SQL Server Magazine UPDATE, December 5, 2002
Brian Moran thanks his fellow MVPs for all their hard work, learn about the buffer-overrun vulnerability in MDAC, find out how to share data between two sites, get the results of our latest instant poll, and more!
December 4, 2002
SQL Server Magazine UPDATE—brought to you by SQL Server Magazine
http://www.sqlmag.com
THIS ISSUE SPONSORED BY
How the First-to-Know Stay Ahead
Lock In Your 2003 Training Budget Now and Save Big!
(below COMMENTARY)
New! - Audit Database Activity with Entegra
(below NEWS AND VIEWS)
SPONSOR: HOW THE FIRST-TO-KNOW STAY AHEAD
A proactive Database Administrator installed TNT Software's ELM Enterprise Manager 3.0 on his critical servers to assess the benefits of real time monitoring. During the first week, EEM 3.0 paged him as a disgruntled employee attempted to access confidential tables, emailed him when the backup on his SQL Server hung, and automatically restarted a failed SQL service. And one less headache, EEM 3.0 was simple to license. It was purchased and fully deployed during the second week. To experience How the First-to-Know Stay Ahead(tm) with real time monitoring, download your FREE 30-day copy of ELM Enterprise Manager today.
http://lists.sqlmag.com/cgi-bin3/flo?y=eOnB0FgQMn0BRZ06lG0As
December 5, 2002—In this issue:
1. COMMENTARY
Thanks Be for SQL Server MVPs
2. SQL SERVER NEWS AND VIEWS
T-SQL Solutions Now Available Online for Free
Buffer-Overrun Vulnerability in MDAC
Results of Previous Instant Poll: Moving to 64-Bit SQL Server
New Instant Poll: SSL Encryption
3. ANNOUNCEMENTS
Happy 10th Anniversary SQL Server!
Did You Miss SQL Server Magazine's Web Seminars?
4. RESOURCES
What's New in SQL Server Magazine: 7 Steps to SSL Encryption
Hot Thread: Log Shipping Questions
Tip: Sharing Data Between Two Sites
5. HOT RELEASE (ADVERTISEMENT)
Free Directory Reporting Tool and Best MEC T-Shirt
6. NEW AND IMPROVED
View Projects Throughout Their Life Cycle
Simplify SQL Server Management
7. CONTACT US
See this section for a list of ways to contact us.
1. COMMENTARY
THANKS BE FOR SQL SERVER MVPs
(contributed by Brian Moran, news editor, [email protected])
We didn't publish SQL Server Magazine UPDATE last week because of the Thanksgiving holiday in the United States. And I'd like to continue the thanksgiving theme this week by thanking all the Microsoft Most Valuable Professionals (MVPs)—and the SQL Server MVPs in particular—for the time and effort they spend helping fellow techies.
Not familiar with the Microsoft MVP program? You can read all about it at http://mvp.support.microsoft.com . But the following quote from Anthony Russell, manager of the Microsoft MVP program, sums up what it means to be an MVP: "Microsoft MVPs are amazing individuals who share a common passion for technology and a willingness to help others. They provide invaluable feedback that enriches the broader customer and community experience while making a difference in Microsoft technical communities worldwide. Microsoft MVPs are credible technology experts and among our very best, most accessible community members. I am constantly amazed by their efforts and consider it a privilege to work on a worldwide team focused on recognizing and improving the MVPs' connection with Microsoft."
MVPs are experts who are passionate about Microsoft technology and enjoy sharing their knowledge with others in the Microsoft newsgroups and other online communities. SQL Server MVPs in particular spend countless hours providing free technical support in the Microsoft newsgroups. You'd pay top dollar to get the same information from one of the MVPs through a consulting or training arrangement.
Microsoft awarded 64 people the SQL Server MVP designation for 2003, almost double the number of SQL Server MVPs for 2002. And each SQL Server MVP deserves our thanks for the valuable service he or she provides and our encouragement to continue this good work. You can find a list of SQL Server MVPs here.
I hesitated to thank the SQL Server MVPs in this column because I'm one of them. But dozens of MVPs are more prolific contributors to the newsgroups than I am. The SQL Server MVPs don't make a big deal about their help in the newsgroups, but tens of thousands of people across the world have benefited from their explanations, code examples, and practical advice. So, say thanks the next time anyone helps you in the newsgroups, and offer a special word of thanks the next time an MVP gives you a helping hand. They offer an incredible service to the community, and we shouldn't take their presence for granted.
Finally, I want to thank Stephen Dybing, the Microsoft engineer who's the liaison between the SQL Server MVPs and the SQL Server development team. Steve answers our questions and routes particularly thorny issues to the correct developers on the SQL Server team. The SQL Server MVPs couldn't be nearly as helpful to the community without Steve's support.
LOCK IN YOUR 2003 TRAINING BUDGET NOW AND SAVE BIG!
SQL Server Magazine University's (SSMU's) E-Learning Center delivers quality technical training - on your schedule and at your desktop. Learn practical SQL Server skills from the magazine's industry gurus, MVPs, and instructors from Solid Quality Learning. SSMU offers Microsoft-certified courses as well as intermediate- and advanced-level SQL Server seminars. Microsoft-certified courses include 24/7 access to the Virtual Computer Lab, giving you the flexibility to learn new applications while keeping up with your day-to-day job duties. Training at SSMU saves you time and money – no worries about expensive travel budgets and time away from the office. Click here for more information.
2. SQL SERVER NEWS AND VIEWS
T-SQL SOLUTIONS NOW AVAILABLE ONLINE FOR FREE
SQL Server Magazine has relaunched its T-SQL Solutions Web site as a free site to registered users, making all the content from its T-SQL Solutions print newsletter available to the broad community of SQL Server administrators and developers. The last print edition of the newsletter hit the streets this month, but the SQL Server Magazine team will continue to publish new articles and tips online from T-SQL experts. To access all the archived articles and associated code and the new content each month, visitors just need to complete a registration form. The site features Kalen Delaney's T-SQL Admin column, Kimberly L. Tripp's T-SQL Tutor column, and Itzik Ben-Gan's collection of T-SQL Q&As, as well as an active T-SQL forum, a weekly Instant Poll, and highlighted links to practical T-SQL articles from past issues of T-SQL Solutions and SQL Server Magazine.
http://www.tsqlsolutions.com
BUFFER-OVERRUN VULNERABILITY IN MDAC
Foundstone discovered that a Microsoft Data Access Components (MDAC) vulnerability might let a potential attacker execute arbitrary code on the vulnerable system. The vulnerability stems from an unchecked buffer in the Remote Data Services (RDS) Data Stub. By sending a specially malformed HTTP request to the Data Stub, a potential attacker can cause targeted data to overrun onto the heap. Microsoft has released Security Bulletin MS02-065 (Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution) to address this vulnerability and recommends that affected users immediately apply the appropriate patch that the bulletin mentions.
http://www.secadministrator.com/articles/index.cfm?articleid=27357
RESULTS OF PREVIOUS INSTANT POLL: MOVING TO 64-BIT SQL SERVER
sponsored by DataMirror
The voting has closed in SQL Server Magazine's nonscientific Instant Poll for the question, "When do you plan to move to 64-bit SQL Server after its release?" Here are the results (+/- 1 percent) from the 441 votes:
- 7% Within 6 months - 11% Within 1 year - 14% Within 2 years - 7% More than 2 years after the release - 61% We have no plans to move to 64-bit
NEW INSTANT POLL: SSL ENCRYPTION
The next Instant Poll question is "Are you using Secure Sockets Layer (SSL) encryption to protect your data?" Go to the SQL Server Magazine Web site and submit your vote for 1) Yes, 2) No, but I plan to, or 3) No, and I don't plan to.
http://www.sqlmag.com
SPONSOR: NEW! - AUDIT DATABASE ACTIVITY WITH ENTEGRA
Know who's doing what to which data when. Lumigent Entegra monitors and alerts on database activity, provides complete record of access to data and changes to database schema and permissions. FREE whitepaper: "Data Access Accountability"
3. ANNOUNCEMENTS
(brought to you by SQL Server Magazine and its partners)
HAPPY 10TH ANNIVERSARY SQL SERVER!
Microsoft and SQL Server Magazine appreciate your support of Microsoft SQL Server on the Windows platform! We're running a 20-week quiz contest that will test your SQL Server knowledge, with biweekly drawings for cool prizes. The grand prize: a Microsoft Xbox video-game console! For details and to enter, click here.
DID YOU MISS SQL SERVER MAGAZINE'S WEB SEMINARS?
No worries! They're still accessible right at your desktop! Kalen Delaney discusses SQL Server internals; Brian Moran identifies performance problems; Rich Rollman teaches about XML for database professionals; Morris Lewis instructs on high availability and security. Valuable online desktop training that saves you time and money! Get the details.
4. RESOURCES
WHAT'S NEW IN SQL SERVER MAGAZINE: 7 STEPS TO SSL ENCRYPTION
In SQL Server 2000, Microsoft introduced new features to satisfy its customers' growing concerns about data security. One little-understood SQL Server 2000 security feature is automatic support of Secure Sockets Layer (SSL)-encrypted network traffic between the clients and the server. Encryption is especially useful when clients connect to SQL Server across the Internet and data travels across public networks. SSL encryption for a clustered installation is more difficult to configure than that for a standalone server. And unfortunately, SQL Server Books Online (BOL) doesn't give much information about how to configure SSL encryption and only briefly mentions configuration requirements for a clustered environment. But Gary Zaika's article "7 Steps to SSL Encryption," which appears in the December issue of SQL Server Magazine, gives clear instructions that make setting up SSL encryption in a clustered environment simple and straightforward. This article is available online.
HOT THREAD: LOG SHIPPING QUESTIONS
Gabone doesn't have a lot of SQL Server experience and needs to implement log shipping for his company. He's defined a log shipping maintenance plan but has questions about how to change the backup policy on the primary server for the database involved in the log shipping, how to control the size of the log file on the primary server, and how log shipping will affect the performance of applications that work with this database. Offer your advice and read other users' suggestions on the SQL Server Magazine forums at this URL.
TIP: SHARING DATA BETWEEN TWO SITES
(contributed by Microsoft's SQL Server Development Team, [email protected])
Q. My company's business is divided into two geographic locations. In SQL Server 7.0, I want to run a stored procedure at my site that updates sales data that resides at the other site and immediately generates the remote location's sales report in a graph. How do I share data and information between the two sites?
A. With SQL Server 7.0, you have two options for sharing data between two sites: replication and linked servers. Your decision will be based on cost versus performance.
SQL Server 7.0 supports several forms of replication, which you can use to generate a local copy of the remote data in near realtime. You control the latency by defining the replication schedule when you subscribe and by allocating sufficient bandwidth to propagate changes in time. After you retrieve a local copy of the data, you can provide your own querying interface to users. The advantage to this approach is that you retain some data locally, even if the connection to the remote servers is down.
Alternatively, you can use linked servers. SQL Server is flexible in letting you query remote data in realtime, which has the advantage of immediacy. However, using linked servers also carries disadvantages, which include the following:
The connection must always be up.
You can't request a large amount of data. (As a rule of thumb, you need to limit the amount of data returned from the remote database to one-sixteenth of the calling server's memory.)
You need to avoid clogging the communications line with multiple parallel or long-running requests, which can cause a long wait for the user.
You can't use query hints on the remote query (unless you're using OpenQuery). Therefore, if you wanted to read data from a remote table that's frequently updated, for example, you could use the following query:
SELECT *FROM OPENQUERY(RemoteSvr, 'SELECT name, id FROM joe.titles (NOLOCK)')
Passing in the (NOLOCK) hint ensures that your query doesn't block the updates.
In the scenario you mention, we would use replication—perhaps from tables containing pre-aggregated data—to reduce the amount of sales data that you need to read from the remote server. You can use a trigger on your remote tables to capture inserts, updates, and deletes and add, adjust, or subtract from your aggregated table to maintain the aggregated data.
Send your technical questions to [email protected].
5. HOT RELEASE (ADVERTISEMENT)
FREE DIRECTORY REPORTING TOOL AND BEST MEC T-SHIRT
Imanami SmartR: FREE reporting tool for Exchange 5.5 and AD. Run reports on DL's, users, owners or last modified. Reports are customizable. Creates phone list in seconds! Generate reports in CSV, XML, XLS and HTML. Download for "Best of MEC" T-Shirt!
6. NEW AND IMPROVED
(contributed by Carolyn Mader, [email protected])
VIEW PROJECTS THROUGHOUT THEIR LIFE CYCLE
Living Address announced Living Doc.NET, software that stores in-depth information about your projects throughout their life cycle so that you can track changes to your system and see the differences between development and production servers. Living Doc.NET features support for Microsoft .NET and can automatically document any SQL Server or Microsoft Access project and provide a blueprint that you can use to evaluate the quality of the system. You can view the generated documentation in three different ways: interactively on the Web, in compiled Help files, or in Microsoft Word. The software can also troubleshoot existing Web projects. Living Doc.NET supports SQL Server 2000 and 7.0. Contact Living Address at [email protected].
http://www.livingaddress.com
SIMPLIFY SQL SERVER MANAGEMENT
NetIQ announced the addition of SQL Management Suite 1.5 to the NetIQ Authorized Reseller Program. SQL Management Suite, designed to simplify SQL Server administration, consists of AppManager for SQL Server, DiagnosticManager for SQL Server, RecoveryManager for SQL Server, and ConfigurationManager for SQL Server. The suite supports integrated licensing so that channel partners can sell and implement SQL Management Suite. SQL Management Suite 1.5 costs $15,000 for a five-server starter pack. The standard edition, which doesn't include AppManager for SQL Server, costs $7500 for a five-server starter pack. Contact NetIQ at 888-323-6768.
http://www.netiq.com
7. CONTACT US
Here's how to reach us with your comments and questions:
ABOUT THE COMMENTARY — [email protected]
ABOUT THE NEWSLETTER IN GENERAL — [email protected]
(please mention the newsletter name in the subject line)
TECHNICAL QUESTIONS — http://www.sqlmag.com/forums
PRODUCT NEWS — [email protected]
QUESTIONS ABOUT YOUR SQL SERVER MAGAZINE UPDATE SUBSCRIPTION?
Customer Support — [email protected]
WANT TO SPONSOR SQL SERVER MAGAZINE UPDATE?
More than 102,000 peopleread SQL Server Magazine UPDATE every week. Shouldn't they read yourmarketing message, too? To advertise in SQL Server Magazine UPDATE,contact Beatrice Stonebanks at [email protected] or 800-719-8718.
SQL Server Magazine UPDATE is brought to you by SQL ServerMagazine, the only magazine completely devoted to helping developers and DBAs master new and emerging SQL Server technologies and issues. Subscribe today.
http://www.sqlmag.com/sub.cfm?code=ssei211x1y
Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
http://www.winnetmag.net/email
Read more about:
ITPro TodayAbout the Author
You May Also Like