The presentation introduces SQLCLR, which allows developers to write .NET code in SQL Server 2005. It discusses developing and managing SQLCLR applications, monitoring performance, and best practices. SQLCLR enables rich functionality within the database by running .NET code, but requires careful management to avoid potential security and performance issues. The speaker demonstrates examples using SQLCLR for string manipulation and custom aggregates.

1. Dr. Jekyll and Mr. Hyde SQLCLR For DBAs and Developers

2. Agenda SQLCLR – what is it? Developing .NET code in SQL Server 2005 Managing SQLCLR Monitoring SQLCLR Horrors! Best Practices SQL Server 2008!

3. About Speaker Hal Hayes MCP Founder, Capital Area .NET User Group (Metro DC) Architect, Microsoft Technologies Presenter, Instructor U Va and ODU US Navy (ret) ACRITECH Corporation Software Development Specialists Fredericksburg, Va Web and Database Development Since 2000

4. Software Development and Support www.acritech.com www.creativemembersites.com

5. About the Analogy Strange Case of Dr Jekyll and Mr Hyde , a novella by Robert Louis Stevenson “ The work is known for its vivid portrayal of the psychopathology of a split personality; in mainstream culture the very phrase "Jekyll and Hyde" has come to signify wild or bipolar behavior”, Wikipedia. Jekyll, represents our IT infrastructure good citizen and friend, Microsoft SQL Server. Hyde is represented by the latest feature in SQL Server, SQLCLR , or the ability to write .NET code (as opposed to T-SQL) in the database. SQLCLR is a tool, it needs to be used wisely ! DBAs cannot get rid of Mr. Hyde now that he is “out of the bottle”, so to speak, but they must learn to manage SQLCLR , understand it, and work to mitigate issues that can arise… Otherwise …

6. Your Server…

7. What is SQLCLR? .NET runtime embedded in SQL Server 2005 SQL Server embedded Common Language Runtime (SQLCLR) Provides capability to develop rich functionality hosted within database server Hosting layer provides coordination for assembly loading, threads, memory management, security model, execution context, etc. Safely extend SQL Server functionality, unlike extended stored procedures (XPs) SQL Engine Windows SQL OS CLR Hosting Layer

8. SQLCLR Project Types Stored Procedures Triggers User Defined Types User Defined Functions User Defined Aggregates

9. Why SQLCLR? Replacement of Extended Stored Procedures Additional option over T-SQL for computationally intensive task or where .NET has certain advantages (string operations) Additional option for procedural type processes that can be performance drains in T-SQL ( cursors ) Additional option over using external code processing since operating and transitioning between boundaries can be expensive for large volumes of data Ability to create first class objects such as custom aggregates and data types

10. Some Useful SQLCLR Tasks String manipulation Complex numerical operations Use of Regular Expressions for validation Complex procedural operations for business logic validation Multicolumn Aggregation

11. Performance Implication SQL Server runs the managed (.NET) code inside the SQL Server process, thus CLR requests memory from SQL Server (not Windows) SQL Server controls the CLR memory garbage collection In-process database access requests are passed internally (avoiding costly network interaction) CLR Application Domains (AppDomain) are created and managed by SQL Server

12. Security When installing the .NET assembly, it must be cataloged by security classification SAFE provides limited access to .NET functions (like math and string) and database access to host database only EXTERNAL_ACCESS enables ability to communicate outside of the SQL Server instance (like file access or a web service call) UNSAFE allows the ability to run “unchained” including running unmanaged code

13. Security (cont’d) Security (set properly) prevents explicit, dangerous operations Security settings do not prevent implicit operations Poorly coded SQLCLR operation can corrupt data Poorly coded SQLCLR can impact performance ALTER DATABASE acritech SET trustworthy ON

14. Turning on SQLCLR By default CLR Integration is turned off Turn on via the Surface Area Configuration Manager, or Transact SQL (T-SQL) EXEC sp_configure ‘clr enabled’, 1 RECONFIGURE GO

15. Developing SQLCLR Visual Studio 2005 Visual Basic and C# have a Database Project Streamlines development Build and Deploy Debugging

16. Demo #1 Using Visual Studio 2005 Create a Stored Procedure Includes a connection to retrieve data from within SQL Server

17. Monitoring Performance Monitor New SQL CLR\CLR Execution (in microseconds) Set scale at 0.000001 .NET CLR Exceptions .NET CLR Loading (AppDomains and assemblies) .NET CLR Memory .NET Data provider for SQL Server (tracks number of connects/disconnects per second) SQL Profiler Assembly Load event class traces when a request to load an assembly is executed

18. Demo #2 Manually deploying an assembly Deploying individual objects (stored procedures, user defined functions, etc.) Review of installed components View in Visual Studio 2005 Execute User Defined Aggregate and User Defined Function

19. Horror! Not an exhaustive list (just enough to scare you) Ownership Chaining Issues Calling an object from within SQLCLR that the user does not have permissions for Long running operations Poor security and bad design Severe SQL can cause unloading of the AppDomain , impacting other users in the same AppDomain (their SQLCLR calls will fail )

20. DEMO Copyright 2007 ACRITECH Corp

21. Configuration Management and Quality Assurance Issues Developer supplied assembly vs Source Code Is the assembly that developer gave you to load really based on the source code they are showing you? Improperly caged operations with performance implications Did the developer test a sufficient range of inputs? Did the developer test with a sufficient volume of data? Understanding Ownership Chaining What happens when the caller does not have access to the underlying object? Copyright 2007 ACRITECH Corp

22. Best Practices! Developer and DBA (and/or Data Architect) Team Transparency is key! DBAs should be part of the Code Reviews Provide Source along with Assembly to DBA Provide build for DBA (if practical) Provide test cases Code with Operational System in mind Tight, efficient, clear, well-documented code Avoid using a generic catch block to catch all exceptions (You should only catch the exceptions that you know how to handle) Keep the complexity out of the database Test with large volume of data Test data should be a close representation of operational data Test data should represent as many variations of operational data as possible Benchmark Performance Stress test Prepare for the worst! What is your “back-out” strategy? Have you tested your strategy? Copyright 2007 ACRITECH Corp

23. Good Reading MSSQLTIPS! (www.mssqltips.com) Database Administrator’s Guide to SQL Server Database Engine .NET CLR Environment, Microsoft TechNet, by Kimberly L. Tripp Programming Microsoft SQL Server 2005 , Microsoft Press, Andrew Brust, Stephen Forte SQLCLR Security and Designing for Reuse , Code Magazine, May/June 2007, Adam Machanic Security in the CLR World Inside SQL Server , Code Magazine, Mar/Apr 2006, Don Kiely Pro SQL Server 2005 , APress, 2006, Thomas Rizzo, et al. A Developer’s Guide to SQL Server 2005 , Addison-Wesley, 2006, Bob Beauchemin and Dan Sullivan Designing Database Solutions by Using Microsoft SQL Server 2005 , Microsoft Press, 2008, Andy Leonard , et al. Monitoring and Troubleshooting Managed Database Objects , SQL Server 2005 Books Online (September 2007) Copyright 2007 ACRITECH Corp