SQL Server 2005


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

SQL Server 2005

  1. 1. 2 Second in a series of step-by- step guides for the protection of the Microsoft Windows Server Designing High System Availability for SQL Server 2005 Nelson Ruest & Danielle Ruest A Report by Resolutions Enterprises Sponsored by
  2. 2. Finally, you’ll have a data back-end that provides data-management services to the application and serves to persist data modifications. This third layer is the DBA’s responsibility because it’s where SQL Server resides. The end of downtime, period! This third layer can be in several forms because there are various flavors of SQL Job No. 1 for database administrators (DBAs) is making sure Server. Applications can rely on any of them, including Microsoft SQL Server 2000 Desktop that the data they’re responsible for is available all the time. Engine or the newer SQL Server 2005 Express Edition, but enterprises should really rely That’s because for anyone who implements database systems on more comprehensive editions of either with Microsoft SQL Server, be it 2000 or 2005, data availability SQL Server 2000 or 2005 because they provide much more robust database services and quickly becomes mission-critical. This is why DBAs must support high-availability solutions. ensure that they have some form of protection in place for these Depending on the type of application you create, you may need to rely on several sec- systems, be it a rapid-recovery or a high-availability system. ondary services to make sure it is always up. These can include services such as Active They know that, should any outage occur, they will be held Directory (AD), the dynamic host configura- responsible and faced with the repair of the system. tion protocol (DHCP), the domain name sys- tem (DNS), and, of course, a series of security What if you could completely avoid downtime? What if you services, such as anti-virus and anti-spyware, could go home knowing that the system would always be up.Well, to make sure the data is always protected. Depending on the clientele for your solution, if you’re a DBA and you want database peace of mind, read on. you may also need additional protection mechanisms such as firewalls (see Figure 1). Setting up Database Protection Mechanisms These secondary services don’t fall under the If your organization wants to rely on database systems to operate, then they need to support responsibility of the DBA, but they may affect you in the implementation of protection systems for the databases you manage. Depending on data availability. the type of protection you want, you’ll usually have three options with which to work. If you Figure 1 illustrates that even the simplest want total protection, you’ll use a combination of all three: application architecture can become • Proper system understanding complicated, and complicated architecture is • Service protection through built-in, high-availability services vulnerable by default. So, the first step in • Data replication systems protecting this system is through the use of The first option is really the first rule of any DBA; you can’t protect what you don’t know proper documentation, outlining each aspect you have and Microsoft offers several tools to help at this level. The second relies on services and of the application’s configuration. Proper functionalities that are both at the SQL Server and Windows Server 2003 level to implement data documentation will assist you in a rapid diag- and service redundancy schemes. This can involve up to three different strategies: log shipping, nosis of issues as they arise and help you as data mirroring and the Microsoft Cluster Service. (Note that data mirroring is only available for a DBA to understand the dependencies of the SQL Server 2005.) The last approach relies on third-party tools and can help ensure that you applications you support. have a readily available replica of your data so that you can bring it back up immediately in the In addition to proper documentation, you event of any failure. may want to implement a monitoring system Each of these is explained in detail here, and each applies to either SQL 2000 or SQL 2005 to proactively protect the data you manage. (except data mirroring, which is exclusive to version 2005. Microsoft Operations Manager 2005 (MOM) provides an excellent means of monitoring and controlling all versions of SQL Server. MOM Step 1: provides an operator console that lets admin- istrators know the health of the system at all Know Your SQL Server Architecture times. What’s better, you can create custom Today’s modern database applications rely on an n-tier architecture. This means that consoles for DBAs listing only the items they’re different application roles are played by different servers. For example, you will often have responsible for and giving them constant a Web front-end to the application, which is the interface users rely on to access the applica- feedback on the status of their SQL servers. tion’s functions, and is the presentation layer. Next, you may have a middleware tier that In addition, MOM’s framework lets soft- provides application logic. This may or may not run on the same servers as the Web interface. ware developers create special management
  3. 3. packs for specific products. As part of its new Common Engineering Criteria, Microsoft ensures that new management packs are delivered with each and every component of the Windows Server System. This is why all Step 2: Use Built-in, versions of SQL from 2000 to 2005 include MOM management packs. In fact, there High-Availability Measures are two management packs for SQL Server, Now that you know more about your database systems, you can move on to one from Microsoft and one from Quest Corp. the second step: using built-in features to protect the availability of the Both include extended expert knowledge on data. These features come from both SQL Server itself and from the Windows the health status of SQL and can go a long Server 2003 operating system. They include: way toward making sure your SQL systems • Log Shipping are monitored proactively. This lets you • Data Mirroring solve issues before they become problems. • Microsoft Cluster Service (MSCS) In addition, upon the generation of an Each strategy can be used to protect data at the server and the site level. alert, MOM can even take action itself and The server level ensures that data is available on another server within the run custom SQL scripts to further protect same site, while the site level ensures that data resides in another site to the data. protect from site-level disasters. Each of the strategies relies on the availability Another powerful tool that includes of a primary and secondary, or backup, SQL Server. expert knowledge of SQL is the SQL Server 2000 Best Practice Analyzer (BPA). This Using Log Shipping standalone tool analyzes your database In SQL Server 2000, you need to use the Enterprise Edition to support log infrastructure and provides recommenda- shipping and all versions of SQL Server 2005, except for the Express Edition, tions for improved availability. It identifies will support it. configuration issues and will also indicate Log shipping relies on SQL Server Agent jobs to make periodic backups of if your configuration is supported by the transaction logs on a production or primary server and send them to a Microsoft. Microsoft is working on a version secondary or standby server. The secondary server can be located in the same for SQL Server 2005, which should be site, providing server-level protection, or it can be in a remote site, providing released later this fall. site-level protection. Then Agent jobs on the standby server will use the same FIGURE 1 Typical n-tier Application Structure
  4. 4. FIGURE 2 Using Log Shipping to Protect Data performs the switchover auto- matically in the event of a failure of the primary database. All servers in a mirrored configura- tion must be running one of three editions of SQL Server 2005: Workgroup, Standard or Enterprise, with the exception of the witness system, which can rely on SQL Server 2005 Express. Mirroring works by shipping transaction logs from the produc- tion to the mirrored database. This means that the mirrored database is not available until a failover occurs, but it can run other, non-mirrored databases timeframe to load or restore the received transaction logs into a copy (see Figure 3). of the production database. Of course, you need to begin by loading a You can run mirroring in either asynchronous or synchronous modes. full backup of the production database on the standby server (see Both have their advantages and disadvantages. With asynchronous mir- Figure 2). roring, you have better system performance, but you have the opportuni- The advantage of log shipping is that it doesn’t have to be limited ty for data inconsistency, because the transactions on the main server are to a single standby server; logs can be shipped to several standby committed without waiting to hear if they were transmitted to the mir- servers both within and outside the production site. In addition, it ror. In synchronous mode, each transaction is mirrored to the standby doesn’t have to focus on a single database; log shipping can protect database before being committed to the production database. This has several different databases on the same production system, shipping the best data consistency, but it directly affects performance. The wit- them to the same or different standby servers. Log shipping isn’t just a ness server is only required if you run synchronous mirroring because this protection mechanism, it’s also a good tool to use to generate a is the only mode that secondary, development copy of the production database. supports automatic failover. Using a witness will ensure that the data- The disadvantage of log shipping is that there’s no automatic base is always available so long as at least two of the three server roles failover capability. So in the event of a disaster, you have to manually are available. activate the secondary copy of the database. Automatic failover of database mirroring requires the new SQL Native At the very least, log shipping provides an excellent means of protec- Client because it supports automatic redirection to the mirrored tion for the data itself and allows you to control the shipping schedule database. Database mirroring is designed to protect data at the data- to further protect the system. base level and can work both within the same site and across a wide area network (WAN) link. Clearly, the slower the connection is, the more Database Mirroring impact it will have on performance if synchronous mirroring is used. With the release of SQL Server 2005, Microsoft has tried to address The disadvantage of database mirroring is that it provides protection at database availability through the use of data mirroring. Though it was the database and not the server level, so you must format each server not available in the release to manufacturing (RTM) version of SQL with the same configurations. If they’re not exactly the same, failover 2005, it is now available through the release of SQL Server 2005 may not work properly. Service Pack 1. The major advantage of database mirroring is that, unlike log ship- Microsoft Cluster Service ping, in the event of a disaster or the unavailability of the primary At the server level, Microsoft offers Microsoft Cluster Service (MSCS), database, no manual action is required because a standby database which relies on shared storage to function. Multiple servers provide located on a secondary server will be available almost immediately. redundant services, but are connected to the same storage system. Like log shipping, database mirroring can be applied to one or several When the service fails on one server, it’s automatically picked up by databases and sent to one or more standby servers. another that’s part of the cluster. The same cluster can host multiple Database mirroring relies on two, optionally three, systems. The first instances of SQL Server because an MSCS cluster running on is the primary production server. The second is the standby server. This Windows Server 2003 can have between one and eight nodes: two server contains a copy of the databases you want to protect. The third nodes if the connectivity between the server and storage system is is a potential witness system that monitors database availability and SCSI; up to eight if you use Fibre Channel or iSCSI.
  5. 5. FIGURE 3 Using Database Mirroring to Protect Data FIGURE 4 Using MSCS to Protect Data Remember that each node must have the capability to handle its own services—as well as failover services for non-working nodes— when you plan for server capacity. So if you’re running two instances of SQL Server on a two-node cluster, each node must have enough RAM and processing power to run the instance it’s responsible for, in addi- tion to having enough RAM and processing power for the other instance. This way, if there’s a problem with one node, the second will be able to run its own instance and the failover instance from the failed node. Also remember that MSCS uses the share-nothing cluster model; this means that each instance of SQL Server must have exclusive access to a portion of the shared disk. In fact, you need to have a shared disk for the cluster service itself, and a different shared disk for each single instance of SQL that you want to run on the cluster (see Figure 4). While MSCS is a powerful tool to protect data availability, it tends to be limited to single sites, mostly because it’s much more complicated to build geographically dispersed clusters. This is because the cluster serv- ice relies on a heartbeat to determine if failover is required. This heart- beat is easier to maintain on a local area network (LAN) than on a WAN. rupted data. For automated failover, you can redirect Domain Name System (DNS) entries to the failover server, making failover completely transparent and avoiding the need for special clients. Finally, if you’re looking at third-party tools, you’ll want a solution Step 3: Protect Your that lets you perform disaster recovery testing in real time, with- Databases with Replication out disrupting either users or replication between partner servers. One tool, CA XOsoft’s Assured Recovery, provides this capability. No Technology solution is complete without this testing capability. While SQL Server 2005 includes its own replication mechanisms, it Using the traditional mechanisms provided by Microsoft to protect does not compare with the capabilities of these third-party tools both database and server availability makes a lot of sense, mostly because they are designed with high availability in mind. You can use because they’re designed to work with and support SQL Server—but these replication and data assurance solutions on their own or you they do have limitations. This is why it’s also a good idea to examine can combine them with your existing protection mechanisms. They third-party solutions—such as those from CA XOsoft, Symantec, work on the principle of real-time replication, replication that can be EMC, Double-Take Software and others. Replication technology offers intra-site, occurring within the same LAN or inter-site, occurring the ability to have real-time data replication of your SQL servers. In between two sites over the WAN. They include bandwidth control so addition, it’s possible to add application monitoring, automatic you don’t have to worry about losing your existing WAN throughput. pushbutton failover and automatic failback for complete system pro- And, through their application monitoring capabilities, they can con- tection both in the same site and at remote sites. Because of this, trol automatic failover—transparent to users—in the event of a local replication tools can provide server-level or site-level protection. You or remote disaster. can also add tools that protect data to the last consistent state, mak- The source of the data doesn’t matter—your database can be clus- ing sure that when you recover from a failure, you will not recover cor- tered or not clustered. Using these tools, you can set up one of many
  6. 6. FIGURE 5 Relying on Replication Technologies to protect SQL Server prepare duplicate servers and duplicate services, but the beauty of virtual machines is that once you have one, it’s really easy to generate more. Once you have what you need, then you can move to apply the solution to your production machines. One other advantage of using virtual machines, is that it doesn’t matter if you make mistakes, just make sure you use copies of the machines to test. That way you can start over at any time. Another advantage is that you can make sure you get the procedures down pat before you have to take any steps in production. Replication technologies provide some of the very best protection scenarios available anywhere. You can protect at the serv- different high-availability scenarios (see Figure 5). er or the site level and do it all through the same process- Each manufacturer lets you test their tools online in their own environments. If es. Try them, you’ll like them. The most important deci- that doesn’t work for you, use the following procedure to set up your own test, using sion you’ll have to make is to determine which tool to your own databases and server builds. use. Use the following guidelines to do so: • The engine must be specifically designed to replicate Set up a testing lab. To keep it simple, rely on virtual machines. Both Microsoft SQL Server data, both 2000 and 2005. and VMware offer free copies of their virtualization technologies (see Resources). • The engine must provide application monitoring to That means you can even do it on a workstation if you have to, but of course, it identify if or when a failover is required. would be best to use a server-class machine. You’ll need to prepare a copy of the • The engine must include a data corruption protection original servers you want to protect, and then create duplicate servers for each. to make sure you replicate only valid data. You’ll also need key services such as AD and DNS to support the failover test. To • Finally, the engine must support online and sched- make it easier to capture your existing SQL servers, use the Microsoft Virtual Server uled testing capabilities Migration Tool (see Resources) to create virtual machine copies of the existing Do yourself a favor. Try these technologies today. You physical servers. Because Microsoft virtual machines run on both Virtual Server and won’t want to go back. No more downtime, no more VMware Server, this tool can be used with either one. irate user e-mails, no more management woes. E N D Next, select the vendor you want to test and then download the trial version of the software from the manufacturer’s Web site. You’ll need to run the tool’s installer to Continue to the next page for online resources. install the necessary components on your workstation. Depending on the selected technology, you might also have to install the replica- tion technology engine on the Master and Replica servers for each database server you About the Authors Danielle Ruest and Nelson Ruest, MCSE, want to protect. MCT, Microsoft MVP, are IT professionals specializing in systems administration, migration planning, software management Next, create a replication and failover scenario. Make sure you set it up to provide and architecture design. They are authors of multiple automatic failover. This might imply relying on a DNS redirection. books, notably two books published by McGraw-Hill Osborne, “Windows Server 2003: Best Practices for Enterprise Now, you’re ready to test the failover, either automatically or manually. When you Deployments”, ISBN 0-07-222343-X and “Windows Server fail over, the replica server becomes the holder of live data. Make sure the tool allows 2003 Pocket Administrator”, ISBN 0-07-222977-2 as well as you to run a ”backward” scenario to ensure that the data changes are replicated back to “Preparing for .NET Enterprise Technologies”, published by Addison Wesley, ISBN 0-201-73487-7. They have extensive the original production server. Repeat as often as you need to to make sure you’re satis- experience in high availability and systems recovery. fied with the results. You should also test data failures to make sure you recover from non-corrupted data. Then, when you’re completely satisfied that everything works as, move to acquire a license for the product and install it on your production systems. It’s a simple test. The longest part will be the first step because it takes time to www.Reso-Net.com
  7. 7. Resources Microsoft SQL Server: www.microsoft.com/sql/default.mspx Microsoft Visio 2003 Connector for Microsoft Baseline Security Analyzer: www.microsoft.com/technet/security/tools/mbsavisio.mspx Microsoft Operations Manager 2005: www.microsoft.com/mom/default.mspx MOM Management Pack for SQL Server: www.microsoft.com/technet/prodtechnol/mom/mom2005/catalog.aspx The SQL 2000 Best Practices Analyzer: www.microsoft.com/downloads/details.aspx?FamilyID=B352EB1F-D3CA-44EE-893E-9E07339C1F22&displaylang=en SQL Server 2005 Service Pack 1: www.microsoft.com/downloads/details.aspx?familyid=cb6c71ea-d649-47ff-9176-e7cac58fd4bc&displaylang=en Microsoft Virtual Server 2005: www.microsoft.com/windowsserversystem/virtualserver/default.mspx VMware Server: www.vmware.com/products/server/ Microsoft Virtual Server Migration Toolkit: www.microsoft.com/windowsserversystem/virtualserver/evaluation/vsmt.mspx CA XOsoft Solutions site: www.XOsoft.com/products/index.shtml CA XOsoft Download site: www.XOsoft.com/download/index.shtml EMC RepliStor Web site: http://software.emc.com/products/software_az/replistor.htm Symantec Veritas Replication Exec Web Site: www.symantec.com/Products/enterprise?c=prodinfo&refId=50 Double-Take Software Web Site: www.nsisoftware.com/default.aspx Build Your Own SQL Server Test Bed Relying on virtual machine (VM) technology • Service Accounts: Create these in Active Server 2003 installation CD. This will let you to create virtual environments is a great idea. Directory. One account is required for SQL; oth- depersonalize this machine so that you can You can use the following procedure to create ers may be required to test other technologies make as many copies as you need without hav- your own virtual test bed. You can rely on either such as clustering. Like all service accounts, ing to go through the rebuild process over and VMware Server or Microsoft Virtual Server R2 to they need the following characteristics: over again. provide virtualization services, but keep in mind • Complex password • Make a folder on the C: drive and call it that the procedures will differ slightly from one • Password never expires SysPrep (C:SysPrep). to the other. • User cannot change password • To run SysPrep, you need four files from the Note: Because several licenses of Windows • On the local machines they need: Deploy.CAB file: Factory.exe, SysPrep.exe, Server and Windows XP are required in this test • The “Log on as a service” access right SetupMgr.exe, SetupCl.exe. Copy them to the bed, it is best to obtain a subscription to either • The “Allow log on locally” right SysPrep folder. Microsoft TechNet (http://technet.microsoft • The “Act as part of the operating system • Launch SetupMgr.exe and run through the .com/en-us/subscriptions/default.aspx) or right wizard to create a SysPrep.inf file. Cancel the Microsoft MSDN (http://msdn.microsoft • To be a member of the local administrators Setup Manager once the file is ready. .com/subscriptions/) before proceeding. Each If your production environment uses different If your server is ready, make a copy of the gives you access to 10 licenses of the operating values for these accounts, you should make the files and folder that make up the VM. This will systems, as well as licenses of SQL Server. appropriate modifications. give you access to the original machine without In order to create your test bed, you’ll need To create the test bed, follow these steps: having to go through the SysPrep process. machines simulating the following roles: • Locate an appropriate host machine and • Use the new copied machine. Start up • Domain Controller (DC): The DC role will install the virtualization technology of your Windows Server and then go to the SysPrep support integrated authentication scenarios. choice. Make sure you have enough disk space folder to launch SysPrep.exe. • Primary SQL Server: A machine running and RAM on the physical host to run more than • Leave the default values enabled and click Windows Server 2003 Enterprise Edition, which one virtual machine. Each VM runs at about on the Reseal button. This will depersonalize the will let you support server clustering, if needed. 256MB of RAM, so a physical host with about server image and prepare it for reproduction. • Secondary SQL Server: A second 2GB should work. In addition, VMs tend to take • Make sure you always make copies of this machine running Windows Server 2003 up at least 4GB of disk space. If you decide to machine before launching it again. Enterprise Edition. use your own workstation as the host, use an Once the SysPrepped machine is created, • Workstation: Machine running Windows XP. external disk to increase performance. make a copy of the folder that contains its files. This workstation can act as a management • Next, prepare one new machine using Rename the new folder as well as the files that machine, as well as a testing machine to test Windows Server 2003 Enterprise Edition. Add all make it up. Name them Domain Controller and access to the SQL service. of the appropriate service packs and hotfixes. add this machine to the virtualization interface. • User Accounts: These will allow you to test Next, you can use the SysPrep utility found in You’ll need to make sure the configuration is access to the SQL service. the Deploy.CAB file located on the Windows properly set so you can launch this new machine.
  8. 8. • Launch Windows Server. Modify the TCP/IP values to give it a static address. Give it its own IP address as the DNS server. Domain Controllers need to point to themselves as DNS servers. • Next, use Manage Your Server to add the Domain Controller role. Use the following values: Domain Controller in a New Forest. Domain Name: Testbed.Local NetBIOS Name: TESTBED When the DNS error displays, select the option to install and configure DNS on this serv- er. You’ll need access to the Windows Server installation files. Accept all defaults from then on. Once the Domain Controller has been creat- ed, use Active Directory Users and Computers to create the service account. Call it SQLService or use your own production name. This is a differ- ent directory, so using the same account name has no impact on your network. • Next, prepare two new machines running by copying the SysPrepped machine. They should have the following characteristics: Machine name: SQLOne and SQLTwo Machine location: C:VMsMachineName Machine files: machinename.xxx and machinename.xxx RAM: 256MB Network Cards: 2 Disks: 3 (System, Data and Transaction Logs) • Install SQL Server according to your own best practices on each machine. • Use a backup of one of your production databases to populate the two servers with data. • Create the client machine using the same approach as the initial build of the SysPrep server. Make a copy and install the SQL Client utilities on the new workstation. This will let you test access to the data. • Before you perform any test, copy the entire test bed. This will allow you to keep a pristine copy and also allow you to destroy any failed tests without any worries. • Now you’re ready to proceed. Download whichever solution you want to try and run it through its paces. Good luck!