Insufficient data from Andrew Fryer

The place where I page to when my brain is full up of stuff about the Microsoft platform

October, 2009

  • Server Core in Windows Server 2008 R2 – part 2

    Server Core is lean and mean but what can it be used for aside from sitting behind your infrastructure? The biggest new thing is IIS, specifically  server core can now support asp.net websites. I think this is really useful as web servers need to be secure and increasingly highly available.

    Server core and IIS 7.5 (the version that ships with Windows Server 2008 R2) do this by having a very small surface area, which needs to be patched left often, and provides less to attack. I did notice that there isn’t too much out there on what’s new in IIS7.5  but I will leave that for another post.

    However I do have a video showing IIS 7.5 running on core ..

    BTW the SQL Server 2008 database engine will also run on server core as does the current beta (CTP2) of R2, but this is not going to be supported, which I think is a great shame as it would get the same benefits and possibly run even faster.

  • Think U Know

    Reading today’s Sun, you might well be worried if your kids are on FaceBook, but taking their laptop away is probably not going to be the correct response, as they’ll simply find another way to get online which is less under your control than what they are doing now e.g. using their phone, a mates laptop or an internet cafe.

    I can say this with some confidence despite having no children of my own, as I have just spent the day learning how to be a volunteer trainer for the Child Exploitation and Online Protection (CEOP) Centre. 

    If you can spare a minute at this point watch this CEOP authorised video..

    Although CEOP is a government body (affiliated to the Serious Organised Crime Agency – SOCA) it also has an industry partnership involving Visa, O2 and Microsoft among others.  We get to help in a number of ways including training as many children as possible to be able to be safe on line.

    This is all about making sure children can have fun using the internet, have control of their online personas, and know what to do to report any abuse such as clicking on this logo..

    image

    e.g. Windows Live Messenger.

    image

    and Facebook,  and many other sites. 

    There is a public web site where you can find out more, ThinkUKnow which you can point your kids to and learn a little more yourself.

    The other thing you can do is ensure your kids get this training at school by asking the school to lay this on. They will have a CEOPS nominated teacher who can arrange this, and then a volunteer like me comes in to do this. BTW we all have to go through the whole criminal record check process just as anyone does who works with children. 

    Separately Microsoft also has volunteers to run similar sessions for parents which also encompasses the issues around cyber-bullying and if that’s of interest to you please get back to me.

    To wrap up the internet is a force for good, it should be fun for you and your children, which IMO means that what you do on line should be the same as what you do off line.

  • Windows 7 Press

    I love reading real books and I love radio 4, but I don’t do newspapers or television, this is isn’t baby boomer bias, I am big into social media or you wouldn’t be reading this. 

    If you saw windows on the BBC last week the journalist couldn’t wait to show you something else and the Metro and Telegraph advised you to wait.

    So who’s right? well If the BBC is correct and so is the press then it’s all your fault, and let me explain why.  You know all those annoying send feedback and comments messages you see from Microsoft well it goes somewhere, so those people you see in the TV adverts on Windows 7 those were just a few  of the people whose suggestions got built into Windows 7. 

    Also the amazing buzz around windows 7 isn’t some massive bot program, or Microsoft paying people to queue up and buy windows 7, it was you.  For example the twitter sphere and even the Register were massively of the “installed it , “liked it” etc. sort of thing and the odd reactionary was usually flamed instantaneously by his peers.

    So who’s right you, or the press and TV? – only time and having used Windows 7 for a year now I would say it would be you.

    Finally if you have been using the Windows 7 beta (RC) , I would say there are a couple of issues with it , for example I noticed that HomeGroups wasn’t completely implemented, and so you should move away from it to the proper (RTM) version. 

  • Windows 7 – it’s here

    Windows 7 is released today, but I feel a bit detached from the buzz in the social cloud about this, having played with for it nearly a year.

    However a couple of things happened recently that made me remember what life was like before windows 7.  I was in a well known burger bar  and my windows 7 laptop saw the free wi-fi and advised me that I would need to enter additional information and gave me an option to go to that page straight from the wifi icon on the taskbar.  So I am on-line,  unlike the charming Norwegian girl sitting next to me struggling away in XP. 

    I naturally offered to help  and finally got round the problem by using the native connectivity rather than the tool that came with her laptop, but it was a struggle (even allowing for the Norwegian dialog boxes).

    My second epiphany came when I need to print an airline ticket to go to Edinburgh earlier in the week.  My home printer is attached to my gaming rig which is also running windows 7 and has a HomeGroup setup on it. HomeGroups in windows 7 allow simple sharing of resources based on one password.  The clever bit is that my domain joined office laptop can see the HomeGroup resources but my home computers can’t see the office laptop. 

    BTW If you want to see this in action I have made a 4 minute video of it..

    as part of my YinYang series on Windows 7 and Windows Server 2008 R2.

    What I also like about this little feature is that not many of my colleagues know about it which usually leads to  a “yeah that’s good,  but have you seen this..” conversation and so we all learn from each other.

    I could go on all day about  this stuff, but my advice to you is to have a play with windows 7 from your TechNet subscription, if you haven’t already.  There is also 90 day time-bombed copy here if you don’t have a TechNet subscription, but read the “read me” before you use it and I would recommend using a virtual machine if you’re using that.

     

     

     

    Technorati Tags: ,,,
  • Virtualisation for the DBA part 4 – Licensing and Support

    To wrap up this mini-series on virtualisation, I wanted to clarify the support and licensing stuff you need to know if you want to Virtualise.

    The support is really simple, Microsoft support virtual machines just as though they are real environments.  The interesting bit is that this isn’t specific to Hyper-V, it also applies to various versions of Vmware ESX  and vSphere,  Citrix Xen plus various other products listed in the Server Virtualisation Validation Program (SVVP). 

    One thing to bear in mind here is that SQL Server 2000 and other products are in extended support or not supported now and the virtualisation doesn’t change that, so don’t expect too much help if you’re planning to run SQL Server 1.1. on OS/2 (although it works!).

    The licensing is also remarkably straightforward. If you are using any edition except standard edition then you license the virtual machine as though it were a physical machine where virtual processors count as processors.  However if you you enterprise edition then you simply license the physical machine and then you are good to run as many virtual machines or instances on it as you wish each with a copy of SQL Server enterprise on it. Two things to note:

    • This applies to SQL server 2005 sp2 and later
    • It doesn’t matter what virtualisation technology you’re using

    To get the definitive word on licensing in a virtual world form whihc you can be quoted on go here.

    Hopefully you know understand the pressure being put on you to virtualise and have the resources to make this as painless as possible or push back if it isn’t going to work for certain workloads under your control. If not you have my contact details!

  • Virtualisation for the DBA part 3 – SQL Server Performance

    As I have said already in this series the major concern most DBA’s have when virtualising SQL Server is performance. I think this is actually a bit of myth for a number reasons:

    • Virtualisation just keeps getting better.  This is down to a partnership between the hardware and software industries. We have had a couple of generations of CPU from AMD & intel with specific support for virtualisation and Microsoft’s Hyper-v virtualisation offering will only work on hardware with these CPU’s in.
    • Most Servers aren’t that busy.  Typically an average server in a data centre is only under 10-20% load most of the time, even if it is running SQL Server.
    • Performance is not properly measured.  In order for you to understand how much performance you are loosing in a virtual world you need to measure how well the system is performing now.  In older versions of SQL Server this either means you have invested money to buy 3rd party tools to do this or you have invested your time to write your own.

    There are several things in SQL Server 2008 to help with these issues:

    • Data Collection aka Performance Warehouse, allow you to quickly setup a pre-defined data warehouse on a designated SQL Server instance and then collect telemetry from other servers/instances at periodic intervals to see how they are performing via  a suite of custom reports ..

    image

    The clever thing about these reports is that they are all linked allowing you to drill down to a particular query that might be running slowly or blocking other queries. The really clever thing is that it only take about a dozen mouse click to set all this up and leave it running.  The only potential downside is that this only works and monitors on SQL Server 2008 instances.

    • Data Compression.  Given that the first thing that slows down a database is IO, compression can be useful in getting more data of the disk per read for a little bit of CPU overhead.  There are 2 parts to this one compresses the fixed width fields e.g. decimal, and the date and time data types and stores them so that they only take up the space used i.e. they behave like var(char) as opposed to char. You can then elect to further compress each page in a table filegroup etc. and this works by identifying recurring values and storing that in the header of the page and replacing it with a token for each value in the column.  One thing to note is that is an enterprise edition feature.

    As I have mentioned before how you use resources when virtualisation is also important, and the most important of these is disk usage…

    image

    Dynamic disks should only be used for dev work and for testing where performance is not being measured. Fixed disks perform nearly as well as pass-through disks (i.e. where the database itself is kept on a physical disk or LUN in a SAN).

    Although it might seem that Microsoft has vast resources at its disposal it is not immune to the current recession and nor did it get where it is today by wasting money, and so it has an ongoing project to virtualise SQL Server as part of its Green IT strategy (details here).

    So hopefully we can discount performance as a reason not to virtualise unless your demands exceed the capability of your virtual platform to support what you need. In the case of Hyper-V this would be 4 virtual processors (think of that as a four core cpu) and 64 Gb of memory (in Windows Server 2008 R2).

    For further reading on SQL Server performance on Hyper-V see this whitepaper from the SQL Customer Advisory Team (SQLCAT).

  • Virtualisation for the DBA part 1 - Are you Bovvered?

    image

     

    I have been at a couple of trade shows over the last couple of weeks and a consistent theme has emerged, the reluctance of DBA’s to virtualise SQL Server, whether or not that is Hyper-V.  If you fall into this camp please read-on…

    Hopefully we can agree that many organisations are worried about SQL server databases popping up on lots of servers and that this borne out of the need to:

    • optimise the licenses you need to buy
    • manage all of this
    • control access to this data  and possibly audit it

    The traditional method of consolidation for SQL Server has been to a two tiered approach:

    1. Try and co-locate databases on one installation of SQL Server.
    2. If this isn’t possible then run multiple instances of SQL Server on one machine.This allows you to:
    • Assign CPU and memory to each instance.
    • Further manage memory and CPU with windows resource manager (introduced in Windows Server 2003)
    • Isolate sysadmin privileges.
    • Run different versions of SQL Server alongside each other albeit on the same operating system.

    Virtualisation is simply an extension of this approach. It isolates the whole environment at the operating system level not only from other environments on the physical machine but also from the physical hardware itself.   This not only allows many lightly loaded servers to be combined onto one lump of tin, but also allows the movement of these to any server running virtualisation without changing them as required to balance load of for maintenance purposes.

    Typically this is initially done in the dev and test servers allowing complete production environments to be quickly created. However in most of the community events I go to 20-30% of the audience now have SQL Severs running in virtual machines in production.

    The primary reason many DBA’s object to virtualisation is the loss in performance they will suffer.  However many servers are only under 10-20% load so combing 3-6 of these onto one server is often possible.  Of course the virtualisation process (known as the hypervisor) must use some resource but this is typically only about 10%.

    Research and advice on how to get the most out of SQL server on Microsoft’s Hyper-V virtualisation platform is here which is basically:

    • Not to over commit CPU or memory. Below are some simple rules around processors in Hyper-V in Windows Server 2008 R2

    image

     

    • Use fixed or pass through hard disks i.e. NOT dynamically expanding disks. Pass through disks are simply a logical pointer to a LUN on a SAN or other storage so the database itself is still on a physical disk.
    • Remember to provision enough network bandwidth when you are consolidating physical machines

    BTW there is similar advice and guidance for this from Vmware here.

    So basically the flexibility and power of virtualisation comes at small (10%-ish ) cost which for pretty everyone else in the IT world is a price worth paying.  Of course you still  have to manage support and tune in this new world and I’ll cover that in my next post.

    Technorati Tags: ,
  • Virtualisation for the DBA part 2 – SQL Server Management

    Given the almost mandatory drive to server virtualisation in data centres, what do you need to worry about and what’s in SQL Server to help you?

    The biggest worry is probably  trying to manage everything, as typically many organisations simply create a virtual machine for every physical server they have and them lump them onto a fewer number of newer more powerful servers.  so you still have as many instances to look after as before.

    SQL Server 2008 introduced 3 new tools to help manage multiple instances of SQL Server:

    Central management Servers allow you to register servers and collect them into groups to use with T-SQL command and the other tools below:

    Policy Based Management (PBM) allows you to define a facet of SQL Server you want to manage, establish what condition you want it in, and then create a policy to encapsulate this and whether you or not you want to simply report on how things are now or to enforce that policy on the target servers (note not all conditions and facets can be enforced).  For example you could write a policy that check to see that all of your databases were backed up over the last week, or setup a policy to only allow stored procedures to be created if they have a usp_ prefix to annoy your developers. a final thing to note is that the best practice analyser in SQL Server 2008 is simply a set of polices which you can install, and a final final note is that

    Powershell. Powershell is built into Windows Server , Windows , exchange and SQL Server 2008 It’s batch files on steroids or more accurately a .net based scripting language. One of my standard demos is to use this to invoke a policy across a group of servers defined in a text file, put the results into another SQL Server table, and have a custom report to show the results. There is a good example of what is possible on Codeplex – the Enterprise Policy Management Framework..

    image

     

    The other good thing about what these tools can do is that you only need one installation of SQL Server 2008 to manage the other earlier version of SQL Server you may have, without having to use any other tools from Microsoft or anyone else. 

     

  • SQL Server Security

    Security should be everyone’s business,  but it’s often seen as someone else’s problem.  When it comes to SQL Server there are at least three parts to the puzzle:

    • The infrastructure guys will provide secure comms and accounts with which to access SQL Server.
    • The developers be they in house or  employed by the vendor you bought your app from will be using a secure development lifecycle (SDL) approach and their code will be proof against SQL injection (the business of putting extra code into a parameter passed to piece of dynamic SQL.
    • You the DBA  will have mad SQL Server as secure as possible.

     

    Sadly in many environments not all these pieces are put in place, except where there is some external pressure to do so e.g. in the public sector and in financial services.  For example at the session I did to the ISSA (Information Systems Security Association) last week several of the audience were very interested in the resources and guidance on how to make SQL Server compliant with the rules for working in the credit (payment) card industry (PCI).  They were also interested in the practical advice they could pass onto the developers and dbas they work with as virtually everyone in the room was running SQL Server.

    There is a  whitepaper on this on the SQL Server compliance micro-site as well as a web cast, and this site also addresses other industry guidance although is for American based companies.

    The rest of this site calls out the features in SQL Server 2008 related to security and compliance, which may well be familiar to you but not to the security guys you might be working with so you could do worse than point them to this. 

    Finally for the ISSA guys here are my slides now that I have re-edited the deck following the hard disk crash I had just before presenting!

     

  • Microsoft Security Essentials

    Microsoft’s new consumer orientated  anti-virus program Microsoft Security Essentials (MSE) has now been released.  It’s free so so is it any good?

    I am going to say empathically yes, because essentially it’s the anti-virus engine from Forefront Client Security,all that’s been taken out is all the management stuff that you would need in a business environment to ensure all your PCs and laptops are healthy. 

    So is Forefront Client Security itself any good? Yes it is and I have three solid reasons for making that claim..

    • Independent verification of it’s effectiveness can be found here..
    • We use it in internally across some 2,500 laptops and desktops in the UK
    • If it had any holes in it there would be a splurge of articles on the register, Slashdot etc.

    I mention this because if you’re like me  - the IT guy in your street, village etc. and you often  help setup and configure machines for  your friends and family this can be a cheap and effective way to ensure they are safe online in addition to ensuring their firewall is on and that automatic updates are enabled.

    I did notice a couple of interesting things when I installed it on my gaming rig at home:

    mse03 validate

    It will only install if your copy of Windows is validated,

    mse08 advanced

    the use of system restore points if you want on the advanced settings tab.

    mse08 spynet

    You can elect how much information you sent to Microsoft about any detected software MSE finds.

    Finally all is well once you have done the initial  scan..

    mse07a quick scan complete

    ..and then MSE sits in the system tray.

    Finally if you weren’t aware of it already the Microsoft paid for product, OneCare, is now end of life and this new free tool will replace it which is important to know as OneCare won’t install onto Windows 7.