Escolar Documentos
Profissional Documentos
Cultura Documentos
1. HISTORY OF SQLSERVER
2. SOFTWARE&HARDWARE REQUIREMENTS
3. INSTALLATION, CONFIGURATIONS&CHECKS
4. TOOLS
5. DATABASES& DESIGNING, ALTERING NEW DATABASE
6. ARCHITECTURE OF SQLSERVER
7. SERVER STARTUP PROCESS
8. SECURITIES
9. RECOVERY MODELS&COMPATIBILITY
10. SQLSERVER AGENT
11. BACKUPS&RESTORE
12. DTS INTRODUCTION
13. IMPORT&EXPORT
14. REPLICATION
15. LOGSHIPPING
16. DATABASE MIRRORING
17. CLUSTERING
18. DATABASE MAIL CONFIGURATION
19. PERFORMANCE TUNING
20. UPGRADATION
HISTORY OF SQLSERVER
1. Sqlserver is RDBMS
2. It is a product of MICROSOFT CORPORATION
3. User friendly
4. Sqlserver is Case insensitive
5. Sqlserver is Platform dependant only compatible for WINDOWS
Installation requirements can vary widely, depending on your application needs. The different
editions of SQL Server 2005 accommodate the unique performance, runtime, and price
requirements of organizations and individuals. Which of the various SQL Server 2005
components you install will also depend on your organization or individual needs.
You can use all editions of SQL Server 2005 in production environments except for SQL Server
2005 Developer Edition and SQL Server 2005 Evaluation Edition. The following paragraphs
describe the editions of SQL Server 2005.
SQL Server Express is free and can be redistributed (subject to agreement), and
functions as the client database, as well as a basic server database. SQL Server Express
is an ideal choice for independent software vendors (ISVs), server users, non-
professional developers, Web application developers, Web site hosts, and hobbyists
building client applications. If you need more advanced database features, SQL Server
Express can be seamlessly upgraded to more sophisticated versions of SQL Server.
SQL Server Express also offers additional components that are available as part of
Microsoft SQL Server 2005 Express Edition with Advanced Services (SQL Server
Express). In addition to the features of SQL Server Express, SQL Server Express with
Advanced Services contains the following features:
The client components option installs the following SQL Server features: Command prompt tools,
Reporting Services tools, connectivity components, programming models, management tools,
development tools, Books Online, sample databases, and sample applications.
Topic Description
When an application communicates with the SQL Server Database Engine, the application
programming interfaces (APIs) exposed by the protocol layer formats the communication using a
Microsoft-defined format called a tabular data stream (TDS) packet. There are Net-Libraries on
both the server and client computers that encapsulate the TDS packet inside a standard
communication protocol, such as TCP/IP or Named Pipes. The following protocols are available:
• Shared Memory The simplest protocol to use, with no configurable settings. Clients using the
Shared Memory protocol can connect only to a SQL Server instance running on the same
computer, so this protocol is not useful for most database activity.
• Named Pipes a protocol developed for local area networks (LANs). A portion of memory is
used by one process to pass information to another process, so that the output of one is the
input of the other.
• TCP/IP The most widely used protocol over the Internet. TCP/IP can communicate across
interconnected networks of computers with diverse hardware architectures and operating
systems. It includes standards for routing network traffic and offers advanced security features.
• Virtual Interface Adapter (VIA) A protocol that works with VIA hardware. This is a specialized
protocol.
SQL Server 2005 also introduces a new concept for defining SQL Server connections: the
connection is represented on the server end by a TDS endpoint. During setup, SQL Server
creates an endpoint for each of the four Net-Library protocols supported by SQL Server, and if
the protocol is enabled, all users have access to it. For disabled protocols, the endpoint still exists
but cannot be used. An additional endpoint is created for the dedicated administrator connection
(DAC), which can be used only by members of the sysadmin fixed server role.
SOFTWARE REQUIREMENTS
Express
Edition and
Express with
Enterprise Developer Standard Workgroup Advanced Evaluation
Edition1 Edition Edition Edition Services Edition
Windows 2000 No No No No No No
Windows 2000 No Yes Yes Yes Yes Yes
Professional
Edition SP42, 4
1
SQL Server 2005 Evaluation Edition supports the same feature set as SQL Server 2005
Enterprise Edition, but SQL Server 2005 Enterprise Edition is not supported on all of the
operating systems that support Evaluation Edition.
2
You can download Windows 2000 SP4 from this Microsoft Web site. Service packs for Windows
2000 Datacenter Edition must be obtained through the original equipment manufacturer (OEM).
3
These editions of SQL Server 2005 can be installed to the Windows on Windows (WOW64) 32-
bit subsystem of a 64-bit server.
4
You can install Microsoft SQL Server Books Online, client tools and some legacy tools for SQL
Server 2005 Enterprise Edition on Windows 2000 Professional SP4, and Windows XP SP2.
Client tools include SQL Server Management Studio, and Business Intelligence Development
Studio, SQL Server 2005 software development kit. Legacy tools include the Data Transformation
Services Runtime and SQL-DMO.
Reporting Services, which is installed as part of SQL Server Express with Advanced Services,
will not install on operating systems that do not include Internet Information Services (IIS).
• Native Web Service (SOAP/HTTP) support is only available for instances of SQL Server
2005 running on Windows 2003.
• Individual topics in Microsoft SQL Server 2005 Integration Services (SSIS) programming,
Analysis Management Objects (AMO), and ADOMD.NET documentation may indicate support
for earlier versions of Windows, such as Windows 98, Windows ME, or Windows NT 4.0.
Note: This release supports Tabular Data Stream (TDS) 4.2 client connectivity through legacy
MDAC/DB-Library, not by using new SQL Server 2005 features.
Express
Edition and Evalua
Enterprise Enterprise Developer Developer Standard Standard Express with Evaluation tion
Edition1(IA6 Edition1(X6 Edition Edition Edition Edition Advanced Edition Edition
4) 4) (IA64)2 (X64)3 (IA64) (X64) Services (IA64) (X64)
1
SQL Server 2005 Evaluation Edition supports the same feature set as SQL Server 2005
Enterprise Edition, but Enterprise Edition is not supported on all of the operating systems that
support Evaluation Edition.
2
IA64 = Intel Itanium architecture.
3
X64 = AMD architecture / Intel Extended Systems architecture.
4
Tools native/WOW64. For more information on WOW64, see Extended System Support.
HARDWARE REQUIREMENTS
SQL Server 2005 IA64 minimum: Itanium processor IA64 minimum: 1 IA64 minimum: 512
Enterprise Edition 4 or higher GHz MB
SQL Server 2005 X64 minimum: AMD Opteron, IA64 recommended: IA64 recommended:
Developer Edition AMD Athlon 64, Intel Xenon with 1 GHz or more 1 GB or more
SQL Server 2005 Intel EM64T support, Intel X64 minimum: 1 IA64 maximum: 32
Standard Edition Pentium IV with EM64T support GHz TB
X64 recommended: OS maximum
1
System Configuration Checker (SCC) will block Setup if the processor type requirement is not
met.
2
SCC will warn the user but will not block Setup if the minimum or recommended processor
speed check is not met.
3
SCC will warn the user but will not block Setup if the minimum or recommended RAM check is
not met. Memory requirements are for this release only, and do not reflect additional memory
requirements of the operating system. SCC verifies the memory available when Setup starts.
4
SQL Server 2005 Evaluation Edition supports the same feature set as SQL Server 2005
Enterprise Edition.
SQL Server 2005 (32-bit) Processor type1 Processor speed2 Memory (RAM)3
SQL Server 2005 Enterprise Pentium III- Minimum: 600 MHz Minimum: 512 MB
Edition 4 compatible processor Recommended: 1 Recommended: 1 GB or
SQL Server 2005 Developer or higher GHz or higher more
Edition Maximum: Operating
SQL Server 2005 Standard system maximum
Edition
SQL Server 2005 Workgroup Pentium III- Minimum: 600 MHz Minimum: 512 MB
Edition compatible processor Recommended: 1 Recommended: 1 GB or
or higher GHz or higher more
Maximum: Operating
system maximum
SQL Server 2005 Express Pentium III- Minimum: 500 MHz Minimum: 192 MB
Edition compatible processor Recommended: 1 Recommended: 512 MB
or higher GHz or higher or more
Maximum: Operating
system maximum
SQL Server 2005 Express Pentium III- Minimum: 600 MHz Minimum: 512 MB
Edition with Advanced compatible processor Recommended: 1 Recommended: 1 GB or
Services or higher GHz or higher more
Maximum: Operating
system maximum
1
System Configuration Checker (SCC) will block Setup if the requirement for processor type is not
met.
Actual hard disk space requirements depend on your system configuration and the applications
and features you choose to install. The following table provides disk space requirements for SQL
Server 2005 components.
Database Engine and data files, Replication, and Full-Text Search 150 MB
Analysis Services and data files 35 MB
Reporting Services and Report Manager 40 MB
Notification Services engine components, client components, and rules 5 MB
components
Integration Services 9 MB
Client Components 12 MB
Management Tools 70 MB
Development Tools 20 MB
SQL Server Books Online and SQL Server Mobile Books Online 15 MB
Samples and sample databases 390 MB
The Microsoft SQL Server 2005 Installation Wizard is Windows Installer-based, and provides a
single feature tree for installation of all SQL Server 2005 components:
• Database Engine
• Analysis Services
• Reporting Services
• Integration Services
• Replication
• Management Tools
• Connectivity Components
Process Screenshots:
1. You need to create a service account, so create a user account named SqlServer, and make
it a member of the Administrators local group. You can perform this task using one of these tools:
_
On a Windows member server or on Windows XP, use Computer Management.
_
On a Windows domain controller, use Active Directory Users and Computers.
2. Insert the SQL Server CD, and wait for the auto menu to open.
3. Under Install, choose Server Components _Tools _Books online _Samples.
4. You will then be asked to read and agree with the end user license agreement (EULA);
check the box to agree, and click next.
5. If your machine does not have all the prerequisite software installed, the setup will install
them for you at this time. Click Install if you are asked to do so. When complete, click Next.
6. Next you will see a screen telling you that the setup is inspecting your system’s configuration
again, and then the welcome screen appears. Click Next to continue.
7. Another, more in-depth system configuration screen appears letting you know whether
any configuration settings will prevent SQL Server from being installed. You need to
repair errors (marked with a red icon) before you can continue. You can optionally repair
warnings (marked with a yellow icon), which will not prevent SQL Server from installing.
8. After a few configuration setting screens, you will be asked for your product key. Enter
it, and click Next.
9. On the next screen, you need to select the components you want to install. Check the
boxes next to the SQL Server Database Services option and the Workstation Components,
Books Online and Development Tools option.
12. On the Instance Name screen, choose Default Instance, and click Next.
13. On the next screen, enter the account information for the service account you
created in step 1. You will be using the same account for each service. When
finished, click Next.
14. On the Authentication Mode screen, select Mixed Mode, enter a password for the
sa account, and click Next.
15. Select the Latin1_General collation designator on the next screen, and click Next.
16. On the following screen, you can select to send error and feature usage information
directly to Microsoft. You will not be enabling this function here. So, leave the defaults,
and click Next.
17. On the Ready to Install screen, review your settings, and then click Install.
18. The setup progress appears during the install process. When the setup is finished (which
may take several minutes), click Next.
19. The final screen gives you an installation report, letting you know whether any errors
occurred and reminding you of any post-installation steps to take. Click Finish to complete
your install.
20. Reboot your system if requested to do so.
1. Services Check:
You have completed this task when you have a running instance of SQL Server 2005 installed
on your system. To verify this, select Start _All Programs _Microsoft SQL Server 2005 _
Configuration Tools _SQL Server Configuration Manager. Select SQL Server 2005 Services,
and check the icons. If the icon next to SQL Server (MSSQLServer) service is green, then your
installation is a success
Check SQL Server Configuration Manager to see whether your services are running after
installation.
2. Tools check: In this check all tools of SQLSERVER 2005 are working properly or not
3. System Databases Check: Check status of all system Databases
NOTE:
INSTANCE: It is a fresh copy of SQLSERVER installation; there are two types of INSTANCES
SQLSERVER SERVICES:
SQL Server Agent is a Microsoft Windows service that executes scheduled administrative
tasks, which are called jobs. SQL Server Agent uses SQL Server to store job information.
Jobs contain one or more job steps. Each step contains its own task, for example, backing up
a database. SQL Server Agent can run a job on a schedule, in response to a specific event, or on
demand. For example, if you want to back up all the company servers every weekday after hours,
you can automate this task. Schedule the backup to run after 22:00 Monday through Friday; if the
backup encounters a problem, SQL Server Agent can record the event and notify you.
NOTE:
By default, the SQL Server Agent service is disabled when SQL Server 2005 is installed unless
the user explicitly chooses to auto start the service.
To automate administration, follow these steps:
1.Establish which administrative tasks or server events occur regularly and whether these tasks
or events can be administered programmatically. A task is a good candidate for automation if
it involves a predictable sequence of steps and occurs at a specific time or in response to a
specific event.
2. Define a set of jobs, schedules, alerts, and operators by using SQL Server Management
Studio, Transact-SQL scripts, or SQL Management Objects (SMO).
3.Run the SQL Server Agent jobs you have defined.
NOTE:
For the default instance of SQL Server, the SQL Server service is named SQLSERVERAGENT.
For named instances, the SQL Server Agent service is named SQLAgent$instancename.
The SQL Server Browser program runs as a Windows service. SQL Server Browser listens for
incoming requests for Microsoft SQL Server resources and provides information about SQL
Server instances installed on the computer. SQL Server Browser contributes to the following
actions:
• Browsing a list of available servers
• Connecting to the correct server instance
• Connecting to dedicated administrator connection (DAC) endpoints
For each instance of the Database Engine and SSAS, the SQL Server Browser service
(sqlbrowser) provides the instance name and the version number. SQL Server Browser is
installed with Microsoft SQL Server 2005, and provides this service for previous versions of SQL
Server that are running on that computer, starting with Microsoft SQL Server 7.0.
SQL Server Browser can be configured during setup or by using the Surface Area Configuration
tool. It can be managed using SQL Server Configuration Manager. By default, the SQL Server
Browser service starts automatically:
Microsoft SQL Server Notification Services is a platform for developing and deploying
applications that generate and send notifications to subscribers. The notifications generated are
personalized, timely messages that can be sent to a wide range of devices, and that reflect the
preferences of the subscriber.
Subscribers create subscriptions to notification applications. A subscription is an expressed
interest in a specific type of event. For example, subscriptions might express the following
preferences: "Notify me when my stock price reaches $70.00," or "Notify me when the strategy
document my team is writing is updated."
A notification can be generated and sent to the subscriber as soon as a triggering event occurs. A
notification can also be generated and sent on a predetermined schedule specified by the
subscriber.
Notifications can be sent to a wide range of devices. For example, a notification can be sent to a
subscriber's cellular phone, personal digital assistant (PDA), Microsoft Windows Messenger, or e-
mail account. Because these devices often accompany the subscriber, notifications are ideal for
sending important information.
Notification applications are valuable for many reasons, including the following:
• Notification applications enable you to send critical information to customers, partners,
and employees. The notifications can contain links to a Web site to retrieve more
information or to acknowledge receipt of the information.
• Notification applications enhance and strengthen your relationships with customers by
providing more customized and timely services to them.
• Notification applications help increase your revenue by making it easier for customers
to initiate business transactions with you.
• Notification applications help make your employees more productive by providing them
with the information they need, whenever and wherever they need it.
• Notification applications allow you to communicate with mobile subscribers over a wide
variety of devices.
Microsoft SQL Server 2005 Integration Services (SSIS) is a platform for building high
performance data integration solutions, including extraction, transformation, and load (ETL)
packages for data warehousing.
Integration Services includes graphical tools and wizards for building and debugging packages;
tasks for performing workflow functions such as FTP operations, for executing SQL statements,
or for sending e-mail messages; data sources and destinations for extracting and loading data;
transformations for cleaning, aggregating, merging, and copying data; a management service, the
Integration Services service, for administering Integration Services; and application programming
interfaces (APIs) for programming the Integration Services object model.
Integration Services replaces Data Transformation Services (DTS), which was first introduced as
a component of SQL Server 7.0.
SQL Server Full Text Search service is a specialized indexing and querying service for
unstructured text stored in SQL Server databases. The full text search index can be created on
any column with character based text data. It allows for words to be searched for in the text
columns. While it can be performed with the SQL LIKE operator, using SQL Server Full Text
Search service can be more efficient. Full Text Search (FTS) allows for inexact matching of the
source string, indicated by a Rank value which can range from 0 to 1000 - a higher rank means a
more accurate match. It also allows linguistic matching ("inflectional search"), i.e., linguistic
variants of a word (such as a verb in a different tense) will also be a match for a given word (but
with a lower rank than an exact match). Proximity searches are also supported, i.e., if the words
searched for do not occur in the sequence they are specified in the query but are near each
other, they are also considered a match. T-SQL exposes special operators that can be used to
access the FTS capabilities.
The Full Text Search engine is divided into two processes - the Filter Daemon process
(msftefd.exe) and the Search process (msftesql.exe). These processes interact with the SQL
Server. The Search process includes the indexer (that creates the full text indexes) and the full
text query processor. The indexer scans through text columns in the database. It can also index
through binary columns, and use iFilters to extract meaningful text from the binary blob (for
example, when a Microsoft Word document is stored as an unstructured binary file in a
database). The iFilters are hosted by the Filter Daemon process. Once the text is extracted, the
When a full text query is received by the SQL Server query processor, it is handed over to the
FTS query processor in the Search process. The FTS query processor breaks up the query into
the constituent words, filters out the noise words, and uses an inbuilt thesaurus to find out the
linguistic variants for each word. The words are then queried against the inverted index and a
rank of their accurateness is computed. The results are returned to the client via the SQL Server
process.
SQL Server Analysis Services adds OLAP and data mining capabilities for SQL Server
databases. The OLAP engine supports MOLAP, ROLAP and HOLAP storage modes for data.
Analysis Services supports the XML for Analysis standard as the underlying communication
protocol. The cube data can be accessed using MDX queries.[17] Data mining specific functionality
is exposed via the DMX query language. Analysis Services includes various algorithms - Decision
trees, clustering algorithm, Naive Bayes algorithm, time series analysis, sequence clustering
algorithm, linear and logistic regression analysis, and neural networks - for use in data mining.
4. It generates the time and last server process id with which the instance was started.
10. Checks server name starts model database and cleans tempdb.
11. Server Listens on port 1433 and server local connection provider is ready to accept
connection on [\\.\pipe\SQLLocal\MSSQLSERVER], and Server local connection provider is ready
to accept connection on [\\.\pipe\sql\query].
12. Server listens on port 1434 and dedicated admin connection support was established for
listening locally on port 1434.
14. Service Broker manager has started. SQL Server is now ready for client connections.
15. Starting up database 'msdb Starts User Databases.
16. CHECKDB for database ‘msdb’ and User databases finished without errors.
ARCHITECTURE
1. QUERY PROCESSING:
The protocol layer receives the request and translates it into a form that the relational engine can
work with, and it also takes the final results of any queries, status messages, or error messages
and translates them into a form the client can understand before sending them back to the client.
The relational engine layer accepts SQL batches and determines what to do with them. For
Transact-SQL queries and programming constructs, it parses, compiles, and optimizes the
request and oversees the process of executing the batch. As the batch is executed, if data is
needed, a request for that data is passed to the storage engine. The storage engine manages all
data access, both through transaction-based commands and bulk operations such as backup,
bulk insert, and certain DBCC (Database Consistency Checker) commands. The SQLOS layer
handles activities that are normally considered to be operating system responsibilities, such as
thread management (scheduling), synchronization primitives, deadlock detection, and memory
management, including the buffer pool.
Protocols
When an application communicates with the SQL Server Database Engine, the application
programming interfaces (APIs) exposed by the protocol layer formats the communication using a
Microsoft-defined format called a tabular data stream (TDS) packet. There are Net-Libraries on
• Shared Memory The simplest protocol to use, with no configurable settings. Clients using the
Shared Memory protocol can connect only to a SQL Server instance running on the same
computer, so this protocol is not useful for most database activity.
• Named Pipes A protocol developed for local area networks (LANs). A portion of memory is
used by one process to pass information to another process, so that the output of one is the
input of the other.
• TCP/IP The most widely used protocol over the Internet. TCP/IP can communicate across
interconnected networks of computers with diverse hardware architectures and operating
systems. It includes standards for routing network traffic and offers advanced security features.
• Virtual Interface Adapter (VIA) A protocol that works with VIA hardware. This is a specialized
protocol.
SQL Server 2005 also introduces a new concept for defining SQL Server connections: the
connection is represented on the server end by a TDS endpoint. During setup, SQL Server
creates an endpoint for each of the four Net-Library protocols supported by SQL Server, and if
the protocol is enabled, all users have access to it. For disabled protocols, the endpoint still exists
but cannot be used. An additional endpoint is created for the dedicated administrator connection
(DAC), which can be used only by members of the sysadmin fixed server role.
The relational engine is also called the query processor. It includes the components of SQL
Server that determine exactly what your query needs to do and the best way to do it. By far the
most complex component of the query processor, and maybe even of the entire SQL Server
product, is the query optimizer, which determines the best execution plan for the queries in the
batch.
The SQL Server storage engine has traditionally been considered to include all the components
involved with the actual processing of data in your database. SQL Server 2005 separates out
some of these components into a module called the SQLOS. In fact, the SQL Server storage
engine team at Microsoft actually encompasses three areas: access methods, transaction
management, and the SQLOS.
Extents are a collection of eight physically contiguous pages and are used to efficiently manage
the pages. All pages are stored in extents.
Pages
In SQL Server, the page size is 8 KB. This means SQL Server databases have 128 pages per
megabyte. Each page begins with a 96-byte header that is used to store system information
about the page. This information includes the page number, page type, the amount of free space
on the page, and the allocation unit ID of the object that owns the page.
The following table shows the page types used in the data files of a SQL Server database.
Page Type Contents
Data Data rows with all data, except text, ntext, image, nvarchar(max),
varchar(max), varbinary(max), and xml data, when text in row is
set to ON.
Index Index entries.
Text/Image Large object data types:
• text, ntext, image, nvarchar(max), varchar(max),
varbinary(max), and xml data
Variable length columns when the data row exceeds 8 KB:
• varchar, nvarchar, varbinary, and sql_variant
Global Allocation Map, Information about whether extents are allocated.
Shared Global Allocation Map
Page Free Space Information about page allocation and free space available on
pages.
Index Allocation Map Information about extents used by a table or index per allocation
unit.
Bulk Changed Map Information about extents modified by bulk operations since the
last BACKUP LOG statement per allocation unit.
Differential Changed Map Information about extents that have changed since the last
BACKUP DATABASE statement per allocation unit.
Note: Log files do not contain pages; they contain a series of log records.
Data rows are put on the page serially, starting immediately after the header. A row offset table
starts at the end of the page, and each row offset table contains one entry for each row on the
page. Each entry records how far the first byte of the row is from the start of the page. The entries
in the row offset table are in reverse sequence from the sequence of the rows on the page.
Extents
Extents are the basic unit in which space is managed. An extent is eight physically contiguous
pages, or 64 KB. This means SQL Server databases have 16 extents per megabyte.
To make its space allocation efficient, SQL Server does not allocate whole extents to tables with
small amounts of data. SQL Server has two types of extents:
• Uniform extents are owned by a single object; all eight pages in the extent can only be
used by the owning object.
• Mixed extents are shared by up to eight objects. Each of the eight pages in the extent
can be owned by a different object.
A new table or index is generally allocated pages from mixed extents. When the table or index
grows to the point that it has eight pages, it then switches to use uniform extents for subsequent
allocations. If you create an index on an existing table that has enough rows to generate eight
pages in the index, all allocations to the index are in uniform extents.
Database Files
SQL Server 2005 databases have three types of files:
• Primary data files
The primary data file is the starting point of the database and points to the other files in
the database. Every database has one primary data file. The recommended file name
extension for primary data files is .mdf.
• Secondary data files
Secondary data files make up all the data files, other than the primary data file. Some
databases may not have any secondary data files, while others have several secondary
data files. The recommended file name extension for secondary data files is .ndf.
• Log files
Log files hold all the log information that is used to recover the database. There must be
at least one log file for each database, although there can be more than one. The
recommended file name extension for log files is .ldf.
SQL Server 2005 does not enforce the .mdf, .ndf, and .ldf file name extensions, but these
extensions help you identify the different kinds of files and their use.
In SQL Server 2005, the locations of all the files in a database are recorded in the primary file of
the database and in the master database. The Database Engine uses the file location information
from the master database most of the time. However, the database engine uses the file location
information from the primary file to initialize the file location entries in the master database in the
following situations:
• When attaching a database using the CREATE DATABASE statement with either the
FOR ATTACH or FOR ATTACH_REBUILD_LOG options.
• When upgrading from SQL Server version 2000 or version 7.0 to SQL Server 2005.
• When restoring the master database.
logical_file_name
The logical_file_name is the name used to refer to the physical file in all Transact-SQL
statements. The logical file name must comply with the rules for SQL Server identifiers and must
be unique among logical file names in the database.
os_file_name
The os_file_name is the name of the physical file including the directory path. It must follow the
rules for the operating system file names.
The following illustration shows examples of the logical file names and the physical file names of
a database created on a default instance of SQL Server 2005:
SQL Server data and log files can be put on either FAT or NTFS file systems. NTFS is
recommended for the security aspects of NTFS. Read/write data file groups and log files cannot
be placed on an NTFS compressed file system. Only read-only databases and read-only
secondary file groups can be put on an NTFS compressed file system.
When multiple instances of SQL Server are run on a single computer, each instance receives a
different default directory to hold the files for the databases created in the instance.
The first page in each file is a file header page that contains information about the attributes of
the file. Several of the other pages at the start of the file also contain system information, such as
allocation maps. One of the system pages stored in both the primary data file and the first log file
is a database boot page that contains information about the attributes of the database.
File Size
SQL Server 2005 files can grow automatically from their originally specified size. When you
define a file, you can specify a specific growth increment. Every time the file is filled, it increases
its size by the growth increment. If there are multiple files in a file group, they will not auto grow
until all the files are full. Growth then occurs in a round-robin fashion.
Each file can also have a maximum size specified. If a maximum size is not specified, the file can
continue to grow until it has used all available space on the disk. This feature is especially useful
when SQL Server is used as a database embedded in an application where the user does not
have convenient access to a system administrator. The user can let the files auto grow as
required to reduce the administrative burden of monitoring free space in the database and
manually allocating additional space.
Primary
The primary file group contains the primary data file and any other files not specifically assigned
to another file group. All pages for the system tables are allocated in the primary file group.
User-defined
User-defined file groups are any file groups that are specified by using the FILEGROUP keyword
in a CREATE DATABASE or ALTER DATABASE statement.
Log files are never part of a file group. Log space is managed separately from data space.
No file can be a member of more than one file group. Tables, indexes, and large object data can
be associated with a specified file group. In this case, all their pages will be allocated in that file
group, or the tables and indexes can be partitioned. The data of partitioned tables and indexes is
divided into units each of which can be placed in a separate file group in a database. For more
information about partitioned tables and indexes, see Partitioned Tables and Indexes.
One file group in each database is designated the default file group. When a table or index is
created without specifying a file group, it is assumed all pages will be allocated from the default
file group. Only one file group at a time can be the default file group. Members of the db_owner
USE master;
GO
-- Create the database with the default data
-- filegroup and a log file. Specify the
-- growth increment and the max size for the
-- primary data file.
CREATE DATABASE MyDB
ON PRIMARY
( NAME='MyDB_Primary',
FILENAME=
'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\data\MyDB_Prm.mdf',
SIZE=4MB,
MAXSIZE=10MB,
FILEGROWTH=1MB),
FILEGROUP MyDB_FG1
( NAME = 'MyDB_FG1_Dat1',
FILENAME =
'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\data\MyDB_FG1_1.ndf',
SIZE = 1MB,
MAXSIZE=10MB,
FILEGROWTH=1MB),
( NAME = 'MyDB_FG1_Dat2',
FILENAME =
'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\data\MyDB_FG1_2.ndf',
SIZE = 1MB,
MAXSIZE=10MB,
FILEGROWTH=1MB)
LOG ON
( NAME='MyDB_log',
FILENAME =
'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\data\MyDB.ldf',
SIZE=1MB,
MAXSIZE=10MB,
FILEGROWTH=1MB);
GO
ALTER DATABASE MyDB
MODIFY FILEGROUP MyDB_FG1 DEFAULT;
GO
This section is an overview of the space allocation algorithms and the data structures. It also
provides users and administrators with the knowledge they require to understand the references
to the terms in the messages generated by SQL Server.
• The free space information is densely packed, so relatively few pages contain this
information.
This increases speed by reducing the amount of disk reads that are required to retrieve
allocation information. This also increases the chance that the allocation pages will
remain in memory and not require more reads.
• Most of the allocation information is not chained together. This simplifies the maintenance
of the allocation information.
Each page allocation or deallocation can be performed quickly. This decreases the contention
between concurrent tasks having to allocate or deallocate pages.
SQL Server uses two types of allocation maps to record the allocation of extents:
Each extent has the following bit patterns set in the GAM and SGAM, based on its current use.
This causes simple extent management algorithms. To allocate a uniform extent, the Database
Engine searches the GAM for a 1 bit and sets it to 0. To find a mixed extent with free pages, the
Database Engine searches the SGAM for a 1 bit. To allocate a mixed extent, the Database
Engine searches the GAM for a 1 bit, sets it to 0, and then also sets the corresponding bit in the
SGAM to 1. To deallocate an extent, the Database Engine makes sure that the GAM bit is set to
1 and the SGAM bit is set to 0. The algorithms that are actually used internally by the Database
Engine are more sophisticated than what is described in this topic, because the Database Engine
distributes data evenly in a database. However, even the real algorithms are simplified by not
having to manage chains of extent allocation information.
After an extent has been allocated to an object, the Database Engine uses the PFS pages to
record which pages in the extent are allocated or free. This information is used when the
Database Engine has to allocate a new page. The amount of free space in a page is only
maintained for heap and Text/Image pages. It is used when the Database Engine has to find a
page with free space available to hold a newly inserted row. Indexes do not require that the page
free space be tracked, because the point at which to insert a new row is set by the index key
values.
A PFS page is the first page after the file header page in a data file (page number 1). This is
followed by a GAM page (page number 2), and then an SGAM page (page 3). There is a PFS
page approximately 8,000 pages in size after the first PFS page. There is another GAM page
64,000 extents after the first GAM page on page 2, and another SGAM page 64,000 extents after
the first SGAM page on page 3. The following illustration shows the sequence of pages used by
the database engine to allocate and manage extents.
• IN_ROW_DATA
holds a partition of a heap or index.
• LOB_DATA
Holds large object (LOB) data types, such as xml, varbinary(max), and varchar(max).
• ROW_OVERFLOW_DATA
Holds variable length data stored in varchar, nvarchar, varbinary, or sql_variant columns
that exceed the 8,060 byte row size limit.
Each partition of a heap or index contains at least an IN_ROW_DATA allocation unit. It may also
contain a LOB_DATA or ROW_OVERFLOW_DATA allocation unit, depending on the heap or
index schema. For more information about allocation units, see Table and Index Organization.
An IAM page covers a 4-GB range in a file and is the same coverage as a GAM or SGAM page. If
the allocation unit contains extents from more than one file, or more than one 4-GB range of a
file, there will be multiple IAM pages linked in an IAM chain. Therefore, each allocation unit has at
least one IAM page for each file on which it has extents. There may also be more than one IAM
page on a file, if the range of the extents on the file allocated to the allocation unit exceeds the
range that a single IAM page can record.
IAM pages are allocated as required for each allocation unit and are located randomly in the file.
The system view, sys.system_internals_allocation_units, points to the first IAM page for an
allocation unit. All the IAM pages for that allocation unit are linked in a chain.
The sys.system_internals_allocation_units system view is for internal use only and is subject
to change. Compatibility is not guaranteed.
An IAM page has a header that indicates the starting extent of the range of extents mapped by
the IAM page. The IAM page also has a large bitmap in which each bit represents one extent.
The first bit in the map represents the first extent in the range, the second bit represents the
second extent, and so on. If a bit is 0, the extent it represents is not allocated to the allocation unit
owning the IAM. If the bit is 1, the extent it represents is allocated to the allocation unit owning the
IAM page.
The database engine allocates a new extent to an allocation unit only when it cannot quickly find
a page in an existing extent with sufficient space to hold the row being inserted. The Database
Engine allocates extents from those available in the filegroup using a proportional allocation
algorithm. If a filegroup has two files and one has two times the free space as the other, two
pages will be allocated from the file with the available space for every one page allocated from
the other file. This means that every file in a filegroup should have a similar percentage of space
used.
Differential backups read just the DCM pages to determine which extents have been modified.
This greatly reduces the number of pages that a differential backup must scan. The length of time
that a differential backup runs is proportional to the number of extents modified since the last
BACKUP DATABASE statement and not the overall size of the database.
Although BCM pages appear in all databases, they are only relevant when the database is using
the bulk-logged recovery model. In this recovery model, when a BACKUP LOG is performed, the
backup process scans the BCMs for extents that have been modified. It then includes those
extents in the log backup.
This lets the bulk logged operations be recovered if the database is restored from a database
backup and a sequence of transaction log backups. BCM pages are not relevant in a database
that is using the simple recovery model, because no bulk logged operations are logged. They are
not relevant in a database that is using the full recovery model, because that recovery model
treats bulk logged operations as fully logged operations.
The interval between DCM pages and BCM pages is the same as the interval between GAM and
SGAM page, 64,000 extents. The DCM and BCM pages are located behind the GAM and SGAM
pages in a physical file:
Partitions
In SQL Server 2005, table and index pages are contained in one or more partitions. A partition is
a user-defined unit of data organization. By default, a table or index has only one partition that
contains all the table or index pages. The partition resides in a single filegroup. A table or index
with a single partition is equivalent to the organizational structure of tables and indexes in earlier
versions of SQL Server.
When a table or index uses multiple partitions, the data is partitioned horizontally so that groups
of rows are mapped into individual partitions, based on a specified column. The partitions can be
put on one or more filegroups in the database. The table or index is treated as a single logical
entity when queries or updates are performed on the data.
To view the partitions used by a table or index, use the sys.partitions (Transact-SQL) catalog
view.
Nonclustered Indexes
Nonclustered indexes have a B-tree index structure similar to the one in clustered indexes. The
difference is that nonclustered indexes do not affect the order of the data rows. The leaf level
contains index rows. Each index row contains the nonclustered key value, a row locator and any
included, or nonkey, columns. The locator points to the data row that has the key value.
XML Indexes
One primary and several secondary XML indexes can be created on each xml column in the
table. An XML index is a shredded and persisted representation of the XML binary large objects
(BLOBs) in the xml data type column. XML indexes are stored as internal tables. To view
information about xml indexes, use the sys.xml_indexes or sys.internal_tables catalog views.
Allocation Units
An allocation unit is a collection of pages within a heap or B-tree used to manage data based on
their page type. The following table lists the types of allocation units used to manage data in
tables and indexes.
A heap or B-tree can have only one allocation unit of each type in a specific partition. To view the
table or index allocation unit information, use the sys.allocation_units catalog view.
The sys.system_internals_allocation_units system view is for internal use only and is subject
to change. Compatibility is not guaranteed.
Each table, index, and indexed view partition has a row in sys.system_internals_allocation_units
uniquely identified by a container ID (container_id). The container ID has a one-to-one mapping
to the partition_id in the sys.partitions catalog view that maintains the relationship between the
The allocation of pages to a table, index, or an indexed view partition is managed by a chain of
IAM pages. The column first_iam_page in sys.system_internals_allocation_units points to the first
IAM page in the chain of IAM pages managing the space allocated to the table, index, or the
indexed view in the IN_ROW_DATA allocation unit.
Text/Image pages in the ROW_OVERFLOW_DATA allocation unit are managed in the same way
pages in the LOB_DATA allocation unit are managed. That is, the Text/Image pages are
managed by a chain of IAM pages.
USE AdventureWorks;
GO
SELECT o.name AS table_name,p.index_id, i.name AS index_name , au.type_desc AS
allocation_type, au.data_pages, partition_number
FROM sys.allocation_units AS au
JOIN sys.partitions AS p ON au.container_id = p.partition_id
JOIN sys.objects AS o ON p.object_id = o.object_id
Here is the result set. Notice that the DatabaseLog table uses all three allocation unit types,
because it contains both data and Text/Image page types. The Currency table does not have
LOB data, but does have the allocation unit required to manage data pages. If the Currency table
is later modified to include a LOB data type column, a LOB_DATA allocation unit is created to
manage that data.
Heap Structures
A heap is a table without a clustered index. Heaps have one row in sys.partitions, with index_id =
0 for each partition used by the heap. By default, a heap has a single partition. When a heap has
multiple partitions, each partition has a heap structure that contains the data for that specific
partition. For example, if a heap has four partitions, there are four heap structures; one in each
partition.
Depending on the data types in the heap, each heap structure will have one or more allocation
units to store and manage the data for a specific partition. At a minimum, each heap will have one
IN_ROW_DATA allocation unit per partition. The heap will also have one LOB_DATA allocation
unit per partition, if it contains large object (LOB) columns. It will also have one
ROW_OVERFLOW_DATA allocation unit per partition, if it contains variable length columns that
exceed the 8,060 byte row size limit.
The sys.system_internals_allocation_units system view is for internal use only and is subject
to change. Compatibility is not guaranteed.
Table scans or serial reads of a heap can be performed by scanning the IAM pages to find the
extents that are holding pages for the heap. Because the IAM represents extents in the same
order that they exist in the data files, this means that serial heap scans progress sequentially
through each file. Using the IAM pages to set the scan sequence also means that rows from the
heap are not typically returned in the order in which they were inserted.
The following illustration shows how the SQL Server Database Engine uses IAM pages to retrieve
data rows in a single partition heap.
The pages in the data chain and the rows in them are ordered on the value of the clustered index
key. All inserts are made at the point where the key value in the inserted row fits in the ordering
sequence among existing rows. The page collections for the B-tree are anchored by page
pointers in the sys.system_internals_allocation_units system view.
The sys.system_internals_allocation_units system view is for internal use only and is subject
to change. Compatibility is not guaranteed.
Nonclustered indexes can be defined on a table or view with a clustered index or a heap. Each
index row in the nonclustered index contains the nonclustered key value and a row locator. This
locator points to the data row in the clustered index or heap having the key value.
The row locators in nonclustered index rows are either a pointer to a row or are a clustered index
key for a row, as described in the following:
• If the table is a heap, which means it does not have a clustered index, the row locator is a
pointer to the row. The pointer is built from the file identifier (ID), page number, and
number of the row on the page. The whole pointer is known as a Row ID (RID).
• If the table has a clustered index, or the index is on an indexed view, the row locator is
the clustered index key for the row. If the clustered index is not a unique index, SQL
Server 2005 makes any duplicate keys unique by adding an internally generated value
called a uniqueifier. This four-byte value is not visible to users. It is only added when
required to make the clustered key unique for use in nonclustered indexes. SQL Server
retrieves the data row by searching the clustered index using the clustered index key
stored in the leaf row of the nonclustered index.
Nonclustered indexes have one row in sys.partitions with index_id >1 for each partition used by
the index. By default, a nonclustered index has a single partition. When a nonclustered index has
multiple partitions, each partition has a B-tree structure that contains the index rows for that
specific partition. For example, if a nonclustered index has four partitions, there are four B-tree
structures, with one in each partition.
Depending on the data types in the nonclustered index, each nonclustered index structure will
have one or more allocation units in which to store and manage the data for a specific partition. At
a minimum, each nonclustered index will have one IN_ROW_DATA allocation unit per partition
that stores the index B-tree pages. The nonclustered index will also have one LOB_DATA
allocation unit per partition if it contains large object (LOB) columns . Additionally, it will have one
ROW_OVERFLOW_DATA allocation unit per partition if it contains variable length columns that
exceed the 8,060 byte row size limit. For more information about allocation units, see Table and
Index Organization. The page collections for the B-tree are anchored by root_page pointers in the
sys.system_internals_allocation_units system view.
The sys.system_internals_allocation_units system view is for internal use only and is subject
to change. Compatibility is not guaranteed.
Every SQL Server 2005 database has a transaction log that records all the transactions and
database modifications made by each transaction. The transaction log is a critical component of
any database. This section contains the architectural information required to understand how the
transaction log is used to guarantee the data integrity of the database and how it is used for data
recovery.
• The transaction log is implemented as a separate file or set of files in the database. The
log cache is managed separately from the buffer cache for data pages, which results in
simple, fast, and robust code within the database engine.
• The format of log records and pages is not constrained to follow the format of data pages.
• The transaction log can be implemented in several files. The files can be defined to
expand automatically by setting the FILEGROWTH value for the log. This reduces the
potential of running out of space in the transaction log, while at the same time reducing
administrative overhead. For more information, see ALTER DATABASE (Transact-SQL).
• The mechanism to reuse the space within the log files is quick and has minimal effect on
transaction throughput.
Log records are stored in a serial sequence as they are created. Each log record contains the ID
of the transaction that it belongs to. For each transaction, all log records associated with the
transaction are individually linked in a chain using backward pointers that speed the rollback of
the transaction.
Log records for data modifications record either the logical operation performed or they record the
before and after images of the modified data. The before image is a copy of the data before the
operation is performed; the after image is a copy of the data after the operation has been
performed.
The steps to recover an operation depend on the type of log record:
Many types of operations are recorded in the transaction log. These operations include:
Rollback operations are also logged. Each transaction reserves space on the transaction log to
make sure that enough log space exists to support a rollback that is caused by either an explicit
rollback statement or if an error is encountered. The amount of space reserved depends on the
operations performed in the transaction, but generally is equal to the amount of space used to log
each operation. This reserved space is freed when the transaction is completed.
The section of the log file from the first log record that must be present for a successful database-
wide rollback to the last-written log record is called the active part of the log, or the active log.
This is the section of the log required to do a full recovery of the database. No part of the active
log can ever be truncated.
The SQL Server Database Engine divides each physical log file internally into a number of virtual
log files. Virtual log files have no fixed size, and there is no fixed number of virtual log files for a
physical log file. The database engine chooses the size of the virtual log files dynamically while it
is creating or extending log files. The Database Engine tries to maintain a small number of virtual
files. The size of the virtual files after a log file has been extended is the sum of the size of the
existing log and the size of the new file increment. The size or number of virtual log files cannot
be configured or set by administrators.
The only time virtual log files affect system performance is if the log files are defined by small size
and growth_increment values. If these log files grow to a large size because of many small
increments, they will have lots of virtual log files. This can slow down database startup and also
log backup and restore operations. We recommend that you assign log files a size value close to
the final size required, and also have a relatively large growth_increment value.
The transaction log is a wrap-around file. For example, consider a database with one physical log
file divided into four virtual log files. When the database is created, the logical log file begins at
the start of the physical log file. New log records are added at the end of the logical log and
expand toward the end of the physical log. Log records in the virtual logs that appear in front of
the minimum recovery log sequence number (MinLSN) are deleted, as truncation operations
occur. The transaction log in the example database would look similar to the one in the following
illustration.
When the end of the logical log reaches the end of the physical log file, the new log records wrap
around to the start of the physical log file.
This cycle repeats endlessly, as long as the end of the logical log never reaches the beginning of
the logical log. If the old log records are truncated frequently enough to always leave sufficient
room for all the new log records created through the next checkpoint, the log never fills. However,
if the end of the logical log does reach the start of the logical log, one of two things occurs:
• If the FILEGROWTH setting is enabled for the log and space is available on the disk, the
file is extended by the amount specified in growth_increment and the new log records are
If the log contains multiple physical log files, the logical log will move through all the physical log
files before it wraps back to the start of the first physical log file.
To understand how the write-ahead log works, it is important for you to know how modified data is
written to disk. SQL Server maintains a buffer cache into which it reads data pages when data
must be retrieved. Data modifications are not made directly to disk, but are made to the copy of
the page in the buffer cache. The modification is not written to disk until a checkpoint occurs in
the database, or the modification must be written to disk so the buffer can be used to hold a new
page. Writing a modified data page from the buffer cache to disk is called flushing the page. A
page modified in the cache, but not yet written to disk is called a dirty page.
At the time a modification is made to a page in the buffer, a log record is built in the log cache that
records the modification. This log record must be written to disk before the associated dirty page
is flushed from the buffer cache to disk. If the dirty page is flushed before the log record is written,
the dirty page will create a modification on the disk that cannot be rolled back if the server fails
before the log record is written to disk. SQL Server has logic that prevents a dirty page from being
flushed before the associated log record is written. Log records are written to disk when the
transactions are committed.
• The log records of modifications not flushed to disk before the system stopped are rolled
forward.
• All modifications associated with incomplete transactions, such as transactions for which
there is no COMMIT or ROLLBACK log record, are rolled back.
Checkpoint Operation
A checkpoint performs the following processes in the current database:
• Writes a record to the log file marking the start of the checkpoint.
• Stores information recorded for the checkpoint in a chain of checkpoint log records.
One piece of information recorded in the checkpoint records is the LSN of the first log record that
must be present for a successful database-wide rollback. This LSN is called the Minimum
Recovery LSN (MinLSN) and is the minimum of the:
• Marks for reuse the space that precedes the MinLSN, if the database uses the simple
recovery model.
• Writes all dirty log and data pages to disk.
• Writes a record marking the end of the checkpoint to the log file.
• Writes the LSN of the start of this chain to the database boot page.
Automatic Checkpoints
The SQL Server Database Engine generates automatic checkpoints. The interval between
automatic checkpoints is based on the amount of log space used and the time elapsed since the
last checkpoint. The time interval between automatic checkpoints can be highly variable and long,
if few modifications are made in the database. Automatic checkpoints can also occur frequently if
lots of data is modified.
The interval between automatic checkpoints is calculated for all the databases on a server
instance from the recovery interval server configuration option. This option specifies the
maximum time the Database Engine should use to recover a database during a system restart.
The Database Engine estimates how many log records it can process in the recovery interval
during a recovery operation.
The interval between automatic checkpoints also depends on the recovery model:
• If the database is using either the full or bulk-logged recovery model, an automatic
checkpoint is generated whenever the number of log records reaches the number the
database engine estimates it can process during the time specified in the recovery
interval option.
• If the database is using the simple recovery model, an automatic checkpoint is generated
whenever the number of log records reaches the lesser of these two values:
• The log becomes 70 percent full.
• The number of log records reaches the number the Database Engine estimates it
can process during the time specified in the recovery interval option.
Active Log
The section of the log file from the MinLSN to the last-written log record is called the active
portion of the log, or the active log. This is the section of the log required to do a full recovery of
the database. No part of the active log can ever be truncated. All log records must be truncated
from the parts of the log before the MinLSN.
The following figure shows a simplified version of the end-of-a-transaction log with two active
transactions. Checkpoint records have been compacted to a single record.
LSN 148 is the last record in the transaction log. At the time that the recorded checkpoint at LSN
147 was processed, Tran 1 had been committed and Tran 2 was the only active transaction. That
makes the first log record for Tran 2 the oldest log record for a transaction active at the time of
the last checkpoint. This makes LSN 142, the Begin transaction record for Tran 2, the MinLSN.
Long-Running Transactions
The active log must include every part of all uncommitted transactions. An application that starts
a transaction and does not commit it or roll it back prevents the Database Engine from advancing
the MinLSN. This can cause two types of problems:
• If the system is shut down after the transaction has performed many uncommitted
modifications, the recovery phase of the subsequent restart can take much longer than
the time specified in the recovery interval option.
• The log might grow very large, because the log cannot be truncated past the MinLSN.
This occurs even if the database is using the simple recovery model where the
transaction log is generally truncated on each automatic checkpoint.
Replication Transactions
The Log Reader Agent monitors the transaction log of each database configured for transactional
replication and copies the transactions marked for replication from the transaction log into the
distribution database. The active log must contain all transactions that are marked for replication,
but that have not yet been delivered to the distribution database. If these transactions are not
replicated in a timely manner, they can prevent the truncation of the log.
The active portion of the transaction log, the active log, can never be truncated. The active
portion of the log is the part of the log that is used to recover the database and must always be
present in the database. The record at the start of the active portion of the log is identified by the
minimum recovery log sequence number (MinLSN). The log records before the MinLSN are only
needed to maintain a sequence of the transaction log backups.
The recovery model selected for a database determines how much of the transaction log in front
of the MinLSN must be retained in the database, as shown in the following:
• In the simple recovery model, a sequence of transaction logs is not being maintained. All
log records before the MinLSN can be truncated at any time, except while a BACKUP
statement is being processed.
• In the full and bulk-logged recovery models, a sequence of transaction log backups is
being maintained. The part of the logical log in front of the MinLSN cannot be truncated
until the transaction log has been backed up.
• After a BACKUP LOG statement is completed and it does not specify NO TRUNCATE.
• Every time a checkpoint is processed, if the database is using the simple recovery model.
This includes both explicit checkpoints that result from a CHECKPOINT statement and
implicit checkpoints that are generated by the system. The exception is that the log is not
truncated if the checkpoint occurs when a BACKUP statement is still active.
This illustration shows a transaction log that has four virtual logs. The log has not been truncated
after the database was created. The logical log starts at the front of the first virtual log and the
part of virtual log 4 beyond the end of the logical file has never been used.
This illustration shows how the log appears after truncation. The space before the start of the
virtual log that contains the MinLSN record has been marked for reuse.
Shrinking a log depends on first truncating the log. Log truncation does not reduce the size of a
physical log file. However, it does reduce the size of the logical log and marks as inactive the
virtual logs that do not hold any part of the logical log. A log shrink operation removes enough
inactive virtual logs to reduce the log file to the requested size.
The unit of the size reduction is a virtual log file. For example, if you have a 600-MB log file that
has been divided into six 100-MB virtual logs, the size of the log file can only be reduced in 100-
MB increments. The file size can be reduced to sizes such as 500 MB or 400 MB, but the file
cannot be reduced to sizes such as 433 MB or 525 MB.
The size of the virtual log file is chosen dynamically by the database engine when log files are
created or extended.
Virtual log files that hold part of the logical log cannot be freed. If all the virtual log files in a log file
hold parts of the logical log, the file cannot be shrunk until a truncation marks as inactive one or
more of the virtual logs at the end of the physical log.
When any file is shrunk, the space freed must come from the end of the file. When a transaction
log file is shrunk, enough virtual log files from the end of the log file are freed to reduce the log to
the size requested by the user. The target_size specified by the user is rounded to the next
highest virtual log file boundary. For example, if a user specifies a target_size of 325 MB for our
sample 600-MB file that contains 100-MB virtual log files, the last two virtual log files are removed
and the new file size is 400 MB.
• If no part of the logical log in the virtual log files extends beyond the target_size mark, the
virtual log files that come after the target_size mark are freed and the successful DBCC
statement is completed with no messages.
If part of the logical log in the virtual logs does extend beyond the target_size mark, the SQL
Server Database Engine frees as much space as possible and issues an informational message.
The message tells you what actions you have to perform to remove the logical log from the virtual
logs at the end of the file. After you perform this action, you can then reissue the DBCC statement
to free the remaining space.
For example, assume that a 600-MB log file that contains six virtual log files has a logical log that
starts in virtual log 3 and ends in virtual log 4 when you run a DBCC SHRINKFILE statement with
a target_size of 275 MB:
Virtual log files 5 and 6 are freed immediately, because they do not contain part of the logical log.
However, to meet the specified target_size, virtual log file 4 should also be freed, but it cannot
because it holds the end portion of the logical log. After freeing virtual log files 5 and 6, the
Database Engine fills the remaining part of virtual log file 4 with dummy records. This forces the
The DBCC SHRINKFILE statement also issues an informational message that states that it could
not free all the space requested and that you can run a BACKUP LOG statement to free the
remaining space. After the active portion of the log moves to virtual log file 1, a BACKUP LOG
statement will truncate the entire logical log that is in virtual log file 4:
Because virtual log file 4 no longer holds any portion of the logical log, you can now run the same
DBCC SHRINKFILE statement with a target_size of 275 MB. Virtual log file 4 will then be freed
and the size of the physical log file will be reduced to the size you requested.
System Databases:
SQL Server 2005 includes the following system databases.
System
database Description
master Records all the system-level information for an instance of SQL Server.
Database
msdb Is used by SQL Server Agent for scheduling alerts and jobs.
Database
model Is used as the template for all databases created on the instance of SQL Server.
Database Modifications made to the model database, such as database size, collation,
recovery model, and other database options, are applied to any databases
created afterward.
Resource Is a read-only database that contains system objects that are included with SQL
Database Server 2005. System objects are physically persisted in the Resource database,
but they logically appear in the sys schema of every database.
You should receive the following messages that confirm the change:
Message 1
The file "tempdev" has been modified in the system catalog. The new path will be used the next
time the database is started.
Message 2
The file "templog" has been modified in the system catalog. The new path will be used the next
time the database is started .
3. Using sp_helpfile in tempdb will not confirm these changes until you restart SQL Server.
4. Stop and then restart SQL Server.
-dD:\MSSQL7\data\master.mdf
-eD:\MSSQL7\log\ErrorLog
-lD:\MSSQL7\data\mastlog.ldf
-d is the fully qualified path for the master database data file.
-l is the fully qualified path for the master database log file.
NOTE: : If you try to reattach the msdb database by starting SQL Server together with the -c
option, the -m option, and trace flag 3608, you may receive the following error message:
NOTE: : If you use this procedure together with moving the model database, you are trying to
detach the msdb database while you detach the model database. When you do this, you must
reattach the model database first, and then reattach the msdb database. If you reattach the msdb
database first, you receive the following error message when you try to reattach the model
database:
In this case, you must detach the msdb database, reattach the model database, and then
reattach the msdb database,
After you move the msdb database, you may receive the following error message:
Error 229: EXECUTE permission denied on object 'ObjectName', database 'master', owner 'dbo'.
This problem occurs because the ownership chain has been broken. The database owners for
the msdb database and for the master database are not the same. In this case, the ownership of
the msdb database had been changed. To work around this problem, run the following Transact-
SQL statements. You can do this by using the Osql.exe command-line utility (SQL Server 7.0 and
SQL Server 2000) or the Sqlcmd.exe command-line utility (SQL Server 2005):
USE MSDB
Go
EXEC sp_changedbowner 'sa'
Go
In SQL Server 2005 and in SQL Server 2000, you cannot detach system databases by using the
sp_detach_db stored procedure. When you try to run the sp_detach_db 'model' statement, you
receive the following error message:
NOTE: : You will not be able to access any user databases after you do this. You must not
perform any operations, other than the following steps, while you use this trace flag.
To add trace flag 3608 as a SQL Server startup parameter, follow these steps:
If you are using SQL Server 2005, you can use SQL Server Configuration Manager to change the
startup parameters of the SQL Server service. For more information about how to change the
startup parameters, visit the following Microsoft Developer Network (MSDN) Web site:
After you add the -c option, the -m option, and trace flag 3608, follow these steps:
1. Stop and then restart SQL Server.
2. Detach the model database by using the following commands:use master
go
sp_detach_db 'model'
go
3. Move the Model.mdf and Modellog.ldf files from the D:\Mssql7\Data folder to the E:\Sqldata
folder.
4. Reattach the model database by using the following commands:use master
go
sp_attach_db 'model','E:\Sqldata\model.mdf','E:\Sqldata\modellog.ldf'
go
5. Remove -c -m -T3608 from the startup parameters in SQL Server Enterprise Manager or in
SQL Server Configuration Manager.
6. Stop and then restart SQL Server. You can verify the change in file locations by using the
sp_helpfile stored procedure. For example, use the following command: use model
go
TOOLS
DATABASE DESIGNING
Syntax:
<filegroup> ::=
{
FILEGROUP filegroup_name [ DEFAULT ]
<filespec> [ ,...n ]
}
<external_access_option> ::=
{
DB_CHAINING { ON | OFF }
| TRUSTWORTHY { ON | OFF }
}
<service_broker_option> ::=
{
ENABLE_BROKER
| NEW_BROKER
| ERROR_BROKER_CONVERSATIONS
}
Example:
CREATE DATABASE sa
ON PRIMARY
(NAME=KANCHAN,
FILENAME="D:\MSSQL\aditya\KANCHAN.mdf",
SIZE=100,
MAXSIZE=200,
FILEGROWTH=25%),
(NAME=BHARATI,
FILENAME="D:\MSSQL\aditya\BHARATI.NDF",
SIZE=100,
MAXSIZE=200,
FILEGROWTH=25%),
FILEGROUP MANOHAR
(NAME=BHARATI2,
FILENAME="D:\MSSQL\aditya\BHARATI2.NDF",
SIZE=100,
MAXSIZE=200,
FILEGROWTH=25%),
(NAME=BHARATI3,
FILENAME="D:\MSSQL\aditya\BHARATI3.NDF",
SIZE=100,
MAXSIZE=200,
FILEGROWTH=25%)
First, you must decide where to put the data and log files. Here are some guidelines to use:
_ Data and log files should be on separate physical drives so that, in case of a disaster, you have
a better chance of recovering all data.
_ Transaction logs are best placed on a RAID-1 array because this has the fastest sequential
write speed.
_ Data files are best placed on a RAID-5 array because they have faster read speed than
other RAID-arrays.
_ If you have access to a RAID-10 array, you can place data and log files on it because it has all
the advantages of RAID-1 and RAID-5.
Next, you must decide how big your files should be. Data files are broken down into 8KB pages
and 64KB extents (eight contiguous pages). To figure out how big your database will need to be,
you must figure out how big your tables will be. You can do that using these steps:
Once you have decided where to put your files and how big they should be, follow these
steps to create a database named Sales (you will be creating the files on a single drive for
simplicity):
1. Start SQL Server Management Studio by selecting Start _ Programs _ Microsoft SQL
Server 2005 _ Management Studio.
2. Connect to your default instance of SQL Server.
3. Expand your Databases folder.
4. Right-click either the Databases folder in the console tree or the white space in the right pane,
and choose New Database from the context menu.
5. You should now see the General tab of the Database properties sheet. Enter the database
name Sales, and leave the owner as <default>.
6. In the data files grid, in the Logical Name column, change the name of the primary data file to
Sales_Data. Use the default location for the file, and make sure the initial size is 3.
7. Click the ellipsis button (the one with three periods) in the Autogrowth column for the
Sales_Data file. In the dialog box that opens, check the Restricted File Growth radio
button, and restrict the filegrowth to 20MB.
8. To add a secondary data file, click the Add button, and change the logical name of the new file
to Sales_Data2. Here too use the default location for the file, and make sure the initial size is 3.
9. Restrict the filegrowth to a maximum of 20MB for Sales_Data2 by clicking the ellipsis button in
the Autogrowth column.
10. Leave all of the defaults for the Sales_Log file.
11. Click OK when you are finished. You should now have a new Sales database.
SECURITY
Server-Level Security:
A user may be initially identified to SQL Server via one of three methods:
✦ Windows user login
✦ Membership in a Windows user group
✦ SQL Server–specific login (if the server uses mixed-mode security)
At the server level, the user is known by his or her LoginID, which is either his or her SQL Server
login, or his or her Windows domain and user name.
Once the user is known to the server and identified, the user has whatever server-level
administrative rights have been granted via fixed server roles. If the user belongs to the sysadmin
role, he or she has full access to every server function, database, and object in the server.
A user can be granted access to a database, and his or her network login ID can be mapped to a
database-specific user ID in the process. If the user doesn’t have access to a database, he or she
can gain access as the guest user with some configuration changes within the database server.
Database-Level Security:
At the database level, the user may be granted certain administrative-level permissions by
belonging to fixed database roles.
The user still can’t access the data. He or she must be granted permission to the database
objects (e.g., tables, stored procedures, views, functions). User-defined roles are custom roles
that serve as groups. The role may be granted permission to a database object, and users may
Object Ownership:
The final aspect of this overview of SQL Server’s security model involves object ownership.
Every object is owned by a schema. The default schema is dbo—not to be confused with the dbo
role.
In previous versions of SQL Server, objects were owned by users, or, more precisely, every
owner was also a schema. There are several advantages in SQL Server 2005. ANSI SQL defines
a model of database–schema–objects.
Ownership becomes critical when permission is being granted to a user to run a stored procedure
when the user doesn’t have permission to the underlying tables. If the ownership chain from the
tables to the stored procedure is consistent, then the user can access the stored procedure and
the stored procedure can access the tables as its owner. However, if the ownership chain is
broken, meaning there’s a different owner somewhere between the stored procedure and the
table, then the user must have rights to the stored procedure, the underlying tables, and every
other object in between.
Most security management can be performed in Management Studio. With code, security is
managed by means of the grant, revoke, and deny Data Control Language (DCL) commands,
and several system stored procedures.
Windows Security:
Because SQL Server exists within a Windows environment, one aspect of the security strategy
must be securing the Windows server.
SQL Server databases frequently support websites, so Internet Information Server (IIS) security
and firewalls must be considered within the security plan.
Windows security is an entire topic in itself, and therefore outside the scope of this book. If, as a
DBA, you are not well supported by qualified network staff, then you should make the effort to
become proficient in Windows Server technologies, especially security.
Don’t confuse user access to SQL Server with SQL Server’s Windows accounts. The two logins
are completely different.
SQL Server users don’t need access to the database directories or data files on a Windows level
because the SQL Server process, not the user, will perform the actual file access.
However, the SQL Server process needs permission to access the files, so it needs a Windows
account. Two types are available:
✦ Local admin account: SQL Server can use the local admin account of the operating system
for permission to the machine. This option is adequate for single-server installations
but fails to provide the network security required for distributed processing.
✦ Domain user account (recommended): SQL Server can use a Windows user account
created specifically for it. The SQL Server user account can be granted administrator
Server Security:
SQL Server uses a two-phase security-authentication scheme. The user is first authenticated to
the server. Once the user is “in” the server, access can be granted to the individual databases.
SQL Server stores all login information within the master database.
SQL Server Authentication Mode
When SQL Server was installed, one of the decisions made was which of the following
authentication methods to use:
✦ Windows authentication mode: Windows authentication only
✦ Mixed mode: Both Windows authentication and SQL Server user authentication
This option can be changed after installation in Management Studio, in the Security page of the
SQL Server Properties dialog box, as shown in Figure
From code, the authentication mode can be checked by means of the xp_loginconfig system
stored procedure, as follows:
EXEC xp_loginconfig ‘login mode’
Result:
name config_value
---------------------------- ----------------------------
login mode Mixed
Notice that the system stored procedure to report the authentication mode is an extended
stored procedure. That’s because the authentication mode is stored in the registry in the following
entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
MicrosoftSQLServer\<instance_name>\MSSQLServer\LoginMode
A value for LoginMode is 0 is for Windows authentication and 1 for mixed mode.
The only ways to set the authentication mode are to use either Management Studio or
RegEdit.
Windows Authentication:
Using the paradigm of grant, revoke, and deny, a user may be blocked for access using
sp_denylogin. This can prevent a user or group from accessing SQL Server even if he or she
could otherwise gain entry from another method.
For example, suppose the Accounting group is granted normal login access, while the Probation
group is denied access. Joe is a member of both the Accounting group and the Probation group.
The Probation group’s denied access blocks Joe from the SQL Server even though he is granted
access as a member of the Accounting group, because deny overrides grant.
To deny a Windows user or group, use the sp_denylogin system stored procedure. If the
user or group being denied access doesn’t exist in SQL Server, then sp_denylogin adds and then
denies him, her, or it:
EXEC sp_denylogin ‘XPS\Joe’
To restore the login after denying access, you must first grant access with the sp_grant login
system stored procedure.
You can only revoke a login using T-SQL. The feature isn’t supported in Management Studio.
Setting the Default Database
The default database is set in the Login Properties form in the General page. The default
database can be set from code by means of the sp_defaultdb system stored procedure:
EXEC sp_defaultdb ‘Sam’, ‘OBXKites’
The optional SQL Server logins are useful when Windows authentication is inappropriate or
unavailable. It’s provided for backward compatibility and for legacy applications that are hard-
coded to a SQL Server login.
Implementing SQL Server logins (mixed mode) will automatically create an sa user, who will
be a member of the sysadmin fixed server role and have all rights to the server. An sa user
without a password is very common and the first attack every hacker tries when detecting a SQL
Server. Therefore, the Best Practice is disabling the sa user and assigning different users, or
roles, to the sysadmin fixed server role instead.
To manage SQL Server users in Management Studio use the same Login–New dialog used when
adding Windows users, but select SQL Server Authentication.
In T-SQL code, use the sp_addlogin system stored procedure. Because this requires setting up a
user, rather than just selecting one that already exists, it’s more complex than adding a
sp_grantlogin. Only the login name is required:
sp_addlogin ‘login’, ‘password’, ‘defaultdatabase’,
‘defaultlanguage’, ‘sid’, ‘encryption_option’
For example, the following code adds Joe as a SQL Server user and sets his default database to
the OBX Kite Store sample database:
Removing a Login
To remove a SQL Server login, use the sp_droplogin system stored procedure:
EXEC sp_droplogin ‘Joe’
Removing a login will also remove all the login security settings.
Setting the Default Database
The default database is set in the Login Properties form in the General page, just as it is for
Windows users. The default database can be set from code by means of the sp_defaultdb system
stored procedure:
EXEC sp_defaultdb ‘Sam’, ‘OBXKites’
SQL Server includes a few standards or fixed database roles. Like the server fixed roles, these
primarily organize administrative tasks. A user may belong to multiple roles. The fixed database
roles include the following:
✦ Db_accessadmin: can authorize a user to access the database, but not to manage database-
level security.
✦ Db_backupoperators: can perform backups, checkpoints, and dbcc commands, but not
restores (only server sysadmins can perform restores).
✦ Db_datareaders: can read all the data in the database. This role is the equivalent of a grant
on all objects, and it can be overridden by a deny permission.
✦ Db_datawriters: can write to all the data in the database. This role is the equivalent of a grant
on all objects, and it can be overridden by a deny permission.
✦ Db_ddladmins: can issue DDL commands (create, alter and drop).
✦ Db_denydatareaders: can read from any table in the database. This denies will override any
object-level grant.
✦ Db_denydatawriters: blocks modifying data in any table in the database. This denies will
override any object-level grant.
✦ Db_owner: is a special role that has all permissions in the database. This role includes all the
capabilities of the other roles. It is different from the dbo user role. This is not the database-level
equivalent of the server sysadmin role; an object-level deny will override membership in this role.
✦ Db_securityadmins: can manage database-level security—roles and permissions.
The fixed database roles can be assigned with Management Studio with either of the following
two procedures:
✦ Adding the role to the user in the user’s Database User Properties form (see Figure 40-7),
either as the user is being created or after the user exists.
✦ Adding the user to the role in the Database Role Properties dialog. Select Roles under the
database’s Security node, and use the context menu to open the Properties form (see Figure 40-
8).
From code, you can add a user to a fixed database role with the sp_addrole system stored
procedure.
To examine the assigned roles in T-SQL, query the sysdatabase_role_members catalog view
joined with sysdatabase_principal.
Server Roles:
SQL Server includes only fixed, predefined server roles. Primarily, these roles grant permission to
perform certain server-related administrative tasks. A user may belong to multiple roles.
The following roles are best used to delegate certain server administrative tasks:
SQL Server automatically creates a user, ‘BUILTINS/Administrators’, which includes all Windows
users in the Windows Admins group, and assigns that group to the SQL Server sysadmin role.
The BUILTINS/Administrators user can be deleted or modified if desired. If the SQL Server is
configured for mixed-mode security, it also creates an sa user and assigns that user to the SQL
Server sysadmin role. The sa user is there for backward compatibility. Disable or rename the sa
user, or at least assign it a password but don’t use it as a developer and DBA sign on. In addition,
delete the BUILTINS/Administrators user. Instead, use Windows authentication and assign the
DBAs and database developers to the sysadmin role.
A user must reconnect for the full capabilities of the sysadmin role to take effect. The server roles
are set in Management Studio in the Server Roles page of the Login Properties dialog (see
Figure 40-5).
When a Windows user is added to SQL Server and then removed from the Windows domain, the
user still exists in SQL Server but is considered orphaned. Being an orphaned user means even
Security delegation is difficult to set up and may require the assistance of your network domain
administrator. However, the ability to recognize users going through IIS is a powerful security
feature.
When you upgrade an instance of SQL Server to SQL Server 2005 by performing an in-place
upgrade, the configuration options of the instance are unchanged. Use SQL Server Surface Area
Configuration to review feature usage and turn off features that are not needed. You can turn off
the features in SQL Server Surface Area Configuration or by using the system stored procedure,
sp_configure. Here is an example of using sp_configure to disallow the execution of
xp_cmdshell on a SQL Server instance:
In SQL Server 2005, SQL Server Browser functionality has been factored into its own service and
is no longer part of the core database engine. Additional functions are also factored into separate
services. Services that are not a part of the core database engine and can be enabled or disabled
separately include:
• SQL Server Active Directory Helper
• SQL Server Agent
• SQL Server FullText Search
• SQL Server Browser
• SQL Server VSS Writer
The SQL Server Browser service needs to be running only to connect to named SQL Server
instances that use TCP/IP dynamic port assignments. It is not necessary to connect to default
instances of SQL Server 2005 and named instances that use static TCP/IP ports. For a more
secure configuration, always use static TCP/IP port assignments and disable the SQL Server
Browser service. The VSS Writer allows backup and restore using the Volume Shadow Copy
framework. This service is disabled by default. If you do not use Volume Shadow Copy, disable
this service. If you are running SQL Server outside of an Active Directory® directory service,
disable the Active Directory Helper.
Best practices for surface area reduction
• Install only those components that you will immediately use. Additional components can
always be installed as needed.
• Enable only the optional features that you will immediately use.
Authentication Mode
SQL Server has two authentication modes: Windows Authentication and Mixed Mode
Authentication. In Windows Authentication mode, specific Windows user and group accounts are
trusted to log in to SQL Server. Windows credentials are used in the process; that is, either NTLM
or Kerberos credentials. Windows accounts use a series of encrypted messages to authenticate
to SQL Server; no passwords are passed across the network during the authentication process.
In Mixed Mode Authentication, both Windows accounts and SQL Server-specific accounts (known
as SQL logins) are permitted. When SQL logins are used, SQL login passwords are passed
across the network for authentication. This makes SQL logins less secure than Windows logins.
It is a best practice to use only Windows logins whenever possible. Using Windows logins with
SQL Server achieves single sign-on and simplifies login administration. Password management
uses the ordinary Windows password policies and password change APIs. Users, groups, and
passwords are managed by system administrators; SQL Server database administrators are only
concerned with which users and groups are allowed access to SQL Server and with authorization
management.
SQL logins should be confined to legacy applications, mostly in cases where the application is
purchased from a third-party vendor and the authentication cannot be changed. Another use for
SQL logins is with cross-platform client-server applications in which the non-Windows clients do
not possess Windows logins. Although using SQL logins is discouraged, there are security
improvements for SQL logins in SQL Server 2005. These improvements include the ability to
have SQL logins use the password policy of the underlying operating system and better
encryption when SQL passwords are passed over the network. We'll discuss each of these later
in the paper.
SQL Server 2005 uses standard DDL statements to create both Windows logins and SQL logins.
Using the CREATE LOGIN statement is preferred; the sp_addlogin and sp_grantlogin system
stored procedures are supported for backward compatibility only. SQL Server 2005 also provides
the ability to disable a login or change a login name by using the ALTER LOGIN DDL statement.
For example, if you install SQL Server 2005 in Windows Authentication mode rather than Mixed
Mode, the sa login is disabled. Use ALTER LOGIN rather than the procedures sp_denylogin or
sp_revokelogin, which are supported for backward compatibility only.
If you install SQL Server in Windows Authentication mode, the sa login account is disabled and a
random password is generated for it. If you later need to change to Mixed Mode Authentication
and re-enable the sa login account, you will not know the password. Change the sa password to
a known value after installation if you think you might ever need to use it.
Best practices for authentication mode
• Always use Windows Authentication mode if possible.
• Use Mixed Mode Authentication only for legacy applications and non-Windows users.
• Use the standard login DDL statements instead of the compatibility system procedures.
• Change the sa account password to a known value if you might ever need to use it. Always
use a strong password for the sa account and change the sa account password periodically.
• Do not manage SQL Server by using the sa login account; assign sysadmin privilege to a
knows user or group.
Network Connectivity
A standard network protocol is required to connect to the SQL Server database. There are no
internal connections that bypass the network. SQL Server 2005 introduces an abstraction for
managing any connectivity channel—entry points into a SQL Server instance are all represented
as endpoints. Endpoints exist for the following network client connectivity protocols:
• Shared Memory
• Named Pipes
• TCP/IP
• VIA
• Dedicated administrator connection
In addition, endpoints may be defined to permit access to the SQL Server instance for:
• Service Broker
• HTTP Web Services
• Database mirroring
Following is an example of creating an endpoint for Service Broker.
SQL Server 2005 discontinues support for some network protocols that were available with earlier
versions of SQL Server, including IPX/SPX, Appletalk, and Banyon Vines.
In keeping with the general policy of "off by default, enable only when needed," no Service
Broker, HTTP, or database mirroring endpoints are created when SQL Server 2005 is installed,
and the VIA endpoint is disabled by default. In addition, in SQL Server 2005 Express Edition,
SQL Server 2005 Developer Edition, and SQL Server 2005 Evaluation Edition, the Named Pipes
and TCP/IP protocols are disabled by default. Only Shared Memory is available by default in
those editions. The dedicated administrator connection (DAC), new with SQL Server 2005, is
available only locally by default, although it can be made available remotely. Note that the DAC is
not available in SQL Server Express Edition by default and requires that the server be run with a
special trace flag to enable it. Access to database endpoints requires the login principal to have
CONNECT permission. By default, no login account has CONNECT permission to Service Broker
or HTTP Web Services endpoints. This restricts access paths and blocks some known attack
vectors. It is a best practice to enable only those protocols that are needed. For example, if
TCP/IP is sufficient, there is no need to enable the Named Pipes protocol.
Although endpoint administration can be accomplished via DDL, the administration process is
made easier and policy can be made more uniform by using the SQL Server Surface Area
Configuration tool and SQL Server Configuration Manager. SQL Server Surface Area
Configuration provides a simplified user interface for enabling or disabling client protocols for a
SQL Server instance, as shown in Figure 1 and Figure 2. Configuration is described in
Knowledge Base article KB914277, How to configure SQL Server 2005 to allow remote
In the Surface Area Configuration for Services and Connections dialog box, you can see if any
HTTP or Service Broker endpoints are defined for the instance. New endpoints must be defined
by using DDL statements; SQL Server Surface Area Configuration cannot be used to define
these. You can use the Surface Area Configuration for Features tool to enable remote access to
the dedicated administrator connection.
SQL Server Configuration Manager provides more granular configuration of server protocols.
With Configuration Manager, you can:
• Choose a certificate for SSL encryption.
• Allow only encryption connections from clients.
• Hide an instance of SQL Server from the server enumeration APIs.
• Enable and disable TCP/IP, Shared Memory, Named Pipes, and VIA protocols.
• Configure the name of the pipe each instance of SQL Server will use.
• Configure a TCP/IP port number that each instance listens on for TCP/IP connections.
• Choose whether to use TCP/IP dynamic port assignment for named instances.
The dialog for configuring TCP/IP address properties such as port numbers and dynamic port
assignment is shown in Figure 2.
SQL Server 2005 can use an encrypted channel for two reasons: to encrypt credentials for SQL
logins, and to provide end-to-end encryption of entire sessions. Using encrypted sessions
requires using a client API that supports these. The OLE DB, ODBC, and ADO.NET clients all
support encrypted sessions; currently the Microsoft JDBC client does not. The other reason for
using SSL is to encrypt credentials during the login process for SQL logins when a password is
passed across the network. If an SSL certificate is installed in a SQL Server instance, that
certificate is used for credential encryption. If an SSL certificate is not installed, SQL Server 2005
can generate a self-signed certificate and use this certificate instead. Using the self-signed
certificate prevents passive man-in-the-middle attacks, in which the man-in-the-middle intercepts
network traffic, but does not provide mutual authentication. Using an SSL certificate with a trusted
root certificate authority prevents active man-in-the-middle attacks and provides mutual
authentication.
In SQL Server 2005, you can GRANT, REVOKE, or DENY permission to CONNECT to a specific
endpoint on a per-login basis. By default, all logins are GRANTed permission on the Shared
Memory, Named Pipes, TCP/IP, and VIA endpoints. You must specifically GRANT users
CONNECT permission to other endpoints; no users are GRANTed this privilege by default. An
example of granting this permission is:
Password Policy
Windows logins abide by the login policies of the underlying operating system. These policies can
be set using the Domain Security Policy or Local Security Policy administrator Control Panel
applets. Login policies fall into two categories: Password policies and Account Lockout policies.
Password policies include:
• Enforce Password History
• Minimum and Maximum Password Age
• Minimum Password Length
• Password Must Meet Complexity Requirements
• Passwords are Stored Using Reversible Encryption (Note: this setting does not apply to SQL
Server)
Account Lockout policies include:
• Account Lockout Threshold (Number of invalid logins before lockout)
• Account Lockout Duration (Amount of time locked out)
• Reset Lockout Counter After n Minutes
In SQL Server 2005, SQL logins can also go by the login policies of the underlying operating
system if the operating system supports it. The operating system must support the system call
NetValidatePasswordPolicy. Currently, the only operating system that supports this is Windows
Server 2003 and later versions. If you use SQL logins, run SQL Server 2005 on a Windows
Server 2003 or later operating system. CREATE LOGIN parameters determine whether the login
goes by the operating system policies. These parameters are:
• CHECK_POLICY
• CHECK_EXPIRATION
• MUST_CHANGE
CHECK_POLICY specifies that the SQL login must abide by the Windows login policies and
Account Lockout policies, with the exception of password expiration. This is because, if SQL
logins must go by the Windows password expiration policy, underlying applications must be
outfitted with a mechanism for password changing. Most applications currently do not provide a
way to change SQL login passwords. In SQL Server 2005, both SSMS and SQLCMD provide a
way to change SQL Server passwords for SQL logins. Consider outfitting your applications with a
password-changing mechanism as soon as possible. Having built-in password changing also
allows logins to be created with the MUST_CHANGE parameter; using this parameter requires
the user to change the password at the time of the first login. Administrators should be aware of
Administrator Privileges
SQL Server 2005 makes all permissions grantable and also makes grantable permissions more
granular than in previous versions. Privileges with elevated permissions now include:
• Members of the sysadmin server role.
• The sa built-in login, if it is enabled.
• Any login with CONTROL SERVER permission.
CONTROL SERVER permission is new in SQL Server 2005. Change your auditing procedures to
include any login with CONTROL SERVER permission.
SQL Server automatically grants the server's Administrators group (BUILTIN\administrators) the
sysadmin server role. When running SQL Server 2005 under Microsoft Windows Vista™, the
operating system does not recognize membership in the BUILTIN\Administrators group unless
the user has elevated themselves to a full administrator. In SP2, you can use SQL Server Surface
Area Configuration to enable a principal to act as administrator by selecting Add New
Administrator from the main window as shown in Figure 3.
Figure 3 Adding a new administrator in SP2 SQL Server Surface Area Configuration
Clicking on this link opens the SQL Server 2005 User Provisioning Tool for Vista as shown in
Figure 4. This tool can also be automatically invoked as the last step of an SQL Server 2005 SP2
installation.
Figure 4 The SQL Server 2005 User Provisioning Tool for Vista
Schemas
SQL Server 2005 introduces schemas to the database. A schema is simply a named container for
database objects. Each schema is a scope that fits into the hierarchy between database level and
object level, and each schema has a specific owner. The owner of a schema can be a user, a
database role, or an application role. The schema name takes the place of the owner name in the
SQL Server multi-part object naming scheme. In SQL Server 2000 and previous versions, a table
named Employee that was part of a database named Payroll and was owned by a user name
Bob would be payroll.bob.employee. In SQL Server 2005, the table would have to be part of a
schema. If payroll_app is the name of the SQL Server 2005 schema, the table name in
SQL Server 2005 is payroll.payroll_app.employee.
Schemas solve an administration problem that occurs when each database object is named after
the user who creates it. In SQL Server versions prior to 2005, if a user named Bob (who is not
dbo) creates a series of tables, the tables would be named after Bob. If Bob leaves the company
or changes job assignments, these tables would have to be manually transferred to another user.
If this transfer were not performed, a security problem could ensue. Because of this, prior to
SQL Server 2005, DBAs were unlikely to allow individual users to create database objects such
as tables. Each table would be created by someone acting as the special dbo user and would
have a user name of dbo. Because, in SQL Server 2005, schemas can be owned by roles,
special roles can be created to own schemas if needed—every database object need not be
owned by dbo. Not having every object owned by dbo makes for more granular object
management and makes it possible for users (or applications) that need to dynamically create
tables to do so without dbo permission.
Having schemas that are role-based does not mean that it’s a good practice to have every user
be a schema owner. Only users who need to create database objects should be permitted to do
so. The ability to create objects does not imply schema ownership; GRANTing Bob ALTER
SCHEMA permission in the payroll_app schema can be accomplished without making Bob a
schema owner. In addition, granting CREATE TABLE to a user does not allow that user to create
tables; the user must also have ALTER SCHEMA permission on some schema in order to have a
schema in which to create the table. Objects created in a schema are owned by the schema
owner by default, not by the creator of the object. This makes it possible for a user to create
tables in a known schema without the administrative problems that ensue when that user leaves
the company or switches job assignments.
Each user has a default schema. If an object is created or referenced in a SQL statement by
using a one-part name, SQL Server first looks in the user's default schema. If the object isn't
found there, SQL Server looks in the dbo schema. The user's default schema is assigned by
using the CREATE USER or ALTER USER DDL statements. If the default schema is specified,
the default is dbo. Using named schemas for like groups of database objects and assigning each
user's default schema to dbo is a way to mandate using two-part object names in SQL
statements. This is because objects that are not in the dbo schema will not be found when a one-
part object name is specified. Migrating groups of user objects out of the dbo schema is also a
Authorization
Authorization is the process of granting permissions on securables to users. At an operating
system level, securables might be files, directories, registry keys, or shared printers. In
SQL Server, securables are database objects. SQL Server principals include both instance-level
principals, such as Windows logins, Windows group logins, SQL Server logins, and server roles
and database-level principals, such as users, database roles, and application roles. Except for a
few objects that are instance-scoped, most database objects, such as tables, views, and
procedures are schema-scoped. This means that authorization is usually granted to database-
level principals.
In SQL Server, authorization is accomplished via Data Access Language (DAL) rather than DDL
or DML. In addition to the two DAL verbs, GRANT and REVOKE, mandated by the ISO-ANSI
standard, SQL Server also contains a DENY DAL verb. DENY differs from REVOKE when a user
is a member of more than one database principal. If a user Fred is a member of three database
roles A, B, and C and roles A and B are GRANTed permission to a securable, if the permission is
REVOKEd from role C, Fred still can access the securable. If the securable is DENYed to role C,
Fred cannot access the securable. This makes managing SQL Server similar to managing other
parts of the Windows family of operating systems.
SQL Server 2005 makes each securable available by using DAL statements and makes
permissions more granular than in previous versions. For example, in SQL Server 2000 and
earlier versions, certain functions were available only if a login was part of the sysadmin role.
Now sysadmin role permissions are defined in terms of GRANTs. Equivalent access to
securables can be achieved by GRANTing a login the CONTROL SERVER permission.
An example of better granularity is the ability to use SQL Server Profiler to trace events in a
particular database. In SQL Server 2000, this ability was limited to the special dbo user. The new
granular permissions are also arranged in a hierarchy; some permissions imply other
permissions. For example, CONTROL permission on a database object type implies ALTER
permission on that object as well as all other object-level permissions. SQL Server 2005 also
introduces the concept of granting permissions on all of the objects in a schema. ALTER
permission on a SCHEMA includes the ability to CREATE, ALTER, or DROP objects in that
SCHEMA. The DAL statement that grants access to all securables in the payroll schema is:
The advantage of granting permissions at the schema level is that the user automatically has
permissions on all new objects created in the schema; explicit grant after object creation is not
needed. For more information on the permission hierarchy, see the Permission Hierarchy section
of SQL Server Books Online.
A best practice for authorization is to encapsulate access through modules such as stored
procedures and user-defined functions. Hiding access behind procedural code means that users
can only access objects in the way the developer and database administrator (DBA) intend;
Catalog Security
Information about databases, tables, and other database objects is kept in the system catalog.
The system metadata exists in tables in the master database and in user databases. These
metadata tables are exposed through metadata views. In SQL Server 2000, the system catalog
was publicly readable and, the instance could be configured to make the system tables writeable
as well. In SQL Server 2005, the system metadata tables are read-only and their structure has
changed considerably. The only way that the system metadata tables are readable at all is in
single-user mode. Also in SQL Server 2005, the system metadata views were refactored and
made part of a special schema, the sys schema. So as not to break existing applications, a set of
compatibility metadata views are exposed. The compatibility views may be removed in a future
release of SQL Server.
SQL Server 2005 makes all metadata views secured by default. This includes:
EXECUTE AS can also be used to set the execution context within an SQL batch. In this form,
the SQL batch contains an EXECUTE AS USER='someuser' or EXECUTE AS
LOGIN='somelogin' statement. This alternate execution context lasts until the REVERT statement
is encountered. EXECUTE AS and REVERT blocks can also be nested; REVERT reverts one
level of execution context. As with EXECUTE AS and procedural code, the user changing the
execution context must have IMPERSONATE permission on the user or login being
impersonated. EXECUTE AS in SQL batches should be used as a replacement for the SETUSER
statement, which is much less flexible.
If the execution context is set but should not be reverted without permission, you can use
EXECUTE AS ... WITH COOKIE or EXECUTE AS ... WITH NO REVERT. When WITH COOKIE
is specified, a binary cookie is returned to the caller of EXECUTE AS and the cookie must be
supplied in order to REVERT back to the original context.
When a procedure or batch uses an alternate execution context, the system functions normally
used for auditing, such as SUSER_NAME(), return the name of the impersonated user rather
than the name of the original user or original login. A new system function, ORIGINAL_LOGIN(),
can be used to obtain the original login, regardless of the number of levels of impersonation used.
Best practices for execution context
• Set execution context on modules explicitly rather than letting it default.
• Use EXECUTE AS instead of SETUSER.
• Use WITH NO REVERT/COOKIE instead of Application Roles.
• Consider using code signing of procedural code if a single granular additional privilege is
required for the procedure.
Encryption
SQL Server 2005 has built-in data encryption. The data encryption exists at a cell level and is
accomplished by means of built-in system procedures. Encrypting data requires secure
encryption keys and key management. A key management hierarchy is built into
SQL Server 2005. Each instance of SQL Server has a built-in service master key that is
generated at installation; specifically, the first time that SQL Server is started after installation.
The service master key is encrypted by using both the SQL Server Service account key and also
the machine key. Both encryptions use the DPAPI (Data Protection API). A database
administrator can define a database master key by using the following DDL.
This key is actually encrypted and stored twice by default. Encryption that uses a password and
storage in the database is required. Encryption that uses the service master key and storage in
the master database is optional; it is useful to be able to automatically open the database master
Auditing
SQL Server 2005 supports login auditing, trigger-based auditing, and event auditing by using a
built-in trace facility. Password policy compliance is automatically enforceable through policy in
SQL Server 2005 for both Windows logins and SQL logins. Login auditing is available by using an
instance-level configuration parameter. Auditing failed logins is the default, but you can specify to
audit all logins. Although auditing all logins increases overhead, you may be able to deduce
patterns of multiple failed logins followed by a successful login, and use this information to detect
a possible login security breech. Auditing is provided on a wide variety of events including Add
Database User, Add Login, DBCC events, Change Password, GDR events (Grant/Deny/Revoke
events), and Server Principal Impersonation events. SQL Server 2005 SP2 also supports login
triggers.
SQL Server 2005 introduces auditing based on DDL triggers and event notifications. You can use
DDL triggers not only to record the occurrence of DDL, but also to roll back DDL statements as
part of the trigger processing. Because a DDL trigger executes synchronously (the DDL does not
complete until the trigger is finished), DDL triggers can potentially slow down DDL, depending on
the content and volume of the code. Event notifications can be used to record DDL usage
information asynchronously. An event notification is a database object that uses Service Broker to
send messages to the destination (Service Broker-based) service of your choosing. DDL cannot
be rolled back by using event notifications.
Because the surface area of SQL Server 2005 is larger than previous versions, more auditing
events are available in SQL Server 2005 than in previous versions. To audit security events, use
event-based auditing, specifically the events in the security audit event category (listed in SQL
Server Books Online). Event-based auditing can be trace-based, or event notifications-based.
Trace-based event auditing is easier to configure, but may result in a large event logs, if many
events are traced. On the other hand, event notifications send queued messages to Service
Broker queues that are in-database objects. Trace-based event auditing cannot trace all events;
SQL Server can be configured to support auditing that is compliant with C2 certification under the
Trusted Database Interpretation (TDI) of the Trusted Computer System Evaluation Criteria
(TCSEC) of the United States National Security Agency. This is known as C2 auditing.
C2 auditing is configured on an instance level by using the C2 audit mode configuration option in
sp_configure.
When C2 auditing is enabled, data is saved in a log file in the Data subdirectory in the directory in
which SQL Server is installed. The initial log file size for C2 auditing is 200 megabytes. When this
file is full, another 200 megabytes is allocated. If the volume on which the log file is stored runs
out of space, SQL Server shuts down until sufficient space is available or until the system is
manually started without auditing. Ensure that there is sufficient space available before enabling
C2 auditing and put a procedure in place for archiving the log files.
SQL Server 2005 SP2 allows configuring an option that provides three elements required for
Common Criteria compliance. The Common Criteria represents the outcome of efforts to develop
criteria for evaluation of IT security that are widely useful within the international community. It
stems from a number of source criteria: the existing European, US, and Canadian criteria (ITSEC,
TCSEC, and CTCPEC respectively). The Common Criteria resolves the conceptual and technical
differences between the source criteria. The three Common Criteria elements that can be
configured by using an instance configuration option are:
• Residual Information Protection, which overwrites memory with a known bit pattern before it
is reallocated to a new resource.
• The ability to view login statistics.
• A column-level GRANT does not override table-level DENY.
You can configure an instance to provide these three elements for Common Criteria compliance
by setting the configuration option common criteria compliance enabled as shown in the
following code.
If you are new to SQL Server you should review each of these topics, so you are aware of the
available options and what steps you will need to take in order to recover your data if ever there is
the need.
You can either use the outline on the left or click on the arrows to the right or below to scroll
through each of these topics.
SQL Server Recovery Models
(SET RECOVERY)
Overview
One of the first things that needs to be set in order to create the correct backups is to set the
proper recovery model for each database. The recovery model basically tells SQL Server what
data to keep in the transaction log file and for how long. Based on the recovery model that is
selected, this will also determine what types of backups you can perform and also what types of
database restores can be performed.
Explanation
The three types of recovery models that you can choose from are:
• Full
• Simple
• Bulk-Logged
Each database can have only one recovery model, but each of your databases can use a
different recovery model, so depending on the processing and the backup needs you can select
Type of backups you can run when the data is in the "Full" recovery model:
• Complete backups
Type of backups you can run when the data is in the "Simple" recovery model:
• Complete backups
• Differential backups
• File and/or Filegroup backups
• Partial backups
• Copy-Only backups
• Data is critical, but you do not want to log large bulk operations
• Bulk operations are done at different times versus normal processing.
• You still want to be able to recover to a point in time
Type of backups you can run when the data is in the "Simple" recovery model:
• Complete backups
• Differential backups
• File and/or Filegroup backups
• Partial backups
• Copy-Only backups
• Transaction log backups
• Full backups
• Differential backups
• File backups
• File group backups
• Partial backups
• Copy-Only backups
• Mirror backups
• Transaction log backups
Create a transaction log backup of the AdventureWorks database to one disk file
T-SQL
• BACKUP DATABASE
• BACKUP LOG
These commands also have various options that you can use to create full, differential, file,
transaction log backups, etc... as well as other options to specify how the backup command
should function and any other data to store with the backups.
• T-SQL commands
• Using SQL Server Management Studio
• Creating maintenance plans and
• Using third party backup tools
• BACKUP DATABASE
• BACKUP LOG
• Click on "Add..." to add the location and the name of the backup file
• Click "OK" to close this screen
ColumnName Value
BackupName NULL
BackupDescription NULL
BackupType 1
ExpirationDate NULL
Compressed 0
Position 1
DeviceType 2
UserName TESTServer1\DBA
ServerName TESTServer1
DatabaseName AdventureWorks
DatabaseVersion 611
DatabaseCreationDate 10/22/08 13:48
BackupSize 177324544
FirstLSN 414000000754800000
LastLSN 414000000758300000
CheckpointLSN 414000000754800000
DatabaseBackupLSN 0
BackupStartDate 3/19/09 12:02
BackupFinishDate 3/19/09 12:02
ColumnName Value
MediaName NULL
MediaSetId 8825ADE0-2C83-45BD-994C-7469A5DFF124
FamilyCount 1
FamilySequenceNumber 1
MediaFamilyId 8A6648F8-0000-0000-0000-000000000000
MediaSequenceNumber 1
MediaLabelPresent 0
MediaDescription NULL
SoftwareName Microsoft SQL Server
SoftwareVendorId 4608
MediaDate 02:37.0
MirrorCount 1
SQL Server RESTORE FILELISTONLY
(RESTORE FILELISTONLY)
Overview
The RESTORE FILELISTONLY option allows you to see a list of the files that were backed up.
So for example if you have a full backup you will see all of the data files (mdf) and the log file (ldf).
Explanation
This information can only be returned using T-SQL there is not a way to get this information from
SQL Server Management Studio. Although if you do a restore and select options, you will see
some of this information in SSMS.
The RESTORE FILELISTONLY option can be simply issued as follows for a backup that exists
on disk. If there are multiple backups in one file and you do not specify "WITH FILE = X" you will
only get information for the first backup in the file. To get the FILE number use RESTORE
HEADERONLY and use the "Position" column.
T-SQL
Restore a full backup
This will restore the database using the specified file. If the database already exists it will
overwrite the files. If the database does not exist it will create the database and restore the files to
same location specified in the backup. The original location can be checked by using RESTORE
FILELISTONLY.
T-SQL
Restore a transaction log backup
To restore a transaction log backup the database need to be in a restoring state. This means that
you would have to restore a full backup and possibly a differential backup as well.
T-SQL
Check a backup file on disk
The following command will check the backup file and return a message of whether the file is
valid or not. If it is not valid, this means the file is not going to be useable for a restore and a new
backup should be taken. One thing to note is that if there are multiple backups in a file, this only
checks the first file.
Overview
In addition to the commands that we already discussed there are also many other options that
can be used along with these commands.
In this section we will look at these various options that can be included using the WITH option for
these various commands.
RECOVERY
NORECOVERY
STATS
REPLACE
MOVE
STOPAT
T-SQL
Restore full backup WITH RECOVERY
As mentioned above this option is the default, but you can specify as follows.
T-SQL
Restore a full database with default stats setting
The following will show the percentage complete after each 10% segment.
T-SQL
Restore full backup using WITH REPLACE
The command below will restore the database and disregard any active data in the current
transaction log.
T-SQL
Determine contents of backup
So the first thing you need to do is determine the logical names and the physical location of the
files. This can be done by using the RESTORE FILELISTONLY command. This will give you the
logical and physical names.
Here is an example:
Type D L
Restore full backup WITH MOVE
So let's say we want to restore this database, but we want to put the data file in the "G:\SQLData"
folder and the transaction log file in the "H:\SQLLog" folder. The command would be like the
following:
Overview
The RESTORE ... WITH STOPAT option allows you to restore your database to a point in time.
This gives you the ability to restore a database prior to an event that occurred that was
detrimental to your database. In order for this option to work, the database needs to be either in
the FULL or Bulk-Logged recovery model and you need to be doing transaction log backups.
Explanation
When data is written to your database it is first written to the transaction log and then to the data
file after the transaction is complete. When you restore your transaction log, SQL Server will
replay all transactions that are in the transaction log and roll forward or roll back transactions that
it needs to prior to putting the database in a useable state.
T-SQL
Restore database with STOPAT
This will restore the AdventureWorks database to at point in time equal to "March 23, 2009 at
5:31PM".
Well, when perform Tail Log backup it allows you to recover as much as possible data, you can
say it as poin-in-minute recovery and if Tail Log backup is not allowed you can recover your
OR
That means you are not allowed to take tail log backup and hence you can recover your
database upto your lat t-log backup.
Tail Log Backup is the log backup taken after data corruption (Disaster). Though there is
file corruption we can try to take log backup (Tail Log Backup). This will be used during
point in time recovery.
Consider a scenario where in we have full backup of 12:00 noon one Transactional log
backup at 1:00 PM. The log backup is scheduled to run for every 1 hr.
If disaster happens at 1:30 PM then we can try to take tail log backup at 1:30 (after
disaster). If we can take tail log backup then
In recovery first restore full backup of 12:00 noon then 1:00 PM log backup recovery and
then last tail backup of 1:30 (After Disaster).
SQLSERVER AGENT:
LOGSHIPPING:
In a perfect world we wouldn't need standby servers for our SQL Servers. Our hardware would
never fail, NT Server 4.0 or Windows 2000 would never blue screen, SQL Server would never
stop running, and our applications would never balk.
In a partially perfect work, we could afford very expensive clustered SQL Servers that
automatically failover our wounded and dead production SQL Servers, reducing our stress and
keeping our users very happy.
But for most of us, the closest thing we can afford to implement when it comes to SQL Server
failover are standby servers that we have to manually fail over. And even some of us can't afford
this. But for this article, I am going to assume that you can afford a standby server.
The concept of standby servers is not a new one. It has been around a long time and been used
by many DBAs. Traditionally, using a standby server for failover has involved manually making
database and log backups on the production server and then restoring them to the standby server
on a regular basis. This way, should the production server fail, then users could access the
standby server instead, and downtime and data loss would be minimized.
This article is about log shipping, a refined variation of the traditional manual standby failover
server process. Its two major benefits over the traditional methods are that it automates most of
the manual work and helps to reduce potential data loss even more.
While I have already talked about some of the benefits of log shipping, let's take a more
comprehensive look:
Log shipping doesn't require expensive hardware or software. While it is great if your standby
server is similar in capacity to your production server, it is not a requirement. In addition, you can
use the standby server for other tasks, helping to justify the cost of the standby server. Just keep
in mind that if you do need to fail over, that this server will have to handle not one, but two loads. I
like to make my standby server a development server. This way, I keep my developers off the
production server, but don't put too much work load on the standby server.
The manual failover process is generally very short, typically 15 minutes or less.
Depending on how you have designed your log shipping process, very little, if any, data is lost
should you have to failover. The amount of data loss, if any, is also dependent on why your
production server failed.
Implementing log shipping is not technically difficult. Almost any DBA with several months or
more of SQL Server 7 experience can successfully implement it.
Let's face it, log shipping is a compromise. It is not the ideal solution, but it is often a practical
solution given real-world budget constraints. Some of the problems with log shipping include:
Log shipping failover is not automatic. The DBA must still manually failover the server, which
means the DBA must be present when the failover occurs.
The users will experience some downtime. How long depends on how well you implemented log
shipping, the nature of the production server failure, your network, the standby server, and the
application or applications to be failed over.
Some data can be lost, although not always. How much data is lost depends on how often you
schedule log shipping and whether or not the transaction log on the failed production server is
recoverable.
The database or databases that are being failed over to the standby server cannot be used for
anything else. But databases on the standby server not being used for failover can still be used
normally.
When it comes time for the actual failover, you must do one of two things to make your
applications work: either rename the standby server the same name as the failed production
server (and the IP address), or re-point your user's applications to the new standby server. In
some cases, neither of these options is practical.
Before we get into the details of how to implement log shipping, let's take a look at the big picture.
Essentially, here's what you need to do in order to implement log shipping:
Ensure you have the necessary hardware and software properly prepared to implement log
shipping.
Synchronize the SQL Server login IDs between the production and standby servers.
Create two backup devices. One will be used for your database backups and the other will be
used for your transaction log backups.
On the standby servers, create two stored procedures. One stored procedure will be used to
restore the database. The other stored procedure will be used to restore transaction logs.
On the production server, create two SQL Server jobs that will be used to perform the database
and transaction log backups. Each job will include multiple steps with scripts that will perform the
backups, copy the files from the production server to the standby server, and fire the remote
stored procedures used to restore the database and log files.
Obviously I have left out a lot of details, but at least now you know where we are headed.
To make my explanations easier to understand in this article, all my examples assume you will be
failing over only one database from the production server to the standby server. In the real world
you will probably want to failover more than just one. Once you have implemented log shipping
for one database, it should be obvious how to implement others. Generally, I just add additional
databases to my already existing scripts and jobs. But if you prefer, you can create separate
scripts and jobs for each database you want to failover using log shipping.
As you read the details of how I implement log shipping below, you may think of other ways to
accomplish the same steps
The hardware and software requirements for log shipping are not difficult. The hardware for the
production and the standby server should be as similar as you can afford. If your production
server only handles a couple of dozen simultaneous users, then you probably don't need to
spend a small fortune on making the standby server just like the production server.
On the other hand, if your production server handles 500 simultaneous users, or has multi-
gigabyte database, then you may want to make your standby server as similar to the production
server as you can afford.
As far as software is concerned, I just try to ensure than I have NT Server and SQL Server at the
same level of service packs. In addition, the two servers must have SQL Server 7 configured
similarly. For example, the code page/character set, sort order, Unicode collation, and the local all
must be the same on both servers.
In order to help reduce any potential data loss during server failover from the production server to
the standby server, your production server should have its transaction logs stored on a separate
physical drive array than the database files. While this will boost your server's performance, the
main reason for this is to help reduce data loss.
For example, if the drive array with your database files on it goes down, then hopefully the drive
array with the log files will be OK. If this is the case, then you should be able to recover the
transaction log and move it to the standby server, significantly reducing any data loss. But if the
transaction logs are on the same drive array as the database files, and the drive array fails, then
you have lost any data entered into the system since the last log file was shipped to the standby
server.
• Primary Database Server: Primary Sever is the Main Database Server or SQL Server
Database Engine, which is being accessed by the application. Primary Server contains
the Primary Database or Master Database.
• Must have at least two Database Servers or two SQL Server 2005 Database Engines.
• Configuration user should have Admin privilege on that server
• SQL Server Agent Service Configured properly
• Configuration mode of Primary database should be a Full or Bulk Logged recovery
model.
• Shared folder for copying the transaction logs.
1. log_shipping_monitor_alert
2. log_shipping_monitor_error_detail
3. log_shipping_monitor_history_detail
4. log_shipping_monitor_primary
5. log_shipping_monitor_secondary
6. log_shipping_primaries
7. log_shipping_primary_databases
8. log_shipping_primary_secondaries
9. log_shipping_secondaries
10. log_shipping_secondary
11. log_shipping_secondary_databases
MIRRORING:
SQL Server 2005 provides a set of high availability methods that the users can use to achieve
fault tolerance and to prevent server outages and data loss. The selection of the high availability
method depends on various factors. Some DBAs need the servers to be available 24/7, while
others can afford an outage of a couple of hours. Cost also plays a role in the selection. For
example, Clustering is an expensive high availability method when compared to Database
Mirroring, but it allows the user to failover immediately.
The following high availability features are available with the Enterprise edition:
• Failover Clustering
• Multiple Instances(up to 50)
• Log shipping
• Database Snapshots
• Database Mirroring
The following high availability features are available with Standard Edition:
In this article, we will be discussing about Database Mirroring high availability method.
Database Mirroring is a primarily software solution for increasing database availability. Mirroring
is implemented on a per-database basis. Mirroring works only with full recovery model. Database
mirroring is available in the Enterprise edition and in the Standard edition. The user can mirror
only the user databases.
Mirroring allows the user to create an exact copy of a database on a different server. The
mirrored database must reside on different instance of SQL Server Database engine. Microsoft
fully supports database mirroring with SQL Server 2005 SP1 onwards. For the RTM release (prior
to SP1), Microsoft support services will not support databases or applications that use database
mirroring. The database mirroring feature should not be used in production environments. Prior to
SP1, database mirroring is disabled by default, but can be enabled for evaluation purposes by
using trace flag 1400. The following T-SQL statement can be used to achieve this:
Database Mirroring is only available in the Standard, Developer and Enterprise editions of SQL
Server 2005. These are the required versions for both the principal and mirror instances of SQL
Server. The witness server can run on any version of SQL Server. In addition, there are some
other features only available in the Developer and Enterprise editions of SQL Server, but the
base functionality exists in the Standard edition.
1. Implementing database mirroring is relatively easy. It does not require any additional hardware
in terms of clustering support. So it proves to be a cheaper implementation instead of clustering a
database.
2. Database mirroring provides complete or nearly complete redundancy of the data, depending
on the operating modes.
Principal: The principal server is the primary database. This acts as a starting point in a
database mirroring session. Every transaction that is applied to the principal database will be
transferred to the mirrored database.
Mirror: Mirror is the database that will receive the copies from the principal server. There should
be consistent connection between the mirrored and the principal server.
Standby Server: In the process of database mirroring, a standby server is maintained. This is not
accessible to the users. In case of the principal server failing; the users can easily switch over.
Modes of Database Mirroring: Database Mirroring can work in two ways: synchronous or
asynchronous
A) Synchronous mode: This is also called as high safety mode. In this mode, every transaction
applied to the principal will also be committed on the mirror server. The transaction on the
principal will be released only when it is also committed on the mirror. Once it receives an
When the partners are connected (Principal and Mirror) and the database is already
synchronized, manual failover is supported. If the mirror server instance goes down, the principal
server instance is unaffected and runs exposed (that is without mirroring the data). If the principal
server is lost, the mirror is suspended, but service can be manually forced to the mirror server
(with possible data loss).
Automatic failover provides high availability by ensuring that the database is still served after the
loss of one server. Automatic failover requires that the session possess a third server instance,
the witness, which ideally resides on a third computer. The above figure shows the configuration
of a high-safety mode session that supports automatic failover.
B) Asynchronous mode: This is also known as the high performance mode. Here performance
is achieved at the cost of availability. In this mode, the principal server sends log information to
the mirror server, without waiting waiting for an acknowledgement from the mirror server.
Transactions on the principal server commit without waiting for the mirror server to commit to the
log file. The following figure shows the configuration of a session using high-performance mode.
This mode allows the principal server to run with minimum transactional latency and does not
allow the user to use automatic failover. Forced service is one of the possible responses to the
failure of the principal server. It uses the mirror server as a warm standby server. Because data
loss is possible, one should consider other alternatives before forcing service to the mirror.
Types of Mirroring:
To provide flexibility when dealing with different requirements, SQL Server 2005 offers three
operating modes, which are determined by presence of the witness and transaction safety level,
configurable on per mirroring session basis. The safety level can be turned either on or off. With
the safety level set to ON, committed transactions are guaranteed to be synchronized between
mirrored partners, with the safety turned OFF, synchronization is performed on a continuous
basis, but without assurance of full consistency between transaction logs of both databases.
High availability operating mode: synchronous with a witness (with transaction safety set to
ON) - In this case, transactions written to the transaction log of the database on the principal are
automatically transferred to the transaction log of its mirrored copy. The principal waits for the
confirmation of each successful write from its mirror before committing the corresponding
transaction locally, which guarantees consistency between the two (following the initial
synchronization). This type of synchronous operation is the primary prerequisite for the automatic
failover - the other is the presence and proper functioning of the witness server (which means that
only the synchronous mode with a witness offers such capability). Additionally, availability of the
witness also impacts operations in cases when the mirror server fails. In such a scenario, if the
principal can still communicate with the witness, it will continue running (once the witness detects
that the mirror is back online, it will automatically trigger its resynchronization), otherwise (if both
mirror and witness are not reachable from the principal), the mirrored database is placed in the
OFFLINE mode.
High protection operating mode: synchronous without a witness (with transaction safety set to
ON) - uses the same synchronization mechanism as the first mode, however, the lack of the
witness precludes automatic failover capability. The owner of the database can perform manual
failover as long as the principal is present, by running ALTER DATABASE statement with SET
PARTNER FAILOVER option from the principal). Alternately, the owner can force the service to
the mirror the database by running the ALTER DATABASE statement with the SET PARTNER
FORCE_SERVICE_ALLOW_DATA_LOSS option from the mirror, with potential data loss (if
databases are not in synchronized state). Unavailability of the mirror (due to server or network
link failure) causes the primary to place the mirrored database in OFFLINE mode (in order to
prevent the possibility of having two mirroring partners operating simultaneously as principals).
High performance operating mode: asynchronous without a witness (with transaction safety set
to OFF) - In this case, a transaction is committed on the principal before it is sent to its partner,
which means that it is not uncommon for the source database and its mirror to be out of synch.
However, since the process of transferring transaction log entries to the mirror is continuous, the
difference is minor. In the case of principle failure, the database owner can force service to the
mirror database, resulting in the former mirror taking on the role of the principal. Forcing the
service can result in data loss (encompassing all transaction log entries that constituted the
difference between the mirror and the principal at the time of its failure), so it should be used only
if such impact can be tolerated. Another choice when dealing with the principal failure in this
mode (which reduces possibility of data loss) is terminating the mirroring session and recovering
the database on the principal. Unlike in the synchronous mode with a witness, unavailability of the
mirror leaves the principal operational.
Note:
Mirroring with a Witness Server allows for High Availability and automatic fail over.
You can configure your DSN string to have both mirrored servers in it so that when they
switch you notice nothing.
Mirroring with SQL Server 2005 standard edition is not good for load balancing
Steps in Mirroring:
In this tutorial you will learn about Mirror Server in SQL Server 2005 - Preparing the Principal and
Mirror Server, Establishing a Mirroring Session, Establishing a Witness Server, Executing
Transactions, Simulating Principal Server Failure, Restarting the Failed Server, Terminating the
Mirror Session and Configuring Database Mirroring.
Database mirroring is easy to set up and can be made self monitoring for automatic failover in the
event of the principal server being unavailable. The first step is to configure the relationship
between the principal server and the mirror server. This can be a synchronous mirroring with a
witness server that provides the highest availability of the database. A drawback in this type of
configuration is the need to log transactions on the mirror before such transactions being
committed to the principal server may retard performance. Asynchronous mirroring with a witness
server provides high availability and good performance. Transactions are committed to the
principal server immediately. This configuration is useful when there is latency or distance
between the principal server and the mirror. The third type of mirroring configuration is the
Synchronous mirroring without the witness server. This guarantees that data on both servers is
always concurrent and data integrity is of a very high order. However, automatic failover cannot
occur as there are not enough servers to form a quorum decision on which server is to take the
role of the principal server and which should be the mirror server.
Database mirroring is done within a mirror session. A mirror session maintains information about
the state of the databases, the mirroring partners and the witness server. The mirror server
identifies the most recent transaction log record that has been applied to the mirror database and
requests for subsequent transaction log records from the principal server. This phase is called the
synchronizing phase.
The mirror session maintains information about the state of any witness servers. It ensures that
the witness server is visible both to the principal and the mirror servers.
A witness server is a must where the DBA wants to implement automatic failover and the
configuration must be in the synchronous operating mode. The witness server is usually on a
different computer from the principal and the mirror servers. However, one server can act as a
witness for multiple mirror partnerships.
The ALTER Database command with the SET WITNESS clause is used on the principal server to
create a witness server. The Witness server address is specified and the endpoint port is defined
to act as the witness for the server_network_address parameter.
A witness server can be disabled. However, the mirroring session will continue even when the
witness server is disabled. Automatic failover will no longer be possible.
Executing Transactions:
The ALTER DATABASE command has to be run on the mirror server specifying the principal
server endpoint address and then the same has to be done on the principal server so that
synchronization can commence. The operating mode has to then be selected. By default the
operating mode is synchronous. This can be changed by running the ALTER DATABASE
command with SET PARTNER SAFETY clause on either partner server. The saftety_mode
parameter can be either OFF or FULL. The mirror partnership information can be viewed by
running a query on sys.databases catalog view.
If the transaction safety is set to full, the principal and mirror servers operate on synchronous
transfer mode. The transaction logs are hardened in the principal server and transmitted to the
mirror and then the principal waits for the mirror to harden its logs and send its response. When
the safety is OFF the principal does not wait for the acknowledgement of the mirror. In this
instance the principal and the mirror may not be synchronized at all times.
Synchronous transfer guarantees that the mirror is a faithful image of the principal database
transaction log
A principal server failure can be simulated in test scenarios to ensure that failover is smooth.
Failover implies that the mirror server takes over as the principal server and the mirror database
will have to act as the principal database. The failover can be manual, automatic or forced.
Automatic failover occurs when the high availability operating mode is synchronous and the
safety is FULL and a witness is part of the session. Manual occurs in high availability and high
protection operating modes. Safety has to be full and the partner databases are synchronized.
Forced service is used primarily in the High Performance mode with safety off.
Simulating Principal Server failure can be done by manual intervention of the DBA in an orderly
way. The safety will have to be first set to FULL and the principal and the mirror databases
synchronized. Manual failover can be invoked by invoking the ALTER DATABASE command on
the principal server or by clicking the failover button in the Database Properties/Mirroring dialog in
the Management Studio. A manual failover causes current users to be disconnected and all
unfinished transactions to roll back. These transactions will then be recovered from the redo
queue. The mirror assumes the role of the principal server and the two servers will negotiate a
new starting point for mirroring based on their mirroring failover LNS.
If the principal server is no longer operating, and safety is OFF, forced service can be resorted to.
This service causes some data loss.
A failed server can be restarted and can be synchronized with the principal server or the mirror
server as the case may be. Any suspending of transactions causes the log on the principal server
to grow with the transactions being logged and stored. Once the mirror session is resumed, the
principal transaction log is synchronized and written on to the mirror database log.
A mirror session can be manually terminated and the relationship between the servers can be
ended. When a session is ended, all information about the session is removed from all servers
and leaves both the principal server and the independent server with an independent copy of the
database. The mirror server database will remain in the restoring state until it is manually
recovered or deleted.
Configuring a mirror server includes configuring the mirror server and the database.
The server designated as the mirror must be accessible and trusted by the principal database
server. Ideally both servers should belong to the same domain. The mirror server should also
have sufficient memory and processing power to act as the principal server in the event of
failover. It should be able to support users and applications without noticeable difference in the
quality of service.
The mirror database must be created manually. The file structure must match the principal
database file structure. Both databases must implement full recovery model. Once the mirror
database is created, the latest full database backup of the principal database must be applied to
the mirror using the RESTORE DATABASE command with the WITH NONRECOVERY clause.
The next step is to enable the communication mechanism through which the mirroring will take
place. This implies creation of endpoints on both servers. The endpoint controls the Transmission
Control Protocol (TCP) port on which the server listens for database mirroring messages. The
endpoint also defines the role that it must perform. A server needs to have only one configured
endpoint regardless of the number of mirroring sessions it participates in. However, each instance
requires a unique port on which to listen.
The next step is to establish a mirroring session. The process of establishing a mirroring session
has been discussed above. It involves creating a mirroring session using the ALTER DATABASE
command on the mirror server first and then on the principal server. The server_network_address
parameter will have to be specified. Then a partnership will have to be created on the mirror
server, the operating mode will have to be changed and so on.
To prepare for database mirroring, user has to perform three configuration steps:
Syntax:
]
[ , ] ROLE = { WITNESS | PARTNER | ALL }
)
Authentication= <authentication_options>
CERTIFICATE certificate_name
the user can also specify that the endpoint has to authenticate using a certificate. This can be
done by specifying the CERTIFICATE keyword and the name of the certificate. For certificate
based authentication, the endpoint must have the certificate with the matching public key
Encryption
Next, we will take a look at the encryption option. By default, database mirroring uses RC4
encryption.
Encryption options:
Option Description
DISABLED Specifies that data sent over a connection is not
encrypted.
SUPPORTED Specifies that the data is encrypted only if the
opposite endpoint specifies either SUPPORTED
or REQUIRED.
REQUIRED Specifies that connections to this endpoint must
use encryption. Therefore, to connect to this
endpoint, another endpoint must have
ENCRYPTION set to either SUPPORTED or
REQUIRED
Encryption Algorithm.
Option Description
RC4 Specifies that the endpoint must use the RC4
algorithm. This is the default.
AES Specifies that the endpoint must use the AES
algorithm.
AES RC4 Specifies that the two endpoints will negotiate for
an encryption algorithm with this endpoint giving
preference to the AES algorithm.
RC4 AES Specifies that the two endpoints will negotiate for
an encryption algorithm with this endpoint giving
preference to the RC4 algorithm.
RC4 is a relatively weak algorithm, and AES is a relatively strong algorithm. But AES is
considerably slower than RC4. If security is a higher priority than speed, then AES is
recommended.
Role:
We have to specify the endpoint’s role in the Database mirroring option. Role can be Partner,
Witness or All. Using the ALL keyword as the role specifies that the mirroring endpoint can be
used for witness as well as for a partner in the database mirroring scenario.
We will take Adventure Works as the sample database. This database has simple recovery model
by default. To use database mirroring with this database, we must alter it to use the full recovery
model.
USE master;
GO
ALTER DATABASE Adventure Works
SET RECOVERY FULL;
GO
We have two server instances which act as partners (Principal and Mirror) and one server
instance which acts as witness. These three instances are located on different computers. The
three server instances run the same Windows domain, but the user account is different for the
example's witness server instance.
4. Create the mirror database. Refer step 2 in the “Preparing for Mirroring” block.
Where,
< system-address> is a string that unambiguously identifies the destination computer system.
Typically, the server address is a system name (if the systems are in the same domain), a fully
qualified domain name, or an IP address.
< Port> is the port number used by the mirroring endpoint of the partner server instance.
A database mirroring endpoint can use any available port on the computer system. Each port
number on a computer system must be associated with only one endpoint, and each endpoint is
associated with a single server instance; thus, different server instances on the same server
listen on different endpoints with different ports. In the server network address of a server
instance, only the number of the port associated with its mirroring endpoint distinguishes that
instance from any other instances on the computer.
Example:
Switching Roles:
When the principal server fails, we have to switch roles over to the mirror and from then on
specify that the mirror should become the principal database. This concept is called role
switching. The three options for role switching are:
1. Automatic failover: - When the witness server is present in the database mirroring session,
automatic failover will occur when the principal database becomes unavailable and
when the witness server confirms this. During the automatic failover, the mirror will be
automatically promoted to principal, and whenever the principal comes back on, it will
automatically take the role of mirror.
2. Manual Failover: - The user can perform manual failover only if both the principal and mirror
are alive and in synchronized status. DBAs use this operation most frequently to perform
maintenance tasks on the principal. The failover is initiated from the principal and later the roles
are reverted after the database maintenance job is done.
The statement used to switch database roles (manual failover) is shown below:
3. Forced Service: - When the witness server is not used and if the principal database goes down
unexpectedly, then the user has to initiate manual failover to the mirror. In asynchronous mode of
operation, user does not have any idea whether the transaction that have got committed on the
principal have made it to the mirror or not. In this scenario, when the user wants to switch roles,
there is possibility of losing data.
REPLICATION:
REPLICATION
IT IS THE ACT OF COPYING OR REPLICATING DATA FROM ONE TABLE OR DATABASE TO
ANOTHER TABLE OR DATABASE.
WHEN SQL SERVER REPLICATION TECHNOLOGY IS USED THE TASK OF COPYING AND
DISTRIBUTING DATA IS AUTOMATED.
REPLICATION COMPONENTS
1. PUBLISHERS:
A PUBLISHER CONSISTS OF A MICROSOFT WINDOWS HOSTING SQL SERVER
DATABASE. THIS DATABASE PROVIDES DATA TO BE REPLICATED TO OTHER SYSTEMS.
PUBLISHER ALSO MAINTAINS INFORMATION ABOUT WHICH DATA IS CONFIGURED FOR
REPLICATION.A REPLICATED ENVIRONMENT CAN HAVE MULTIPLE DESTINATIONS
WHERE REPLICATION IS DONE, BUT ANY GIVEN SET OF DATA IS CONFIGURED FOR
RELICATION CAN HAVE OMLY ONE PUBLISHER.
HAVING ONLY ONE PUBLISHER FOR A PARTICULAR SET OF DATA DOES NOT MEAN
THAT THE PUBLISHER IS THE ONLY COMPONENT THAT CAN MODIFY THE DATA, THE
DESTINATION LOCATION CAN ALSO MODIFY AND EVEN REPUBLISH DATA
2. DISTRIBUTERS:
IN ADDITION TO CONTAINING THE DISTRIBUTION DATABASE, SERVERS ACTING AS
DISTRIBUTORS STORE METADATA, HISTORY DATA, AND OTHER INFO.IN MANY CASES
DISTRIBUTOR ALSO RESPONSIBLE FOR DISTRIBUTING THE REPLICATION DATA TO
DESTINATIONS. PUBLISHER AND DISTRIBUTOR NOT REQUIRED TO BE ON SAME
SERVER.
3. SUBSCRIBERS:
THESE ARE THE DATABASE SERVERS THAT STORE THE REPLICATED DATA AND
RECEIVE UPDATES. SUBSCRIBERS CAN ALSO MAKE UPDATES AND SERVE AS
PUBLISHERS TO OTHER SYSTEMS.
META DATA:
TYPES OF REPLICATION
1. SNAPSHOT REPLICATION
2. TRANSACTIONAL REPLICATION
3. MERGE REPLICATION
REPLICATION DATA
1. ARTICLES
2. PUBLICATIONS
REPLIATION AGENTS
1. SNAPSHOT AGENT
2. LOG READER AGENT
3. DISTRIBUTION AGENT
4. MERGE AGENT
5. QUEUE READER AGENT
REPLICATION COMPONENTS:
PUBLISHERS
HAVING ONLY ONE PUBLISHER FOR A PARTICULAR SET OF DATA DOES NOT MEAN
THAT THE PUBLISHER IS THE ONLY COMPONENT THAT CAN MODIFY THE DATA, THE
DESTINATION LOCATION CAN ALSO MODIFY AND EVEN REPUBLISH DATA
DISTRIBUTOR
META DATA
SUBSCRIBERS
THESE ARE THE DATABASE SERVERS THAT STORE THE REPLICATED DATA AND
RECEIVE UPDATES.
TYPES OF REPLICATION
SNAPSHOT REPLICATION
TRANSACTIONAL REPLICATION
USING THIS WE CAN KEEP BOTH PUBLISHER AND SUBSCRIBER IN THE SAME STATE.
MERGE REPLICATION
PUBLICATION
PUSH SUBSCRIPTIONS
PULL SUBSCRIPTIONS
ARE NOT ALWAYS CONNECTED TO THE NETWORK CAN PERIODICALLY CONNECT AND
REQUEST REPLICATION DATA.
THIS CAN BE USEFUL IN REDUCING THE NUBER OF CONNECTION ERRORS REPORTED
ON THE SUBSCRIBERS INITIATE PULL SUBSCRIPTIONS, THESE DISTRIBUTORS.
IF DISTRIBUTOR TRIES TO INITIATE REPLICATION TOA SUBSCRIBER THAT DOES NOT
RESPOND, AN ERROR WILL BE REPORTED.
THUS IF THE REPLICATION IS INITIATED ON SUBSCRIBER ONLY WHEN IT IS ATTACHED,
NO ERRORS WILL BE REPORTED.
REPLICATION AGENTS
SNAPSHOT AGENT
IS USED FOR CREATING AND PROPOGATING THE SNAPSHOTS FROM THE PUBLISHER
TO THE DISTRIBUTOR
THIS CREATES THE REPLICATION DATA (SNAPSHOT DATA) AND CREATES
INFORMATION THAT IS USED BY THE DISTRIBUTION AGEN TO PROPAGATE THAT DATA
[META DATA]
EACH DATABASE THAT USES TRANSACTIONAL REPLICATION HAS ITS OWN LOG
READER AGENT ON THE PUBLISHER.
DISTIBUTION AGENT
I / O PERFOMANCE ON PUBLISHER
I / O PERFOMANCE ON DISTIRBUTOR
THIS RECIEVES LARGE AMOUNTS OF DATA AT ONE TIME, AND AT SOME LATER TIME,
IT DISTRIBUTES THAT DATA. A SLOW I / O SUBSYSTEM ON THE DISTRIBUTOR WILL
BOG DOWN THE SNAPSHOT CREATION PROCESS
I / O PERFOMANCE ON SUBSCRIBER
CLUSTERING
UPGRADATION
PERFORMANCE TUNING
DATABASE STATES:
A database is always in one specific state. For example, these states include ONLINE, OFFLINE,
or SUSPECT. To verify the current state of a database, select the state_desc column in the
sys.databases catalog view or the Status property in the DATABASEPROPERTYEX function.
State Definition
ONLINE Database is available for access. The primary file group is online, although
the undo phase of recovery may not have been completed.
OFFLINE Database is unavailable. A database becomes offline by explicit user action
and remains offline until additional user action is taken. For example, the
database may be taken offline in order to move a file to a new disk. The
database is then brought back online after the move has been completed.
RESTORING One or more files of the primary file group are being restored, or one or more
secondary files are being restored offline. The database is unavailable.
RECOVERING Database is being recovered. The recovering process is a transient state; the
database will automatically become online if the recovery succeeds. If the
recovery fails, the database will become suspect. The database is
unavailable.
RECOVERY SQL Server has encountered a resource-related error during recovery. The
PENDING database is not damaged, but files may be missing or system resource
MAIL CONFIGURATION
SNAPSHOTS
1. Based on the current size of the source database, ensure that you have sufficient disk
space to hold the database snapshot. The maximum size of a database snapshot is the size
of the source database at snapshot creation.
Note:
When you create a database snapshot, log files, offline files, restoring files, and defunct files are
not allowed in the CREATE DATABASE statement.
Example
This section contains examples of creating a database snapshot.
Database snapshots:
SQL Server 2005 introduced the concept of a snapshot, or a read-only, static view of a database.
Snapshots are primarily created in order to supply a read-only version of a database for reporting
purposes. However, they do function in a similar way to backups. The one primary difference is
that all uncommitted transactions are rolled back. There is no option for rolling forward, capturing
logs, etc., that backups provide, nor are very many SQL Server resources used at all. Rather,
disk technology is used to create a copy of the data. Because of this they are much faster than
backups both to create and restore.
NOTE:
For more details on SQL 2005 Snapshot, please refer to http://www.simple-
talk.com/sql/database-administration/sql-server-2005-snapshots/.
A good use of snapshots, in addition to reporting, might be to create one prior to maintenance
after you've already removed all the active users (and their transactions) from the system. While
snapshots don't support the volatility of live backups, their speed and ease of recovery make a
great tool for quick recovery from a botched rollout. Snapshots are stored on the server, so you
must make sure you've got adequate storage.
The syntax is different because you're not backing up a database; you're creating a new one:
CREATE DATABASE Adventureworks_ss1430
ON (NAME = AdventureWorks_Data,
FILENAME = 'C:\Backups\AdventureWorks_data_1430.ss')
AS SNAPSHOT OF AdventureWorks;
Now it will be accessible for read-only access. Since we're primarily concerned with using this as
a backup mechanism, let's include the method for reverting a database to a database snapshot.
First, identify the snapshot you wish to use. If there is more than one on any database that you're
going to revert, you'll need to delete all except the one you are using:
DROP DATABASE Adventureworks_ss1440;
Best practices
The manner in which you perform database backups should not be a technical decision. It should
be dictated by the business. Small systems with low transaction rates and/or reporting systems
that are loaded regularly will only ever need a full database backup. Medium sized systems and
large systems become dependent on the type of data managed to determine what types of
backup are required.
For a medium sized system, a daily backup with log backups during the day would probably
answer most data requirements in a timely manner.
For a large database the best approach is to mix and match the backups to ensure maximum
recoverability in minimum time. For example, run a weekly full backup. Twice a day during the
week, run a differential backup. Every 10 minutes during the day, run a log backup. This gives
you a large number of recovery mechanisms.
For very large databases, you'll need to get into running filegroup and file backups because doing
a full backup or even a differential backup of the full database may not be possible. A number of
additional functions are available to help out in this area, but I won't be going into them here.
You should take the time to develop some scripts for running your backups and restores. A
naming convention so you know what database, from which server, from which date, in what
specific backup and format will be very conducive to your sanity. A common location for backups,
log, full or incremental, should be defined. Everyone responsible should be trained in both backup
and recovery and troubleshooting the same. There are many ways of doing this, but you can find
a few suggestions in Pop backs up and Pop Restores.
The real test is to run your backup mechanisms and then run a restore. Then try a different type
of restore, and another, and another. Be sure that, not only have you done due diligence in
defining how to backup the system, but that you've done the extra step of ensuring that you can
recover those backups. If you haven't practiced this and documented the practice and then tested
the document, in effect, you're not ready for a disaster.
Summary
Backups within your enterprise should be like voting in Chicago, early and often. Setting up basic
backups is quite simple. Adding on log backups and differentials is easy as well. Explore the
options to see how to add in file and file group backups and restores to increase the speed of
your backups and restores both of which will increase system availability and up time. Keep a
common naming standard. Be careful when using snapshots, but certainly employ them. Store
your files in a standard location between servers. Practice your recoveries. Finally, to really make
your backups sing, pick up a copy of Red Gate's SQL Backup, which speeds up backups and
compresses them, using less disk space and time.
DBA Responsibilities
Types of DBA
Application DBA- Application DBAs straddle the fence between the DBMS and the application
software and are responsible for ensuring that the application is fully optimized for the database
and vice versa. They usually manage all the application components that interact with the
database and carry out activities such as application installation and patching, application
upgrades, database cloning, building and running data cleanup routines, data load process
management, etc.
Daily activities:
1. Check OS Event Logs, SQL Server Logs, and Security Logs for unusual events.
2. Verify that all scheduled jobs have run successfully.
3. Confirm that backups have been made and successfully saved to a secure location.
4. Monitor disk space to ensure your SQL Servers won’t run out of disk space.
5. Throughout the day, periodically monitor performance using both System Monitor and
Profiler.
To avoid all the labor of creating multiple jobs for multiple databases, use the Maintenance Plan
Wizard. You can use this handy tool to create jobs for all the standard maintenance tasks
required to keep your database system running smoothly.
Follow these steps to create a database maintenance plan:
1. In SQL Server Management Studio, expand Management, right-click Maintenance Plans, and
select Maintenance Plan Wizard.
2. On the welcome screen, click the Next button.
3. On the Select a Target Server screen, enter Maintenance Plan 1 in the Name box, enter a
description if you’d like, select your default instance of SQL Server, and click Next.
4. On the Select Maintenance Tasks screen, check the boxes for all the available tasks except
Execute SQL Server Agent Job, and click Next.
5. On the next screen, you can set the order in which these tasks are performed. Leave the
default, and click Next.
6. The next screen allows you to select the databases on which you want to perform integrity
checks. When you click the drop-down list, you’ll see several choices:
_ All Databases: This encompasses all databases on the server in the same plan.
_ All System Databases: This choice affects only the master, model, and MSDB databases.
_ All User Databases: This affects all databases (including AdventureWorks) except the system
databases.
_ These Databases: This choice allows you to be selective about which databases to include in
your plan.
For this task, select All Databases, click OK, and then click Next
7. On the Define Shrink Database Task screen, select All Databases, click OK, and then click
Next.
8. On the Define Reorganize Index Task screen, select All Databases from the Databases drop-
down list, click OK, and then click Next.
9. The Define Rebuild Index Task screen gives you a number of options for rebuilding your
indexes:
_ Reorganize Pages with the Default Amount of Free Space: This regenerates pages with their
original fill factor.
_ Change Free Space per Page Percentage To: This creates a new fill factor. If you set this to 10,
for example, your pages will contain 10 percent free space
10. Next comes the Define Update Statistics Task screen. Again, select All Databases, click OK,
and then click Next.
11. Next is the Define History Cleanup Task screen. All the tasks performed by the maintenance
plan are logged in the MSDB database. This list is referred to as the history, and it can become
12. The next screen allows you to control how full backups are performed. Select All Databases
from the drop-down list, accept the defaults, click OK, and then click Next
13. The next screen allows you to control how differential backups are performed. Select All
Databases from the drop-down list, accept the defaults, click OK, and then click Next.
14. The next screen allows you to control how transaction log backups are performed. Select All
Databases
15. On the Select Plan Properties screen, click the Change button to create a schedule for the
job.
16. Enter Maintenance Plan 1 Schedule for the schedule name, accept the rest of the defaults,
and click OK to create the schedule.
19. On the next screen, you can view a summary of the tasks to perform. Click Finish to create
the maintenance plan
20. Once SQL Server is finished creating the maintenance plan, you can click Close.
Capacity Planning:
This article will discuss some of the point to consider when capacity planning and managing the
Capacity of SQL Server systems (Capacity Planning). It is not a definitive guide but hopefully it
does provide a starting point for the SQL Server DBA.
Although the operations guide was initially written for SQL Server 2000 much of it is still valid on
the 2005 version of the product.
The complexity of Capacity planning really does depend on the complexity of the system you are
implementing. It is true to say that capacity planning becomes really important when expanding
the system has high costs involved. That said it does not need to be a complicated process but it
will require numeric precision and be fully documented for future reference.
The capacity planning process should tell you how much hardware you need to support a specific
load on your system, it is important to stress here that this will be an iterative process and the
numeric result gained will influence your decisions, as these figures change, your hardware
configuration has the potential to change too.
Memory
Memory is used mainly to optimise data access. SQL Server uses memory to store execution
plans, store data pages etc. Without enough memory, you will incur more disk I/O in reading data.
If your system does many reads, you might reduce disk I/O by significantly increasing your
memory, because the data will then remain in cache. Insufficient memory, or over-allocation of
memory, can result in paging. Memory plays an important role in SQL Server, and it is a resource
you should carefully monitor.
For those systems where Reads (OLAP) is the most frequent activity and also the highest priority
the more memory your system has the greater the performance. Memory can be used to
compensate for disk I/O in these systems, and large amounts of memory can significantly
decrease the number of disks (spindles) you will need to achieve high performance.
For systems for which writes are the highest priority (or OLTP), memory is still an important part
of the system, but you may benefit more from the addition of disk spindles, and more or faster
controller channels, rather than memory. It is important that you carefully monitor your system to
decide which resources are in highest demand.
I/O
Microsoft SQL Server uses Microsoft Windows operating system input/output (I/O) calls to
perform read and write operations on your disk. SQL Server manages when and how disk I/O is
performed, but the Windows operating system performs the underlying I/O operations. The I/O
subsystem includes the system bus, disk controller cards, disks, tape drives, CD-ROM drive, and
many other I/O devices. Disk I/O is frequently the cause of bottlenecks in a system.When
planning your hardware and disk configuration it is important to remember that the number of
disks is far more important than the total storage size. Generally the more disks you have the
better the performance will be. As an example if you have 20GB spread over disks, performance
will be far better than 20GB spread over a single disk.
Database file placement can have a significant impact on I/O on your server. If you have a set of
tables that is used frequently then consider putting these on a separate file group on separate
physical drives, if you do this on large heavily used systems then you may notice a significant
difference.
If you identify I/O as a problem but you are unable to add further spindles to a set of disks
considering putting your non-clustered indexes in a separate file group on a separate disk.
• If you expect the database to grow suddenly, buy hard that can be added to. Thus
allowing you to expand as needed
• If you expect your growth to be minimal then buy what you need.
It is important to size your database appropriately at the outset. This can avoid significant
performance overhead when the database needs to grow. Ideally your database will be sized
appropriately for the next 6 to 12 months. I’m not an advocate of the auto-grow function of SQL
Server, I feel that the database size is best managed manually, thus minimizing any overhead
caused by this process.
THIRDPARTY TOOLS
TROUBLE SHOOTING