SQL Server with Mr. Denny

December 18, 2018  9:01 PM

View a website, make a donation

Denny Cherry Denny Cherry Profile: Denny Cherry

Tis the season and Denny Cherry & Associates Consulting has a quick way for you to make a difference. All you have to do, is click through to our donation webpage, and that’s it.  For clicking through, DCAC will donate $1 to Elizabeth Glaser Pediatric AIDS Foundation.

Every dollar accessed by your participation matters. Having assisted 27 million pregnant women at more than 5,000 clinics in 19 African countries, The Elizabeth Glaser Pediatric AIDS Foundation continues to seek an end to global pediatric HIV/AIDS through prevention and treatment programs, research, and advocacy.

Want to DONATE MORE? EXCELLENT! We’re matching funds! Click through here to donate to EGPAF!


December 17, 2018  4:00 PM

IO Performance in Windows 2016

Denny Cherry Denny Cherry Profile: Denny Cherry

If you’re using Windows 2016 in, its default config you may not get getting the IO performance that you were expecting. If you try a Windows 2012 server, the problem magically goes away. The question is why.

The answer is shockingly straightforward, Windows 2016 ships with Windows Defender installed by default, where Windows 2012 R2 didn’t.  Windows Defender, if not disabled by GPO can have a significant impact on your server.  On a client machine in Azure that was having the issue, DiskSpd on a disk which should have 7500 IOPs available was getting just 1100.  The same applied to a stripe of 1TB disks which should have given us 20,000 IOPs was also seeing only 1100 IOPs. As soon as we disabled Windows Defender, we got the speed we were expecting.

Now I’m not going to recommend that you disable Windows Defender automatically, but you’ll want to set exclusions for it to ignore MDF and LDF files as well as BAK files (and any folders that you’re using for FILESTREAM data) so that Windows Defender it’s making your SQL Servers extremely slow.


December 10, 2018  4:00 PM

Moving VMs in Azure with Managed Disks Between Resource Groups

Denny Cherry Denny Cherry Profile: Denny Cherry

Azure is a great platform to use, and the new Managed Disks are fantastic as you just need to set it and forget it.  However, if you run into the problem Cloudflare being the cloudthat I can recently with moving the VM from one resource group to another, you’ll run into a stumbling block pretty fast.  I hit this because I put a VM in the wrong resource group, then the customer installed a bunch of software of the VM, then I went to move it to another resource group.  That’s when I got the lovely error that said “Operation ‘move’ is not supported on Resource ‘MyVM’ with managed disks. (Code: BadRequest)”.

This error was a bit of a problem as I didn’t want to blow away the VM.  I had to turn on a couple of Azure features in PowerShell (eventually you won’t have to do this, maybe you don’t have to do this already) and I was able to move the VM without issue.  After running the following commands (and using Get-AzureRmProviderFeature to wait for the feature to be registered), the move worked.

Register-AzureRmProviderFeature -FeatureName ManagedResourcesMove -ProviderNamespace Microsoft.Compute

Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Compute

At this point, I was able to move the VM and all it’s resources to the correct resource group using either PowerShell or the Azure Portal (I assume CLI worked as well, but I didn’t need to do more testing).


December 3, 2018  4:00 PM

Who should own your SQL Agent jobs?

Denny Cherry Denny Cherry Profile: Denny Cherry

There’s been a lot of discussions recently about SQL Agent jobs, proxy accounts, and job ownership. I wanted to try and clarify some of the myths out there, including job ownership and permissions.

The owner of a job is the context of the account, that the SQL Agent Job runs as. This account by default will be the user that creates this job. Normal application level jobs can have this be changed to an application level account, or another non-privileged login which has permissions inside SQ: Server to do the work that it needs to do. ]

The account that SQL Server Agents runs as must have sysadmin rights within the SQL Server Instance otherwise the SQL Server Agent will not be able to run. Also maintenance jobs that rebuild indexes or update statistics are going to need to have at least Database Owner rights within the databases, if not sysadmin rights within the instance.

Jobs for things like Replication and CDC should generally be left alone with sysadmin rights as that’s what they are going to need to function.

Jobs that are created by your application should run with whatever permissions that they need to function.

If you want (or need) to run job steps, where each job step executes as it’s own account, then proxy agents are going to be the way to you. You configure Proxy Accounts per job step in SQL Agent, so you can create different proxies for each job step if you want/have to. These proxy accounts can have whatever permissions the job needs to complete the task at hand. If a job step needs sysadmin rights to complete then you can create a SQL Server proxy for that step, if a job step needs minimal rights for the job step to run, then you can safely grant the proxy just the permissions that it needs.

If you want to give more into the security of SQL Server than I’d highly recommned that you look over a copy of my book, Securing SQL Server and check out my precon at the PASS Summit in 2018.


November 26, 2018  4:00 PM

Think a Kubernetes Cluster is to Expensive to Build?

Denny Cherry Denny Cherry Profile: Denny Cherry

Some of the complaints that I hear about building a new Kubernetes (K8) cluster is that a Cluster for testing out K8 is too expensive for companies to spin up. In the modern days, that just isn’t true. DCAC was able to build our brand new K8 customer lab for about $2,000 all in. Granted our cluster is a smaller two-node cluster, and there are only 128 Gigs of RAM per server (we’ll increase this if we need to). But this is a big enough cluster to show clients how K8 can be helpful to them and work on scripts for clients (and to publish online).

Is K8 running SQL Server that all DBAs should be able to test out to see if this is where they’re company should be going in the future? Yes for sure.

Is this something that’s too expensive for companies to try out? No, not at all. If your employer has a couple of thousand dollars for hardware, you can make a test lab happen. Even if the equipment gets thrown away six months later, it’s worth the small expense.

Needless to say, our lab for us to test out customer ideas is growing again.


November 19, 2018  4:00 PM

How to get the Best Performance from Azure SQL Database Managed Instance

Denny Cherry Denny Cherry Profile: Denny Cherry

IO performance for your Managed Instance may not be what you were expecting. Typically when we create databases, especially when working in the cloud, we create the databases pretty small. However, this can be a problem with Azure SQL Database Managed Instance.  The performance that’s assigned to your databases which are hosed in Managed Instance will depend on the size of the database when you first create the database.  This means that you’ll want to create the database at the largest size possible (1TB currently) to get the best possible performance from your managed instance environment.



November 12, 2018  4:00 PM

Thoughts on Microsoft Ignite and the PASS Summit being on the same week

Denny Cherry Denny Cherry Profile: Denny Cherry

Having the PASS Summit 2019 and Microsoft Ignite both on the same week will be a very interesting problem, to say the least.

From an attendee perspective, there isn’t a lot of crossover between the two conferences. Some people are able to attend both events, but for the most part, there is going to be minimal crossover between the two events.

From a speaker perspective, there is some overlap between the PASS Summit and Microsoft Ignite, because only a few speakers are selected to present at the Microsoft Ignite conference.

From a sponsor and exhibitor perspective, things are going to get a little more interesting.  There is a decent amount of crossover between the vendors when they have a booth at the conferences.  Vendors will probably end up having to pick an event to sponsor and have their teams attend.

This choice is where things will get interesting. While the PASS Summit is about DBAs and Developers, the Microsoft Ignite conference is about everyone in IT, including senior management. This most significant part of IT that Microsoft Ignite focuses on is the fact that IT management has the budget to buy tools. While DBAs and Developers are the ones that have to use tools, management has to decide if they should buy the tool, higher the consultant, etc.

The fact that senior management attends Microsoft Ignite and typically doesn’t attend the PASS Summit is going to be a challenge for the PASS Summit when it comes to attracting vendors and sponsors. One of the things that differentiate members of management from DBAs and developers is that management can spend money on tools, consulting, etc. This means that vendors that are deciding between going to the PASS Summit to talk to DBAs and Developers and going to Microsoft Ignite to speak to senior management are going to have a decision to make.

Given that DBAs and Developers typically can’t spend money (or they can’t spend much money) where members of management have much more money to spend. From a pure business perspective, going to the PASS Summit may end up being a hard decision for companies and people that typically go to both events.


November 5, 2018  4:00 PM

Is Azure SQL Database Managed Instance the Right Solution?

Denny Cherry Denny Cherry Profile: Denny Cherry

Maybe. Is the software that you’re trying to move to Microsoft’s Azure require the use of a SQL Server instance so that you can create jobs, logins, and do


Things like cross-server queries? Are you trying to avoid adding more Virtual Machines (VMs) to be managed in your environment (and a SQL Server Failover Cluster or Availability Group)? If the answer to these questions is “yes” then Managed Instance might not be the right solution for you.

Now granted, you may need to wait until the Performance Tier of Managed Instance is available as the General Purpose tier may not have the power to run the application that you need to set up. If CPU and memory is the only problem that you’re running across than merely waiting is all that you have to do.

Managed Instance is like everything else in Azure, it may or may not be the correct solution to solve the problem at hand, but it might be.


October 29, 2018  4:00 PM


Denny Cherry Denny Cherry Profile: Denny Cherry

As a consultant, my clients must be able to trust me with confidential data. If my clients can’t trust me, then my business is gone. I sign contracts will all of my clients, which nearly always include non-disclosure agreements. But those NDAs simply say that I wouldn’t do something and if I do then my client’s get $X from me.https://www.flickr.com/photos/59632563@N04/6239670686/in

But what if these contracts don’t exist for some reason? Maybe I’m at a conference, and someone asks me to look over their shoulder and give my opinion on an error message they receive. Legally I can talk about anything I see, and there’s no redress that the company would have because I have no contracts with them. However, I wouldn’t tell anyone about what I saw on your laptop screen, whether I have a contract with a company or not, because that’s the kind of person or consultant that I am.

Bringing in a consultant that has shared confidential information, even if they weren’t the one that originally saw the confidential information, would worry me a lot. What’s to say that they wouldn’t share your confidential information? Would your contract and/or non-disclosure agreement be enough to make sure that they don’t share your confidential information? What would you do at that point to ensure that your confidential information stayed confidential?

Having a consultant that would share your private data, even if they don’t have a contract to protect that data, probably isn’t someone that you want to keep around as your consultant.

Something to think about.


October 22, 2018  4:00 PM

What you should be doing to move into consulting

Denny Cherry Denny Cherry Profile: Denny Cherry

Making the jump from being an employee somewhere to being an independent consultant is a massive change for someone to make. And most of us that have made this jump have had to do it blindly trying to figure it out along the way.  My goal of this post is to go through the business stuff that I went through setting up a consulting company so that others that are following in my path don’t need to hit any speedbumps on this transition.

Before I start, keep in mind that I’m not a lawyer or an accountant. Anything you see here should be checked with a lawyer to see if these are the laws in your area and to ensure that you follow your local tax law and any laws in place.

Do I need a company?

Technically no.  You can consult under your name instead of creating an actual company.  However many clients may be leery of signing up a consultant that isn’t a company. A company can also provide you with a tax and lawsuit shield. With a company, your clients are signing your company to do work for it, and you are just an employee of the company. If something goes wrong, the client needs someone to sue.  When you have a company, they sue the company; if you don’t have a company, then they sue you. Without the company there you risk your home, your spouse’s earnings, etc. Unless you set up a company, you also can’t set up a business checking account, or have employees, etc.

With a company, there could be tax implications involved as there are multiple ways of filing taxes (I’m focusing on America here).  One option is to file your company profits and looses against the personal taxes. The other option is to file your company profiles and losses separately on the companies own taxes. There are pros and cons to each method depending on how much profit you make each year, and if you want that on your personal taxes or not.  The one thing to remember about business taxes which are few differences from personal taxes, companies are only taxes on the profit the earned by the end of the year, where people are taxes are the revenue earning throughout the year.

Setting up a company

If you decide to set up a company, then you can either set it up yourself or use a service to set up the company. I know that when I setup DCAC I used LegalZoom (they may not be able to do paperwork in your state or country, check with them) to do the paperwork and set everything up for me.  You can do all the paperwork your self, but it’s much easier to let them do it, then they can send you the final paperwork for a signature, and you send it to the state.

In the US, once the paperwork is approved by the state, you’ll need to register with the IRS as well. If you’re using LegalZoom they’ll do this for you; otherwise, you’ll need to do this yourself. You need to do this so you can pay taxes on profits, get insurance, get clients, etc. So all this needs to be finished before you sign contracts.

If you don’t go the company route, you can set up a company later when it makes sense. However, your clients will need to sign new contracts as their original contract is with you, not the company.

Do I have to have insurance? What insurance do I need?

Again, technically no you don’t have to have insurance. But you’re crazy not to.  At the minimum, you’ll want what’s called E&O Insurance which stands for Errors and Omissions insurance. E&O insurance covers you if you screw up at a customer and the customer loses money because of it. Depending on what you do this insurance can be pretty cheap to purchase.  You’ll also want a General Liability policy (or a Business Owners policy which will include your GL polity), especially if you go onsite. A General Liability policy will cover you if someone trips over your laptop bag while at the client’s office (check your policy terms).  You’ll probably want a couple of million dollars for the payout for each policy. Some clients will wish to have specific amounts and specific riders so that you may be making changes to these based on client need.

If you have to drive to the client’s office, you may need to have a rider on your car insurance. You may need workers comp insurance (even though as the owner of the company you can’t use it).  All of these requirements will depend on your state and country, so some research on what will be needed in your area is key here.

Invoicing People

If everything goes according to plan, you’ll need to invoice clients after each project, or monthly whatever your agreement with them is.  You can do this in Excel, or Google Sheets, etc. but I wouldn’t recommend it.  All of the online tools for managing clients are pretty horrible, but QuickBooks is pretty usable and pretty cheap. It will let you send out invoices to clients, and more importantly, spit out the reports at the end of the year that you need for taxes.  The biggest deciding factor about what tool you use to record money in and out (that’s what invoices are after all) is what does your account what you to use.  Use that.

Tracking your time

You’ll need some way to track time so you can bill clients. QuickBooks includes a time tracking option if you use the expensive version of it (at least there were two versions when I signed up).  This can be good, but costly if you hire people to work for you as you have to pay for each employee to access the QuickBooks site.  There’s a couple of WordPress plugins that will do this for free.  When I started doing IT Consulting, there weren’t any available, so I wrote my own, which you can find here.  The nice thing about WordPress plugins is that they are free (they may cost money if you are using a paid plugin) where QuickBooks, or SharePoint apps, etc. all cost money.

Email and Calendering

You’ll want some sort of business email and calendaring solution.  Google offers a pretty good email solution, but their Calendering solution is a joke.  Meeting requests aren’t quite right, and there’s no integration to Outlook.  Most clients have Exchange (or Office 365) because it gives your Enterprise-class email services without having to manage everything yourself.  I know that DCAC used Google for a while when we started, but we moved from Google to Office 365 pretty quickly, and we’ve been happy on Office 365 and never looked back.

Do I need to hire a lawyer

Yes, end of story.

Your lawyer is worth their weight in gold. You’ll want a lawyer to review your contracts before you and the client sign them. Your insurance will probably require that a lawyer reviews deals before they are approved.  You can also bring anything that you need to, to the lawyer to make sure that everything is done legally.  Keep in mind that you’re probably paying the lawyer by the hour, so only take what makes sense to them.

Do I need to hire an accountant

Probably. The first year or two you can probably do your taxes, but it’s not worth the headache. Assuming you’re using QuickBooks (or whatever they prefer), you shouldn’t need very much of their time each year to do your taxes. You’ll need to review everything that you’ve spend and earned to ensure that it’s in the correct category for the accountant before they can begin their work.  Some accounts will be a reseller of your accounting package; this can save you a decent percentage on the accounting package you have to pay them each month instead of the accounting company.

Signing documents on the road

You’ll want some way to digitally sign documents, send tax forms to clients, etc. We use DocuSign for all those features, but there are other options out there.  These sound like something you don’t need, but you’d be amazed by the amount of paperwork that piles up and this way you don’t have to bother signing anything as everything is online.

Personally, I can tell you that it’s been years since I’ve had to actually print and sign a contract or SOW for a client.

Do I need another bank account?

If you set up a company (see above) then yes. You can’t deposit company many into your personal checking account, so you have to set up a business checking account. That said, business checking accounts will cost you money every month, and you may need to have your business accounts at a different bank than your personal accounts. Some banks are better for personal accounts, and others are better for business accounts.  DCAC, for example, has our business accounts at Bank of America as they are primarily a business bank. They offer the company a nice set of features for what the account costs and they have pretty reasonably priced payroll services for everyone.  You’ll probably want the payroll services they offer as they handle all the taxes, direct depositing the payroll into your personal account, and should connect to your invoicing system so the cost of having an employee (you) can be listed as an expense correctly.  Your account (see above) may offer payroll services, so check with them on this as well.

Should I set up a website and marketing?

You’ll want to set up a website.  Someone to help you with marketing is probably something that can wait.  You’ll want a domain name that it short and memorable, that’s why we want with dcac.co. It’s short, and the website name is the companies initials.

Your primary method of advertising at the beginning will be your blog. Make sure that you blog regularly so that people always remember who you are.  If you decide you use graphics in your blog posts, make sure that you have a license to use the images.  There are lots of ways to get a license to use images.  There are services with flat out sell images that you can use, or you can use a free service like Flickr, make sure that you only use images with are available for commercial use. The last thing you need is a lawsuit for using images you shouldn’t be using.

I think this is everything

I think I covered all the stuff that I went through setting up DCAC back in the day.  I’ve seen several people who have made the jump recently into consulting without thinking about some or all of these items, and that’s a decision that could bite them later (but I hope that it doesn’t).  If I think of other things, I’ll update the post or post again. If you have stuff I have forgotten, put it in the comments below.



Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: