SQL Server Transparent Database Encryption (TDE)

Overview of TDE with some details on major administrative issues. Many people who’ve played around with TDE seem to have had trouble with restoring a TDE database on an alternate server, and the confusion seems to stem primarily from the deep encryption heirarchy for TDE. It’s not too hard, however, once you realize that you…

1

SQL Server 2012 Virtual Labs

Want to try SQL Server 2012 without even installing it? Easy… use SQL Server 2012 Virtual Labs at http://technet.microsoft.com/en-us/video/Hh913731!  

0

Hiding SQL Server from External Crackers

We harden SQL Server to minimize the threats to SQL Server from rouges/hackers and crackers, but it may be equally important to harden systems other than SQL Server to protect our data. For example, coders and DBA’s need to ensure that calls to SQL Server are protected from SQL Injection attacks. Another valuable tactic is to prevent…

0

Managed Service Accounts

Doh! Never mind the post below. If I had read more thoroughly (or if I had tested using MSAs with SQL Server) before posting, I would have realized MSAs are NOT supported with SQL Server. At least, not according to the article in the first link below. Sorry to mislead you, and hopefully this will…

1

Alert On Low Disk Space, Including Mount Points

A common task for many database administrators (DBAs) is to set up alert emails to notify themselves when free disk space falls below a certain threshold (e.g. 10%). Before SQL Server ran on Windows clusters that included mount-points, there were a number of methods for checking free disk space, but most didn’t report on the…

6

Enabling SSL on SQL Server Connections on Failover Clusters

With high-security SQL Server configurations we usually want to encyrpt the data-in-transit between SQL Server and the application servers. It’s a little more trouble with a Failover Cluster Instance (FCI) than a stand-alone instance, and this post is primarily just a link to help me make sure I can easily find this article: http://msdn.microsoft.com/en-us/library/ms191192.aspx. I’ll…

0

SQL Server Ports

 Quick cheat sheet for port numbers used by SQL Server services or services that SQL Server may depend on: 21 TCP FTP (replication) 80 TCP HTTP endpoints, Reporting Services, HTTP replication 135 TCP & UDP RPC, WMI, MSDTC, SQL Agent file copy, and TSQL Debugger (RPC used for multiple purposes including SSIS and clustering.) 137 UDP File…

3

Capture Custom Events in Profiler for Troubleshooting

User configurable events have been available in SQL Server since at least version 2000, but aren’t often used, I suspect just because DBA’s aren’t familiar with them. Here’s a screen shot of the Events Selection page of the Trace Properties for a SQL Server Profiler trace: Despite having all of the user configurable events selected,…

0

Note to self on AlwaysOn…

I came up with the idea that perhaps we could let clients connect to a database in an AlwaysOn Availability Group (AG) by the current instance name instead of the virtual network name (VNN) if the cluster service crashed. This idea does not work. Microsoft Consultant Don Scott set up a very simple 2-node cluster with a stand-alone instance of…

3

Installing SQL Server in a High-Security Domain, Part II

In this article, I pointed out some of the most common permissions failures when installing SQL Server in an environment where security has been hardened, such as the removal of the Debug Programs permission. In my experience, “hardened” usually means some default permissions have been removed from various accounts. Recently some colleagues had failures while…

0