The PASS Summit 2018 is quickly approaching. Every year the PASS Summit has lots of new attendees, and the PASS Summit is large and can be intimidating for a new attendee that’s never been to the PASS Summit before. Because of this, I’m presenting the annual PASS Summit Attendee Orientation.
This webcast will be full of great information that you’ll want to know in order to get around the PASS Summit and the city of Seattle in general. Attendance is a must for the new attendee while returning attendees will find the information that I’m presenting useful as well.
So get signed up, and I’ll see you on the 2nd.
Another excellent PASS Summit is almost here. And with the PASS Summit comes the SQL Karaoke party. And once again DCAC is hosting this great event which will let us all ring in the PASS Summit in style. We have two fabulous sponsors for the event this year, with our great friends at SentryOne and SIOS sponsoring the event.
Just like in years past, this is the PASS Summit party you don’t want to miss. We’ll have the live band playing all your favorite tunes for you to sing to, soda, beer, wine and well drinks for those with a wristband and a cash bar for those that don’t get a wristband.
The party starts at 9:30 pm and rocks until 1:30 am giving you plenty of time for a nap before the keynote begins on Wednesday.
Be sure to bring your Eventbrite ticket to the door to get your wristband, as well as Photo ID (drivers license or Passport) to get to get into the bar). And come and have a great time.
The PASS Summit Summit code of conduct will be in effect at this event.
You’ll find the link to the party here, so get registered.
Just like in prior years, you should register for EITHER the cash bar or the open bar. The open bar includes beer, wine, and well drinks. For the cash bar, you’ll be paying for your drinks. So get signed up, and we’ll see you at the party.
Recently on Twitter I saw a question about what index maintenance you should be doing on your ColumnStore Indexes when it comes to maintenance. As I looked through DCAC’s blog posts I realized that none of us had blogged about this topic before.
The reason for this is pretty basic, there’s really nothing to do when it comes to maintenance on a ColumnStore index.
Normally we do maintenance on indexes to reduce fragmentation, but there’s no fragmentation on ColumnStore indexes as the data isn’t stored on the table in a sort order. Data pages that aren’t needed anymore are removed automatically (the same with dictionary pages). The other big thing that index maintenance does, it update statistics on indexes. Well, there are no statistics on ColumnStore indexes, so there are no statistics to maintain. Why aren’t their statistics? Because every operation is a scan of a ColumnStore index. Since everything is a scan, there’s no need for statistics.
I admit it, I still use SQL Profiler. I always have, and I will for the foreseeable future. My reasons are pretty simple.
- When it comes to troubleshooting I can spin up a Profiler session must faster than an Extended Events session.
- Usually, I’m troubleshooting something as a one-off. So having my session isn’t really something I care about.
- I usually can’t bring scripts into my client’s servers to setup Extended Events, so I have to go create everything manually. (See #1)
- Done correctly with filtering, there’s no risk of a production outage using Profiler.
- If I could bring in scripts to set up an Extended Events session (see #3) I’d have to modify the session which I can do faster in profiler than in Extended Events.
Should you be using Extended Events? Probably. Odds are you got a full-time job somewhere, so extended events sessions are going to make more sense for you as you can run them against your servers and easily jump on and see what the server is doing.
What would it take get me to use Extended Event sessions instead of Profiler? Speed. Whatever GUI Microsoft creates for Extended Events needs to be just as responsive as the Profiler GUI, and the data that is returned needs to be returned by Extended Events just as quickly as data is returned from Profiler.
If you’ve been thinking about submitting for the PASS Summit 2018 Speaker Idol, but you aren’t sure that it’s for you, we can solve that problem. On
August 30th, 2018 at 1600 UTC (4 pm) join myself, Karen Lopez, and Joey D’Antoni at the PASS Professional Development Virtual Chapter as we talk about Speaker Idol at the PASS summit. You can register for the session on the PASS Professional Development VC website. We look forward to seeing everyone at the webcast.
While yes, the PASS Summit is a few months away still, the window for submitting for the PASS Summit 2018 Speaker Idol competition is starting to close. As I announced in June all entries to this years speaker idol need to be submitted by September 8th, 2018. That’s just a little over a month away. This give me time to review the submissions, notify the contestents, have a call with them, and give them time to make their presentation for the PASS Summit.
If you’re an aspiring presenter who’s looking to learn from some of the best presenters out there, then this is for you and you need to sign up.
Azure and the load balancers can be annoying little things. Especially when you are doing maintenance on your Azure environment, or setting it up for the first time. One of the quirks you may run into is that if you leave an Azure Load Balancer sitting for to long with no machines behind it, you may find that the load balancer itself just stops working.
Thankfully fixing this is actually pretty straight forward. Simply delete the load balancer from Azure and recreate it. Now you may be worried about dropping the IP address that it’s configured with, and don’t worry, you don’t have to. If it’s an Internal Load Balancer (for a failover cluster or a SQL Availability Group for example) then it’s just a private IP and you can just reassign the same IP when you recreate it. If it’s a public IP, you don’t need to drop the public IP address object from Azure, which means that the public IP address will stay right where it is. You can just reuse the same IP address object and you’re good to go.
It’s an easy fix to an annoying problem. For internal load banacers (ones with private IP addresses) they can be really hard to troubleshoot as there’s next to no logging done on an internal load balancer.
A really great feature in Azure SQL DB went GA today. That feature gives you and SQL DB the ability to automatically fail databases over to a Secondary replia, without having to configure your application to handle that failover. You point your application at a VIP and that VIP will automatically handle failover of the resource.
Say for example you have a database in US West named db1-west.database.windows.net and the DR copy of it in US East named db1-east.database.windows.net. This feature lets you create the VIP db1-vip.database.windows.net which automatically points to whichever database is currently active. In the event of a failover of US West, the VIP is going to failover to the database in US East, the database in US East become writable and when the US West is back up, the data will sync back.
Another cool thing which this feature does is something that most features won’t do, it’ll trigger a failover that allows for data loss. Now, this normally would be a very dangerous thing, but the Azure team has come up with a safe way of doing it. When you figure the service to do the failover, you decide how long you want to wait for there to be no data loss. If you want the system back up as soon as it allows for, select the smallest number, otherwise select a larger number. This allows you, and the business unit that you support, to decide what level of protection you want to have built into the system.
If you are thinking about moving to PaaS, not being able to have a DR option may have been stopping you. This is no longer a blocking point, you now have an easy to configure DR, that you can manually failover is need be. If you’re thinking of moving to Azure, DCAC can help to plan and execute that migration. Contact us today, to schedule a meeting to discuss if the cloud is right for you.
Setting up Transparent Data Encryption, or Backup Encryption, or basically anything else where you need to restore a certificate to another SQL Server instance can get tricky as soon as you run the instances under different service accounts. The problem that people will usually run into is that all the example code assumes that all the instances are running under the same service account, but this isn’t always the case in the real world. So let’s review the code that Nic posted to Stack Exchange earlier today.
/* Server 1 */
/* Create the master key */
CREATE MASTER KEY ENCRYPTION BY PASSWORD = ‘SomeRandomSecureString’;
/* Create the certificate to be used for backups */
CREATE CERTIFICATE BackupCert
WITH SUBJECT = ‘Backup Encryption Certificate’;
/* Backup the master key */
BACKUP MASTER KEY TO FILE = ‘\\FileShare\DatabaseMasterKey_Master.key’
ENCRYPTION BY PASSWORD = ‘SomeRandomPwd’;
BACKUP CERTIFICATE BackupCert TO FILE = ‘\\FileShare\BackupCert.cer’
WITH PRIVATE KEY (FILE = ‘\\FileShareBackupCert.pvk’,
ENCRYPTION BY PASSWORD = ‘RandomEncryptionPwd’);
/* Server 2 */
/* Create master key */
CREATE MASTER KEY ENCRYPTION BY PASSWORD = ‘SomeRandomSecureString’;
/* Restore the cert */
CREATE CERTIFICATE BackupCert FROM FILE = ‘\\FileShare\BackupCert.cer’
WITH PRIVATE KEY (FILE = ‘\\FileShare\BackupCert.pvk’,
DECRYPTION BY PASSWORD = ‘RandomEncryptionPwd’);
–Msg 15208, Level 16, State 6, Line 32
–The certificate, asymmetric key, or private key file is not valid or does not exist; or you do not have permissions for it.
/* Try restoring the master key instead */
DROP MASTER KEY;
RESTORE MASTER KEY FROM FILE = ‘\\FileShare\DatabaseMasterKey_Master.key’
DECRYPTION BY PASSWORD = ‘RandomEncryptionPwd’
ENCRYPTION BY PASSWORD = ‘RandomEncryptionPwd’;
–Msg 15317, Level 16, State 2, Line 39
–The master key file does not exist or has invalid format.
Now as we can see, the creation of the certificate failed, but only when running each server under its own service account. The question becomes why.
The answer is depressingly simple, NTFS permissions. By default SQL Server will make it so that the backup of the certificate is only available to the account that is running the instance that creates the certificate backup. So if you need to restore the certificate using the CREATE CERTIFICATE syntax shown in the example you’ll get an error. If you change the permissions so that the second SQL Account can read the certificate backup file you created then the restore will work.
The abstract from the PASS website:
With increased focus on data breaches, security issues, and privacy laws, organizations are feeling greater pressure to provide sufficient data protection. GDPR brings substantial fines and potentially criminal prosecution. Are you ready? Are your database systems ready?
During this full day Precon, we will review a variety of ways to secure your SQL Server databases and data from attack. In this session, we will review proper network designs, recommended firewall configurations, and physical security options. We will also review data encryption options, password protection options, using contained databases, and Always On Availability Groups security.
There will also be discussions about additional measures which should be taken when working with Internet-facing applications. From there we will move to the most common attack vector: SQL Injection. We will include all the ways that attackers can use SQL Injection to get into your system and how to protect against it. The security options for database backups is the next topic on the list followed by proper SAN security designs. We will then finish up by reviewing the auditing options which are available against a database and how they can be used to monitor everything else which we’ve just talked about during the day.
There are no prerequisites to attend the precon, so anyone can attend, no matter their experience level with SQL Server (some experience with SQL Server would be helpful).
There are already 100 seats sold, but the room will hold plenty of more people, so there are still seats available. However don’t wait too long, as you could end up waiting for the pre-cons to be completely sold out. So book now, while there are still seats available.
I’ll see you at the PASS Summit,