SQL Server Policy Based Management – evaluating policies on multiple SQL Server instances

SQLShack

SQL Server training Español

SQL Server Policy Based Management – evaluating policies on multiple SQL Server instances

March 28, 2014 by Ivan Stankovic In this series of articles (see below for links to other articles) about the SQL Server Policy Based Management feature, we have explained concepts, terms, basic, and advanced tasks that create complex conditions and policies.

The SQL Server Policy Based Management feature provides an efficient way to declare certain rules and corresponding policies (e.g. to force Windows authentication mode on a SQL Server instance, to evaluate and prevent violations in object naming conventions, etc.). So far, we focused on a single SQL Server instance, the methods to setup and evaluate Policy Based Management policies on it. In this article, we are going to explain how the Central Management Servers feature, introduced in the Standard and Enterprise Editions of SQL Server 2008, helps DBAs to maintain multiple SQL Server instances across an enterprise environment. The feature provides two major benefits when multiple SQL Server instances need to be affected by a specific action: An execution of a specific T-SQL query against SQL Server instances registered within Central Management Servers An evaluation of a set of policies on SQL Server instances registered within Central Management Servers. This is the benefit we are going to describe in further text

Creating a central management server

It is advisable to have a dedicated SQL Server instance which will be used as the central management server. Note that central management servers support the registration of servers using the Windows authentication mode only. So, even DBAs can access the central management server, the access to its registered servers depends on the Windows authentication. There are two database roles in the msdb database that grant access to central management servers. The ServerGroupAdministratorRole role membership is required to manage the central management server and the ServerGroupReaderRole role membership to connect to the central management server. To create a central management server: Start SQL Server Management Studio and open the Registered Servers pane using the View menu Expand the Database Engine node and click the Register Central Management Server option from the Central Management Servers sub-node context menu This will open the New Server Registration dialog. Use the Server name dropdown box to browse for SQL Server instance that will be used as the central management server (e.g. LENOVO\CMS). Type-in the name of the server the way you want it to be shown in the Registered Servers pane (e.g. CENTRAL SERVER). Use the Test option to verify the connection and authentication on the central management server Click Save to register the newly registered central management server within Central Management Servers. The next step is to create a server group that will identify SQL Server instances manageable by the central management server. It is recommended to create multiple server groups which identify SQL Server instances (e.g. by their business role, such as production or development groups). One SQL Server instance can exist in multiple server groups if needed. To create a new server group under the CENTRAL SERVER and add SQL Server instances to the group: Select the New Server Group option from the CENTRAL SERVER context menu, type in the group name (e.g. Production Servers) and optional description Select the New Server Registration option from the Production Servers context menu. This will open the same dialog type we used for creating the central management server. In our example, we’ll register two SQL Server instances (e.g. REMOTE\PRIMARY and ACMECOMPANY\SECONDARY) After the process of configuring the central management server, its group(s), and servers is finished, the Registered Servers pane will show the structure in a tree-like form: The central management server stores its groups and servers registration details within the server itself. This way, you can simply register the existing central management server on other remote machine and instantly have access to its groups and registered servers.

Evaluating Policy Based Management policies

Policies can exist on particular SQL Server instances or in a form of XML files (the format used for exporting once declared policies to a file system). Our goal is to evaluate Policy Based Management policies on multiple SQL Server instances, in our case on the instances managed by the CENTRAL SERVER management server. Note that the evaluation does not have to involve all instances, but only the ones in particular server group, or even single SQL Server instances. The central management server, server groups, and single instances provide the Evaluate Policies context menu option. To evaluate policies on a server group: Select the Evaluate policies option from the Production Servers context menu The Evaluate Policies dialog will open. Use the Source option to select the source of Policy Based Management policies. Use the Files option to browse for exported to XML policies, or the Server option to select a SQL Server instance which hosts declared policies we want to evaluate on instances in the Production Servers group. Click OK to confirm the policies source selection The Policies grid in the Evaluation Policies dialog will populate with policies from the source. Select the ones you want to evaluate against the servers group. In our example, we’ll select the PolicyServerAuthenticationMode policy (it checks whether the Windows Authentication mode is forced on a SQL Server instance). Note that the Evaluation Policies dialog provides information the same way it does when used locally on SQL Server instances (e.g. the yellow exclamation icon in the screenshot warns that the PolicyCustomersCount contains scripts, and that it should be evaluated only if originates from a trustworthy source). Click the Evaluate button to start the process of verifying whether the servers in the Production servers group comply with the selected policy The Results tab in the Evaluation Policies dialog will show which SQL Server instances on which policy evaluation failed. Certain policy types, depending on the conditions used within, offer immediate reconfiguration of SQL Server instances (or other policy defined targets). To do that, check the box next to the server name and click Apply. In our case the LENOVO SQL Server instance will switch from the mixed (both Windows Authentication and SQL Server Authentication) mode to the Windows Authentication mode. In the described example, we have used the LENOVO\ONE SQL Server instance as the source for the policies we evaluated on the servers group. In order to improve centralized management of registered servers, you can use the central management server or the server groups as the policy source instead. Once the needed policies are tested (whatever their source is), the policies can be imported to the central management server or the particular server group which will perform the policies import to appropriate servers. Author Recent Posts Ivan StankovicIvan is a SQL Server professional and computer geek with years of IT and SQL Server experience. He has startedwith playing computer games, continued with computer programming and system administration. His areas of expertise are SQL Server disaster recovery, auditing, and compliance

View all posts by Ivan Stankovic Latest posts by Ivan Stankovic (see all) Using Extended Events to review SQL Server failed logins - August 5, 2014 SQL Server backup – models and types - May 26, 2014 SQL Server Policy Based Management – Categories and Database Subscriptions - May 21, 2014

Related posts

SQL Server security and Policy Based Management – In practice SQL Server Policy Based Management – applying policies to non-compliant targets SQL Server Policy Based Management – best practices SQL Server security and Policy Based Management – Alerting SQL Server Policy Based Management – The On Change evaluation mode 2,972 Views

Follow us

Popular

SQL Convert Date functions and formats SQL Variables: Basics and usage SQL PARTITION BY Clause overview Different ways to SQL delete duplicate rows from a SQL Table How to UPDATE from a SELECT statement in SQL Server SQL Server functions for converting a String to a Date SELECT INTO TEMP TABLE statement in SQL Server SQL WHILE loop with simple examples How to backup and restore MySQL databases using the mysqldump command CASE statement in SQL Overview of SQL RANK functions Understanding the SQL MERGE statement INSERT INTO SELECT statement overview and examples SQL multiple joins for beginners with examples Understanding the SQL Decimal data type DELETE CASCADE and UPDATE CASCADE in SQL Server foreign key SQL Not Equal Operator introduction and examples SQL CROSS JOIN with examples The Table Variable in SQL Server SQL Server table hints – WITH (NOLOCK) best practices

Trending

SQL Server Transaction Log Backup, Truncate and Shrink Operations Six different methods to copy tables between databases in SQL Server How to implement error handling in SQL Server Working with the SQL Server command line (sqlcmd) Methods to avoid the SQL divide by zero error Query optimization techniques in SQL Server: tips and tricks How to create and configure a linked server in SQL Server Management Studio SQL replace: How to replace ASCII special characters in SQL Server How to identify slow running queries in SQL Server SQL varchar data type deep dive How to implement array-like functionality in SQL Server All about locking in SQL Server SQL Server stored procedures for beginners Database table partitioning in SQL Server How to drop temp tables in SQL Server How to determine free space and file size for SQL Server databases Using PowerShell to split a string into an array KILL SPID command in SQL Server How to install SQL Server Express edition SQL Union overview, usage and examples

Solutions

Read a SQL Server transaction logSQL Server database auditing techniquesHow to recover SQL Server data from accidental UPDATE and DELETE operationsHow to quickly search for SQL database data and objectsSynchronize SQL Server databases in different remote sourcesRecover SQL data from a dropped table without backupsHow to restore specific table(s) from a SQL Server database backupRecover deleted SQL data from transaction logsHow to recover SQL Server data from accidental updates without backupsAutomatically compare and synchronize SQL Server dataOpen LDF file and view LDF file contentQuickly convert SQL code to language-specific client codeHow to recover a single table from a SQL Server database backupRecover data lost due to a TRUNCATE operation without backupsHow to recover SQL Server data from accidental DELETE, TRUNCATE and DROP operationsReverting your SQL Server database back to a specific point in timeHow to create SSIS package documentationMigrate a SQL Server database to a newer version of SQL ServerHow to restore a SQL Server database backup to an older version of SQL Server

Categories and tips

►Auditing and compliance (50) Auditing (40) Data classification (1) Data masking (9) Azure (295) Azure Data Studio (46) Backup and restore (108) ►Business Intelligence (482) Analysis Services (SSAS) (47) Biml (10) Data Mining (14) Data Quality Services (4) Data Tools (SSDT) (13) Data Warehouse (16) Excel (20) General (39) Integration Services (SSIS) (125) Master Data Services (6) OLAP cube (15) PowerBI (95) Reporting Services (SSRS) (67) Data science (21) ►Database design (233) Clustering (16) Common Table Expressions (CTE) (11) Concurrency (1) Constraints (8) Data types (11) FILESTREAM (22) General database design (104) Partitioning (13) Relationships and dependencies (12) Temporal tables (12) Views (16) ►Database development (418) Comparison (4) Continuous delivery (CD) (5) Continuous integration (CI) (11) Development (146) Functions (106) Hyper-V (1) Search (10) Source Control (15) SQL unit testing (23) Stored procedures (34) String Concatenation (2) Synonyms (1) Team Explorer (2) Testing (35) Visual Studio (14) DBAtools (35) DevOps (23) DevSecOps (2) Documentation (22) ETL (76) ►Features (213) Adaptive query processing (11) Bulk insert (16) Database mail (10) DBCC (7) Experimentation Assistant (DEA) (3) High Availability (36) Query store (10) Replication (40) Transaction log (59) Transparent Data Encryption (TDE) (21) Importing, exporting (51) Installation, setup and configuration (121) Jobs (42) ►Languages and coding (686) Cursors (9) DDL (9) DML (6) JSON (17) PowerShell (77) Python (37) R (16) SQL commands (196) SQLCMD (7) String functions (21) T-SQL (275) XML (15) Lists (12) Machine learning (37) Maintenance (99) Migration (50) Miscellaneous (1) ►Performance tuning (869) Alerting (8) Always On Availability Groups (82) Buffer Pool Extension (BPE) (9) Columnstore index (9) Deadlocks (16) Execution plans (125) In-Memory OLTP (22) Indexes (79) Latches (5) Locking (10) Monitoring (100) Performance (196) Performance counters (28) Performance Testing (9) Query analysis (121) Reports (20) SSAS monitoring (3) SSIS monitoring (10) SSRS monitoring (4) Wait types (11) ►Professional development (68) Professional development (27) Project management (9) SQL interview questions (32) Recovery (33) Security (84) Server management (24) SQL Azure (271) SQL Server Management Studio (SSMS) (90) SQL Server on Linux (21) ►SQL Server versions (177) SQL Server 2012 (6) SQL Server 2016 (63) SQL Server 2017 (49) SQL Server 2019 (57) SQL Server 2022 (2) ►Technologies (334) AWS (45) AWS RDS (56) Azure Cosmos DB (28) Containers (12) Docker (9) Graph database (13) Kerberos (2) Kubernetes (1) Linux (44) LocalDB (2) MySQL (49) Oracle (10) PolyBase (10) PostgreSQL (36) SharePoint (4) Ubuntu (13) Uncategorized (4) Utilities (21) Helpers and best practices BI performance counters SQL code smells rules SQL Server wait types © 2022 Quest Software Inc. ALL RIGHTS RESERVED. GDPR Terms of Use Privacy