SQL Server Magazine UPDATE, May 23, 2002

SQL Server Magazine UPDATE—brought to you by SQL Server Magazine
http://www.sqlmag.com

THIS ISSUE SPONSORED BY

STORACTIVE LIVEBACKUP
http://lists.sqlmag.com/cgi-bin3/flo?y=eL5l0DjZYg0BRZ018q0Aa

RAISING WINDOWS 2000 AVAILABILITY - FREE WEBINAR
http://lists.sqlmag.com/cgi-bin3/flo?y=eL5l0DjZYg0BRZ012G0Am
(below COMMENTARY)

Maximum Server Performance-DISKEEPER(R) 7.0
http://lists.sqlmag.com/cgi-bin3/flo?y=eL5l0DjZYg0BRZ018r0Ab
(below SQL SERVER NEWS AND VIEWS)

SPONSOR: STORACTIVE LIVEBACKUP

AUTOMATE PC/LAPTOP BACKUP - CUT COSTS, EASE RECOVERY & GET A FREE CLOCK!
Storactive LiveBackup automatically and transparently backs up distributed PC data upon ordinary user/system saves with REAL-TIME mirroring/versioning. It even backs up Outlook/.PSTs and protects laptops while roaming. LiveBackup leverages .NET architecture, SQL 2000, and data compression technologies for minimal network impact and maximum ease of administration. Reverses data loss from user errors, viruses, disasters and damaged laptops with end-user file recovery, fast system rollbacks, and disaster recovery imaging. Click for Flash demo on how LiveBackup saves time and money and get a FREE CLOCK!
http://lists.sqlmag.com/cgi-bin3/flo?y=eL5l0DjZYg0BRZ018q0Aa

May 23, 2002—In this issue:

1. COMMENTARY

2. SQL SERVER NEWS AND VIEWS

3. ANNOUNCEMENTS

4. HOT RELEASE (ADVERTISEMENT)

5. RESOURCES

6. NEW AND IMPROVED

7. CONTACT US

1. COMMENTARY

(contributed by Brian Moran, news editor, [email protected])

Security has always been an important aspect of database management. But according to James Hamilton, one of three architects on the Microsoft SQL Server development team, some of the ground rules for how a DBA needs to think about security have changed. I recently gleaned some interesting perspectives about security during a conversation with Hamilton, who has responsibility and vision for "thinking about security" as it relates to SQL Server.

Hamilton says that in the not-so-distant past, companies locked most databases behind closed doors and allowed little access from outside the corporate walls. Security practices addressed preventing internal threats from rogue users or accidental misuse. But most companies now have mission-critical databases that face customers and an interface exposed on the public Internet or partner intranet. This approach creates new sets of security vulnerabilities that DBAs need to consider. Hamilton tells me that Microsoft is taking steps to help customers plan for and protect against some of these new threats.

Regular SQL Server Magazine UPDATE readers know that I've often preach about information overload—the phenomenon of drowning in a sea of information. My thesis is that Microsoft does a great job of releasing information about its products. But weaving together a set of best practices is difficult because the information Microsoft provides can be disjointed and spread across narrowly focused white papers or Knowledge Base articles. Acquiring comprehensive security expertise is especially difficult because a strong security plan often requires skills and information from multiple product disciplines.

Hamilton says Microsoft recognizes this problem and is busy preparing a new and improved best-practices guide that specifically addresses managing security vulnerabilities in a SQL Server environment. This resource will be ready for public consumption this summer, but Microsoft plans to give SQL Server Magazine UPDATE readers a peek at some of the content before then. I'll share a few of the most interesting tips and tricks in an upcoming commentary. Until then, check out the following list of SQL Server security resources. (My thanks to the people at Microsoft who compiled the list!) Tell me about other resources that should be on the list. I'll add them and periodically publish an updated list.

SQL Server 2000 Security
http://www.microsoft.com/sql/techinfo/administration/2000/security.asp

SQL Server Security
http://www.microsoft.com/technet/prodtechnol/sql/maintain/security/default.asp

SQL Server 2000 Operations Guide, Chapter 3—Security Administration
http://www.microsoft.com/technet/prodtechnol/sql/maintain/operate/opsguide/sqlops3.asp

SQL Server 2000 C2 Administrator's and User's Security Guide
http://www.microsoft.com/technet/prodtechnol/sql/maintain/security/sqlc2.asp

SQL Server 2000 Security White Paper
http://www.microsoft.com/technet/prodtechnol/sql/maintain/security/sql2ksec.asp

SQL Server 2000 Resource Kit, Chapter 10—Implementing Security
http://www.microsoft.com/technet/prodtechnol/sql/reskit/sql2000/part3/c1061.asp

Microsoft SQL Server 2000 Security
http://www.microsoft.com/technet/prodtechnol/sql/deploy/confeat/05ppcsqa.asp

SQL Server 2000 Administrator's Pocket Consultant by William R. Stanek,
Excerpt from Chapter 5
http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?theisbn=0735611297&p=technet&s=29736

SQL Server 7.0 Administrator's Companion, Chapter 7—Managing Security
http://www.microsoft.com/technet/prodtechnol/sql/proddocs/admincmp/75517c07.asp

SQL Server 7.0 Resource Guide, Chapter 16—Product Security
http://www.microsoft.com/technet/prodtechnol/sql/reskit/sql7res/part10/sqc15.asp

SQL Server 7.0 Security White Paper
http://www.microsoft.com/technet/prodtechnol/sql/maintain/security/secure.asp

INF: List of Bugs Fixed by SQL Server 7.0 Service Packs
http://support.microsoft.com/view/tn.asp?kb=313980

How can you reduce (or eliminate) data loss and downtime in the event of a site-wide disaster? Attend the latest free Webinar fromWindows & .NET Magazine and get the answers including what kind of fault-tolerant disk setup to use, what clustering is (and isn't!) good at, and best practices for boosting SQL and Exchange availability.Register (for FREE) today!
http://www.winnetmag.com/seminars/veritas

2. SQL SERVER NEWS AND VIEWS

"Tuning an expensive server platform without addressing front-end tuning issues is like racing a Ferrari with flat tires—don't let it happen to you," warns SQL Server consultant and author Brian Moran. In his upcoming Webinar, "Solving Performance Problems Using A Repeatable, Structured Methodology," scheduled for June 18, Moran explains a unique approach to identifying the source of application bottlenecks so that you can solve the problems.

"It's easy to focus on the back end when tuning a SQL Server application, but most serious tuning problems can't be easily separated from the application and middleware layers," Moran notes. "The first step in solving any problem is identifying and understanding the problem."

The Webinar, designed for SQL Server developers and DBAs who need to optimize existing SQL Server applications, covers how to use SQL Server Profiler to help find problem areas. The Webinar, sponsored by SQL Server Magazine, starts at 1:00 P.M. Eastern Daylight Time (EDT), costs $29.95, and includes a 1-year subscription to SQL Server Magazine. To register, go to
http://www.sqlmag.com/sub.cfm?code=bmae2esw

The voting has closed in SQL Server Magazine's nonscientific Instant Poll for the question, "What's the first resource you turn to for troubleshooting SQL Server problems?" Here are the results (+/- 1 percent) from the 362 votes:

The next Instant Poll question is, "Do you spend more or less time managing SQL Server security protocols than you did two years ago?" Go to the SQL Server Magazine Web site and submit your vote for 1) Significantly more time, 2) Somewhat more time, 3) About the same amount of time, 4) Less time, or 5) Don't know or doesn't apply.
http://www.sqlmag.com

SPONSOR: MAXIMUM SERVER PERFORMANCE—DISKEEPER(R) 7.0

You must handle disk fragmentation on every server or performancewill corrupt. Diskeeper is the automatic solution — it can extend the life of computer systems up to two years and cut help desk calls in half. The built-in defragmenter is slow, hogs system resources and requires full administrator privileges. Only Diskeeper provides full "Set It and Forget It"(R) functionality, fast operation and uses minimum system resources. Maintain peak performance levels, zero administration with Diskeeper 7.0.
http://lists.sqlmag.com/cgi-bin3/flo?y=eL5l0DjZYg0BRZ018r0Ab

3. ANNOUNCEMENT

(brought to you by SQL Server Magazine and its partners)

Exclusive, in-depth articles, tips, tricks, and code samples all at your fingertips. Content you can't get anywhere else—brought to you bythe SQL Server experts you trust such as Kalen Delaney, Itzik Ben-Gan, and others. Increase your productivity today! Go to the following URL.
http://lists.sqlmag.com/cgi-bin3/flo?y=eL5l0DjZYg0BRZ0Kqz0A7

4. HOT RELEASE (ADVERTISEMENT)

Give users the ability to send and receive fax documents from their e-mail system or our browser-based client! Register for our 30-day evaluation CD-ROM at:
http://lists.sqlmag.com/cgi-bin3/flo?y=eL5l0DjZYg0BRZ01p80AZ
or call 800-329-2225, email [email protected]

5. RESOURCES

SQL Server has steadily gained market share since the release of SQL Server 7.0 in 1998. SQL Server Magazine Senior Technical Editor Michael Otey lists seven facts that illustrate the database product's growth in his SQL Seven column "SQL Server in the Fast Lane," which appears in the June 2002 issue of SQL Server Magazine and is available online at the following URL:
http://www.sqlmag.com/articles/index.cfm?articleid=24674

Nil's SQL Server 7.0 machine is rebooting automatically when it reaches a certain RAM utilization threshold. Offer your advice and read other users' suggestions on the SQL Server Magazine forums at the following URL:
http://www.sqlmag.com/forums/messageview.cfm?catid=3&threadid=6313

(contributed by the Microsoft SQL Server development team)

Q. Periodically, when I try to open a database, I get the error message "Log file is full. Cannot open database." After I truncate the transaction log, I can open the database. The problem occurs with some databases and not others. Why is this happening?

A. You receive this error message because your database has been set up to retain transaction-log records until you back them up. Microsoft strongly recommends that you set up transaction-log retention on production systems because it provides maximum data protection. To back up the log file, use the BACKUP LOG command, then store these backup files on tape or on another server. Combined with the database backup, these transaction-log files will let you restore your database in the event of hardware or software failure.

If you want to turn off transaction-log backup and restore for SQL Server 7.0, in Enterprise Manager, navigate to the database you want to change. Right-click the database, select Properties, then on the Options tab, select the "Truncate Log on Checkpoint" option. For SQL Server 2000, in the Properties window's Options tab, select the "Simple recovery" model. Note that although you're truncating the log, uncommitted transactions will still be logged in the transaction log because you can't completely turn off transaction logging; it's an essential part of SQL Server's data-integrity scheme.

Send your technical questions to [email protected].

6. NEW AND IMPROVED

(contributed by Carolyn Mascarenas, [email protected])

NetIQ and Lumigent Technologies announced a licensing partnership that will let NetIQ deliver RecoveryManager for SQL Server, which is based on Lumingent's Log Explorer software, into the NetIQ SQL Management Suite. As part of the NetIQ SQL Management Suite, RecoveryManager for SQL Server uses the SQL Server transaction log to audit database activity. You can recover data online and salvage data when traditional recovery techniques fail. For pricing, contact NetIQ at 408-856-3000.
http://www.netiq.com

TNT Software announced ELM Enterprise Manager 3.0, software that lets you monitor and manage the performance and status of distributed systems. The new release features query-based monitoring of SQL Server, event monitoring, event collection and consolidation, performance monitoring, data collection, service and process monitoring, log-file monitoring, enhanced cluster monitoring, Exchange Server monitoring, and TCP port monitoring. ELM Enterprise Manager costs $395. Contact TNT Software at 360-546-0878.
http://www.tntsoftware.com

7. CONTACT US

Here's how to reach us with your comments and questions:

(please mention the newsletter name in the subject line)

SQL Server Magazine UPDATE is brought to you by SQL Server Magazine,the only magazine completely devoted to helping developers and DBAs master new and emerging SQL Server technologies and issues. Subscribe today.
http://www.sqlmag.com/sub.cfm?code=ssei211x1y

Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
http://www.winnetmag.net/email