PASS Summit 2016 Submissions and Review

This year I decided to submit my sessions for PASS Summit.  I would have done this last year, but by March I already knew that I was going to have a baby due mid-October.  As it turned out, the kid ended up two weeks late and was born on the first day of Summit.  Good decision on my part.  With me having leave to go to Summit in 2016, I had been as an attendee in 2014, and I’ve now spoken at probably a dozen SQL Saturdays, I figured I would take a shot at the Super Bowl.

Now, I did not get selected to speak or as an alternate, and honestly I did not expect to be selected.  There are better speakers than me out there, with better knowledge, more experience, and better topics.  The one thing the selection process *really* made me do was actually look at my abstracts and dissect them.  My abstracts have never been the best and this was a great opportunity for me to fine tune them, and they absolutely still need work.  I thank the selection committee for kickstarting me here.

With me not getting selected, I will likely try to get into speaker idol this year if possible.

So, here are my sessions.  I’ve included the feedback that I received, because honestly I feel a good amount of it is positive and it made me feel good about future submissions.  The sessions that were selected for the event are excellent and I expect Summit 2016 will be a great time.

Session Name: Getting Started with SQL Server Replication
Category: General Session (75 minutes)
Track: Enterprise Database Administration & Deployment
Topic: High Availability: Availability Groups / Mirroring / Clustering / Replication
Level: 100

Session Abstract: SQL Server replication is an excellent way to keep a subset of data synced with another database for reporting, audit, or recovery purposes.  In this session we will examine terms, internals, and walk through the setup of transactional and snapshot replication so you can utilize it as a valuable tool in your toolkit.  We will also examine some ways to make replication perform better as well. This session is targeted towards database administrators who have little to no experience with replication and developers looking for different ways to duplicate data for reporting or data consumption.

Feedback1:
Topic: Attendees would be interested in this topi

Feedback2:
Abstract: Great abstract with clearly defined goals
Topic:  Great topic.  A 100 level session on replication is a great idea!
Subjective: This sounds like a great session and should draw high numbers.  I would go to this session!

Feedback3:
Abstract: detailed
topic: not new, level 100
Subjective rating: so and so

My comments: 2 out of 3 ain’t bad; and if I’m being honest, the last feedback isn’t a bad review, it’s just not *good* feedback.  The second review here got me pretty excited too; someone thinks this sounds like a good session, so I’ve done my part for this abstract.  In retrospect, this session is probably more 200 level and when I resubmit it next year it will go in as such.  This is probably my most Summit-ready session in my repertoire regardless of reviews.  I always run up against time in 60 minutes at Saturday events, and 75 minutes would be perfect.

————————————————-

Session Name: Understanding SQL Server Roles, Permissions, and Schemas
Category: General Session (75 minutes)
Track: Enterprise Database Administration & Deployment
Topic: Security: Access /  Encryption / Auditing / Compliance
Level: 100

Session Abstract: Developers and database administrators naturally conflict with each other over permissions due to separation of duties. In this session we will discuss Microsoft recommended best practices for setting up users and application account permissions. We will cover common server and database roles and what they actually allow, including roles that should generally be avoided as potential security loopholes. We will also look into alternatives for elevated database roles, and easier ways of setting up users across an enterprise environment.  These best practices are presented as part of a case study on consolidating into fewer instances even in non-production environments. This session serves as an introduction to default roles, explicit permissions, schemas, and discusses security challenges for consolidated environments or internally developed database as a service.

Feedback1:
Basics is what w always need. Interesting session.

Feedback2:
Abstract: detailed, but subject is poor
Topic: not compelling
Subjective rating: not interesting

Feedback3:
Although descriptive, abstract just seems “dry” to me.  Needs something a little more “catchy” to draw me in.

Feedback4:
Abstract – The abstract is well thought and detailed
Topic – Not sure if attendees would be interested and title looks like something one would read from Microsoft manual
Subjective – Everything is great except the topic and case study seem to be a bit boring unless there is something special that the presenter is going to show or demonstrate but that is not reflected in the abstract.

Feedback5:
Abstract:  Excellent abstract with strong supporting goals.
Topic:  Great topic.  This sort of introductory topic on security is exactly the kind of session needed.
Subjective:  Great session!  It is going to attract new DB professionals as well as those of us who have been doing this for years!

Feedback6:
Abstract: well written, good topic
Topic: would like to have something in the title that mentioned dev/dba permission separation
Subjective: this is a topic that every dba should be familiar with

Feedback7:
A : 4
The abstract showcases an understanding of the SQL Server Roles, Permissions, and Schemas will go a long way in simplifying the administration of security on SQL server.
T : 5
The session attempts to demonstrate the default server and database roles, and their implied permissions, and default schemas.  Also discusses best practices for granting explicit permissions, and implement security in a consolidated development environment.
S : 5
This is a Level 200 session with 50% demo heavy – with just some understanding of the SDLC process, and Integration Services administration basics.

My comments: I was surprised at how many different feedback entries there were for this session.  The comments are very mixed but mostly positive, and they range from “not interesting” to “this is exactly the kind of session needed”.  I have always struggled with how to define this session.  I have the case study in there as a means to a story, which I feel the best sessions have.  I agree with feedback3 in that the abstract needs something more.

————————————————-

Session Name: Securing Service Accounts in SQL Server
Category: Lightning Talk (10 minutes)
Track: Enterprise Database Administration & Deployment
Topic: Security: Access /  Encryption / Auditing / Compliance
Level: 100

Session Abstract: Service accounts in SQL Server are often overlooked as a potential security loophole.  Yet, Microsoft has best practices and a list of what permissions a service account needs in order to operate its service properly.  This session will cover what kind of rights these accounts need, as well as show how Managed Service Accounts can reduce your administration overhead.

Feedback1:
Abstract: detailed, compelling
topic: relevant
subjective rating: good

Feedback2:
Abstract needs more specifics.  What is there is good; it just needs a little more to draw attention.

Feedback3:
Abstract – Details are not the best, but its a lightning talk
Topic – Goals are ok.  Topic is not new and would like to see whats new or a better method of doing securing service accounts
Subjective – Would like to have seen managed service accounts somewhere in the title.

Feedback4:
Abstract:  I like the abstract, but covering service account BPs and MSAs and GMSAs in a 10 minutes session??
Topic:  Great topic
Subjective:  You’ve only got 10 minutes.  Concerned too much is crammed in here.

Feedback5:
Level is ok for the goals and prereqs.
Topic will be attractive to attendees.
Abstract is concise and easy to understand.
Looks like an interesting session with some new(er) functionality information (MSA & gMSA accounts).

Feedback6:
Abstract: well written, looks like a good lightning talk subject
Topic: topic is descriptive, accurate
Subjective: always try to make it to lightning talks, this seems like it would fit right in and be a valuable addition

Feedback7:
A : 4
The abstract highlights the use of Managed Service Accounts (instead of the domain based service accounts) that Microsoft introduced with SQL Server 2012 that can lock down the privileges needed for a service account.
T : 4
The lightning talk attempts to demonstrate the use of Manage Service Accounts as opposed to the domain accounts – and follows the principle of running the SQL service under a least privilege model.  The talk also reviews the rights needed for service accounts, covering what services actually need domain accounts, and showing the benefits of using an MSA and why Group Managed Service Accounts are here to stay.
S : 4
This is a Level 200 ligtning talk with no demo – with the prereqs being some basic understanding of service basics and know how to install SQL server.

My comments: Once again here, I have mixed reviews mostly positive.  I have some issues with some of the feedback with this one.  For example, one of the concerns is time.  I guess time is always of a concern for any session, and especially lightning talks, but that is on the presenter and unless we’re going to submit slides and demos as part of a submission, just trust that I would keep things in time.  This past Saturday I covered row level security and always encrypted in 20 minutes WITH demos of both.  Secondly, another feedback stated that the topic is not new and wanted to see better methods.  That’s why I put MSAs in the abstract?  Of all my feedback this was the most puzzling to me; I didn’t share goals due to this being a giant blog post already, but understanding gMSAs was one of them.  If that’s not a “new” topic or better way of doing things I want to know about a different way.

Anyway, that’s my list of session submissions.  Let me know what you think in comments or reach out to me via twitter(@SQLCowbell).