Course Topics

Administering SQL Server 2012 Jump Start01 | Install and Configure SQL Server 04 | Manage Data

02 | Maintain Instances and Databases 05 | Implement Security

03 | Performance Optimization and Troubleshooting 06 | High Availability Options

Click to edit Master subtitle style02 | Maintain Instances and

DatabasesGeorge Squillace | Senior Technical Trainer – New Horizons Great LakesRichard Currey | Senior Technical Trainer – New Horizons United

Module 2 Overview• Transparent Data Encryption• Database Compression• Server and Database Options• Affinity and Parallelism• Automation: SQL Agent Jobs and Alerts• Database Mail

Topic: Transparent Data Encryption

Topic: Transparent Data Encryption • What Problems Does Transparent Data Encryption

(TDE) Solve and How Does It Solve Them?• Basics on SQL Server Encryption and Key Hierarchy• How Is TDE Applied?• Key Protection Issues and Potential TDE “Gotchas”

What Problems Does TDE Solve and How Does It Solve Them?• Encryption in general– Protecting data in motion (e.g., SSL, TLS, IPSec)– Protecting data at rest (e.g., EFS, BitLocker, TDE)

• Provides “real-time I/O encryption and decryption of the data and log files” in the event the media is stolen

• Protects data “at rest” in the event that a data file, log file, or backup file is stolen

• Leverages the SQL Server key hierarchy

Basics on SQL Server Encryption and Key Hierarchy• Service Master Key• Master Key• Certificate• Database Key

How Is TDE Applied?• Create a Database Master key– This may also create a Service Master Key (if it didn’t

already exist)• Create a certificate based on the Master Key • Create a database encryption key• Set encryption to ON

Key Protection Issues and Potential TDE “Gotchas”• Inability to recover database• Inability to move database• Performance overhead of 3-8%• Precautions– Backup the Service Master Key– Backup your Master Key– Backup your Database Key

• Reference– How to Restore a TDE-enabled backup

DEMOImplementing Transparent Data Encryption

Topic: Database Compression

Topic: Database Compression• What Is Data Compression?• Which Database Objects Can Be Compressed?• How Is Data Compression Implemented?

What Is Data Compression?• Definition: reducing the size that certain databases

occupy by trading CPU cycles (abundance) in order to reduce I/O effort (constrained)

• Compression options– Page-by-page– Row-by-row

• Not to be confused with backup compression

Which Database Objects Can Be Compressed?• Heap (unclustered table)• Clustered table• Nonclustered index• Indexed view• Partitions of a partitioned table; each partition can

vary the compression type• NTFS compression for FILESTREAM objects• Backup files

How Is Database Compression Implemented?• Row compression– How it works– Code: CREATE TABLE T1 (c1 int, c2 nvarchar(50) ) WITH (DATA_COMPRESSION

= ROW);

• Page compression– How it works– Code: CREATE TABLE T2 (c1 int, c2 nvarchar(50) ) WITH (DATA_COMPRESSION

= PAGE);

• Estimate effect using sp_estimate_data_compression_savings

• Restrictions– There are a zillion restrictions

DEMOImplementing Database Compression

Topic: Server and Database Options

Topic: Server and Database Options• Available Server-level Options• How to Change Server-level Options• Available Database-level Options• How to Change Server and Database Options

Available Server-level Options• 17 basic options• 69 total options• Sample options–Minimum server memory (MB)

and minimum server memory – Ad hoc distributed queries– xp_CMDShell Not all options have been placed “within

reach.” A special setting actually enables access to special settings. Do you follow?

How to Change Server-level Options• GUI (some options)• sp_Configure for basic options• sp_Configure for advanced options– First, turn on Show Advanced Options – Then list them– Then activate desired option(s)– RECONFIGURE

• Notable: authentication mode can’t be switched this way but xp_regwrite can be used

Available Database-level Options• Option categories– Auto options– Cursor options– Database availability options– External access options– Recovery options– Snapshot isolation options– SQL options

How to Change Server and Database Options• Code– ALTER DATABASE DBx SET

____• GUI– Can’t change every option

DEMOUsing ALTER DATABASE to Change Database Availability

Topic: Affinity and Parallelism

Topic: Affinity and Parallelism• What Are CPU Affinity and IO Affinity?• Parallelism Defined• Configuring CPU Affinity, IO Affinity, and Maximum

Degree of Parallelism (MAXDOP)

What Are CPU Affinity and IO Affinity?• CPU affinity– Binds processors to specific threads

• IO affinity• When should one change the default configuration?• Apartment threading• NUMA

Parallelism Defined• Definition: Using multiple CPU threads to process a query• Sometimes desirable, sometimes not

– “Index operations that create or rebuild an index, or drop a clustered index and queries that use CPU cycles heavily are the best candidates for a parallel plan.”

• Factors involved in determining whether or not the query optimizer chooses a parallel execution plan– Computer or VM requires more than one CPU or CPU core– Threads must be available– Certain operations ignore the possibility of parallelism– Estimated query cost compared to cost threshold for parallelism setting– Availability of statistics

• MAXDOP “Settable” at:– Instance level– Query level

• Cost threshold for parallelism (server option)

Configuring CPU Affinity, IO Affinity, and Maximum Degree of Parallelism (MAXDOP)

• CPU affinity– ALTER SERVER CONFIGURATION

• Don’t configure the same processor for both thread scheduling and I/O processing

DEMOConfiguring Maximum Degree of Parallelism (MAXDOP)

Topic: Automation: SQL Agent Jobs and Alerts

Topic: Automation: SQL Agent Jobs and Agent Security• Automation: Agent Jobs• Job Step Security• Job Step Security: Proxies and Credentials• Job Administration and Delegation Security• Agent Alerts

Automation: Agent Jobs• Basic job architecture– Jobs– Steps and subsystems• T-SQL• CMD Exec• Windows PowerShell• SSIS• Analysis Services

– Schedules– Operators

Job Step Security• T-SQL job steps– Job owned by

sysadmin?• EXECUTE AS

– Job not owned by sysadmin?

• Other job step subsystems– Job owned by

sysadmin?• Proxy

– Job not owned by sysadmin?

Job Step Security: Proxies and Credentials• Why use advanced job step

security?• Component Precedence– Job step points to an available

agent proxy– Agent proxy points to a

credential (server–level principal)

– Credential points to a Windows user account assigned privileges

Job Administration and Delegation Security• What if I don’t want job administrators to

be sysadmin members?– Three available agent database roles, only in

MSDB:• SQLAgentUserRole

– Can manage owned jobs and schedules• SQLAgentReaderRole

– User role inclusive– View multi-server jobs and properties– List all available jobs, schedules and

their properties• SQLAgentOperatorRole

– Reader role inclusive– View properties of operators and proxies

Why doesn’t the Agent node appear here?

DEMOConfiguring Operators, Agent Jobs, Job Steps, and Schedules

Agent Alerts• Basic alert architecture– Alert type• Event Alert• WMI Alert• Performance Object

– Response• Notification of an operator• Execute job

Thought question:What could executing a job possibly accomplish?

DEMOCreating a Performance Condition Alert

Topic: Database Mail

Topic: Database Mail• Requirement: SMTP server– Potentially configured for relay

• Database mail profiles– Private– Public

• Profiles provide limitations on attachment extensions and attachment size

• Calls msdb.dbo.sp_send_dbmail• Don’t forget to maintain database mail history by using– dbo.sysmail_delete_mailitems_sp– dbo.sysmail_delete_log_sp

©2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.