, bundled alongside Exchange and Lync. At this stage, there are smaller ISVs that provide hosted SharePoint environments, but it's more IaaS that requires management at a deeper level than Office 365. Your choice of a provider should really depend on the level of management you need inside SharePoint.

Q: What requirements should I have?
A:
SharePoint Online is ready for any small business to start utilizing the document-management features of the platform with built-in search, collaboration and social capabilities, as well as advanced integration with the Microsoft Office desktop suite.

Q: How can a provider understand my business and my app?
A:
Providers have different levels of consultative services. For example, Microsoft can utilize its Microsoft Consulting Services wing to advise a customer on the optimal information architecture for their specific business needs, while others may only offer the platform.

Q: Doesn't this kind of outsourcing threaten IT jobs?
A: I don't think that SaaS threatens IT jobs -- not even IT pros who today currently maintain on-premises SharePoint servers. Sure, their roles will change, but they'll just be more focused on delivering business solutions rather than keeping the lights on.

If heading out to Orlando for this year's Live! 360 event in December, make sure to catch Jeremy's workshop, "Presenting SharePoint as a Service Back to Your Organization."

Posted by Doug Barney on 11/02/2012 at 1:19 PM0 comments


Microsoft's Stage Show Extended with Windows Phone 8 Launch

Why have one launch event when you can have three? That was Microsoft's thinking as it held its third launch event in less than five days on Monday. This time around, Windows Phone 8 was the guest of honor.

Just like the events for Microsoft Surface and Windows 8, presentations by Joe Belfiore, Steve Ballmer and Jessica Alba (yes, it was as awkward as you can imagine) were light on news and heavy on cheerleading. But that's the whole point of these events. For us that have followed these products since their conceptions, these events aren't for us; they're to let the general public know that these products are now awaiting your money.

Microsoft's newest mobile OS shares the same "Live Tile" interface as Windows 8 and RT. The benefit of bringing these active tiles to the smartphone is that the info important to you will be displayed right there on the home screen; no more waiting for the ESPN app to load up to grab the score of your favorite team.

While this is a welcome change to a smartphone OS landscape that has felt a bit stale in the past few years, we all know that an OS is only as strong as its developer support. I'm one of the few that actually took the plunge on a Windows Phone 7 device. And, as someone who has owned both an Android and an Apple smartphone in the past, Windows knocked it out of the park for me in terms of usability and its overall look. However, the app support just wasn't there.

Hopefully the relationship between Windows Phone 8, Windows RT and Windows 8 will help to streamline the process of adapting the same apps for all three platforms, as Microsoft has been advertising. But without concrete evidence of this, I'm going to be much more hesitant about taking the Windows Phone 8 plunge than I was with the last generation Microsoft mobile OS.

Developers can start changing the public's perception of all things Windows mobile now -- the SDK was released for developers yesterday. And look for devices by Nokia, HTC and Samsung to start trickling out worldwide in the next few months.

What's your take on Windows 8? Will Microsoft finally find success in the mobile market or will this be just another swing and a miss? Let Doug know a [email protected].
-- By Chris Paoli

Posted by Chris Paoli on 10/31/2012 at 1:19 PM0 comments


Q&A with Richard Harbridge: SharePoint Servers to the Cloud

There are many options now for running SharePoint in the cloud, but the question is: Should you make the move? And if the answer is yes, then which alternative cloud offering should you choose? Office 365, Windows Azure or one of many third-party cloud providers?

Richard Harbridge, a senior SharePoint architect and upcoming sessions speaker at this year's Live! 360 event, will address the pitfalls of moving SharePoint to the cloud.

Q: SharePoint seems ideal for the cloud because many installs are tactical, must come up fast and may not stay up long. Also, some of these apps are used by small numbers of people, so they don't justify a lot of fixed IT expense. Is this also your analysis?
A:
The challenge is around evaluating and planning for the cost versus the benefit of the solution or app. From a pure development perspective, it's possible to deploy an application or workload to Windows Azure for a short period of time, and then to remove it so that you're only paying for it when you're using it. This model really does enable less effort and concern about evaluating the initial or expected benefit of an application or solution, and promotes a more agile response.

For SharePoint, though, this model doesn't quite follow the same path. SharePoint is more of an always-on service. The value it provides is something that people must rely upon and which requires -- both at a technical level and a practical level -- active access. In other words, I believe there's tremendous cloud value for certain workloads, pilots and for organizations evaluating how best to invest and use SharePoint. From a solution or application side I think it's entirely possible for organizations to realize benefit from separating workloads, usage and associated costs to the cloud at times. But, typically, unless there are other reasons for the cost benefit, these are pilot or initial phases to longer-term dedicated solutions. An exception to this would be when the organization has a cloud-first or all-in strategy and is using the cloud for their primary SharePoint implementation.

Q: If I'm looking at SharePoint in the cloud, when does Office 365 make sense versus a dedicated service?
A:
It's a numbers game and it's actually a pretty easy game. If you have a user count that wouldn't utilize the dedicated environment in full, then the cost for Office 365 will be much better. This makes sense, as environments that have spare capacity still require you to pay for that spare capacity, but this isn't true for most shared and multi-tenant models. Some workloads just aren't as viable or available in Office 365 as they are in a dedicated model. As an example, if you want Project Server, business intelligence or specific types of integration, then Office 365 might not be a viable candidate for evaluation.

Q: Because SharePoint is so document-intensive, isn't performance a concern?
A:
Often there's a sacrifice of control, so there are both pros and cons. A pro could be that administrators can't change the default file size values from 50MB as the file size limitation, which results in less potential large-file performance challenges. The con here is that the cloud solution can't support those large-file scenarios. If you're in a dedicated farm scenario where you have complete control, then performance is not a greater concern than it would be on-premises. If you're in a shared environment, there are control concerns and potential limitations that potentially ensure better performance.

Q: How can I ensure performance will be satisfactory?
A:
The best way is to verify it yourself. A pilot certainly would be the best method, or at a minimum run tests and measure performance over time. The last point of measuring it over time is critical.

Q: What questions should I ask a potential SharePoint provider?
A:
It's critical to know how they treat SharePoint customizations; how they deal with SharePoint upgrades; what level of farm, Web application, services or site collection control you have; and other SharePoint-specific questions. Then there are broader questions to ask about reliability, support, performance, flexibility, storage, security, identity and access, costs and even offline access. To make it easier I've posted an online resource of 60-plus common SharePoint questions, as well as mentioned a few tools that can help verify the answers you receive.

If heading out to Orlando for this year's Live! 360 event in December, make sure to catch Richard's workshop, " SharePoint in the Cloud: Evaluating the Impact, Pros and Cons."

Posted by Doug Barney on 10/31/2012 at 1:19 PM0 comments


Schmidt Attacks Microsoft Again

Every time Google's Eric Schmidt opens his mouth, his foot flies in. His latest spout of idiocy is calling Microsoft well run but then arguing it isn't part of today's fight for computing supremacy.

If you read me with any regularity you know I am the furthest thing from a Microsoft apologist. And I fully admit that Microsoft is not sexy (never has been, doesn't try to be) and when it comes to new technologies is clearly overshadowed by the iPad, Facebook and some of Google's cooler services.

But look at what Microsoft is fixing to do. The company is taking all of existing on-premises tools and moving them to the cloud through Office 365, Azure and a host of other services.
Sexy? No. But look at it this way, Redmond may be poised to dominate the cloud in the areas of productivity, mid-level enterprise database, mid-market ERP and unified communications (among others).

The cloud is the inflection point that is supposed to create new players in existing categories. But Microsoft will fight like heck to rule in the cloud where it rules on the desktop and in the server. And it has a darn good shot.

Not a player? I'd laugh if my jaw hadn't dropped so far.

Is Microsoft now thoroughly outclassed by Google, Apple, Amazon and Facebook, or is the otherwise bright Schmidt delusional?  You tell me at [email protected].

Posted by Doug Barney on 10/29/2012 at 1:19 PM6 comments


Is BlackBerry a Black Eye?

The New York Times has an article discussing how BlackBerry users are so embarrassed about their devices that they hide them when in public. Now I've complained loads about my BlackBerry but that means I admit to the world that I have one.

The folks in the Times' article are worried that Android and iPhone users will think less of them. Poppycock! These are the same folks that have to a fancy, new car when their old one was perfectly fine, and have to have everything their neighbors have. Shallow.

If your BlackBerry works, use it. I hate mine but I've had the option to get a new phone for free from Verizon for eight months and still haven't pulled the trigger.

In the meantime I'll use my BlackBerry openly, mainly for e-mail but less frequently for voice. I'd browse, but the Internet is pretty much useless on the darn thing.

Am I too good or too rough on the Blackberry? You tell me at [email protected].

Posted by Doug Barney on 10/29/2012 at 1:19 PM2 comments


Veeam Goes Voom

A half-dozen years ago virtualization startups were all the rage. It seems that once or twice a week I was meeting with the head of this or that new company. So where are they now? Some are out of business, some are still around in a low-key way and some got sold (Microsoft bought its fair share).

One in particular stood out. One that was utterly aggressive in making its name known. And that name was Veeam.

Many companies have names that don't mean a darn thing -- most names that actually make sense have been taken. At first blush Veeam may seem like nonsense, but it actually indicates VM. It took me a while to figure that out.

The company's main aim is storage for virtual environments. The idea is that building backup from scratch for virt is superior to adapting existing products. So far so good for the company founded six years ago.

Veeam last week announced its 50,000th customer. And sales continue to shine, rising 43% this past quarter compared to last year.

There is talk of a public offering at some point, but my guess is there is any number of flush-with-cash vendors that might want to pounce instead. The tools support VMware and Hyper-V but I think companies in either field could be candidates.

Posted by Doug Barney on 10/29/2012 at 1:19 PM4 comments


Office 2013 in 2012

Wouldn't you know it, the very week I install Office 2010, Office 2013 becomes available (for some). The new productivity suite is accompanied by Exchange 2013, SharePoint 2013 and Lync 2013 -- all considered Office 2013 Servers.

The products are all now available to TechNet and MSDN subscribers. General availability is generally expected early next year.

Which of these tools are you itching to try? Let us all know at [email protected].

Posted by Doug Barney on 10/29/2012 at 1:19 PM0 comments


Windows 8 Released with Fanfare, But No Surprises

Forgive me if I don't show the requisite excitement over the formal announcement of Windows 8 and Surface tablets yesterday. Nothing new came out of the fanfare.

In the case of Surface, prices have already been revealed and orders taken. Why stop what we are doing and pay attention to what is essentially a regurgitation of what is already known?

As for Windows 8, nothing has really changed since I interviewed you all a few months ago.

The events were held to reiterate the fact that Surface RT, the ARM-based tablet that doesn't run any existing x86-compatible apps (but does have a long battery life and solid state storage), and Windows 8 are now available.

It is no surprise that Microsoft is proud of Windows 8, and said so in a one-hour press conference in New York City. "Windows 8 PCs are the best PCs ever. The lineup is both diverse and stunning," boasted CEO Steve Ballmer.

Beside announcing its own Surface machines, Redmond showed wares from Dell, Acer, ASUS and Lenovo.

These OEMs' prices aren't much different than Microsoft's Surface prices. Around 500 smackers gets you a tablet with no keyboard, roughly similar in function and price to an iPad. An extra yard gets you that keyboard and the world of real functionality that comes with it (or you could use a cheaper, Bluetooth-enabled keyboard).

Are you eying a new Win 8 or Win RT machine? If so, spill the details at [email protected].

Posted by Doug Barney on 10/26/2012 at 1:19 PM19 comments


Subscribe on YouTube

Upcoming Training Events

0 AM
TechMentor @ Microsoft HQ
August 11-15, 2025