BoonSoft
BoonSoft Home | Business Sectors |Product Range |E-Commerce |Current Jobs | Training | Contact BoonSoft |E-Learning

SQL Server Best Practice Tips

Day to Day

  • Check OS Event Logs, SQL Server Logs, and Security Logs for unusual events.
  • Verify that all scheduled jobs have run successfully.
  • Confirm that backups have been made and successfully saved to a secure location.
  • Monitor disk space to ensure your SQL Servers won’t run out of disk space.
  • Throughout the day, periodically monitor performance using both System Monitor and Profiler.
  • Use Enterprise Manager/Management Studio to monitor and identify blocking issues.
  • Keep a log of any changes you make to servers, including documentation of any performance issues you identify and correct.
  • Create SQL Server alerts to notify you of potential problems, and have them emailed to you. Take actions as needed.
  • Run the performance.sql listed below on each of your server’s instances on a periodic basis.
  • Take some time to learn something new as to further your professional development.

Security

  • Ensure the physical security of each SQL Server, preventing any unauthorized users to physically accessing your servers.
  • Only install required network libraries and network protocols on your SQL Server instances.
  • Minimize the number of sysadmins allowed to access SQL Server.
  • As a DBA, log on with sysadmin privileges only when needed. Create separate accounts for DBAs to access SQL Server when sysadmin privileges are not needed.
  • Assign the SA account a very obscure password, and never use it to log onto SQL Server. Use a Windows Authentication account to access SQL Server as a sysadmin instead.
  • Give users the least amount of permissions they need to perform their job.
  • Use stored procedures or views to allow users to access data instead of letting them directly access tables.
  • When possible, use Windows Authentication logins instead of SQL Server logins.
  • Use strong passwords for all SQL Server login accounts.
  • Don’t grant permissions to the public database role.
  • Remove user login IDs who no longer need access to SQL Server.
  • Remove the guest user account from each user database.
  • Disable cross database ownership chaining if not required.
  • Never grant permission to the xp_ cmdshell to non-sysadmins.
  • Remove sample databases from all production SQL Server instances.
  • Use Windows Global Groups, or SQL Server Roles to manage groups of users that need similar permissions.
  • Avoid creating network shares on any SQL Server.
  • Turn on login auditing so you can see who has succeeded, and failed, to login.
  • Don’t use the SA account, or login IDs who are members of the Sysadmin group, as accounts used to access SQL Server from applications.
  • Ensure that your SQL Servers are behind a firewall and are not exposed directly to the Internet.
  • Remove the BUILTIN/Administrators group to prevent local server administrators from being able to access SQL Server. Before you do this on a clustered SQL Server, check Books Online for more information.
  • Run each separate SQL Server service under a different Windows domain account.
  • When using distributed queries, use linked servers instead of remote servers.
  • Do not browse the web from a SQL Server.
  • Instead of installing virus protection on a SQL Server, perform virus scans from a remote server during a part of the day when user activity is less.
  • Add operating system and SQL Server service packs and hot fixes soon after they are released and tested, as they often include security enhancements.
  • Consider running a SQL Server security scanner against your SQL servers to identify security holes.
  • Consider adding a certificate to your SQL Server instances and enable SSL or IPSEC for connections to clients.
  • If using SQL Server 2005, enable password policy checking.

Job Maintenance

  • Avoid overlapping jobs on the same SQL Server instance. Ideally, each job should run separately at different times.
  • When creating jobs, be sure to include error trapping, log job activity, and set up alerts so you know instantly when a job fails.
  • Create a special SQL Server login account whose sole purpose is to run jobs, and assign it to all jobs.
  • If your jobs include Transact-SQL code, ensure that it is optimized to run efficiently.
  • Periodically (daily, weekly, or monthly) perform a database reorganization on all the indexes on all the tables in all your database. This will rebuild the indexes so that the data is no longer logically fragmented. Fragmented data can cause SQL Server to perform unnecessary data reads, slowing down SQL Server’s performance. Reindexing tables will also update column statistics.
  • Don’t reindex your tables when your database is in active production, as it can lock resources and cause your users performance problems. Reindexing should be scheduled during down times, or during light use of the databases.
  • At least every two weeks, run DBCC CHECKDB on all your databases to verify database integrity.
  • Avoid running most DBCC commands during busy times of the day. These commands are often I/O intensive and can reduce performance of the SQL Server, negatively affecting users.
  • If you rarely restart the mssqlserver service, you may find that the current SQL Server log gets very large and takes a long time to load and view. You can truncate (essentially create a new log) the current server log by running DBCC ERRORLOG. Set this up as a weekly job.
  • Script all jobs and store these scripts in a secure area so they can be used if you need to rebuild the servers.

Replication

  • Replication needs should be clearly defined before creating a replication topology. Successful replication can be difficult and requires much pre-planning.
  • Ideally, publishers, distributors, and subscribers should be on separate physical hardware.
  • Create, document, and test a backup and restore strategy. Restoring replicated databases can be complex and requires much planning and practice.
  • Script the replication topology as part of your disaster recovery plan so you can easily recreate your replication topology if needed.
  • Use default replication settings, unless you can ensure that a non-default setting will actually improve replication performance or other issues. Be sure that you test all changes to ensure that they are as effective as you expect.
  • Fully understand the implications of adding or dropping articles, changing publication properties, and changing schema on published databases, before making any of these changes.
  • Periodically, validate data between publishers and subscribers.
  • Regularly monitor replication processes and jobs to ensure they are working.
  • Regularly monitor replication performance, and performance tune as necessary.
  • Add alerts to all replication jobs so you are notified of any job failures
1 2 
Boon MMC
Document Management System.
more info>>
.Net Reporter
Management Reporting made easy with the .Net reporter package regardless of which accounting system you use.
more info>>
Boon Cart
Shopping Cart - available now in 4 layout templates at your discretion
more info>>




UK: BoonSoft Ltd 9 Ryder Cout, Corby, Northampton, NN18 9NX. Telephone +44 (1636) 747000
Registered in England No. 06757890 VAT Registation No 737890488
RO: BoonSoft SRL: 160 Avram Iancu Street, unit 2, apt.18, Floresti, Cluj. Telephone: +40 (264) 267 354
CIF: 23488360, from March 2008
Powered by BoonSoft. Copyright BoonSoft LTD 2009. All rights reserved