Nielsen c40.tex V4 - 07/21/2009 2:20pm Page 942 Part VI Enterprise Data Management The Facet collection is the associative table between SQL Server object types and properties. A facet may be opened by double-clicking it or by using the Property command in its context menu. The Facet Properties dialog, shown in Figure 40-2, has three pages: ■ General: Describes the property, lists the type of SQL Server objects to which the facet properties may apply, and lists the facet’s properties. ■ Dependent Policies: Lists the policies that use any dependent conditions of the facet. ■ Dependent Conditions: Lists the conditions that use any property of the facet. The last two pages are not without purpose. There may potentially be a very large number of conditions and policies; the dependent policies and conditions pages are very useful for quickly tracking down a condition or policy. It’s worth spending some time browsing the facets and exploring the properties of each one, available from the facet’s context menu. FIGURE 40-2 The Facet Properties’ General page lists of all the facet properties and their descriptions. In this case, it’s showing the properties for the database facet. 942 www.getcoolebook.com Nielsen c40.tex V4 - 07/21/2009 2:20pm Page 943 Policy-Based Management 40 The Object Explorer ➪ Management ➪ Policy Management ➪ Facets context menu also includes New Condition and New Policy. The only difference between these context menu items and New Condition under Conditions, or New Policy under Policies, is that when the new condition or policy is opened from the facet node, it pre-selects the facet in the drop-down selection box (not terribly important but nice). There’s not much to be gained by just looking at facets, as their purpose is to be evaluated by condi- tions, but it’s important to be intimately familiar with the breadth of facets and their properties to realize the types of policies that may be declared and enforced by SQL Server. Because the facet collection is actually a many-to-many relationship between properties and object types, it makes sense that there should be a way to see all the facets and properties that apply to any given object. Indeed, every object in Object Explorer that can have PBM applied has a Facet menu option in its context menu. Open the View Facets dialog (shown in Figure 40-3) and it presents a drop-down box to select a facet from the list of facets that applies to the object, and a list of applicable properties. If the object is an example of what you want, the View Facets dialog can even export the current state to a new policy. Very cool. FIGURE 40-3 The View Facets dialog, opened from any object’s context menu, presents a browsable UI of every facet and property that can apply to that type of object, and can export a new policy to match the current object’s settings. 943 www.getcoolebook.com Nielsen c40.tex V4 - 07/21/2009 2:20pm Page 944 Part VI Enterprise Data Management Health conditions Conditions are the second step in the chain, providing the logical connection between facet properties and policies. Most of the key policy design decisions are made while creating conditions. To begin building a new condition, use either the Object Explorer Management ➪ Policy Manage- ment ➪ Facets ➪ Database context menu, or the Management ➪ Policy Management ➪ Conditions context menu and choose New Condition. An existing condition may be opened by double-clicking the condition or by using the Property com- mand in its context menu. A condition may have multiple expressions, but each condition is based on only one facet, so every property in all the expressions in a condition must belong to the same facet. Condition expressions use facet properties in Boolean expressions that can be evaluated as true or false. The expression consists of a facet property, a comparison operator (such as =, !=, in, not in, like, not like), and a value. To construct a condition that tests a database’s autoshrink property, the expression would use the database facet and the @AutoShrink property, as shown in Figure 40-4. In this case, the full expression is as follows: @AutoShrink = False FIGURE 40-4 This condition includes an expression that tests the database facet’s @AutoShrink. The condition will evaluate as true if @AutoShrink = false. 944 www.getcoolebook.com Nielsen c40.tex V4 - 07/21/2009 2:20pm Page 945 Policy-Based Management 40 Best Practice T hink of condition expressions as positive statements. Instead of thinking ‘‘No database should be set to autoshrink,’’ think ‘‘All databases should have autoshrink set to false.’’ The ellipses button under Field and Value headings opens the Advanced Edit dialog, shown in Figure 40-5. The Cell value is typically a property, a function, or a literal value; however, it is possible to build more advanced expressions that reference DMV or system tables. A condition may include multiple expressions, in which case the AndOr column defines how they are evaluated. Best Practice I n the entire policy design scheme, the only place that allows multiples is when designing multiple expressions within a single condition. Therefore, if every expression should indeed be tested, then encapsulating multiple expressions in a single condition can reduce the number of conditions and policies. FIGURE 40-5 The Advanced Edit dialog is used to create each side of the expression. In this case it shows the left side of the AutoShrink expression. 945 www.getcoolebook.com Nielsen c40.tex V4 - 07/21/2009 2:20pm Page 946 Part VI Enterprise Data Management The open condition’s description page may be used to record a description of the condition, and the dependent policies page lists the policies based on the condition. Once the condition is created, it may be enforced by one or more policies. To programmatically view the created conditions, query the dbo.syspolicy_conditions view in the MSDB database: select * from msdb.dbo.syspolicy_conditions To build advanced conditions that check factors other than the built-in facets, look into the executeSQL() and executeWMI() functions. Policies If the facet property is the skeleton and the condition the brain, then the policy is the muscle. Policies define how and where the condition is applied and enforced. A new policy is created using the New Policy menu item in Object Explorer’s Management ➪ Pol- icy Management ➪ Facets context menu, or in Management ➪ Policy Management ➪ Policies ➪ Database context menu. The Open Policy dialog, shown in Figure 40-6, has a General page and a Description page. An existing policy may be opened by double-clicking the policy or by using the Property command in its context menu. The General page has four key selections. The first is the condition — a policy may check only a single condition. The ellipses will open the condition. The second selection, targets, defines which objects will be tested. The options vary depending on the type of object to which the facets apply. Evaluation mode is the third key selection. There are four evaluation modes for a policy: ■ On Demand: The policy is evaluated only manually. There’s no schedule or automatic testing or enforcement. ■ On Schedule: The policy is evaluated and any violations are logged but not corrected. ■ On Change - Log Only: The policy is evaluated when the facet is changed, and violations are logged. ■ On Change - Prevent: The policy is evaluated when the facet is changed, and violations are rolled back immediately. Every facet may be set to On Demand or On Schedule, but On Change is limited. PBM relies on DDL eventing to do Check On Change, and not all objects support DDL eventing. The following query reports which execution modes are available for which facets: 946 www.getcoolebook.com Nielsen c40.tex V4 - 07/21/2009 2:20pm Page 947 Policy-Based Management 40 SELECT name as Facet, Max(CASE WHEN execution_mode & 0 = 0 Then 1 else 0 End) as ‘On Demand’, Max(CASE WHEN execution_mode & 4 = 4 Then 1 else 0 End) as ‘On Schedule’, Max(CASE WHEN execution_mode & 2 = 2 Then 1 else 0 End) as ‘On Change Log Only’, Max(CASE WHEN execution_mode & 1 = 1 Then 1 else 0 End) as ‘On Change Prevent’ FROM msdb.dbo.syspolicy_management_facets GROUP BY name ORDER BY name FIGURE 40-6 Viewing a policy. This policy enforces the AutoShrinking condition for every database on demand. 947 www.getcoolebook.com Nielsen c40.tex V4 - 07/21/2009 2:20pm Page 948 Part VI Enterprise Data Management Result: Facet On Demand On Schedule On Change Log Only On Change Prevent ApplicationRole 1 1 1 1 AsymmetricKey 1 1 1 1 Audit 1 1 0 0 BackupDevice 1 1 0 0 BrokerPriority 1 1 0 0 BrokerService 1 1 0 0 Certificate 1 1 0 0 Credential 1 1 0 0 CryptographicProvider 1 1 0 0 Database 1 1 0 0 DatabaseAuditSpecification 1 1 0 0 DatabaseDdlTrigger 1 1 0 0 DatabaseRole 1 1 1 1 DataFile 1 1 0 0 Default 1 1 0 0 Endpoint 1 1 1 1 FileGroup 1 1 0 0 FullTextCatalog 1 1 0 0 FullTextIndex 1 1 0 0 FullTextStopList 1 1 0 0 IDatabaseMaintenanceFacet 1 1 0 0 IDatabaseOptions 1 1 1 0 IDatabasePerformanceFacet 1 1 0 0 IDatabaseSecurityFacet 1 1 0 0 ILoginOptions 1 1 1 1 IMultipartNameFacet 1 1 1 1 INameFacet 1 1 0 0 Index 1 1 0 0 IServerAuditFacet 1 1 0 0 IServerConfigurationFacet 1 1 1 0 IServerInformation 1 1 0 0 IServerPerformanceFacet 1 1 0 0 IServerSecurityFacet 1 1 0 0 IServerSettings 1 1 0 0 IServerSetupFacet 1 1 0 0 ISurfaceAreaConfigurationForAnalysisServer 10 0 0 ISurfaceAreaConfigurationForReportingServices 10 0 0 ISurfaceAreaFacet 1 1 1 0 ITableOptions 1 1 1 1 IUserOptions 1 1 1 1 IViewOptions 1 1 1 1 LinkedServer 1 1 0 0 LogFile 1 1 0 0 Login 1 1 0 0 MessageType 1 1 0 0 948 www.getcoolebook.com Nielsen c40.tex V4 - 07/21/2009 2:20pm Page 949 Policy-Based Management 40 PartitionFunction 1 1 0 0 PartitionScheme 1 1 0 0 PlanGuide 1 1 0 0 RemoteServiceBinding 1 1 0 0 ResourceGovernor 1 1 0 0 ResourcePool 1 1 1 1 Rule 1 1 0 0 Schema 1 1 1 1 Server 1 1 0 0 ServerAuditSpecification 1 1 0 0 ServerDdlTrigger 1 1 0 0 ServiceContract 1 1 0 0 ServiceQueue 1 1 0 0 ServiceRoute 1 1 0 0 Statistic 1 1 0 0 StoredProcedure 1 1 1 1 SymmetricKey 1 1 0 0 Synonym 1 1 0 0 Table 1 1 0 0 Trigger 1 1 0 0 User 1 1 0 0 UserDefinedAggregate 1 1 0 0 UserDefinedDataType 1 1 0 0 UserDefinedFunction 1 1 1 1 UserDefinedTableType 1 1 0 0 UserDefinedType 1 1 0 0 View 1 1 0 0 WorkloadGroup 1 1 1 1 XmlSchemaCollection 1 1 0 0 The fourth key selection on the General page is Server Restriction. This option may be used to define the target servers based on criteria. PBM actually generates DDL triggers that enforce the policy and roll back DDL operations that don’t comply with it. Don’t manually delete or edit these DDL triggers. In addition, servers that use PBM must have nested triggers enabled. PBM also generates agent jobs for policy automation. They shouldn’t be deleted either. To programmatically view the created policies, query the dbo.syspolicy_policies view in the MSDB database: select * from msdb.dbo.syspolicy_policies Policies may be exported to XML and imported using the Policy context menu. Evaluating Policies Of course, policies would be purely academic if they never actually executed and evaluated any objects. 949 www.getcoolebook.com Nielsen c40.tex V4 - 07/21/2009 2:20pm Page 950 Part VI Enterprise Data Management As described in the preceding section, policies may be set for On Schedule, On Demand, On Change, or Log Only. Policies must be enabled using their context menu. On demand policies may not be enabled. For policies set to On Demand, the policies may be evaluated for any object by selecting Policies ➪ Evaluate from the object’s context menu. This opens the Evaluate Polices dialog for the object, shown in Figure 40-7. FIGURE 40-7 All the policies that can be run on demand for an object can be selected and evaluated using the Evaluate Polices dialog. Outcome of the policy evaluations are displayed in the Evaluation Results page, as shown in Figure 40-8. The current state of any object regarding all policies regardless of their execution mode may be seen in the View Policies dialog. You can find this dialog in any object’s context menu under Policies ➪ View. Within the View Policies dialog, the history for any policy evaluation for the object may be seen using the log viewer by clicking on the View History link in the policy row. Policy evaluation can also be seen in the Windows event log and the SQL Server event log. Use the following to view a history of policy execution queries: msdb.dbo.syspolicy_policy_execution_history_details 950 www.getcoolebook.com Nielsen c40.tex V4 - 07/21/2009 2:20pm Page 951 Policy-Based Management 40 FIGURE 40-8 Here, the Aesop database passes the No AutoShrinkage policy and is declared to be in good health. Use this to view exception queries: msdb.dbo.syspolicy_policy_execution_history PBM health is also well integrated into Management Studio’s object listings. The Object Explorer Details page has an optional column to display the policy health of any object. PBM requires SQL Agent to be running on the central monitoring server. Be sure that the SQL Agent service is set to start automatically and that its service account password won’t expire. Summary If you’re an operational DBA, policies will change your world. IT database operations will be more con- sistent, and your life should become smoother. Indeed, Policy-Based Management is a completely new animal, and it will take some time to build up a set of good conditions and policies; but when it’s all put together, it will have been worth it. The next chapter continues the thread of database administration with the nuts and bolts of backup and restore. 951 www.getcoolebook.com . 1 IMultipartNameFacet 1 1 1 1 INameFacet 1 1 0 0 Index 1 1 0 0 IServerAuditFacet 1 1 0 0 IServerConfigurationFacet 1 1 1 0 IServerInformation 1 1 0 0 IServerPerformanceFacet 1 1 0 0 IServerSecurityFacet. Nielsen c40.tex V4 - 07/21/2009 2:20pm Page 942 Part VI Enterprise Data Management The Facet collection is the associative table between SQL Server object types and properties. A facet may be. 0 IServerPerformanceFacet 1 1 0 0 IServerSecurityFacet 1 1 0 0 IServerSettings 1 1 0 0 IServerSetupFacet 1 1 0 0 ISurfaceAreaConfigurationForAnalysisServer 10 0 0 ISurfaceAreaConfigurationForReportingServices 10