I am not a DBA by any means, but being a web developer means that I will have to install, setup, and administer databases. In the past, I have just followed the default installation for SQL Server. Over time, I have grown smarter and learned that default installations almost always leave doors open and leak.
So...What are the critical settings that should be thoroughly evaluated when installing SQL Server 2005 for someone of my caliber? or 2008? Or is every setting "critical?"
Any good resources that will guide through a "proper" setup of SQL Server 2005?
Every setting is critical - but the things I always double check are:
Authentication type - Integrated or SQL? If SQL, make sure you put in a very strong sa password.
Service Accounts - think through what you want for the accounts. I generally create a domain user for each service separately, and run them with least priviledges.
database paths. Decide up front where you want your system databases & user databases - its much easier to do that during the install than deciding after the fact.
Though this has mostly gone away with 64-bit, I always make sure that "AWE" is enabled if SQL is the only thing running on the server and it's 32-bit. This way, SQL Server has access to all the memory the server has (up to 3GB in a 4GB server) instead of being restricted to the normal 2GB.
I second the opinion that they're all important, and they all have different purposes, so it's a matter of your environment.
Most settings can be accepted with the default settings. SQL 2005 has been changed to be more secure by default.
Be sure to do the steps to prepare accounts to use.
You might also look at your server hardware and try to separate OS, SQL Binaries, Data and Logs onto separate drives.
http://msdn.microsoft.com/en-us/library/ms143516.aspx - for all the juicy details.
Post install, you should set up dbmail and then set up maintenance plans that notify you on failure of backups or maintenance.
Drive configuration! Where you'll place your log and database files is of absolutely paramount importance in terms of performance
My number one setting to check is the server's collation. This will control the collation of the system databases, and you should ensure that the new server's collation is the same as the old one to avoid collation errors. Ideally your user database will be the same collation.
If the two collations are different, and you compare varchar data from TempDB to varchar data from your user database, you'll need to specify the collation.
Just about every other setting can be changed later, but server collation is one that you're stuck with for keeps. (Technically, you can rebuild the system databases with a new collation, but it's not worth the effort, and still requires you to run Setup again).
The Microsoft documentation in Books on Line and elsewhere is pretty thorough and accurate. I think it's the best documentation that Microsoft does. So I'd be rigorous about "RTM" before anything I would write here, which would be incomplete and inadequately explained in any case by comparison.
That said, the first priority should be Do No Harm. I've seen many more cases where imperfect understanding of the consequences of changing the settings has caused problems, than that the default settings need to be altered. (Note: This advice does not apply to MySQL, whose defaults are pretty random IMHO.)
Related
My client is utilizing software that is SQL-based, the database having been set up by the software vendor for us. During a call I had made to the software vendor to ask them to connect to the SQL server to look at a problem we were having with the software, the software vendor told me that they could not proceed with troubleshooting and investigating the issue because Always Encrypted had been set on the database. Unfortunately the support technician could not tell me much about this, only that it was a road block for them and that it needed to be disabled, and that managing SQL databases to that extent was out of scope for their support.
I tried to look up how to disable or remove that feature from our database but all of the information I have found so far is about setting it up, not taking it down. I haven't tried to "tinker" with this at all on my own as what I have read so far tells me that this is definitely something that should not be touched without sufficient familiarity with managing SQL databases to know that modification of that feature on the database won't have potential negative ramifications (besides the data not being encrypted).
How can I remove or disable this feature from our database so I can get the software vendor to continue taking a look at their database?
Notes:
We have SQL Server 2017.
I don't know much about SQL Server - if a solution would have complications I might be expected to be aware of in trying it, I'm afraid I really won't be aware of them they're mentioned, which is something I'm also hoping to get from an answer (if applicable). I want to make sure I do it right.
Can one install Microsoft's SQL Server Agent, without a database instance?
(The aim is to reduce traffic to the database. I would like to put the server agent to an other server.)
Thanks for the help.
SQL Server Agent needs to store it's data (jobs etc) in the MSDB database. So you will need one.
If your SQL Agent really is causing such a massive amount of I/O that it's use of MSDB is slowing down overall server performance (which I doubt is the case, but everything is possible if you try hard enough), then you have the option to move the MSDB data files to a separate disk. (Not just a separate logical drive on the same disk, but a separate disk entirely).
I expect there are many other performance improvements possible before you get to that point though. Moving TempDB to another physical disk would be a good start point.
My question is similar. How can I make my "instance" the default instance, so I do not have to qualify my sql server with the instance name. Although, this is not the exact same question, I was brought here looking for an answer and others might be as well. This solution allows you to still have multiple instances, yet define the default instance.
To do this you need to change the TCPIP dynamic port of your instance to the default 1433 port value. Details on this simple procedure using the SQL Server Configuration Manager can be found here:
https://kohera.be/blog/sql-server/make-named-instance-look-like-default-instance/
I need to query Sql Server and get an ID that identifies the machine on which SQL Server is installed. An ID that works well also in some complex scenarios like failover clusters, or similar architectures.
I need this for license check, i bind my licence key to a ID, currently i am creting "my id" using a combination of database creation date and server name, anyway this is not very good, expecially because it is a Database ID, not a Server ID.
In the past I used to read the harddisk serial number with an extended stored procedure, but isn't it there (at least in sql server 2008) a simple way to get this id?
I don't want to use a CLR stored procedure.
et an ID that identifies the machine on which SQL Server is installed. An ID that works well
also in some complex scenarios like failover clusters, or similar architectures.
So waht do you want? Identify the MACHINE or identify the CLUSTER and handle enterprise senarios?
In general this is not poossible wthout extended stored procedures or CLR. Point. You rule out all approache, then there are none left. And the fact that you did read the hard disc number already implies that you are NOT prepared to handle larger installs. What do you read if there is no hard disc (as disc), but a LUN on a SAN? What do you do in case the hard disc is a hardware raid controller? the approach you took from the start was pretty much not working but you failed to see it because you dont deal with enterprise customers ;) Which also means you dont handle complex scenarios (clusters etc.) ;)
As gbn says, don't bother enterprise customers with childish copy protections, put a license agreement in place. In general enterprise software has few technical limitations to allow enterprises to provide good service without running through hoops to get anoether licensing key jsut for a lab install.
It's called a "licensing agreement"
I wouldn't want some app shutting down because it thinks it is running a different box.
If we have a DR fail over in a log shipping or mirroring setup, these are 2 seperate SQL server installs. And what kind of server runs a single hard disk anyway?
Other SO questions: https://stackoverflow.com/search?q=software+licensing
Sometimes we have upwards to 4-6 people either RDPed looking at data in SQL Management Studio, or hitting the server with LINQpad, Toad, etc from various locations while developing in mostly ASP.NET and Flex with WebOrb. Is this bad? Bad in the sense that we are trying to keep our live production app stable and as lag free as possible for global users?
i don't think i'd do that. if it was just me, then sure:) but if there's a bunch of people god only knows what queries they might run. we always use a test server for such things.
best regards,
don
Best practice would be separate servers. Next best, separate instances on same server. Next best, separate databases on a instance.
However, I wouldn't be letting any developers RDP into a production SQL Server (or production anything), regardless of choice of segregation mechanism. Use a separate terminal server with tools and everything there.
You can have dev and prod db on the same instance. Just make sure the permission are setup so that developers cannot touch the prod db. The negative is a long running query in dev will impact prod.
In SQL SERVER 2005 a better solution is to have a dev "instance" and a prod "instance".
Then is someone mis-behaves on the dev instance you and just bring down that insance.
In SQL server 2008 you can setup up CPU usage plans which can help throttle how much resources can be used. You should investigate that.
It depends on a lot of variables. It's generally better to have them on different servers. This is really depending on how you use sql server. If you just have databases, don't use a lot of the management tools, like nightly processes to alter data and other jobs you might be OK. You are running a real risk of having bleed over code from developing on the dev database to the production one though. It's safer to have them separated out, especially for the small amount of money needed to create a dev instance of sql server.
I find this a poor practice for several reasons:
First suppose one of your devs messes up and does something that ends up taking all of the processing power of your server. Oops prod is down for no good reason.
Second, devs could easliy change the wrong database. Oops prod is down for no good reason. At least you can avoid this by not giving any production rights to devs (which you should be doing anyway as a best practice.)
Third, if the database is the on the same server it has to have a different name, this can make moving things to prod difficult and error prone. I think it also means it will be less likely that you deploy correctly through source controlled scripts. If you choses to copy objects from one database to the other, then you can have issues with that as well. First if there is data in the object already, you may accidentally wipe it out (hope you have a backup) or you may move the new table structure but miss things like the PKs and FKS and default values and triggers and constraints and indexes or the wizard might take much longer to do the move because in the background it is creating and populating a new table and then droping the old and renaming the new one rather than using alter table. Oops prod is down or seriously slowed for no good reason.
I tend to agree with the "separate servers" folks, although with my company we actually do most of our day to day development work on our local machines -- so we have SQL Server installed locally. This can be a pain, of course, if you're developing reporting or something that needs production data. In that scenario, developers here usually get a subset of production data exported to work with.
For acceptance testing vs. deployment though, we do use separate instances.
Developers probably shouldn't have production access UNLESS they're also the ones who do application deployments (as can be the case with small teams like the one I'm in). If you do end up using separate DBs on the same server, I would at least lock down RDP access and grant access to each development DB on an individual basis. That's how it works here -- I don't have admin rights to any of our servers at this time, and can only admin databases for applications that belong specifically to my team.
It depends how much you value your live service. I know I wouldn't trust me and my fat hands running SQL on the same hardware as a live application.
Even if the application is not business critical, and the app is not data-bound, you can set up a development environment on an unused desktop machine, so why wouldn't you do that instead of take the risk?
The set up I use is typically DEV database on a local instance of SQL Server (Development Version for me, but Express would probably also work), a QA database on a test instance of SQL Server. In our environment, this is located on a virtual instance of W2K3 -- soon to be W2K8. Production databases live either on dedicated instances of SQL server or on one of various clustered instances. We don't mix PROD/QA/DEV at all. I use RedGate SQL Compare to synchronize schemas between the various systems, including different developer instances of the database.
It will be 'OK' as much as the team don't had any administrator privileges over the server (either SQL or Windows), and their user log-ins just grant access to potentially destroy just the development database and it's associated files, having denied access to production databases
For other application testing reasons, we created a copy of our production server (which is a virtual server) on a separate domain. This allowed the Windows Server Name, SQL Serer Name, Database name to be exactly the same (lots of settings on 3rd party apps require this level of configuration to get different processes to work.). Now we can rebuild a test environment by creating an exact virtual image of our production server.
I was sceptical about running SQL Server on a virtual machine, but it has given our small company a lot of flexibility. We like to think our databases are critical, but it is for internal uses and having some down time would just have workers shift their lunch hour.
Is there a general rule of thumb to follow when storing web application data to know what database backend should be used? Is the number of hits per day, number of rows of data, or other metrics that I should consider when choosing?
My initial idea is that the order for this would look something like the following (but not necessarily, which is why I'm asking the question).
Flat Files
BDB
SQLite
MySQL
PostgreSQL
SQL Server
Oracle
It's not quite that easy. The only general rule of thumb is that you should look for another solution when the current one can't keep up anymore. That could include using different software (not necessarily in any globally fixed order), hardware or architecture.
You will probably get a lot more benefit out of caching data using something like memcached than switching to another random storage backend.
If you think you are going to ever need one of the heavyweights (SqlServer, Oracle), you should start with one of those at the beginning. Data migrations are extremely difficult. In the long run it will cost you less to just start at the top and stay there.
I think you're being overly specific in your rankings. You can pretty much start with flat files and the like for very small data sets, go up to something like DBM for slightly bigger ones that don't require SQL-like syntax, and go to some kind of SQL database after that.
But who wants to do all that rewriting? If the application will benefit from access to joins, stored procedures, triggers, foreign key validation, and the like--just use a SQL database regardless of the dataset size.
Which one should depend more on the client's existing installations and what DBA skills are available than on the amount of data you're holding.
In other words, the size of your database is far from the only consideration, and maybe not the most important one.
There is no blanket answer to this, but ALMOST always, using flat files is not a good idea. You have to parse through them (i suppose) and they do not scale well. Starting with a proper database, like Oracle or SQL Server (or MySQL, Postgres if you are looking for free options) is a good idea. For very little overhead, you will save yourself a lot of effort and headache later on. They also allow you to structure your data in a non-stupid fashion, leaving you free to think of WHAT you will do with the data rather than HOW you will be getting it in/out.
It really depends on your data, and how you intend to use it. At one of my previous positions, we used Postgres due to the native geo-location and timezone extensions which existed because it allowed us to manage our data using polygonal datatypes. For us, we needed to do that, and we also wanted to use stored procedures, views and the like.
Now, another place I worked at used MySQL simply because the data was normalized, standard row by row data.
SQL Server, for a long time, had a 4gb database limit (see SQL Server 2000), but despite that limitation it remains a very stable platform for small to medium applications for which the old data is purged.
Now, from working with Oracle and SQL Server 05/08, all I can tell you is that if you want the creme of the crop for stability, scalability and flexibility, then these two are your best bet. For enterprise applications, I strongly recommend them (merely because that's what we use where I work now).
Other things to consider:
Language integration (ASP.NET session storage, role management, etc.)
Query types (Select, Update, Delete) [Although this is more of a schema design issue, not a DBMS issue)
Data storage requirements
Your application's utilization of the database is the most critical ones. Mainly what queries are used most often (SELECT, INSERT or UPDATE)?
Say if you use SQLite, it is gears for smaller application but for "web" application you might a bigger one like MySQL or SQL Server.
The way you write scripts and your web application platforms also matters. If you're developing on a Microsoft platform, then SQL Server is a better alternative.
Typically, I go with what is commonly accepted by whichever framework I am using. So, if I'm doing .NET => SQL Server, Python (via Django or Pylons) => MySQL or SQLite.
I almost never use flat files though.
There is more to choosing an RDBMS solution that just "back end horsepower". The ability to have commitment control, for example, so you can roll back a failed transaction is one. reason.
Unless you are in the megatransaction rate application, most database engines would be adequate - so it becomes a question of how much you want to pay for the software, whether it runs on the hardware and operating system environment you want, and what expertise you have in managing that software.
That progression sounds painful. If you're going to include MS products (especially the for-pay SQL Server) in there anywhere, you may as well use the whole stack, since you only have to pay for the last of these:
SQL Server Compact -> SQL Server Express -> SQL Server Enterprise (clustered).
If you target your app at SQL Server Compact initially, all your SQL code is guaranteed to scale up to the next version without modification. If you get bigger than SQL Server Enterprise, then congratulations. That's what they call a good problem to have.
Also: go back and check the SO podcasts. I believe they talked about this briefly.
This question depends on your situation really.
If you have control over the server you're deploying to and you can install whatever services you need, then the time to install a MySql or MSSQL Express server and code against an existing database framework VERSUS coding against flat file structure is not worth the effort of considering.
What about FireBird? Where would that fit into that list?
And lets not forget the requirements that the "customer" of your solution must also have in place. If your writing a commercial application for a small companies, then Oracle might not be a good choice... but if your writing a customized solution for a large enterprise which must share data among multiple campuses, and has a good sized IT department then the decision of Oracle vs Sql Server would come down to what does the customer most likely already have deployed.
Data migration nowdays isn't that bad since we have those great tools from Embarcadero, so I would instead let the customer needs drive the decision.
If you have the option SQL Server is a good choice from the word go, predominantly because you have access to solid procedures and functions and the database backup facilities are totally reliable. Wrapping up as much as your logic as you can inside the database itself (rather than in whatever language you are using) helps security and performance - indeed there's an good argument to be made for always using procedures for insert/update logic as these make you invulnerable to injection attacks.
If I have the choice the only time I'd consider MySQL in preference is with a large, fairly simple, database predominantly used for read access. This isn't to decry MySQL which has improved markedly of late and I happily use if I don't have the choice, but for more complex systems with update/insert activity MSSQL is generally the superior option.
I think your list is subjective but I will play your game.
Flat Files
BDB
SQLite
MySQL
PostgreSQL
SQL Server
Oracle
Teradata