Denny Cherry announced as a speaker at PASS Summit 2017

Published On: 2017-05-24By:

I’m thrilled to be able to report that I’ve been announced as a speaker at the 2017 PASS Summit. I’m thrilled to have been selected as a speaker for the PASS Summit just like I am every year when I get selected.  The specific sessions that I’ll be presenting haven’t been PASS Summit 2017 I'm Speaking Badge
announced yet, but that information should be coming out soon hopefully.  It has been interesting knowing that I’ll be presenting while everyone else is submitting sessions, and I have to say this was the most relaxing PASS Summit session submission process I’ve ever been through (sorry everyone, but this was great not having to stress out anywhere near as much).

I do know that I will be running the PASS Summit Speaker Idol competition again, so be sure to follow this blog and look for the announcement about Speaker Idol shortly after the speaker list for the summit is announced to submit to be a contestant.

Plans are also in the works for our annual Karaoke party Tuesday night (more details will come out soon about that); and like the last several years DCAC will have a booth at the PASS Summit that we’ll be sharing with the great team at SQLHA.

Needless to say, it’s going to be a busy week for me and the whole team here at DCAC.  The whole team will be at the PASS Summit this year, so come to the booth and say hi, check out our secret SWAG (remember, we had Poke Balls last year and they were a huge hit) and get scanned in for our drawing.

Also watch this blog for information about my PASS Summit Attendee Orientation webcast.

Denny

Should I build a 1×6 VM or a 6×1 VM?

Published On: By:

TaskManagerThis sort of question comes up a lot.  And there’s a lot of it-depends built into the answer, so I’ll try and break this down a little bit for you.  Be warned, we’re going to be talking about NUMA and other hardware-y things here for the most part.

Standard Edition

You wants 1×6 (one socket, 6 cores) because standard edition will only use the first 4 sockets in a server (up to 16 cores combined).  There’s no getting around that.

From a NUMA perspective as long a vNUMA at the Hypervisor is disabled then it doesn’t matter as SQL Server standard edition isn’t NUMA aware (NUMA awareness is an Enterprise Edition feature).

Enterprise Edition

This is where things get more complicated if vNUMA is enabled in VMware or Hyper-V.

vNUMA Enabled

If vNUMA is enabled then you want one multiple vSockets and multiple vNUMA nodes so that SQL Server is aware of how the CPUs and memory are laid out within the hardware so that SQL can made good decisions on how the processes are being laid out against the hardware.

Now that said, you probably don’t want 6 vSockets. You probably want 2 vSockets with three cores each so that you get multiple cores per vSocket. But a lot of that will depend on if you can control how many vSockets there are per vNUMA node.

vNUMA Disabled

If vNUMA is disabled then you care less because SQL thinks that everything is in a single NUMA node so it’s going to make decisions based on that.

More RAM than a pNUMA node

If the amount of RAM configured for your VM is larger than a physical NUMA node, then you need to turn on vNUMA for the VM (no matter how many cores you have) and configure the VM to the cores equally across the NUMA nodes that you present to the VM.

WTF?

Yes, this is all very hardware-y, and requires some understanding of how pNUMA, vNUMA, vSockets, etc. all work together.  For most DBAs you’ll want to just kick this over to the VMware / Hyper-V admin and have them do some tweaking.

The post Should I build a 1×6 VM or a 6×1 VM? appeared first on SQL Server with Mr. Denny.

TIL: Microsoft Azure Part 2

Published On: By:

Last week I started a multi-part series on Today I Learned (TIL) about Microsoft Azure.  This is part two of what I am learning in Azure.

Today’s topic is simply about Tenants, Subscriptions, Subscription Roles, Resource Groups, and Tags.

It’s Always Good to Start with Pictures

Here is a glimpse of how these topics relate. I will define and explain each below.

What is a Tenant?

In simplest terms, a Tenant is container for multiple subscriptions. An example of two subscriptions would be Azure and Office 365. They would be owned by one account, an individual or a company. A very large enterprise may use multiple subscriptions to better manage billing between divisions.

What Are Azure Subscriptions?

Basically, it’s just an ownership account. Think of it as just creating a billing and usage management account, whether it is a personal subscription or an enterprise level. The account allows you to group and manage multiple subscriptions for billing and reporting.

A subscription can encompass a mix IaaS, PaaS and SaaS services.  All subscription management, reviewing billing reports, and creating new subscriptions can be done through http://account.windowsazure.com site, but you need to be an account administrator.

How Do I Get Subscriptions?

You can get them through a Trial, MSDN, Pay as you go using a credit card, Azure Resellers (called Cloud Solution Providers or CSPs) or Enterprise Agreements.

What are the Subscription Server Roles?

Microsoft offers roles based on “Least Privilege” within Azure at the subscription level. There are several roles that secure the access to your cloud environment. These three main accounts below are all very powerful accounts and should be limited to only a few.

The top role is the Account Administrator. Think of this account in terms of what Enterprise Administrator is in your on-premises Active Directory. The Account Administrator has full rights. They have access to the account’s full financials and billing information for all subscriptions within the account, they can also create, delete and modify subscriptions.

The next role is the Service Administrator. This role is like the Domain Admin. It’s one level down from the account administrator and has full rights to the services in the subscription. They can do everything an account administrator can do with few exceptions, such as viewing the billing details of the subscription.

There is also the role of a Subscription or Co-administrator. This role is like System Admin(SA) in SQL Server.  This role can create and delete resources within the subscription but has no control over billing or the ability to change the authentication source such as AD.

The three accounts above control the Role Based Access (RBAC) for the rest of the users accounts on a resource level. They can assign users or groups of users, the rights to manage only the resources they need for their particular roles. These are roles such as Owner, Contributor and Reader of a resource group.

What’s a Resource Group?

A resource group is a container that can that hold resources into groups. Things that can exist in this container are thing like VMs, NICS, Storage, Web Apps, SQL and Virtual Networks (VNETS). The “objects” within a resource group can be created, updated, and deleted as a group. One easy example of a resource group can be a development environment, all parts associated to that environment are contained in that in resource group.

What is a Tag?

The next granular level of organizing are Tags. These allow for adding your own meta-data to objects in Azure. Think of these as labels or categories for reporting and organizing things like billing. For instance, if the resource groups within an ERP environment are tagged as “ERP”, then those resource groups would get categorized together for management purposes. If you’ve ever used extended properties in SQL Server this is the same basic concept. There are however limits to the amount of tags an individual resource can have, which is currently 15. Your Azure billing statement is grouped by tags, which makes this almost a mandatory feature.

Summary

In this part we covered Tenants, Subscriptions, Subscription Roles, Resource Groups, and Tags. Hopefully you got a basic understanding of each and how the relate to each other. Next, I will dive a little into the differences between Azure SQL Database and SQL Server on IaaS.

 

How does a SMB handle all this security?

Published On: 2017-05-17By:

With the Ransomware that ran amok all over the Internet last week a lot of smaller companies, ones that we’d normally consider to be the Small/Medium Computer in Trash CanBusiness (SMB) backbone of America were left in a very dangerous state. Many of these companies don’t have full time IT teams, so they don’t have someone watching and reacting when security events like this happen. They may not even have anyone handy to ensure that workstations, laptops and servers are being patched correctly. They probably don’t have someone to ensure that newer operating systems are in use instead of hardware and software that’s almost old enough to drive, vote or drink (depending on the age of your software).

Server Patching

But there are lots of tools out there to help the SMB keep their systems patched. Most are going to require some technical knowledge to implement simply because we need to set up a service to handle the approving of patches and the automatic installation of patches. Once these systems are in place and working correctly, they should be able to work for years without much if any manual intervention.

One popular option is called Windows Server Update Services (WSUS). This is a software package written by Microsoft and included with the Windows Server Operating System. It can be configured to automatically download, approve and force the installation of patches for a variety of Microsoft software, including Windows Server, Windows 7, Windows 8, Windows 10, etc. It can also be used to help with the patching of some third party software, however this can be a bit harder of a configuration process.  One of the big advantages to Windows Server Update Services is that it can be configured on every computer within the company using Active Directory’s Group Policy Objects (GPOs).  These GPOs allow the administrator to push out the settings to all the computers in the network so that employees can’t bypass the patching settings.

With regard to last weeks ransomware attack, proper patching would have protected most companies. The patch had already been released, but a number of companies had not installed it, due to limited resources.  Setting up a server patching infrastructure using WSUS would have protected these companies from this security threat.

If someone clicked a link and the Ransomware was downloaded and installed, that computer may have been compromised.  However the virus wouldn’t haven’t been able to spread as the patch which was needed to prevent these machines from being infected had been released weeks before the Ransomware attack happened.

Antivirus

The next most important thing for setting up proper SMB security is to have an Anti-Virus installed on all the computers, and have it running regularly scheduled scans including real time scans. This way, if a viruses makes its way onto the computer, it will be detected and stopped. Sadly no Antivirus is a guarantee against infection, but they will stop a good number of computer viruses from taking hold. Even the free antivirus that Windows includes called Windows Defender is good enough for a lot of small companies.

Windows Defender is included with all modern Windows Operating Systems (Windows 7, Windows 8, and Windows 10) and runs automatically.  There are group policy settings which can be set within Active Directory which can turn on regularly scheduled scans on computers across the company.

There are lots of other things which should be done as well, but these two will get most small companies most of the way there, and can usually be setup and configured within a day or two.

Denny

1 2 3 333

Video

Globally Recognized Expertise

As Microsoft MVP’s and Partners as well as VMware experts, we are summoned by companies all over the world to fine-tune and problem-solve the most difficult architecture, infrastructure and network challenges.

And sometimes we’re asked to share what we did, at events like Microsoft’s PASS Summit 2015.