Over the last few years, I’ve put together a list of best practices for installing Microsoft SQL Server 2005 and 2008. Other folks do more, but for small businesses, this is a good start.
I don’t show the exact point-and-click steps because my target audience (you smart folks) aren’t complete newbies. I know you folks understand HOW to do most of these things, but you take shortcuts because you don’t understand WHY you’re doing these things. There are plenty of places on the web where you can find examples of how to execute these steps (if not, email me and I’ll post ‘em) – instead, this series of articles will explain the reasoning behind the gruntwork.
Create at least one new Active Directory account for this SQL Server.
This is best practices, and a popular shortcut is to run all of the database servers under the same service account. I’ve run into two problems with this approach. First, I’ve had a sysadmin repeatedly fat-finger the service account password, thereby locking out the service account. When all of the SQL Servers suddenly run into service account problems, that’s a really ugly outage.
Second, there have been times when I’ve needed to give permissions to a specific SQL Server that other servers shouldn’t get. If xp_cmdshell is enabled, then DOS commands will be run with the SQL Server’s service account permissions. I hate giving any more permissions than necessary, so if a user needs to write to remote locations using xp_cmdshell, it’s nice to lock down the permissions on that one database server’s account instead of enabling every SQL Server to write to that remote location.
I say “at least one new account” because best practices dictates using separate accounts for the database service, fulltext service, agent, etc. I’ll slack a little there and share the same account sometimes, especially on development boxes.
Configure local security settings for the SQL Server 2005/2008 service account.
Go into Local Security Settings (click Start, Run, type SECPOL.MSC and hit enter) and click Local Policies, User Rights Assignment.
In the permission “Perform Volume Maintenance Tasks”, add your SQL Server service account (or a domain group if you use that). This enables SQL 2005′s Instant File Initialization, which lets SQL Server instantly grow data files without erasing the physical disk first. This is a huge performance gain for large databases like data warehouses.
In the permission “Lock pages in memory”, add your SQL Server service account or domain group. This lets SQL Server keep all of its data in physical memory instead of swapping it out to disk.
If the SQL Server uses SAN storage….
Update the HBA firmware. Downlevel HBA firmware has caused me all kinds of nasty problems, especially in clustered servers. Generally, these updates can’t be done online while the server accesses data, so it’s better to get the code up to date before the box goes into production. For HP servers, this firmware isn’t shown in the System Homepage: install Emulex HBAnyware on the server instead, and it will flash the HBAs inside of Windows without a reboot. HBAnyware is available in the HP Support site by searching for downloads for the HBA’s part number instead of the server’s part number. This is the only driver/firmware at HP that works this way.
Set up multipathing drivers. Sometimes this is done by the storage team, but the DBA should get involved enough to understand whether the multipathing is active/active or just failover.
Test the multipathing & failover. Start a huge file copy to each array, and do them all simultaneously. Go into the datacenter and pull one fiber cable out. Watch to make sure the file copy continues. Some SAN drivers will take 10-15 seconds to fail over, but the file copies should not be disrupted, period. If they’re disrupted, the multipathing didn’t work. Then plug the cable back in, and pull another cable. Again, the file copy should continue. Finally, while a file copy is running, ask the SAN admin to disable one of the SAN zones for the server – that way, the fiber cable will still be lit up, but the path to the storage will be gone. (This is a tougher failover method than just pulling the fiber.)
If the SQL Server uses iSCSI storage….
Set up teaming software. Database servers can’t rely on one single network connection for iSCSI any more than a fiber-connected SAN can rely on one single host bus adapter. Ideally, the two network cards will be connected to two different switches for redundancy, but at the very least, we need two network cards. The teaming method can be active/active (meaning 2 gigs of throughput for two teamed 1 gig nics) or active/passive.
Test the multipathing. In my experience, I’ve usually seen active/passive on a per-array basis – meaning, if you have two different iSCSI drive letters, then the teaming or multipathing drivers will put each drive on its own network card. The EMC and LeftHand multipathing appears to do this by default. Start multiple simultaneous drive copies and go into Task Manager, in the Network tab. Look at the bandwidth used by each network card. If a network card is sitting idle, then you’re leaving performance on the table. Now is the time to tweak the multipathing software and ask questions of the vendor – it’s easier to troubleshoot file copy performance than it is to troubleshoot SQL Server performance.
Test the failover. As with the fiber cable testing, start multiple simultaneous file copies to/from the network drives and pull one network cable out. If the file copy fails (if Windows throws an error) then SQL would have crashed. Tweak the teaming software until it can fail over seamlessly, and ideally it should fail over back and forth and go back to higher bandwidth levels as the networks come back online.
Use DISKPART to create aligned partitions.
If you’re using Windows 2008 or newer, you can skip this step. Microsoft KB article 929491 covers some of this in technical detail, but the Microsoft Exchange Team blog does a much better job of explaining why disk partition alignment is important for performance. Use this command in Diskpart.exe:
CREATE PARTITION PRIMARY ALIGN=1024
The 1024 number will work with every major SAN out there. Gurus can use smaller numbers when they know a specific SAN very well, but small numbers only save you a few hundred kilobytes in the entire disk. Be safe, be sure, and use 1024, and you won’t get burned if the underlying SAN structure changes, like with today’s virtual storage.
Install the Windows components for SNMP and WMI.
These management tools can be found in Add/Remove Programs, Add/Remove Windows Components, Management. They need to be installed before the SQL Server install starts because SQL will only create the monitoring mechanisms if SNMP & WMI are already installed.
For 32-bit servers, configure AWE and PAE.
One of my favorite sites, SQL-Server-Performance.com, has the most straightforward explanation of how to configure these obscure settings in boot.ini:
- 4GB RAM: /3GB (AWE support is not used)
- 8GB RAM: /3GB /PAE
- 16GB RAM: /3GB /PAE
- 16GB + RAM: /PAE
You can read more about AWE and PAE at SQL-Server-Performance, who does a better job of explaining this than I ever could.
Set the page file on the C drive to 2GB.
When a SQL Server is configured correctly, it doesn’t use the page file for memory. We’ll configure it correctly in a later step. In theory, we don’t need a page file at all, but there’s a catch.
For advanced troubleshooting, there has to be a page file on the C drive big enough to do a minidump. This isn’t a strict requirement, but if SQL Server ever crashes hard, that dump file will be invaluable. I have actually had this happen, and I’ve even been able to reproduce the crash on several different servers – we even did it at the Microsoft Technology Center in Chicago. It was some stunningly bad code coupled with an ugly database, and I got a lot of laughs out of that. Anyway, the point was we needed a dump to troubleshoot it.
Configure antivirus software to skip LDF/MDF/NDF files.
SQL Server stores its data in files with LDF, MDF and NDF extensions. These files should not be scanned by antivirus software. Depending on your antivirus configuration, you may need to exclude these files network-wide at the central antivirus management server.
This isn’t just a performance issue; it’s an outage issue. I’ve seen cases at boot-up time when the antivirus software grabbed a lock on a particular ldf/mdf/ndf file for virus scanning before the SQL Server service started up. The database was not attached since SQL Server couldn’t open the file, and due to the huge file size, the antivirus software spent several minutes before releasing the file. During a server startup, this type of thing isn’t obvious to the sysadmin – they just see a problem with a database and go into panic mode. Avoid panic: fix the antivirus before installing SQL Server.
Time to Start the Install
But you can’t just run the setup.exe and go into production – oh no. In the next article, I’ll cover my non-default installation settings and the things I do after the install to make the server as reliable as possible for the long haul.
Shoot. I’m running out of words that begin with “Q.”
Better go find me a dictionary…
Set the page file on the C drive to 1.5x physical memory.
A question?.
I have an x64 SQL 2005 with 32GBof memory and I assign SQL Service 30 GB. May be 6 GB is code and plans and other memory structures but 24 of it is Cache.
Would I need a minimum of 32 GB page file so memory dump will work?
Or do I need 2GB I gave to the OS + ( 30GB for SQL Service – Cache size) = 8 GB for page file. And I have set this “Lock pages in memory” for the SQL Account
My next question is does the cache and memory files need hard drive space 32GB x 2?
Does the memory dump need sql cache data?
if it did then 64 or 128 GB system would need very large drives for this
Hi, Robert. A memory dump includes everything in memory, period. Yes, 64 or 128gb systems need very large drives for this. I’ve done data warehouse implementations with 128gb of ram, and we used several hard drives in a raid 10 for the C drive just to get enough free drive space to handle a memory dump.
Fantastic, thanks to share.
Hi Brent,
I am setting up SQL server 2005 and in my own check list I had noted to select “Maximize data throughput for network applications” for Net Work connections. I did a bit more poking around in BOL and found what I think are 2 conflicting articles. In trying to find more info on this, I found your SQL server installation check list.
Do you have any comments on these 2 articles and what might be best to have in check list?
Thanks in advance,
Flora
In Books Online Under Administering the Database Engine > Managing Servers > Setting Server Configuration Options > I see:
SQL Server Setup automatically sets Microsoft Windows Server 2003 optimization settings in the File and Printer Sharing for Microsoft Networks properties to Maximize data throughput for network applications, enabling the server to accommodate more connections. Although maximizing throughput for network applications is recommended, you can change this setting.
To change the server optimization settings in Windows Server 2003
In Control Panel, choose Network Connections, and then click Local Area Connection.
On the General tab of the Local Area Connection Status dialog box, click Properties.
On the General tab of the Local Area Connection Properties dialog box, select File and Printer Sharing for Microsoft Networks, and click Properties.
In the File and Printer Sharing for Microsoft Networks dialog box, choose one of the following options:
Maximize data throughput for file sharing
Maximize data throughput for network applications (the option that SQL Server automatically sets)
Click OK to save your settings.
——————————–
In books online under:
Monitoring Events > Optimizing Server Performance > Optimizing Server Performance Using Windows Options >
I See
Maximize Data Throughput for Network Applications
If the Maximize data throughput for network applications network connection option is selected, the operating system gives priority to applications that perform buffered I/O operations by caching their I/O pages in file system cache. This option may limit memory available to SQL Server for normal operation.
To check the current setting on your operating system
Click Start, then click Control Panel, double-click Network Connections, and then double-click Local Area Connection.
On the General tab, click Properties, select File and Printer Sharing Microsoft Networks, and then click Properties.
If Maximize data throughput for network applications is selected, choose any other option, click OK, and then close the rest of the dialog boxes.
Use DISKPART to create aligned partitions
After aligning I need to format.
If I am formating these new partitions what should I make the cluster size
for TEMPDB file, regular data files and finally log files? I have read that I regular datafiles need to be formated for 64K clusters. what about the other two?
Brent,
I hope you are still monitoring this site.
I have a question that goes beyond what you have laid out above.
A little background, we have a SQL server (2005 Standard) that we use for Dynamics GP, and a few SharePoint Portals. I think we have outgrown our server. What is the best way to tell if we are over utilizing over single SQL server?
Thanks,
Victor
Victor – check out my Perfmon tutorials at http://www.brentozar.com/perfmon which explain how to find performance bottlenecks in your server.
Bret,
I just wanted to write to thank you for your open advice on your web site. You are like my SQLKnite in shining armor. I am a jack of all trades at my location, however the only one with any real SQL experience and training. It’s not, unfortunately, a focus of mine day to day. Though as time goes on all those rogue Access Databases at our location are being converted to SQL backends without any consideration to the added workload on my part
. I have been working at getting our SQL 2000 environment to 2005 and your site has answered a lot of questions and left me with other questions to research that I had not even thought of. (Your website is now my homepage at work and will stay that way!)
I do have a question that I will ask. Not asking you to spell it out but point me in the right direction. Cluster, or not to cluster. SQL 2005 comes with some interesting ways to incorporate redundancy. Even clustering of 2 nodes with the basic SQL 2005. My 2000 environment is currently running with what I call the PMC (Poor Man Cluster) in place. DTS jobs that do daily full backups and restores to my second server and hourly backups and restores of the Trans-logs. I am not sure what to do with my 2005 environment. Clustering sounds like the cool way to go but I am not so sure it’s the best way to go. We are looking at leveraging SQL for our BI Model so clustering removes my ability to offload work to that secondary server I believe. Replication options then are Transactional, Merge, and Snapshot. Merge scares me as I am not sure what the impact will be for the existing 2000 instances of the databases with added fields to their tables, Snapshot sounds the easiest to manage but I will inevitably loose data if something fails, Transactional sounds the best but does this require the database developer to code for this? Or can it be done from my end at the back?
Thanks again,
Hi, Paul! Thanks for the compliments. You’ve got a lot of questions in there around high availability and disaster recovery. The best place to start is one of my webcast archives:
http://www.quest.com/events/listdetails.aspx?contentid=9185&technology=34&prod=&prodfamily=&loc=
In there, I talked about all of the different techniques available for high availability and disaster recovery, along with the pros and cons of each and my personal favorites. Hope that helps!
Hi Brent,
Am a regular visitor to your site, it helps me too much. I have a query regarding PAE & /3GB. If we do not use /3GB & use only /PAE for a 32 bit system for > 4GB & <=16 GB, we will not be able to access this more memory ?
I have seen in some MS sites that we should not use /3GB with PAE….because of the trimming issue. Pls clarify me on this regard.
Thanks a bunch
Nope, you should follow those guidelines I listed above in the checklist. You can use the two switches together in those configurations. Hope that helps!
Appreciate your quick response.
I am just trying to find out the internals. If just by enabling PAE is working for > 16 GB, why its not working for > 4GB. I know the reason why we are not using /3GB for >16 GB.
Thanks,
Krishna
Awesome dude, more stuff to add to the project migration template I’ve been cumulatively building/fixing over the years:
https://www.sqlservercentral.com/blogs/hugo/archive/2009/03/31/microsoft-project-migration-template-for-the-move-to-sql-2008.aspx
- for sure I’ll be pointing back to this posting in the notes, your help is fantastic.
On Sector Alignment, my experience is that the performance boost is minimal, topping out at 10% boost in performance. This was after following your guidelines on fiber channel storage. A Microsoft SQL field service rep that worked with us also reported that sector alignment did not add that much of a performance boost to SQL. Certainly not the 30+% that Exchange seems to have.
While I think it’s a good idea, and in Windows 2008 this is done properly through the GUI and by default, it’s not a silver bullet, as some in the blogs will profess.
Richard – yes, it’s not an all-in-one silver bullet, but for 10% free IO performance – especially given how expensive enterprise storage can be – that’s a no-brainer.
Hi Brent Ozar,
I have a question. How does one knows if monitoring mechanisms is installed when SNMP & WMI are already installed?
Thanks,
Adolfo
Hi, Adolfo. I’m not sure what you mean – what “monitoring mechanisms?” If you can elaborate on that, I might be able to help.
Hi Brent!
Thanks for the wealth of valuable information! I was reading thru the comments and I saw the link to your sql perfmon guidelines and I had searched for EXACTLY that information a few months back but didnt find it.. I’m glad to have it for future reference.
My question pertains to the AWE memory configuration guide you referenced above. at sql-server-performance.com that article only mentions various flavors of server2k. is it safe to assume that information still applies to server2k3 as well?
Thanks again!
Hi, Ryan. Yep, that same information does still apply the same way to Windows Server 2003 too. Glad I could help!
My Windows Security Dept wants me to remove the Domain SQL Service accounts where the install places them and substitute the Domain Group name. So the local NON Clustered SQL Server goups created would have the domain group name instead of the domain account name. They are telling me that this would be following Microsoft’s best practices. I think something is going to break here. What do you think? I have not seen anything addressing this topic specifically.
If they’ve created domain groups and then granted specifically the right permissions on the server, it’s fine. Have them produce a document showing what permissions they granted on the server, because the necessary permissions need to be tweaked on each individual server. If they can’t tell you what permissions they changed, it’s not a good idea.
Hi Brent, very thorough checklist but what other things I would be checking if the install is for SQL 2008? Is this list good enough? Also, I found your other post regarding Virtualization Best Practices, but I wonder if these checklists stay same in virtual environment as well?
Appreciate your time and help!
This checklist is good for both SQL 2008 and virtual environments. Thanks, and take care.
Hi Brent,
Thx for the checklist, it helped me a lot when installing & configuring sql server 2008.
I have a question regarding the WMI & SNMP components. Is there a workaround when the components are installed after the sql server 2008?
Thx in advance!
Frederik
Hi, Frederik. I’m sure there’s one, but I have no idea what it is.
I just always use this checklist so I haven’t had to troubleshoot that before. You might try posting a question on http://ServerFault.com and someone will know.
Brent,
I’m doing a security audit of my local SQL Server instances. One security audit finding is to make sure that DBA users have only necessary permissions on Local system (via Local Computer Policy – Group Policy Object Editor MMC Snap-in).
What are the proper User Rights Assignment[s] for DBA-role user on a local Win Server 2003 system?
Yes, I’m a newbie DBA (if you hadn’t guessed).
Zee – Atlanta, GA
Hi, Zee. Unfortunately, you’ll want to check with your IT department, because everyone has different needs. I’ve worked in shops where DBAs have *no* permissions whatsoever on the local system – they just have SQL Server permissions, nothing else. They don’t remote into SQL Servers or do anything on the filesystem. If you’re the only DBA and Windows admin, then you’ll be in a different setup. Everybody’s different here….
Hey Brent
when you say set pagefile on c: to 1.5* physical memory
do you mean set the min and the max to that or do you setthe min to 1.5 and the max to someothe multiplier?
Thanks
Yes, set the min and max to that. I’ll update the post to make that clearer. Thanks!
Great thanks
i just unboxed a HP DL380 to install 2008 on before the R2 liscensing switch
Thanks great information
Configure antivirus software to skip LDF/MDF/NDF files – it is very simple but important warning that many of DBAs doesn’t care about, I’m sure! Thanks for notice! I see that I’m late here (article date March 2008), but if you read it for the first time it is very fresh article…going for the next steps…
Hi,
I don’t have much experience in installation process, so can plz provide me the pre & postallation check list for sqlserver 2005.
thanks
Regards
Koteswar rao
Look up – it’s literally above your comment. You didn’t even read the article. I’m disappointed in how little effort you put into your search.
Hello, i have a W2k3 Server x64 with 10Gig of Ram, with SQL Server 2005 sp3 x64 installed.
I wanna know what is the best configuration for memory, processor afinity, in Server Properties.
This server is only for SQL and a Asp.net (iis) web application.
Thank you very much.
Hi, Thiago. Unfortunately there’s no easy answer if you’re running IIS on your SQL Server. I would strongly advise against that approach and I’ll blog about that.
Ok thank you very much
Hi Brent,
Thanks for the good info.
Does it still make sense to move the pagefile to a different drive for performance?
I’m setting up a new Win2008/SQL2008 box on a 64bit system with 24gb memory, and 8x136gb drives.
It’ll be a SQL-only box for a single application (application installed on a different system).
Database size will probably be in the 10gb-20gb range.
What I’m thinking for a setup is:
Vol 1 – RAID 1 – O/S
Vol 2 – RAID 1 – Trans logs
Vol 3 – RAID 1 – .mdf files
Single drive – pagefile.sys – 36gb
Single drive – tempdb
And then if at some point it’s needed, I can create a pagefile on c:\ drive if needed for troubleshooting.
And if needed, I can also migrate the files on the two single drives onto one of the others (giving me a replacement disk to use) in the case of a failed drive on one of the RAID volumes.
Does that sound like a reasonable approach?
Greg
Greg – if you’re only using SQL Server on the box, then the page file should never be used. In that case, it doesn’t make sense to dedicate a drive to it. Put the page file on the C drive and put TempDB on a mirrored pair.
About the page file size – you don’t need it to be 36GB if you’re only using SQL on the box. You only need it large enough to handle a minidump in the event SQL Server crashes, so 2GB. You can read more about this in our book – http://sqlservertroubleshooting.com. Hope that helps!