Your SlideShare is downloading. ×
0
SQL Server
SQL Server
SQL Server
SQL Server
SQL Server
SQL Server
SQL Server
SQL Server
SQL Server
SQL Server
SQL Server
SQL Server
SQL Server
SQL Server
SQL Server
SQL Server
SQL Server
SQL Server
SQL Server
SQL Server
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

SQL Server

2,248

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,248
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
27
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. INSIDE SQL Server • 03 Principals and securables InSIder • 05 New schema model • 09 Security for CLR Tips for SQL Server pros May 2007 • 14 article 1: Database mirroring and its witness New security model • 17 article 2: Find and fix resource- in SQL Server 2005 intensive SQL Server queries Organizations traditionally spend little money to secure the database server level. Instead, security is added to the to-do list of DBAs and developers. Get familiar with the security features in SQL Server 2005, and allow them to make your job easier. Brought to you by SearchSQLServer.com 3
  • 2. SearchSQLServer.com New security model in SQL Server 2005 New Security Model Michelle Gutzait works as a senior in SQL Server 2005 database consultant By MIcheLLe GuTzAIT for Itergy International Inc., O an IT consulting firm specializing in the design, implementation, security rganizations don’t tend aged and controlled. In many and support of Microsoft to invest in securing cases, security standards are products in the enterprise. SQL Server instances created after applications and Gutzait has been involved and databases. Instead, databases are deployed, and in IT for 20 years as there is a tendency to that makes them difficult to leave security consid- implement. a developer, business erations to database admin- Whenever possible, you analyst and database istrators and developers. The should plan security standards consultant. For the last problem is that if there are no according to existing and future 10 years, she has worked defined security standards, it applications. Security consid- exclusively with SQL may leave data vulnerable. erations should always be part Server. Her skills include Security standards are impor- of the database and application SQL Server infrastructure tant for any organization. The design. For an existing environ- design, database design, problem is that it is not enough ment, the best approach is to performance tuning, just to develop them — they plan and formulate the security security, high availability, should also be applied, man- modifications step by step. VLDBs, replication and T-SQL/packages coding. Principals and securables New schema model Security for CLR Database mirroring Find and fix SQL Server queries 73
  • 3. SearchSQLServer.com New security model in SQL Server 2005 PrinciPals and securables in sQl server 005 The new security model in SQL 2005 defines two main security objects — principals and securables: principals are entities that can there are three types of principals: request SQL Server resources. windows-level sql server-level database-level They can be arranged in a hi- principals principal principals erarchy. A principal inherits • Windows domain • SQL Server login • Database user the permissions given to it in a login • Database role higher level of that hierarchy. • Windows local login • Application role every principal has a security identifier, or SID. securables are the resources the securable scopes: to which the SQL Server data- server level database level schema level base engine authorization • Endpoint • Database user • Type system regulates access. Some • Database • Database role • XML schema collection securables can be contained • Application role • Object within others, creating nested • Assembly • Function hierarchies called scopes, which • Message type • Procedure • Route • Queue can, themselves, be secured. • Service • Synonym Access to securables can be • Remote service binding • Table • Fulltext catalog • View • Certificate • Asymmetric key • Symmetric key • Contract • Schema Principals and securables New schema model Security for CLR Database mirroring Find and fix SQL Server queries 73
  • 4. SearchSQLServer.com New security model in SQL Server 2005 granted for principals in each new Permission -- grant permissions on the level. delegation caPability -- user “Michelle”: For example, a database user In SQL Server 2005, more USE AdventureWorks; or a database role, which can permissions can be given both GRANT CONTROL ON USER:: contain zero or more users, can in the instance and in the da- Michelle TO Joseph; get access to a database ob- tabase level than in previous ject or to a database schema, releases. Also, permissions „ ALTER ANY – provides the which can contain zero or more can now be inherited — for ability to alter properties objects. Also, a database user example, permissions given to of an object. Depending on or role can get permissions to a schema are inherited by the the scope, inheritance can view definitions and to grant schema’s objects. here are ex- be limited to objects of a permissions to another data- amples of new permissions: specific type. For example, base user or role. its variation in the form As in previous versions, a „ CONTROL – functionally ALTER ANY ‘object_type’ user who wants to access data equivalent to all permis- grants permissions to from a database must pass sions granted to the ob- modify every instance of through two stages of authenti- ject’s owner and inherited ‘object_type’ within server cation — one at the SQL Server by all subentities within its or database scope. For level (login) and the other at scope. Principals that have example: the database level (user). CONTROL permission on a ALTER ANY DATABASE DDL securable can grant per- TRIGGER mission on that securable. ALTER ANY SCHEMA For example: ALTER ANY ROLE -- Grant CONTROL -- permission on -- AdventureWorks user -- Michelle to user Joseph -- now the user Joseph can Principals and securables New schema model Security for CLR Database mirroring Find and fix SQL Server queries 73
  • 5. SearchSQLServer.com New security model in SQL Server 2005 „ IMPERSONATE – permits impersonating another user, without requiring DEFINITION TO public -- Grant role “public” to -- view any object definition ø Use synonyms when you want to keep an object name under a specific schema, but that object resides in a different schema, SysAdmin or dbo privileg- -- in the database level: different database or a different es, as was the case in SQL GRANT VIEW DEFINITION SQL Server instance. Server 2000. For example: TO public -- Grants IMPERSONATE -- Grant VIEW DEFINITION database objects? In SQL Serv- -- permission on user -- permission on er 2005, that problem has been -- Michelle to -- AdventureWorks role solved by moving the object -- AdventureWorks -- Accountants together definition under the “schema” -- application role -- with GRANT OPTION to object. -- Accountants. -- database user Michelle Schema can have an owner, -- The role Accountants can -- (now user Michelle can which can be easily reassigned -- now impersonate -- view the definition of the without having to change the -- Michelle: -- Accountants role and ownership of each object. Also, USE AdventureWorks; -- grant it permissions): applications will not break if GRANT IMPERSONATE USE AdventureWorks; they reference the schema ON USER::Michelle TO GRANT VIEW DEFINITION name before the object name Accountants; ON ROLE::Accountants when the object’s ownership TO Michelle WITH GRANT is shifted. It is still possible to „ VIEW DEFINITION – gives OPTION; grant permission to an object, read access to an object’s such as a table. But as a best metadata via catalog the strength of the new practice, centralize permissions views. For example: schema model by schema, not by objects. -- Grant role “public” to view how many times have you tried -- any object definition to delete a user from your SQL when to use synonyms -- in the instance level: Server 2000 database and A synonym is an alternative GRANT VIEW ANY couldn’t because it was owning name given to a schema- 5 Principals and securables New schema model Security for CLR Database mirroring Find and fix SQL Server queries 73
  • 6. SearchSQLServer.com New security model in SQL Server 2005 scoped object. The synonym sions, the second run will wait synGetAuthorName FOR is created under the schema until the first transaction ends. pubs.dbo.fnGetAuthorName; object but not bound to it. In SELECT dbo. other words, the deletion of the It seems that the best choice synGetAuthorName(‘171-10- synonym will not issue an error for using synonyms is when you 1178’) message if it is used in another would like to keep an object object. The synonym is used name under a specific schema, ddl triggers during runtime, so the object but the object resides in a dif- The new DDL Triggers option, names are not verified during ferent schema or in a differ- among other things, allows the synonym’s creation. you ent database or different SQL DBAs to control security issues, can grant permissions on syn- Server instance. use a synonym such as automating grant per- onyms. For example: instead of using a view if the missions or auditing. -- First result will be from synonym is for a table. For ex- here is an example of a DDL -- publishers_1: ample: trigger from the Microsoft De- DROP SYNONYM publish -- Table resides in another veloper Network (MSDN): CREATE SYNONYM publish -- schema: -- Grant VIEW DEFINITION FOR pubs.dbo.publishers_1 CREATE SYNONYM -- on each created role or SELECT * FROM publish Schema1.Authors -- user to public: -- Second result will be from FOR Schema2.dbo.Authors CREATE TRIGGER -- publishers_2: -- Table resides in another GrantViewDefOnPrincipal DROP SYNONYM publish -- server (myserverSQL2005 ON DATABASE CREATE SYNONYM publish -- is a Linked Server): FOR CREATE_USER, FOR pubs.dbo.publishers_2 CREATE SYNONYM dbo. CREATE_ROLE SELECT * FROM publish RemoteAuthors AS Note that the synonym is a FOR [myserverSQL2005]. DECLARE database object. If you try to pubs.dbo.authors @event_type sysname, run the above code as a trans- -- Synonym for a function: @principal_name sysname, action from two different ses- CREATE SYNONYM @sql nvarchar(max); Principals and securables New schema model Security for CLR Database mirroring Find and fix SQL Server queries 73
  • 7. SearchSQLServer.com New security model in SQL Server 2005 SELECT @sql = security configurations is really necessary. ‘(/EVENT_INSTANCE/’+ for sQl server „ use a small number of ‘EventType) [1]’; There are two extreme methods database roles to which SELECT @event_type = of applying security: you grant permissions. eventdata().value „ ThE LAzY MODEL – The Don’t grant permissions on (@sql,’sysname’), less security, the better. a per-user basis. @principal_name = This may result in either „ use only stored proce- eventdata().value giving too many or too few dures to access the data (@sql,’sysname’); permissions, but security and grant permissions to IF (@event_type = management is easier and these stored procedures. ‘CREATE_USER’) less complicated. „ Allow only one owner- SELECT @sql = „ SECuRE EVERYThINg ship to all the objects and ‘GRANT VIEW ‘ + POSSIbLE. This may com- schemas. This will simplify ‘DEFINITION ON ‘ + plicate the environment, granting the permissions ‘USER :: ‘ + producing more manage- and will help avoid permis- @principal_name + ment effort. sion chains. ‘ TO PUBLIC ‘ ; ELSE Most organizations are using defining service SELECT @sql = a security model that is be- accounts ‘GRANT VIEW ‘ + tween these two extremes. In previous versions, it was ‘DEFINITION ON ‘ + When designing a security easier to add SQL Server and ‘ROLE :: ‘ + model, try to keep it simple but SQL Server Agent services ac- @principal_name + satisfying. For example: counts to the sysadmin group ‘ TO PUBLIC ‘ ; „ Decide that the schema is than to play with the Group EXEC (@sql) the most granular unit to Policy Objects or permissions which you grant permis- of that account. sions. Don’t grant permis- In SQL Server 2005, the SQL sion to an object, unless it Server service account: Principals and securables New schema model Security for CLR Database mirroring Find and fix SQL Server queries 73
  • 8. SearchSQLServer.com New security model in SQL Server 2005 „ Requires less privilege password expiration poli- If so, few features such as the than in previous versions. cies because changing the xp_cmdshell Stored Procedure It can now be defined as password of the service and ad hoc queries through a member of the users account does not require linked servers — OPeNROW- group (non-domain user) restarting SQL Server SeT and OPeNDATASOuRce or Domain users group 2005. — are disabled by default in a (domain user). During newly installed instance of SQL installation, the user is The SQL Server Agent ser- Server 2005. automatically placed in the vice account requires sysadmin Database mail is another SQL Server service group privileges in the SQL Server great new feature in SQL Server and the group is granted instance it is associated with. 2005. you might go through the exactly the privileges that however, in SQL Server 2005, complicated process of config- it needs. SQL Server Agent job steps uring SQL Mail in SQL 2000, „ Should be changed only can be configured to use prox- or you might be using an alter- by using SQL Server Con- ies that encapsulate alternate native method of running SQL figuration Manager or by credentials. Mail, like SP_SQLSMTPMail or using the equivalent func- xp_smtp_sendmail. Note that tionality in the Windows surface area there is a problem using this Management Instrumen- configuration feature. If there is a bug in the tation (WMI) APIs. using SQL Server 2005 installation database program or SSIS pack- Configuration Manager minimizes the “attack surface” age, it can easily flood the mail ensures that the new ser- because, by default, optional server. vice account is placed in features are not installed. It’s The SQL Server Surface Area the appropriate Windows possible to turn off the features configuration command-line group and is thus granted in SQL Server Surface Area interface, sac.exe, makes it exactly the correct privi- configuration or use the system possible to import and export leges to run the service. stored procedure sp_configure. settings. This enables you to „ Can be configured by upgrading from SQL 2000? standardize the configuration Principals and securables New schema model Security for CLR Database mirroring Find and fix SQL Server queries 73
  • 9. SearchSQLServer.com New security model in SQL Server 2005 of a group of SQL Server 2005 not gain a higher security If you do decide to use en- instances. For example: level than it needs -- for cryption, remember that en- sac in server1.out –S example, by impersonating cryption and decryption algo- MyServer the SQL Server Service or rithms are comparably heavy to SQL Server Agent service run. First, never index encrypted integration and account. columns. Also, test the encryp- security for common „ Managed code should tion-decryption performance language runtime access local resources as on the expected amount of data The security model of the Mi- much as possible. and application functionality crosoft SQL Server integra- before you decide to use it. tion with the Microsoft .NeT SQL Server now integrates Framework common language the user-based security model other security enhance- runtime (cLR) manages and of SQL Server with the code ments in sQl 005 secures access between differ- access-based security model of here are descriptions of a few ent types of cLR and non-cLR the cLR. more security enhancements: objects running within SQL „ With SQL Server 2005, Server. data encryPtion you can alter the execu- Because cLR programs can Data encryption is a great new tion context with the EX- affect the stability and robust- feature in SQL Server 2005, but ECuTE AS clause available ness of the SQL Server environ- you should use it wisely and as part of the definition of ment, it is important to follow only if necessary. Remember stored procedures, func- these best practices: that using this feature will re- tions, queues and triggers. „ Protect the non-SQL Serv- sult in performance and admin- EXECuTE AS can also be er resources, such as net- istrative issues. Generally, SQL used to set the execution work and operating system Server and database permis- context within a SQL batch resources, with a higher sions can be enough for most instead of SETuSER. The security level. applications when they are well execution context choices „ Managed code should planned and applied. are: Principals and securables New schema model Security for CLR Database mirroring Find and fix SQL Server queries 73
  • 10. SearchSQLServer.com New security model in SQL Server 2005 • execute as caller — the and the key/certificate’s „ Endpoint-based authenti- caller of the procedure (no permissions. cation is used to provide impersonation). This is the „ Direct access to system secure communication only pre-SQL Server 2005 tables is no longer allowed. in scenarios where SQL behavior. Instead, they are exposed Server 2005, running on • execute as owner — the through catalog views, Windows Server 2003, owner of the procedure. encompassing both server functions natively as a • execute as self — the and database-wide set- Web service, listening and creator of the procedure. tings. responding to hTTP SOAP • execute as ‘username’ „ SQL Server 2005 can requests. — a specific user. manage SQL Server ac- „ Permissions on DTS pack- „ Server 2005 offers a much count password and ages in SQL 2000 were more granular way of as- lockout properties (such difficult to manage. SSIS sociating privileges with as password complexity, packages are flexible and procedural code with code password expiration and can run in different ways. signing. by using the ADD account lockout) with local „ Microsoft baseline Se- SIgNATuRE DDL state- and domain-based group curity Analyzer (MbSA) ment, you can sign the Policies. This functionality is a utility that scans for procedure with a certifi- is available only on Win- common insecurities in a cate or asymmetric key. A dows 2003 Server sys- SQL Server configuration. user can then be created tems. Example: Run MbSA on a regularly for the certificate or asym- CREATE LOGIN Michelle scheduled basis, either metric key itself and per- WITH locally or across the net- missions assigned to that PASSWORD = work. user. When the procedure ‘Change$NxtLogin’ MUST_ is executed, the code ex- CHANGE, xP_cmdshell handy ecutes with a combination CHECK_EXPIRATION = ON, examPles of the caller’s permissions CHECK_POLICY = ON xp_cmdshell is a very powerful 0 Principals and securables New schema model Security for CLR Database mirroring Find and fix SQL Server queries 73
  • 11. SearchSQLServer.com New security model in SQL Server 2005 Stored Procedure. In SQL Server 1 delete a specific file on the security best practices. They will 2000, it is enabled by default. c:temp directory in each of run on SQL Server 2000 as well In SQL Server 2005, it is dis- these servers. as on SQL 2005. abled by default. 2 collect the list of the in- With sp_cmdshell you could stalled programs and tools run the following command: on each of the servers, prior Exec xp_cmdshell ‘del /S c:’ to consolidation. links for sql server which deletes the c: drive and you could go computer by Security Considerations for all its subdirectories in the computer and do these two Integration Services server where the SQL Server tasks. you could write code. http://msdn2.microsoft.com/ instance is running. Oops, sorry, you are a DBA— en-us/library/ms137833.aspx If I am doing so as the sa or but what could be easier than in the sysadmin role in SQL and to create a table with the SQL Security Considerations for the SQL Server Service account Server instances names, create SQL Server is a sysadmin on the computer a cursor on them and then loop http://msdn2.microsoft.com/ running the SQL Server, it can and run what’s needed to be en-us/library/ms161948.aspx be too powerful. run? But here are two examples In Task 1, you’ll see code to CLR Integration Security where you could use xp_cmd- delete a file, which results in no http://msdn2.microsoft.com/ shell because it is quicker and output. en-us/library/ms131071.aspx more straightforward: In Task 2, you’ll see code to Imagine that you have more show the contents of a directo- SQL Server 2005 Best than 30 servers hosting SQL ry on a server. here, you’ll find Practices Analyzer Server instances. the results of the code in Task http://www.microsoft. your manager asks you to do 2, assuming it ran against only com/downloads/details. two things: one server. aspx?FamilyId=DA0531e4- note: These two examples are e94c-4991-82FA-F0e3FBD05e not secured and are against 63displaylang=en Principals and securables New schema model Security for CLR Database mirroring Find and fix SQL Server queries 73
  • 12. Advertorial Stately IT The Pennsylvania State University Dell Services helped Penn State upgrade the hardware foundation for its learning management system using Dell™ PowerEdge™ 6850 servers and Microsoft SQL Server 2005 Since its founding in 1855 as a small agricultural college dedicated to applying scientific principles to farming, The Pennsylvania State University—affectionately known as Penn State—has grown into a world-class learning institution with more than 84,000 enrolled students. Like many universities, Penn State uses learning management system (LMS) technology to help manage academic course content. Unfortunately, until recently the university’s system was plagued with performance and scalability issues due to an aging hardware infrastructure. The university’s IT staff turned to trusted longtime technology partner Dell for answers. Working closely with Dell Services, the staff tested the LMS on a new hardware architecture. “We found that Dell hardware offered excellent performance for the LMS and enabled us to handle more users than the previous system,” explains Lowell Smith, database administrator at Penn State. — Alex Pollock, Lead Database Administrator, The Penn State University 73
  • 13. Advertorial Stately IT The Pennsylvania State University With such positive test results in hand, the Penn State IT team felt confident deploying a hardware infrastructure, including Dell™ PowerEdge™ 6850 servers, on which Penn State runs Microsoft SQL Server 2005 Enterprise to provide database support for the LMS. According to Alex Pollock, lead database administrator at Penn State, the combination of Dell PowerEdge servers with SQL Server has resulted in impressive performance gains for the LMS compared to the previous system. “Re-indexing used to take four hours—completing outside our maintenance window,” Pollock states. “Once we went to SQL Server 2005 on the PowerEdge 6850 servers, the whole process could be completed in half an hour—eight times faster.” Even though the user load has more than doubled, the performance of the ANGEL system is impressive: application availability is exceptional and hardware utilization is nowhere near capacity. “Our user load has skyrocketed in recent months—now we are experiencing 1.4 million Web hits on the system per hour,” notes Peter Dawson, manager of mid-tier infrastructure for Administrative Information Services at Penn State. “But even under that load, our servers are running at 25 to 30 percent capacity, which indicates that we have plenty of room to grow. To view the entire story, go to www.dell.com 73
  • 14. SearchSQLServer.com Database mirroring and its witness SQLServer Insider Backup and RecoveRy Greg Robidoux is the president Database mirroring and founder of Edgewood and its witness Solutions LLC, a technology services company delivering By GReG ROBIDOux professional services and product solutions for Microsoft SQL Server 2005’s database mirroring feature offers new function- SQL Server. He ality that allows you to configure database failover much easier than in the past. When configuring database mirroring, one option is to has authored use the high Availability mode. This option allows for synchronizing numerous articles of transaction writes on both servers, as well as offers the ability of and has delivered automated failover. When using the high Availability mode, you need presentations at to have three instances of SQL Server: the principal, mirror and the regional SQL Server witness. here is a summary of what each component does. users groups and national SQL Server „ PRINCIPAL – this is the instance that stores the active database. „ MIRROR – this is the instance that receives transactions to keep events. Robidoux the mirrored database in sync. also serves as the „ WITNESS – this is the instance that communicates with the prin- SearchSQLServer.com cipal and mirror to determine if failover should occur. Backup and Recovery expert. Principals and securables New schema model Security for CLR Database mirroring Find and fix SQL Server queries 73
  • 15. SearchSQLServer.com Database mirroring and its witness what is the role of the ability mode and you want, primary data center, your mirror witness server? or need, automatic failover. and witness can communicate The witness is a third instance This instance doesn’t do much and take over the job. of SQL Server 2005 that acts more than communicate with Physical location is not the as an intermediary between the principal and the mirror to only point of concern when the principal and the mirror in make sure they are still alive. placing your witness. It would order to determine when to fail No database activity is occur- also make sense to install the over. By having a third instance, ring on this instance, just com- witness on a different physical it creates the ability to have a munication between the three server. It is possible to create 2–1 vote that says one of my components. three instances on one server components is not available and set up database mirroring. and, therefore, I am going to where should the But, if you are trying to elimi- fail over. Because of the need witness be? nate hardware failure as a pos- to determine if the components This really depends on your sible cause of downtime, the are online or offline before an network configuration and the witness should be installed on a automatic failover, the witness reliability of your components. different piece of hardware. server is only needed when If you implement this over a If you are trying to eliminate you implement the high Avail- WAN and have periodic net- data center outages, it makes ø work glitches by having the sense to have your mirror in You can create three witness near the principal, then a different physical location. instances on one server you can eliminate some un- Based on this assumption, you when setting up database necessary failovers. In addition, should keep the witness and mirroring. But, if you if your primary data center has the principal in the same data are trying to eliminate some issues and you want to center and your mirror in a dif- downtime caused by ensure your database stays on- ferent location. hardware failure, install the witness on a different line, it may make sense to keep piece of hardware. this with the mirror. Therefore, if there are any issues in your 5 Principals and securables New schema model Security for CLR Database mirroring Find and fix SQL Server queries 73
  • 16. SearchSQLServer.com Database mirroring and its witness what version of sQl what haPPens if the summary Implementing the server 005 for the witness fails? high Availability mode of data- witness? Because the witness is just one base mirroring is pretty straight- The witness server can run of the three components, if it forward by just implementing on any version of SQL Server fails, it does not necessarily another instance of SQL Server 2005, including the express mean that a failover will occur. to act as the witness. Although edition. The principal and mir- As long as the principal and mir- from that perspective it is fairly ror can only run on the Stan- ror can still communicate with easy, you should implement dard, enterprise and Developer each other, there is no need for a database mirroring in differ- editions of SQL Server 2005. failover. Therefore, the failure of ent phases until you get the just the witness will not trigger hang of how it works and when what kind of server an automated failover. it will kick in. using the high does the witness run Protection mode as the first on? how does failover work? implementation probably makes you can install the witness on Since three components make more sense than jumping right any hardware and operating up the high Availability mode, into the high Availability mode. system that supports the ver- two of these components need either way, though, take the sion of SQL Server 2005 you to determine that a problem time to test this new component are using for the witness. Be- has occurred and then initiate of SQL Server 2005 before you cause of the nature and role a failover. If the principal server take the leap into using it as part of the witness, I suggest using fails and the witness and mir- of your production failover strat- hardware that you feel is reli- ror can still communicate, the egy. able and will not cause further failover process will kick in. The Get a step-by-step explana- complications when imple- mirror will become the principal tion to setting up database mir- menting and utilizing database and the witness will continue to roring in a previous article titled mirroring. perform its duties as the witness Database mirroring setup in SQL server. Server 2005 found at Search SQL Server.com. Principals and securables New schema model Security for CLR Database mirroring Find and fix SQL Server queries 73
  • 17. SearchSQLServer.com Find and fix resource-intensive SQL Server queries SQLServer Insider peRfoRmance Jeremy Kadlec is the Find and fix principal database engineer at resource-intensive Edgewood Solutions, a technology services SQL Server queries company delivering professional services and product solutions By JeReMy KADLec for Microsoft SQL Server. He has Taming resource-intensive SQL Server queries is no small authored numerous articles and task. Finding them can be a challenge and fixing them delivers frequent is typically unique to the query. Here are five common presentations resource-intensive queries with possible resolutions. regionally and nationally. He how to find resource- perceived as slow, the root cause authored the intensive Queries and resolution can be much more “Rational Guide Identifying resource-intensive complex. The following resources queries is simple when your ap- will help you address common to IT Project plication experiences performance problems: Management” and is issues and users communicate „ To identify resource-intensive the SearchSQLServer. when and where the issues oc- queries, leverage SQL Server com performance and cur. If the overall application is 2000 Profiler. tuning expert. Principals and securables New schema model Security for CLR Database mirroring Find and fix SQL Server queries 73
  • 18. SearchSQLServer.com Find and fix resource-intensive SQL Server queries „ To determine how the opti- While users have to ask for this information, you can create mizer processes the code these figures for business rea- the necessary index to support internally, review individu- sons, the queries may cause a the query and avoid costly table al query plans in a graphi- significant resource drain. scanning. cal format using Query To balance the need to run Analyzer. resource-intensive queries and large result sets „ To access query plans, use retrieve timely data for users, Querying for hundreds or the T-SQL command SET change the process to execute thousands of rows while only ShOWPLAN_ALL or SET a stored procedure on a pre- displaying 10 to 50 rows in the ShOWPLAN_TEXT for a defined basis, which populates application is certainly a drain textual view of the output a table that stores the aggre- on SQL Server, especially when from the SQL Server opti- gate results. Then have users the query is frequently issued mizer. access the aggregated data by the same user. Since the instead of issuing the resource- data isn’t going to change, the intensive query. application’s throughput would calculation Queries benefit from caching that data users in management and table scanning on the Web server using ADO. executive management posi- Table scanning is probably the NeT. Another option would be tions issue calculation queries single biggest offender of drain- to cache the IDs or the unique throughout the day. They calcu- ing SQL Server resources. The identifier for the result set and late figures over a long period good news is that the problem query for the detailed data as of time with a primarily static is usually easy to fix. The best the data is browsed. A final op- data set (i.e., calculating year- way to diagnose this resource tion I have seen work well is to to-date sales or monthly inven- drainer is to review the query issue the query with a cOuNT tory figures). Depending on plan. The SQL Server optimizer clause and let users know how your applications, the calcula- will indicate which portion of much data will be returned. If it tions may be different, although the query is scanning tables by is a significant amount of data, the premise remains the same. table and column name. With fine-tune the query param- Principals and securables New schema model Security for CLR Database mirroring Find and fix SQL Server queries 73
  • 19. SearchSQLServer.com Find and fix resource-intensive SQL Server queries eters to reduce the result set; not many users will be able to that execute one or more times per second using few resources SQL Server review a large result set, which just becomes overwhelming. — but the number of aggregate resources used is staggering. InSIder They don’t only eat up SQL is brought to you by cursors Server resources, but also an SearchSQLServer.com. cursors are notorious for quick- excessive amount of network The stories “Database ly turning a high-end server into round trips. you can expect to mirroring and its a single-user machine. cursors see this happen in Web-based witness” and “Find and typically build a large data set applications. If you store data in fix resource-intensive and process data one row at a session variable or cookie, the a time, which often serializes problem is resolved. SQL Server queries” the processing. Originally de- originally appeared on veloped for ISAM and VSAM summary Take a step back SearchSQLServer.com. databases, Microsoft included and think about how your ap- support for this processing from plications interact with SQL the earliest versions of SQL Server from a functional per- editors Server. Although they are a vi- spective. Think about com- christine casatelli able way to perform data pro- plaints users have had histori- heidi Sweeney cessing, they are not efficient cally about the application as copy editor — and your goal should be to well as long-running processes. Martha Moore migrate away from cursors and Observe how users work with design director use set-based logic. the applications and make per- Ronn campisi formance improvements in the www.ronncampisi.com single Queries that run code based on how users have rePeatedly evolved with the application. Some of the most deviant sets of queries are single queries Principals and securables New schema model Security for CLR Database mirroring Find and fix SQL Server queries 73
  • 20. SearchSQLServer.com New security model in SQL Server 2005 Additional Resources from Dell Ø Embracing a new level of user experience:the hardware foundation for its learning management system Dell Services helped Penn State upgrade http://www.dell.com/content/topics/global.aspx/casestudies/en/2007_penn?c=uscs=555l=ens=biz Ø SQL Server 2005: Preparing for a Smooth Upgrade http://www.dell.com/downloads/global/power/ps1q06-20060126-Microsoft.pdf Ø Maximizing SQL Server Performance http://www.dell.com/downloads/global/power/ps4q05-20050272-Symantec.pdf Ø http://www.dell.com/content/topics/global.aspx/power/en/setc?c=uscs=555l=ens=biz The Scalable Enterprise Technology Center Ø Microsoft SQL Server 2005 Virtualization http://www.dell.com/downloads/global/power/ps4q06-20060405-Muirhead.pdf Ø The Definitive Guide to Scaling Out SQL Server 2005 http://www.dell.com/content/topics/global.aspx/alliances/en/ebook_landing?c=uscs=555l=ens=biz 0 Principals and securables New schema model Security for CLR Database mirroring Find and fix SQL Server queries 7

×