Andreas Wolter
Data Architect, Security, Sarpedon Quality Lab
Data Architect, Security, Sarpedon Quality Lab LLC
Phoenix, Arizona, United States
Actions
Andreas Wolter is a former Program Manager for Access Control in Azure SQL and SQL Server at Microsoft. In this role, he spearheaded the revamp of SQL Server's permission system and the design of the external authorization system used by Purview policies and Azure database and data warehouse in Fabric.
He has over 20 years of experience with SQL Server, is one of only 7 Microsoft Certified Solutions Master for Data Platform (MCSM) and has been a regular speaker at conferences worldwide for over a decade.
Andreas is the founder of Sarpedon Quality Lab LLC, a consulting company specializing in SQL Server performance, high availability, and security, which he manages in cooperation with Sarpedon Quality Lab Germany.
Andreas Wolter ist ehemaliger Program Manager für Access Control in Azure SQL und SQL Server bei Microsoft USA. In dieser Rolle leitete er den Entwurf des externen Autorisierungssystems, das von Purview-Policies und Azure database unter Fabric verwendet wird und ist außerdem verantwortlich für die rund 50 neue Permissions und neuen Server- und Datenbankrollen in SQL Server 2022.
Als einer von nur 7 Microsoft Certified Solutions Master für Data Platform (MCSM) weltweit ist er regelmäßiger Sprecher auf internationalen Konferenzen und war bis zu seinem Wechsel zu Microsoft Jahrelang aktiver MVP in der deutschen Data Platform Community.
Er ist der Gründer der auf SQL Server HA, Performance und Sicherheit spezialisierten Firma Sarpedon Quality Lab Deutschland und seit seinem Rücktritt bei Microsoft leitet er die US-amerikanische Partnerfirma Sarpedon Quality Lab LLC von seiner neuen Heimat in den USA aus.
Links
Awards
Area of Expertise
Topics
Contained Availability Groups – Best practices and real-world challenges
Since their introduction in SQL Server 2012, Always On Availability Groups have become the preferred high availability technology for many DBA’s. SQL Server 2022 introduced Contained Availability Groups, to provide even greater flexibility and simplified management.
In this demo-heavy session, Andreas Wolter, a former Program Manager in the Microsoft SQL team will provide a comprehensive overview of the benefits and key considerations of Contained Availability Groups. You'll gain insights from real-world projects to help you maximize their advantages and potential challenges. We will discuss availability and manageability aspects, impacts on deployment workflows and security for your high availability architecture and learn valuable best practices.
Quickstart into Performance Monitoring & Troubleshooting for SQL
A consistent performance-experience is crucial for a successful business. If you are developing and testing SQL databases you need to understand where to look and what to look for.
Depending on whether your SQL database is hosted on-prem, in Azure SQL or Fabric, there are some differences in what tools are available.
In this session, Andreas Wolter, former Program Manager at Microsoft with over 20 years of experience in the field as consultant will give you an overview over the available tools, explain where they overlap and where limitations require a different approach using built-in SQL functionalities.
Among the things you will be introduced to will be the database watcher, extended events, wait stats and DMVs.
So next time someone asks you to take a look at a badly performing database application, you know where to look.
Practical Insights on SQL Server Consolidation and Migration
Optimizing system resource usage has emerged as a top consulting priority—driven by factors like mergers, uncontrolled system growth, and cloud transitions that often overlook necessary architectural adjustments.
In this session, Andreas Wolter, a former program manager at Microsoft Azure Data, will guide participants through the process of assessing an existing SQL server landscape and steps to consolidate and migrate numerous SQL server databases to reduce licensing and hardware requirements. Based on real-world projects this includes avoiding pitfalls and seizing opportunities when migrating databases to new versions. Consideration of availability, performance, and security is crucial for success in the cloud and on-prem.
This session primarily focuses on SQL Server IaaS and on-premises implementations, but most concerns and steps will also apply to PaaS and cross-cloud projects.
Inside Microsoft Purview data and access policies for Azure SQL and SQL Server
When using Microsoft Purview to govern access to Azure SQL or SQL Server on Arc, SQL Server must rely on policies that have been created externally. This means that you cannot use the traditional metadata that SQL uses to authenticate and check permissions.
Join this session by Andreas Wolter who has led the efforts for external access control for SQL from its beginnings to gain an understanding of how different types of policies from Azure Purview are integrated into the SQL Engine and how to troubleshoot policy-based authorization with Extended Events and Dynamic Management Views.
Data protection next level: what comes after access control
You’ve probably got authentication and authorization covered, and while these functionalities are absolutely essential, they are also just the foundation. When dealing with sensitive data, such as healthcare, PI data, intellectual property, or national defense information, adding extra layers of protection is crucial and often required by regulations.
In this session, Andreas Wolter, former Program Manager for security in Microsoft SQL with over 20 years of experience in real-world projects, will guide you through the security controls offered by SQL Server and Azure SQL. He will compare the use cases and limitations of the various data protection methods that the SQL engine offers, including the different encryption technologies, Ledger, data classification, row level security and Microsoft Purview data access policies. Prepare for a session filled with demos and practical tips on when to use each technology!
SQL Server under attack: SQL Injection
One of the most frequently attacked targets is the data stored on database servers and SQL Injection remains one of the most prevalent attack methods.
In this demo-based session, Andreas Wolter, former Program Manager for SQL security at Microsoft will demonstrate several real-life attacks - ranging from simple data reading to service disruption through various manual SQL Injection techniques. He’ll cover privilege escalation to sysadmin level and even a DoS attack on SQL Server using SQL commands.
If you have a database server that can be accessed by processes beyond your direct control or through frontend applications, and you’re concerned about the potential security implications, this session is for you. You'll learn how specific configuration settings can pose risks to your environment, helping you engage more effectively with your developers or database application vendors to mitigate security risks in your SQL Server environment.
Practical Performance Monitoring & Troubleshooting SQL Server
You are in a DBA, developer or consultant role, supporting SQL Server databases and often someone asks you to take a look at a badly performing database application, certain queries or even “the whole server”. And over and over again you find yourself in the situation of “how to find the root cause in the least amount of time”.
This full-day precon with Andreas Wolter, a former Program Manager for SQL Server at Microsoft, will teach you techniques for general troubleshooting and performance analysis from start-up to advanced techniques.
Among them are:
• SQL Server architecture & internals – the fundament to understanding correlations
• Monitoring methodology, tools & techniques
o Windows Performance Monitor
o Dynamic Management Views (DMVs)
o Wait statistics
o Extended Events for workload & query-analysis
o Query Store
o Azure SQL database watcher (intro)
The above techniques will be used to:
• Identify the most impactful problematic queries
• Detect I/O latency problems
• Investigate Tempdb performance
• Analyze indexes & statistics
• Analyze locking & blocking and concurrency problems
• Identify query plan regression
While no one has evolved into a performance-tuning-master in one single day, you can be sure to learn valuable techniques and concepts to build upon for day-to-day work. And of course, we will also discuss possible solutions or even implement them live. So, at your next phone call “Help, the server is slow!” you know will where to start.
Expect lots of demos and a deep dive into core concepts of SQL Server.
Hands-on! – Attendees who want to directly try out some of the techniques shown can connect to the demo-server which is under a constant workload simulation live with SQL Server management studio themselves! (All that is required is to bring a laptop with SSMS installed and ability to connect to a SQL Server on the internet on a given port.)
Authorization for SQL database in Microsoft Fabric 101
Effective access control is essential for any database environment. In this session, Andreas Wolter, former program manager for security in SQL at Microsoft, who designed the authorization concept for SQL database in Fabric, will walk you in a demo-focused session through access control for SQL database in Fabric, to help you utilize it with maximum efficiency.
We will cover the difference between workspace and database roles and when to use each. The session will also dive into custom vs. built-in roles, the implications of using workspace roles in Fabric for SQL, and the introduction of granular permissions. Additionally, we’ll examine the various permission options for sharing a database in Fabric and highlight the differences in access control between Fabric, SQL Server, and Azure SQL. The goal is to align with the Principle of Least Privilege while ensuring that access control remains manageable.
Learnings from the latest breaches: Approaching security for SQL Server and Azure SQL strategically
SQL Server and Azure SQL provide many different functionalities and services which help you to protect your most valuable assets: your data. But features alone do not protect if not carefully thought through and working in siloed manners. Without a properly planned security strategy, it is too easy to miss gaps between security controls and finding oneself exposed when a serious attack occurs.
In today’s environment of “hacking as a service”, state-funded and orchestrated hacking groups, being properly prepared for all scenarios can become vital to a company’s survival.
In this session, Andreas Wolter, a former program manager for SQL security at Microsoft with over 2 decades of experience working with customers, will reflect on the current threat landscape and explain the most common breach-patterns as well as how to stop them from occurring.
Under an assume breach mindset we will look at various attack vectors, discuss what ransomware and data exfiltration attacks have in common and how that helps us to prevent or limit the blast radius.
We will look at how to strategically approach a security concept, which starts at the overall system’s architecture and does not end with encryption alone.
This session is aimed at security managers and architects who want to learn how to secure their SQL environments and data not just using the latest technologies and features but also how to approach it strategically.
Using Microsoft Purview to control access to SQL at scale
When working in large environments containing numerous Azure SQL instances and databases, relying on individually managed access for each server and database can become unwieldy. This is where Microsoft Purview steps in, allowing you to define access policies that can be applied efficiently to a range of Azure SQL resources, including SQL Server on Arc, in a highly scalable manner.
If you want to learn the art of managing access to SQL resources at scale using Purview, this session by Andreas Wolter is tailored just for you. Andreas spearheaded the external access control efforts within the SQL Security team since its inception. In this session you will learn the typical scenarios that Microsoft Purview supports, discover where it excels, explore its current limitations, and gain insight into future developments.
Unleashing the power of access control in SQL Server and Azure SQL
Access control is a fundamental aspect of securing a database system, especially when storing high-value data. On the other hand, navigating a rich permission system such as the one offered by SQL Server and Azure SQL can be overwhelming even for the most seasoned DBA. In this session, Andreas Wolter, Program Manager and long-time expert for access control in SQL Server, will explore the authorization capabilities of SQL Server/Azure SQL, explain the value of industry best practices such a “Role separation” and “Principle of Least Privilege”, and share insights from his many years working directly with customers.
Discover some of the hidden gems that can help you implement access control policies that are effective for a wide range of workloads.
Implementing the Principle of Least Privilege for administrative roles in SQL Server
In many enterprises security requirements have become increasingly strict and demand that no persona should have full power on the SQL server instance or database.
Join Sam Mesel (Microsoft Azure SQL Global Black Belt) and Andreas Wolter (MCSM Data Platform, former Program Manager for Access Control in Server at Microsoft) for an informative session on implementing the principle of least privilege for administrative roles in SQL Server.
Learn about the different approaches you can undertake to secure your databases even against administrative personas. Learn how to solve specific operational tasks without granting high privileges using a solution template published on GitHub. Explore the use of built-in permissions and roles, custom code, and break-glass processes. Don't miss this opportunity to learn about how to lock down access to your data in SQL!
From Locks to No Locks – Concurrency in SQL Server
In this session we take a look at essential mechanisms inside SQL Server, which influence administrators as well as developers and should be known thoroughly.
Why does SQL Server have to lock objects, which effects does this have (performance and data integrity) and how we can influence these things.
Specifically we will look at:
· Can indexes prevent locking?
· Why is NOLOCK not a good idea when dealing with critical data?
· When and what happens at Lock-Escalation?
· What does table-design have to do with blocking?
· Why everyone should know error number 1205 – how deadlocks can occur and what can prevent them?
· How is „optimistic concurrency“ implemented in SQL Server?
. How does In-Memory OLTP change the game?
As usual: lots of (code) demos
Access control in SQL Server & Azure SQL from zero to hero
You inherited a SQL Server or Azure SQL environment or are designing a new one. One of the fundamental tasks is to manage access to your SQL Server, databases and data objects within.
The almost 300 permissions that the SQL engine supports can be overwhelming. And sometimes permission is not sufficiently granular to implement according to the Principle of Least Privilege. What if you do not want to take care of all permissions yourself and instead delegate some of these tasks to someone else. How can you do that safely?
In this interactive training day, Andreas Wolter, Program Manager in the SQL Security team with 2 decades of practical experience of SQL Server will walk you through all the fundamentals of SQL servers’ hierarchical permission system including the latest additions and strategy behind them. Then you will look at special scenarios and possible solutions that you may encounter and need to solve at some point. Along the way you will learn about concepts like PoLP, role separation, SoD, impersonation, delegation, and ownership chains in SQL.
Deep dive in SQL access control using roles and permissions
Proper access control is the foundation of any database environment. In this session, Andreas Wolter, formerly Program Manager for access control in SQL at Microsoft, who led the work on access control for SQL Server, Azure SQL and SQL under Fabric, will dissect the permission system and built-in roles for you, to utilize it with maximum efficiency.
You will learn about the distinction between workspace and database roles and when to use what. You will explore when to use custom roles over built-in roles, understand the granular permissions the side-effects of using workspace-roles under Fabric for SQL and which pitfalls to avoid. The goal is to comply with the Principle of Least Privilege and at the same time keep access control manageable.
Troubleshooting Availability Groups with DMVs and XEvents
In this session, we look under the covers of availability groups. Various demos show how to analyze functionality and performance in relation to availability groups. This includes problem analysis during initial seeding and the subsequent synchronization traffic and its performance overhead on the workload. The aim is to provide a better understanding of the basic mechanisms and their impact on the chosen high-availability infrastructure as well as how to use the available, built-in tools for troubleshooting.
SQL server database under attack – live battle session
Be it a malicious insider or stolen credentials: once an attacker can run queries against a database, it comes down to the level of access. Depending on the actual permissions and configuration, there are many things the attacker can attempt to gain access to the data.
In this session, Andreas Wolter, former Program Manager for SQL security access control at Microsoft and Ralf Dietrich a veteran in system forensics will play a live battle of DBA vs attacker: in multiple rounds they will demonstrate common weaknesses and potential paths to privilege escalation, how an attacker can exploit them and how they can be fixed. While the focus is on permissions, we will also highlight complementary security controls such as auditing.
Expect an entertaining and demo-focused session and lots of valuable information from the field.
Quickstart into Performance Monitoring & Troubleshooting for SQL databases in Azure and Fabric
Having a consistent performance-experience is crucial for a successful business. If your role requires supporting SQL Server Databases you need to understand where to look and what to look for.
Depending on whether your SQL database is hosted on-prem, in Azure SQL or Fabric, there are some differences in what tools are available.
In this session, Andreas Wolter, former Program Manager at Microsoft with over 20 years of experience in the field as consultant will give you an overview over the available tools, explain where they overlap and where limitations require a different approach using built-in SQL functionalities.
Among the things you will be introduced to will be the database watcher, extended events, wait stats and DMVs.
So next time someone asks you to take a look at a badly performing database application, you know where to look.
Andreas Wolter
Data Architect, Security, Sarpedon Quality Lab
Phoenix, Arizona, United States
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top