SQL Server Magazine UPDATE, August 1, 2002

Find out if you're at risk for new security vulnerabilities in MSDE and SQL Server 2000, read about designing your databases for extreme performance, and much more!

10 Min Read
ITPro Today logo in a gray background | ITPro Today

SQL Server Magazine UPDATE—brought to you by SQL Server Magazine
http://www.sqlmag.com

THIS ISSUE SPONSORED BY

Real Time Monitoring of SQL Server
http://lists.sqlmag.com/cgi-bin3/flo?y=eMtP0E3SUn0BRZ02Jr0AY

Need To Keep Your Servers Running 24/7??
http://lists.sqlmag.com/cgi-bin3/flo?y=eMtP0E3SUn0BRZ03VF0A2
(Below COMMENTARY)

XML Web Services One Conference in Boston
http://lists.sqlmag.com/cgi-bin3/flo?y=eMtP0E3SUn0BRZ03HU0A3
(below NEWS AND VIEWS)

SPONSOR: REAL TIME MONITORING OF SQL SERVER

As a Database Administrator, you live in one hot kitchen. Business continuity depends on SQL Server running at peak performance. When a Server meltdown happens, things get really hot. ELM Enterprise Manager 3.0 provides real time monitoring and alerting of event logs, performance counters, services, and processes so you can proactively manage your systems and control avoidable downtime. Let ELM Enterprise Manager keep tabs on your systems, so you can stay cool. To download a free 30-day evaluation copy, visit:
http://lists.sqlmag.com/cgi-bin3/flo?y=eMtP0E3SUn0BRZ02Jr0AY

August 1, 2002—In this issue:

1. COMMENTARY

  • Designing Databases for Extreme Performance

2. SQL SERVER NEWS AND VIEWS

  • Buffer Overrun in Microsoft SQL Server 2000 Utilities

  • Multiple Vulnerabilities in Microsoft SQL Server 2000

  • Results of Previous Instant Poll: SQL Server DevelopmentEnvironment

  • New Instant Poll: DTS Expertise

3. ANNOUNCEMENTS

  • Get Kudos & a Free Trip to SQL Server Magazine LIVE! inOrlando!

  • Got Digital?

4. HOT RELEASE (ADVERTISEMENT

  • Microsoft ASP.NET Connections

5. RESOURCES

  • What's New in SQL Server Magazine: .NET's Seismic Shift

  • Hot Thread: Importing Tables from Informix

  • Tip: Transferring Data Over a Dial-Up Connection

6. NEW AND IMPROVED

  • Learn About Performance Optimization

  • Prevent Vulnerability to SQL Snake

7. CONTACT US

  • See this section for a list of ways to contact us.

1. COMMENTARY

  • DESIGNING DATABASES FOR EXTREME PERFORMANCE


(contributed by Brian Moran, news editor, [email protected])

"Extreme performance" is a term that a colleague and I coined 2 years ago to define the SQL Server performance-tuning approach that we take with our consulting customers. I'd like to explain the essence of our philosophy, which might help you avoid performance-tuning mistakes down the road.

Extreme performance means two things to me. First, it means that everything you do today with an application needs to anticipate the fact that someone will eventually push your code well beyond what you intended it to do. You can more easily design an efficient application than do triage on a poorly performing application after deployment. You need to test your application with reasonably sized data sets and take adequate steps to ensure that your application can expand as needed. Everyone knows that you should design systems with performance and scalability in mind.

My principles of extreme performance include another important aspect. Two basic approaches to scalability exist: scale up or scale out. To scale up, you beef up a single SMP box. To scale out, you increase horsepower by adding new boxes to the system. Scaling out is easier than scaling up because it doesn't require you to anticipate your power needs. You simply buy another box when the time comes, or at least that's the theory. It's infinitely easier to scale out your Web farm than to scale out the database layer. I'm not going to defend that position now, but it's true.

What does scalability mean when you're designing a system for extreme performance to meet unpredictable future demands? It means that sometimes you should deploy a component on the middle tier of a Web farm rather than as a stored procedure, even if the throughput is better when you deploy the component as a stored procedure. That approach might seem counterintuitive. But here's why it makes sense. You can easily add another box to your Web farm if you hit the edge of your scalability envelope. However, scaling out the database layer can be difficult and expensive, especially when you didn't design the application with scaling out in mind.

I've seen customers encounter substantial back-end database performance decreases that require substantial code rewriting--a difficult and painful process. They could have solved the problem by adding a commodity-priced Web server to the farm if they had designed certain expensive stored procedures as middle-tier components. Sure, initial throughput might be better if they had deployed the component as a procedure, but sometimes you need to sacrifice a small short-range performance gain for long-range performance and scalability requirements.

NEED TO KEEP YOUR SERVERS RUNNING 24/7??

Minimizing downtime requires a holistic approach to planning and management. Learn the methods for achieving high availability, detail evaluation criteria and determine which options are best suited to your tolerance for risk and budgetary constraints.Join Morris Lewis for the next SQL Server Magazine Web Seminar on August 27th:
http://lists.sqlmag.com/cgi-bin3/flo?y=eMtP0E3SUn0BRZ03VF0A2

2. SQL SERVER NEWS AND VIEWS

  • BUFFER OVERRUN IN MICROSOFT SQL SERVER 2000 UTILITIES

Cesar Cerrudo discovered two vulnerabilities in Microsoft SQL Server 2000 and Microsoft SQL Server Desktop Engine (MSDE) 2000. The vulnerabilities are related to a buffer overrun and SQL injection. Microsoft released Security Bulletin MS02-038 (Unchecked Buffer in SQL Server 2000 Utilities Could Allow Code Execution) to address these vulnerabilities and recommends that affected users download and apply the appropriate patch mentioned in the bulletin.
http://www.secadministrator.com/articles/index.cfm?articleid=26074

  • MULTIPLE VULNERABILITIES IN MICROSOFT SQL SERVER 2000


Cesar Cerrudo discovered three new vulnerabilities in Microsoft SQL Server 2000 and Microsoft SQL Server Desktop Engine (MSDE) 2000. The vulnerabilities are buffer overruns with a potential for Denial of Service (DoS) attacks. Microsoft has released Security Bulletin MS02039 (Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution) to address this vulnerability and recommends that affected users download and apply the appropriate patch mentioned in the bulletin.
http://www.secadministrator.com/articles/index.cfm?articleid=26075

  • RESULTS OF PREVIOUS INSTANT POLL: SQL SERVER DEVELOPMENT ENVIRONMENT


Sponsored by MicroStrategy
http://lists.sqlmag.com/cgi-bin3/flo?y=eMtP0E3SUn0BRZ03VB0Ax

The voting has closed in SQL Server Magazine's nonscientific Instant Poll for the question, "What is your development environment for SQL Server?" Here are the results (+/1 percent) from the 436 votes:

41% Visual Studio 6.0   20% Visual Studio .NET   26% Server-side tools such as T-SQL stored procedures   6% A third-party environment   6% Other
  • NEW INSTANT POLL: DTS EXPERTISE


Sponsored by Oracle
Oracle9i Database for Windows: Spend less, do more in IT.
http://ad.doubleclick.net/clk;4421561;7359773;p?http://www.oracle.com/go/?&Src=1268211&Act=21

The next Instant Poll question is, "How would you describe your level of expertise with Data Transformation Services (DTS)?" Go to the SQL Server Magazine Web site and submit your vote for 1) Expert, 2) Advanced, 3) Intermediate, or 4) Novice.
http://www.sqlmag.com

SPONSOR: XML WEB SERVICES ONE CONFERENCE IN BOSTON

Developers' Ultimate Web Services & XML Learning Experience!Conference tracks have been designed and developed by track chairs who have the real world experience and connections to deliver the best courses and instructors in the business. Tracks include: XML Standards in Practice, Web Services—the Future, Web Services Standards & Tools, Programming for the Front End, .NET Programming, Java Programming, Enterprise Architectures, Component Integration, and Tactics & Strategies—Management Imperatives.
Register online today!
http://lists.sqlmag.com/cgi-bin3/flo?y=eMtP0E3SUn0BRZ03HU0A3

3. ANNOUNCEMENTS


(brought to you by SQL Server Magazine and its partners)

  • GET KUDOS & A FREE TRIP TO SQL SERVER MAGAZINE LIVE! IN ORLANDO!


Get the recognition you deserve for your cutting-edge SQL Server solution and take home the SQL Server Innovator's Cup. If you work with SQL Server and have created a technical solution to a problem or enhanced a program or system feature to improve performance or return on investment, you qualify to enter this awards program sponsored by Microsoft. Enter today at:
http://lists.sqlmag.com/cgi-bin3/flo?y=eMtP0E3SUn0BRZ02hN0AS

  • GOT DIGITAL?


Have you downloaded your FREE digital issue of SQL Server Magazine yet? Our new digital delivery option gives you fast, uninterrupted access to the latest SQL Server info. Delivered monthly and stored right on your desktop, this new format is keyword searchable and allows for easy archive access. Try it today!
http://lists.sqlmag.com/cgi-bin3/flo?y=eMtP0E3SUn0BRZ03kW0Af

4. HOT RELEASE (ADVERTISEMENT)

  • MICROSOFT ASP.NET CONNECTIONS


Microsoft ASP.NET Connections and VS.NET Connections will colocate with SQL Server Magazine LIVE! this October. Early Bird discount expires soon, register today to save $2,990 and access all three events for the price of one!
http://lists.sqlmag.com/cgi-bin3/flo?y=eMtP0E3SUn0BRZ03kX0Ag

5. RESOURCES

  • WHAT'S NEW IN SQL SERVER MAGAZINE: .NET'S SEISMIC SHIFT


The Microsoft .NET Framework's collection of programming interfaces and tools will bring a change in how you develop applications. Russ Whitney outlines a step-by-step process for retooling your application development process to prepare for .NET in ".NET's Seismic Shift," which appears in the August issue of SQL Server Magazine and is available online at
http://www.sqlmag.com/articles/index.cfm?articleid=25493

  • HOT THREAD: IMPORTING TABLES FROM INFORMIX


Bob wants to import tables from Informix and wants to know what drivers he'll need. Offer your advice and read other users' suggestions on the SQL Server Magazine forums at the following URL:
http://www.sqlmag.com/forums/messageview.cfm?catid=11&threadid=7630

  • TIP: TRANSFERRING DATA OVER A DIAL-UP CONNECTION


(contributed by the Microsoft SQL Server development team)

Q. Our company has three servers. One server is situated at the head office, and the other two servers are 150 miles away. These servers communicate only through a dial-up connection. I want to use Data Transformation Services (DTS) to update data in one of the remote servers while the main server is in replication mode. Under these conditions, can I use DTS to enter approximately 10,000 records, one by one, by using customized software?

A. Technically, you can use DTS to update your data through a dial-up connection. However, the amount of network bandwidth available compared with the amount of data you want to transfer might limit your efforts. If you have the required bandwidth (or time to transfer the data), you can push the data in a compressed file to the remote servers by using FTP or a Copy command in a batch file. Next, you can decompress, then load the data by using BULK INSERT or DTS. If you need a more data-aware solution, and if you need to be able to make regular updates at any one of the three nodes, you should look into setting up merge replication. You would designate one of the servers as the publisher and the other two as subscribers. You could then insert rows at any one of the nodes and configure the replication to propagate the inserts to the other two nodes. Because you perform this merge replication over a dial-up connection whose bandwidth might cause a bottleneck, we advise you to test this configuration for performance and connection reliability.

Send your technical questions to [email protected].

6. NEW AND IMPROVED


(contributed by Carolyn Mader, [email protected])

  • LEARN ABOUT PERFORMANCE OPTIMIZATION


Realtimepublishers.com and Precise Software Solutions announced "The Definitive Guide to SQL Server Performance Optimization," an e-book by Don Jones that features real-world examples of SQL Server performance optimization tactics. Jones is writing the e-book in realtime, so you can read chapter-by-chapter as he writes. Registered readers receive an email message when a new chapter is ready or modifications are posted. Chapter topics include understanding performance components and scaling concepts and SQL Server performance audit methodology. For more information, contact Realtimepublishers.com at 707-539-5280 or Precise Software Solutions at 800-310-4777.
http://www.polyvista.comhttp://www.realtimepublishers.com
http://www.precise.com

  • PREVENT VULNERABILITY TO SQL SNAKE


PentaSafe Security Technologies announced the PentaSafe Snake Bite Kit, a free downloadable tool that can identify SQL Server machines that are vulnerable to the SQL Snake virus. The Snake Bite Kit's Snake Virus Scanner can detect SQL Server instances that use mixed-mode authentication and don't have a password for the systems administrator account—two conditions that make machines more susceptible to attack. Contact PentaSafe Security Technologies at 713-523-1992.
http://www.pentasafe.com/products/sqlscanner.asp

7. CONTACT US


Here's how to reach us with your comments and questions:

  • WANT TO SPONSOR SQL SERVER MAGAZINE UPDATE?
    More than 102,000 peopleread SQL Server Magazine UPDATE every week. Shouldn't they read yourmarketing message, too? To advertise in SQL Server Magazine UPDATE,contact Beatrice Stonebanks at [email protected] or 800-719-8718.

SQL Server Magazine UPDATE is brought to you by SQL ServerMagazine, the only magazine completely devoted to helping developers and DBAs master new and emerging SQL Server technologies and issues. Subscribe today.
http://www.sqlmag.com/sub.cfm?code=ssei211x1y

Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
http://www.winnetmag.net/email

Read more about:

ITPro Today
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like