SQL Server 2016 – the Security & Performance Release
The news broke in early May: That’s when Satya Nadella presented SQL Server 2016 at the Microsoft Ignite-Conference in Chicago. I can already say that SQL Server 2016 will be one of the most exciting releases in recent years. And that’s because this time it’s clearly focused on security. Next to performance features, security features are among the “Key Capabilities” of the upcoming SQL Server. I like to call SQL Server 2016 a “Security & Performance-Release.”
Its key features are:
With this feature it is finally possible to offer encrypted data where SQL Server itself does not have access to the data in unencrypted form and where the database administrator is incapable of decrypting the data. The key is held within the very application where the encryption and decryption takes place. Up to now encryption/decryption was only possible if users developed solutions on their own.
Stretched Tables offer the option to store data in a given table both On-Premise and in the Cloud. Similar to partitioning, part of the data will be swapped to Microsoft Azure, transparently to the application, and only accessed when necessary. Here it might be advisable to avoid causing index-scans to the cloud with badly designed queries.
To protect the data, Stretched Tables also work together with Always Encrypted. It remains to be seen, how this feature affects the inhibition to give data to the cloud. Microsoft itself surely has no interest to make access to its systems simple for intelligence, and Always Encrypted should be a clear signal.
Real-time Operational Analytics & In-Memory OLTP
Under this feature lies the marriage of the two „performance-killer“ features Columnstore Indexes – for OLAP-Scenarios – and Memory Optimized Tables for In-Memory OLTP. This enables for fast analytical queries on the fresh OLTP data in In-Memory. In my eyes this feature is the ultimate killer, since indexes on the tables have to be synchronous and not, like at some other vendors of In-Memory databases, only receive the data after a certain delay. At PASS Summit 2014 this features was already biefly presented, but only now it is official and has a name.
Those were the highlights, but the list of further new features is still long and highly potential. I am trying to list the most important ones:
Improvements to Columnstore Indexes
- Single-threaded queries can use batch mode
- AlwaysOn readable secondary support updateable columnstore indexes
- Columnstore indexes possible on memory-optimized table – only works in InterOP mode
- Filtered Nonclustered Columnstore Indexes
- Support for primary and foreign keys
Improvements for In-Memory OLTP
- ALTER and ALTER Procedure Operations
- i.e. to change the bucket counts of hash indexes
- Multithreaded Writes and Merge-process
- parallel plans
- foreign keys on In-Memory tables
- many more improvements in terms of T-SQL Support
And further new Security-Features:
Dynamic Data Masking
Based on Policies allow to define that depending on the user certain data is only shown masked.
Row-Level Security (RLS) is, to be exact, a feature to greatly simplify the development of row-based access-control, and move from the application into the database. In the current implementation it is still quite easy, to get via Side-Channel Attacks to the data. Therefore, as always when designing for security, one has to have an eye on all parts of the application.
Why a truly secure row-based access control is far from trivial, one can find out among others in this blog-post of me:
Further features in different areas:
Querying of relational and non-relational data in Hadoop-Clusters with T-SQL via so-called External Tables.
This feature has been presented several times at different conferences by Conor Cunningham. Now it is finally coming into the product. Once activated, it automatically captures queries together with their plans and runtime statistics, thus allowing for later review of them. Added to that one can easily re-use an identified query plan.
Trace Flag 4199, which is relevant for all SQL Server Installations since SQL Server 2005 SP3 CU 6, since it enables certain fixes of the query processor is supposedly mainly unnecessary for SQL Server 2016. Let’s wait for details for a final judgement.
Multiple Tempdb Data Files
Already at Setup one has to specify how many TempDB data files will be created. By default the number of cores with a maximum of 8 will be used. BY that that also less experienced administrators will become aware of Latch-Contention in Tempdb, and an important Best Practice is applied by default.
- 3 synchronous replicas
- Support for Group Managed Service Accounts for AlwaysOn Failover Cluster
- AlwaysOn Availability Groups support Distributed Transactions and DTC on Windows Server 2016
- AlwaysOn Availability Group Failover on Database Offline
- ReadOnly Replicas can be addressed in Round-Robin-manner
- Formatting of Query Resultsets as JSON – similar to XML. And maybe it will stay niched in a similar manner. Here one should think of the, expensive CPU-licences compared to an Applikation-Server
- TRUNCATE TABLE on partition Level
- ALTER COLUMN and many more DDL-commands can now happen online
- New Query Hints MIN_GRANT_PERCENT and MAX_GRANT_PERCENT
- Transparent Data Encryption supports Intel AES-NI Hardware Acceleration Instruction Sets
- With the purchase of Revolution Analytics the programming language R shall be integrated into SQL Server 2016, to start special analytical queries directly from within the database – also see my 2nd comment on JSON for that
- Parallel Processing for multiple Table Partitions in Tabular Models
- New DAX Functions
- AlwaysOn-support for SSIS-DB
- Incremental Deployment of packages
Reporting Services will finally get CSS-Stylesheets – for that we waited a long long time. (With that finally my often used Technique with SQL-Tables will become obsolete) Also the Report parameters will be improved and support Hierarchies and get Autocomplete.
- High DPI (Dots Per Inch) Scaling and devices for better resolution of report elements
- Various minor improvements for subscriptions
Master Data Services
In essence: Performance improvements through data compression and a new Super User-concept
- „Ongoing preview updates“ – behind this term lies the possibility, to receive new functionalities online without new installations after the installation of CTP2
- Azure SQL Data Warehouse The Analytics Platform System (APS), formerly Parallel Datawarehouse (PDW) is now available via Azure! – azure.microsoft.com/en-us/campaigns/sql-data-warehouse/
- With the aquisition of DataZen it will be possible to serve reports which are optimized for mobile devices
SQL Server 2016 CTP2
The CTP2 of the upcoming SQL Server, which already contains many of the features I introduced here, is available for download since May 27th here:
I am personally very excited about this upcoming release and hope you are looking forward to it, too.