Data Files

There are two kinds of files associated with SQL Server, data files and log files. The log files contain the transaction log, usually the ldf extension. There are two kinds of data files, primary and secondary. Primary Mandatory and contains the startup information for the database catalog, and points to other database files. The common extension for the primary data file is mdf. Secondary Optional and user-defined. You can put each data file on a different disk drive. A database can contain at most 32,766 secondary data files. The common extension for this data file is .ndf

Filegroups

A filegroup is a logical structure that allows DBAs to group data files and manage them as a logical unit. This allows you to split database objects across data drives so that disk operations can be done in parallel. Filegroups can only contain data files! There are two types of filegroups: Primary Contains all system tables and primary files. User defined Group secondary files and assign database objects. Can contain up to 32,766 user defined file groups. Configuring Filegroups Each database has a default filegroup, and every database object is assigned to the default filegroup by default. You can configure a filegroup as read-only. The default file group cannot be configured as readonly. The filegroup can be specified when using the CREATE DATABASE command, and the ALTER DATABASE command can configure an existing item. Filegroup properties Name Filename full filename and path. Size Maxsize you can use the UNLIMITED keyword which will allow the group to grow until the disk is full. Filegrowth

Filegroup Example: CREATE DATABASE Records ON PRIMARY ( NAME = RecordsPrimary, FILENAME = d:\SQLData\RecordsPrimaryFile.mdf SIZE = 100MB, MAXSIZE=200, FILEGROWTH=20 ), FILEGROUP RecordsFG ( NAME = RecordsData1, FILENAME = e:\SQLData\RecordsPrimaryFile.ndf SIZE = 100MB, MAXSIZE=200, FILEGROWTH=20 ), ALTER DATABASE Records ADD FILE ( NAME = RecordsData2, FILENAME = e:\SQLData\RecordsData2.ndf, SIZE = 100MB, MAXSIZE = 500MB, FILEGROWTH = 75MB ) TO FILEGROUP RecordsFG

Raid System
Types:

RAID 0 (disk striping) Does not provide fault tolerance. Gives the best read and write performance. If a disk fails you lose access to all data on the stripe set. RAID 1 (disk mirroring) provides redundant copy of the selected disk. Read access is better than RAID 0, but writing is not. RAID 5 Stripes all the data, and adds parity information and provides better performance than RAID 1. RAID 10 Includes both striping (without parity) and mirroring, this allows for better performance than RAID 5.

Configuring Database Mail

Database mail is not enabled by default. It must be enabled by using the SQL Server Surface Area Configuration, or the sp_configure procedure. The Service Broker needs to be enabled for the host database. By default it is enabled for the msdb. The SQL Server service account needs access to the SMTP server in terms of authentication.

Database Mail Architecture Configuration components o Database Mail Account Contains information such as the SMTP server name, the authentication type, and the email address. o Database Mail profile Contains a collection of database mail accounts. Allows DBAs to change information w/o modifying the application. Messaging components The main component is the host database, which contains all the DB Mail objects. The DB Mail host is msdb. DB Mail executable The db mail application is DatabaseMail90.exe, located in MSSQL\Binn. DB Mail uses the Service Broker to start the application when e-mail messages are waiting. Logging/Auditing DB Mail stores log information in tables in the host database. You can see this information by quering the sysmail_event_log system view. Configuring DB Mail Stored Procedures: o msdb.sysmail_add_account_sp o msdb.sysmail_add_profile_sp o msdb.sysmail_add_profileaccount_sp o msdb.sysmail_add_principalprofile_sp

Specifying a Recovery Model

Recovery Models Full Recovery Model o All operations are logged to the transaction log. o The transaction log is never truncated. o Allows the database to be restored to the point of failure. Simple Recovery Model o Minimally logs most operations to the transaction log. o Truncates the log after each checkpoint. The transaction log cannot be backed up or restored. Bulk-Logged recovery model o Minimally logs bulk operations such as SELECT INTO and BULK INSERT. o Allows you to restore the database to the end of a log backup. How to Configure Recovery Models Determine the recovery model. SELECT name, recovery_model_desc from sys.databases Change the recovery mode: o Properties | Options | Recovery model. o ALTER DATABASE <databasename> SET RECOVERY FULL | SIMPLE | BULK_LOGGED

Configuring Server Security Principals

Authentication Modes Windows Authentication Each user or group needs to be given access. Mixed Mode Uses both Windows Authentication and SQL users. Configure Logins To specify the authentication mode: Server | Properties | Security. To create a windows login: CREATE LOGIN [Domain\User] FROM WINDOWS To create a SQL Server login: CREATE LOGIN loginname WITH PASSWORD=pass Options to be configured with a login: MUST_CHANGE CHECK_EXPIRATION CHECK_POLICY- SQL Server will apply the local Windows password policy on the SQL Server logins. Examples:

CREATE LOGIN mylogin WITH PASSWORD =pass123 , CHECK_EXPIRATION=ON, CHECK_POLICY=ON ALTER LOGIN mylogin DISABLE DROP LOGIN mylogin

Fixed Server Roles Sysadmin full administrator. Serveradmin Configure server-wide settings. Setupadmin Add/remove linked servers and execute some stored procedures. Securityadmin Manage server logins. Processadmin Manage processes relating to SQL Server. Dbcreator Create and alter databases. Diskadmin - manage disk files. Bulkadmin Execute the BULK INSERT statement. The statement to add a login to a fixed server role: EXECUTE sp_addsvrrolememeber login_name, fixed_server_role.

Configuring Database Securables

After a user has been created, they need to be given access to the database. That can be done with the following command: CREATE USER user_name FOR LOGIN loginname You can allow guest users to get access and remove access by doing the following: GRANT CONNECT TO guest REVOKE CONNECT TO guest Orphaned Users Orphaned users are db users that do not have a login to SQL Server. This can happen if a database user has had their login dropped. You can get a list of orphaned users by executing the following: USE theDatabase; GO Execute sp_change_user_login @Action=report; Database Roles to handle DB Permissions There are a set of standard db roles that can be associated with db users, so that it is easier to handle DB Permissions. Some standard roles are: db_datareader, db_datawriter, db_owner,db_ddladmin. A role can be created using the command: CREATE ROLE role_name You can associate a user to a role by the command: EXECUTE sp_addrolemember role_name, user_name

Managing Schemas Each schema is owned by a user or role, if a user or role is dropped, schema ownership will need to be transferred to another user or role. How to create a schema: CREATE SCHEMA myschema_name AUTHORIZATION user_owner

Configuring Encryption

SQL Server uses a service master key to encrypt Linked server passwords, connection strings, account credentials, and all database master keys. You can backup the service master key by doing the following: BACKUP SERVICE MASTER KEY TO FILE=filepath ENCRYPTION BY PASSWORD = password RESTORE SERVICE MASTER KEY FROM FILE=filepath DECRYPTION BY PASSWORD= password Regenerate the key by: ALTER SERVICE MASTER KEY REGENERATE You can create a database master key, which is a symmetric key at the database level. You can create a database key by doing the following: CREATE MASTER KEY ENCRYPTION BY PASSWORD=pass You can create a symmetric key by doing the following: CREATE SYMMETRIC KEY key_name WITH ALGORITHM = AES_256 ENCRYPTION BY PASSWORD = pass Use the EncryptByKey and DecryptByKey methods to encrypt data. To create an asymmetric key: CREATE ASYMMETRIC KEY key_name WITH ALGORITHM = RSA_2048 ENCRYPTION BY PASSWORD = pass Configure Certificates How to create a certificate: CREATE CERTIFICATE cert_name WITH SUBJECT = certificate_subject How to encrypt data from a certificate: CREATE CERTIFICATE testCERT WITH SUBJECT = Certificate for testing GO SELECT Title, EncryptbyCert( Cert_id(testCERT), Title)Title_Encrypted from MyTable