Skip to content

Commit 77599b6

Browse files
authored
Merge branch 'master' into Broken-link-fix-garyericson
2 parents ee4ebfb + b6a9651 commit 77599b6

106 files changed

Lines changed: 1002 additions & 428 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

docs/azure-data-studio/extensions/azure-monitor-logs-extension.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -73,4 +73,4 @@ For more information about writing Azure Monitor Logs, visit [Azure Monitor docu
7373
- [Create diagnostic settings to send platform logs and metrics to different destinations](/azure/azure-monitor/essentials/diagnostic-settings)
7474
- [SQL to Kusto cheat sheet](/azure/data-explorer/kusto/query/sqlcheatsheet)
7575
- [What is Azure Monitor Logs?](/azure/azure-monitor/logs/data-platform-logs)
76-
- [Using SandDance visualizations](https://sanddance.js.org/)
76+
- [Using SandDance visualizations](https://microsoft.github.io/SandDance/)

docs/azure-data-studio/extensions/kusto-extension.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -119,7 +119,7 @@ The extensions settings look like this:
119119

120120
## SandDance visualization
121121

122-
The [SandDance extension](sanddance-extension.md) with the Kusto (KQL) extension in Azure Data Studio bring rich interactive visualization together. From the KQL query result set, select the **Visualizer** button to launch [SandDance](https://sanddance.js.org/).
122+
The [SandDance extension](sanddance-extension.md) with the Kusto (KQL) extension in Azure Data Studio bring rich interactive visualization together. From the KQL query result set, select the **Visualizer** button to launch [SandDance](https://microsoft.github.io/SandDance/).
123123

124124
:::image type="content" source="media/kusto-extension/kusto-extension-sanddance-demo.gif" alt-text="SandDance visualization":::
125125

@@ -140,4 +140,4 @@ You can file a [bug](https://github.com/microsoft/azuredatastudio/issues/new?ass
140140
- [Kqlmagic notebook in Azure Data Studio](../notebooks/notebooks-kqlmagic.md)
141141
- [SQL to Kusto cheat sheet](/azure/data-explorer/kusto/query/sqlcheatsheet)
142142
- [What is Azure Data Explorer?](/azure/data-explorer/data-explorer-overview)
143-
- [Using SandDance visualizations](https://sanddance.js.org/)
143+
- [Using SandDance visualizations](https://microsoft.github.io/SandDance/)

docs/big-data-cluster/active-directory-deploy.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -129,7 +129,7 @@ For details on how to update the AD groups for these settings see [Manage Big Da
129129

130130
> [!NOTE]
131131
> The `security.activeDirectory.enableAES` parameter is available starting with SQL Server Big Data Clusters CU13. If the big data cluster is a version prior to CU13, the following steps are required:
132-
> 1. Run the `azdata bdc rotate -n <your-cluster-name>` command, this command will rotate the keytabs in the cluster which is necessary to ensure that the AES entries in keytabs are correct. For more information, see [azdata bdc](/sql/azdata/reference/reference-azdata-bdc). Additionally, `azdata bdc rotate` will rotate the passwords of the AD objects that were auto-generated during the initial deployment in the specified OU.
132+
> 1. Run the `azdata bdc rotate -n <your-cluster-name>` command, this command will rotate the keytabs in the cluster which is necessary to ensure that the AES entries in keytabs are correct. For more information, see [azdata bdc](../azdata/reference/reference-azdata-bdc.md). Additionally, `azdata bdc rotate` will rotate the passwords of the AD objects that were auto-generated during the initial deployment in the specified OU.
133133
> 2. Set the the following flags 'This account supports Kerberos AES 128 bit encryption' and 'This account supports Kerberos AES 256 bit encryption' on each of auto-generated AD objects in the OU that you provided during the initial big data cluster deployment. This can be achieved by executing the following PowerShell script `Get-ADUser -Filter * -SearchBase '<OU Path>' | Set-ADUser -replace @{ 'msDS-SupportedEncryptionTypes' = '24' }` on your domain controller which sets the AES fields on each account in the OU given in `<OU Path>` parameter.
134134
135135
>[!IMPORTANT]

docs/big-data-cluster/distributed-data-copy-hdfs.md

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,23 @@ In this guide we will cover the following data copy scenarios:
4545

4646
Certificates are required to create a trusted relationship between source and destination clusters. These steps are required only once per source/destination cluster combination.
4747

48+
> [!IMPORTANT]
49+
> If a SQL Server big data cluster with basic authentication (non-AD) is __upgraded to CU13__, the distcp functionality won't work.
50+
>
51+
> To enable the distcp functionality in this scenario execute the following additional steps once:
52+
>
53+
> ```bash
54+
> kubectl -n $CLUSTER_NAME exec -it nmnode-0-0 -- bash
55+
> export HADOOP_USER_NAME=hdfs
56+
> hadoop fs -mkdir -p /tmp/hadoop-yarn/staging/history
57+
> hadoop fs -chown yarn /tmp/hadoop-yarn
58+
> hadoop fs -chown yarn /tmp/hadoop-yarn/staging
59+
> hadoop fs -chown yarn /tmp/hadoop-yarn/staging/history
60+
> hadoop fs -chmod 733 /tmp/hadoop-yarn
61+
> hadoop fs -chmod 733 /tmp/hadoop-yarn/staging
62+
> hadoop fs -chmod 733 /tmp/hadoop-yarn/staging/history
63+
> ```
64+
4865
The required notebooks in the next steps are part of the Operational notebooks for [!INCLUDE[big-data-clusters-nover](../includes/ssbigdataclusters-ss-nover.md)]. For more information how to install and use the notebooks, see [Operational notebooks](cluster-manage-notebooks.md)
4966
5067
### Step 1 - Certificate creation and installation

docs/big-data-cluster/package-management-delta-lake.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,13 +6,13 @@ author: DaniBunny
66
ms.author: dacoelho
77
ms.reviewer: wiassaf
88
ms.metadata: seo-lt-2019
9-
ms.date: 10/05/2021
9+
ms.date: 10/06/2021
1010
ms.topic: guide
1111
ms.prod: sql
1212
ms.technology: big-data-cluster
1313
---
1414

15-
# Configuring Delta Lake on SQL Server Big Data Clusters
15+
# Delta Lake on SQL Server Big Data Clusters
1616

1717
[!INCLUDE[SQL Server 2019](../includes/applies-to-version/sqlserver2019.md)]
1818

docs/big-data-cluster/release-notes-cumulative-update-13.md

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ description: This article describes the SQL Server Big Data Clusters Cumulative
55
author: WilliamDAssafMSFT
66
ms.author: wiassaf
77
ms.reviewer: melqin,dacoelho
8-
ms.date: 10/05/2021
8+
ms.date: 10/06/2021
99
ms.topic: conceptual
1010
ms.prod: sql
1111
ms.technology: big-data-cluster
@@ -27,8 +27,12 @@ The following release notes apply to [!INCLUDE[big-data-clusters-2019](../includ
2727
> [!CAUTION]
2828
> Before upgrading make sure to review the [Spark 3 upgrade guide](spark-3-upgrade.md).
2929
30+
* Delta Lake 1.0.0 available out-of-the-box. Additional libraries doesn't need to be installed and loaded. Read more at [Delta Lake on SQL Server Big Data Clusters](package-management-delta-lake.md)
31+
* Custom time zone configuration for all services. Read more at [How to configure big data clusters settings post deployment](configure-bdc-postdeployment.md#step-by-step-scenario-configure-timezone-on-)
3032
* [Password rotation for big data cluster autogenerated Active Directory service accounts](active-directory-password-rotation.md)
31-
* [New Advanced Encryption Standard (AES) optional parameter for the automatically generated AD accounts](active-directory-prerequisites.md)
33+
* [New Advanced Encryption Standard (AES) optional parameter for the automatically generated AD accounts](active-directory-deploy.md)
34+
35+
For detailed SQL Server engine changes, check the [official SQL Server CU13 knowledge base article](https://support.microsoft.com/topic/kb5005679-cumulative-update-13-for-sql-server-2019-5c1be850-460a-4be4-a569-fe11f0adc535).
3236

3337
## Tested configurations for CU13
3438

@@ -53,6 +57,7 @@ Reference Architecture White Papers for [!INCLUDE[big-data-clusters-nover](../in
5357
* __R__: Microsoft R 3.5.2
5458
* __Microsoft Spark Runtime 2021.1__
5559
* __Spark__: 3.1.2
60+
* __Delta Lake__: 1.0.0
5661
* __Java__: Azul Zulu JRE 1.8.0_275
5762
* __Scala__: 2.12
5863
* __Python__: 3.8 (miniforge 4.9)
@@ -79,7 +84,7 @@ Reference Architecture White Papers for [!INCLUDE[big-data-clusters-nover](../in
7984
| [Telegraf](https://docs.influxdata.com/telegraf/) | 1.16.1 |
8085
| [ZooKeeper](https://cwiki.apache.org/confluence/display/zookeeper) | 3.5.8 |
8186

82-
## Microsoft Spark Runtime 2021.1 - Installed Python libraries
87+
## Runtime for Apache Spark release 2021.1 (BDC.3.2021.1) - Installed Python libraries
8388

8489
| Library | Version | Library | Version | Library | Version |
8590
|--|--|--|--|--|--|
@@ -213,7 +218,7 @@ Reference Architecture White Papers for [!INCLUDE[big-data-clusters-nover](../in
213218
| pyspark | 3.1.2 | pyparsing | 2.4.7 | | |
214219

215220

216-
## Microsoft Spark Runtime 2021.1 - Installed R libraries
221+
## Runtime for Apache Spark release 2021.1 (BDC.3.2021.1) - Installed R libraries
217222

218223
| Library | Version | Library | Version | Library | Version |
219224
|--|--|--|--|--|--|

docs/connect/ado-net/sql/sqlclient-support-always-encrypted.md

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -381,11 +381,11 @@ class Program
381381

382382
#### Column encryption key cache precedence
383383

384-
This section applies to version 3.0 and higher of the provider.
384+
This section applies to version 3.0 and higher of the **Microsoft .NET Data Provider for SQL Server**.
385385

386386
The column encryption keys (CEK) decrypted by custom key store providers registered on a connection or command instance will not be cached by the **Microsoft .NET Data Provider for SQL Server**. Custom key store providers should implement their own CEK caching mechanism.
387387

388-
Starting with **v3.0.0**, the `Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider` has its own CEK caching implementation. When registered on a connection or command instance, CEKs decrypted by an instance of `Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider` will be cleared when that instance goes out of scope:
388+
Starting with **v3.0.0** of the `Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider`, each instance of `Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider` has its own CEK caching implementation. When registered on a connection or command instance, CEKs decrypted by an instance of `Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider` will be cleared when that instance goes out of scope:
389389

390390
[!code-csharp [AzureKeyVaultProviderColumnEncryptionKeyCacheScope#1](~/../sqlclient/doc/samples/AzureKeyVaultProvider_ColumnEncryptionKeyCacheScope.cs#1)]
391391

@@ -532,6 +532,12 @@ To reduce the number of calls to a column master key store to decrypt column enc
532532

533533
The cache entries are evicted after a configurable time-to-live interval for security reasons. The default time-to-live value is 2 hours. If you have stricter security requirements about how long column encryption keys can be cached in plaintext in the application, you can change it using the [SqlConnection.ColumnEncryptionKeyCacheTtl property](/dotnet/api/microsoft.data.sqlclient.sqlconnection.columnencryptionkeycachettl).
534534

535+
Custom key store providers registered using [SqlConnection.RegisterColumnEncryptionKeyStoreProvidersOnConnection](/dotnet/api/microsoft.data.sqlclient.sqlconnection.registercolumnencryptionkeystoreprovidersonconnection) and [SqlCommand.RegisterColumnEncryptionKeyStoreProvidersOnCommand](/dotnet/api/microsoft.data.sqlclient.sqlcommand.registercolumnencryptionkeystoreprovidersoncommand) won't have their decrypted column encryption keys cached by the **Microsoft .NET Data Provider for SQL Server**. Instead, custom key store providers must implement their own caching mechanism. `Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider` **v3.0.0** and higher comes with its own caching implementation.
536+
537+
To support scenarios where different users of the same application may execute multiple queries, custom key store providers can be mapped to a user and registered on a connection or command instance specific to that user. The following example shows how an instance of `Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider` can be reused across different `SqlCommand` objects for the same user. Its column encryption key cache will persist across multiple queries, reducing the number of round trips to the key store:
538+
539+
[!code-csharp [RegisterCustomKeyStoreProviderExample#1](~/../sqlclient/doc/samples/RegisterCustomKeyStoreProvider_Example.cs#1)]
540+
535541
## Enabling extra protection for a compromised SQL Server
536542

537543
By default, the **Microsoft .NET Data Provider for SQL Server** relies on the database system (SQL Server or Azure SQL Database) to provide metadata about which columns in the database are encrypted and how. The encryption metadata enables the **Microsoft .NET Data Provider for SQL Server** to encrypt query parameters and decrypt query results without any input from the application, which greatly reduces the number of changes required in the application. However, if the SQL Server process gets compromised and an attacker tampers with the metadata SQL Server sends to the **Microsoft .NET Data Provider for SQL Server**, the attacker might be able to steal sensitive information. This section describes APIs that help provide an extra level of protection against this type of attack, at the price of reduced transparency.

docs/database-engine/availability-groups/windows/create-or-configure-an-availability-group-listener-sql-server.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -62,8 +62,8 @@ manager: erikre
6262

6363
|Permissions|Link|
6464
|-----------------|----------|
65-
|The cluster name object (CNO) of WSFC cluster that is hosting the availability group must have **Create Computer objects** permission.<br /><br /> In Active Directory, a CNO by default does not have **Create Computer objects** permission explicitly and can create 10 virtual computer objects (VCOs). After 10 VCOs are created, the creation of additional VCOs will fail. You can avoid this by granting the permission explicitly to the WSFC cluster's CNO. Note that VCOs for availability groups that you have deleted are not automatically deleted in Active Directory and count against your 10 VCO default limit unless they are manually deleted.<br /><br /> Note: In some organizations, the security policy prohibits granting **Create Computer objects** permission to individual user accounts.|*Steps for configuring the account for the person who installs the cluster* in [Failover Cluster Step-by-Step Guide: Configuring Accounts in Active Directory](https://technet.microsoft.com/library/cc731002\(WS.10\).aspx#BKMK_steps_installer)<br /><br /> *Steps for prestaging the cluster name account* in [Failover Cluster Step-by-Step Guide: Configuring Accounts in Active Directory](https://technet.microsoft.com/library/cc731002\(WS.10\).aspx#BKMK_steps_precreating)|
66-
|If your organization requires that you prestage the computer account for a listener virtual network name, you will need membership in the **Account Operator** group or your domain administrator's assistance.|*Steps for prestaging an account for a clustered service or application* in [Failover Cluster Step-by-Step Guide: Configuring Accounts in Active Directory](https://technet.microsoft.com/library/cc731002\(WS.10\).aspx#BKMK_steps_precreating2).|
65+
|The cluster name object (CNO) of WSFC cluster that is hosting the availability group must have **Create Computer objects** permission.<br /><br /> In Active Directory, a CNO by default does not have **Create Computer objects** permission explicitly and can create 10 virtual computer objects (VCOs). After 10 VCOs are created, the creation of additional VCOs will fail. You can avoid this by granting the permission explicitly to the WSFC cluster's CNO. Note that VCOs for availability groups that you have deleted are not automatically deleted in Active Directory and count against your 10 VCO default limit unless they are manually deleted.<br /><br /> Note: In some organizations, the security policy prohibits granting **Create Computer objects** permission to individual user accounts.|*Steps for configuring the account for the person who installs the cluster* in [Failover Cluster Step-by-Step Guide: Configuring Accounts in Active Directory](/#BKMK_steps_installer)<br /><br /> *Steps for prestaging the cluster name account* in [Failover Cluster Step-by-Step Guide: Configuring Accounts in Active Directory](/#BKMK_steps_precreating)|
66+
|If your organization requires that you prestage the computer account for a listener virtual network name, you will need membership in the **Account Operator** group or your domain administrator's assistance.|*Steps for prestaging an account for a clustered service or application* in [Failover Cluster Step-by-Step Guide: Configuring Accounts in Active Directory](/#BKMK_steps_precreating2).|
6767

6868
> [!TIP]
6969
> Generally, it is simplest not to prestage the computer account for a listener virtual network name. If you can, let the account to be created and configured automatically when you run the WSFC High Availability wizard.

docs/database-engine/configure-windows/register-a-service-principal-name-for-kerberos-connections.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -113,7 +113,7 @@ To give permissions to SQL Server startup account to register and modify SPN do
113113

114114
2. Select **View \> Advanced**.
115115

116-
3. Under **Users**, locate SQL Server startup account, and then right-click and select **Properties**.
116+
3. Under **Computers**, locate the SQL Server computer, and then right-click and select **Properties**.
117117

118118
4. Select the **Security** tab and click **Advanced**.
119119

docs/database-engine/configure-windows/server-configuration-options-sql-server.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -129,7 +129,7 @@ The following table lists all available configuration options, the range of poss
129129
| [PH_timeout](../../database-engine/configure-windows/ph-timeout-server-configuration-option.md) (A) | 1 | 3600 | 60 |
130130
| [polybase enabled](../../relational-databases/polybase/polybase-installation.md#enable) (RR) <br/><br/>[!INCLUDE [sqlserver2019](../../includes/applies-to-version/sqlserver2019.md)]| 0 | 1 | 0 |
131131
| [polybase network encryption](../../relational-databases/polybase/polybase-installation.md#enable) | 0 | 1 | 1 |
132-
| [precompute rank](/docs/database-engine/discontinued-database-engine-functionality-in-sql-server) (A) | 0 | 1 | 0 |
132+
| [precompute rank](/sql/database-engine/discontinued-database-engine-functionality-in-sql-server) (A) | 0 | 1 | 0 |
133133
| [priority boost](../../database-engine/configure-windows/configure-the-priority-boost-server-configuration-option.md) (A, RR) | 0 | 1 | 0 |
134134
| [query governor cost limit](../../database-engine/configure-windows/configure-the-query-governor-cost-limit-server-configuration-option.md) (A) | 0 | 2147483647 | 0 |
135135
| [query wait](../../database-engine/configure-windows/configure-the-query-wait-server-configuration-option.md) (A) | -1 | 2147483647 | -1 |
@@ -158,4 +158,4 @@ The following table lists all available configuration options, the range of poss
158158

159159
- [sp_configure &#40;Transact-SQL&#41;](../../relational-databases/system-stored-procedures/sp-configure-transact-sql.md)
160160
- [RECONFIGURE &#40;Transact-SQL&#41;](../../t-sql/language-elements/reconfigure-transact-sql.md)
161-
- [DBCC FREEPROCCACHE &#40;Transact-SQL&#41;](../../t-sql/database-console-commands/dbcc-freeproccache-transact-sql.md)
161+
- [DBCC FREEPROCCACHE &#40;Transact-SQL&#41;](../../t-sql/database-console-commands/dbcc-freeproccache-transact-sql.md)

0 commit comments

Comments
 (0)