I have to deliver a lot of bad news. It’s pretty much my full time job. Nobody calls us when things are going well. (Well, they tweet us, because that’s free.)
Sometimes, that bad news is very dangerous – especially for the company as a whole, or its customers.
In today’s consulting line, I’m working with a group of developers on a performance issue. We’re using sp_BlitzCache™ to check out the top resource-intensive queries on their system, and figuring out how to make them go faster.
Me: “It looks like this query returns the customer’s email address, password, birth date, and address.”
Larry: “Yeah, it’s the profile page. We show them their account.”
Me: “So this is stored in the database, and it’s not encrypted.”
Me: “And we’re on the development server that everybody in the company has access to, right?”
Me: “Okay, let’s stop for a second. I have to cover my own butt. Gimme a few minutes to document this, and I’ll include it as part of your written findings. I know you didn’t call me in for a security review, but I’d be a bad consultant if I didn’t put that in writing.”
What That Line Does
Putting a big security risk in writing is a career-limiting move.
This line helps you defuse that bomb.
Nobody wants to have something like this in writing – especially a written document that gets forwarded up the management chain. They’re going to want you to stop writing and just ignore it, but this line establishes that it’s not really your call to make. Nobody wants to be bad at their job – but ignoring huge, dangerous risks would make you bad at your job.
What Happens Next: The Easy Way
Larry: “OK, cool.”
Sometimes the rest of the team isn’t happy about the risk either, and they’re dying to have someone else champion the cause.
And you know what’s funny? The developers and sysadmins are often quietly high-fiving each other while you’re writing it down. But if there’s a manager in the room…
What Happens Next: The Hard Way
Moe the Manager: “Wait, that’s not why we brought you here. Let’s focus on the problem at hand.”
Me: “I totally understand. This will only take a few moments for me to document, and we can work a few extra minutes at the end of the day. I won’t bill you at all for this. I just have to write this down to cover my butt.”
Moe the Manager: “I can’t really have something like this in writing.”
Me: “Believe me, I totally understand why you’d say that. If I was in your shoes, I’d say the exact same thing. But I have to protect myself – say for a second that another Target, Anthem, AshleyMadison, or whatever happens here, and it gets out that I was the database consultant, and that the personally identifiable data was out in the wide open, and I didn’t tell you about the risk.”
Moe the Manager: “We won’t tell anybody.”
Me: “You say that now, but if you got hacked and the personal data got out, Curly the CEO would tell your lawyers to point the blame at me. They’d say I was a bad consultant because I didn’t alert you about this risk. I have to include this in my written findings to cover my butt. You can feel totally free to ignore it if everybody else in the company is comfortable with that risk, but I have to put it in writing or I’m a bad consultant.”
I’ve actually lost a couple of clients when this line went downhill, but you have to be careful with your own reputation. Nobody wants to hire the DBA who was on duty when one of these incidents went down.
For more fun, read more of my favorite consulting lines.
For the last few years, we’ve hosted a Tuesday webcast to talk SQL Server.
We’re giving it a vacation in August, and then starting September 2, Office Hours is coming back on Wednesdays.
This is easier for us because of the way our SQL Critical Care® service works. We’re typically working with clients interactively on Monday and Tuesday, and then Wednesday we take a break to write the findings recap. It’s easier for us to take a midday break on Wednesdays.
Here’s a sampling of some of the questions we’ve answered at Office Hours:
- What are your recommendations for service accounts? Unique domain accounts for each instance/service, shared domain accounts, or something else?
- Can you explain why one database can be added to AG with just a full backup and another would need a transaction log backup as well?
- Working on my first AG setup in 2012. I don’t quite understand how the listener works with DNS. Does the listener name get registered with each AG IP?
- We’re looking into Amazon Web Services cloud with SQL Server, any thoughts or tips or things to be aware of?
- Ever ran into an instance where database gets detached automatically after server restart?
- What would you recommend as MAXDOP for a server with 80 cores?
To pick our brains and learn from other questions/answers, register for Office Hours here.
This sounds really cheesy, but I’m honestly excited to be presenting again this year at kCura Relativity Fest 2015.
Here’s what I’ll be talking about:
How to Check Your SQL Server’s Health
The Abstract: You’re a system or database administrator responsible for the uptime and performance of Relativity’s SQL Servers, but you’ve never received professional training on SQL Server and you need to figure out if it’s safe. I’ve built up an array of free tools over the 15-plus years I’ve been working with SQL Server, and I’ll show you how to use them in this demo-packed session.
Why I’m Presenting It: For the last few years, kCura has sent me around to dozens of the biggest Relativity shops around to do a one-day SQL Critical Care®. I want to teach you that exact same process – and trust me, it’s way easier than you think. I’m not going to teach you how to put fires out – but I *am* going to teach you how to tell in just a few minutes if your server is on fire or not, and whether it’s a small trash can fire – or a big, blazing three-alarm monster.
Buying the Right Hardware for SQL Server
The Abstract: Ever wonder if there was a simple list of instructions for picking out the perfect infrastructure for Relativity at your organization? Wonder if you should use mirroring, replication, clustering, or AlwaysOn Availability Groups? Are you better off with solid state or shared storage? Is virtualization an option? Microsoft MVP Brent Ozar has worked with dozens of Relativity customers, and he’ll simplify your infrastructure options in this one-hour session.
Why I’m Presenting It: I see the same situation over and over again: your Relativity infrastructure started out small – just one SQL Server in the corner that you didn’t worry too much about – but man, has that thing grown. It’s become really important to the business, and people are stuffing data in there like it’s some kind of Chipotle data burrito. You need to buy exactly one replacement environment, and it’s gotta be right the first time. You don’t buy a lot of SQL Servers, so you want simple independent advice that you can take home to management. I’m going to hand you a few sketched-out options with budget ranges.
Want to Learn More About Relativity Fest?
During this period we will have limited access to our email. We’ll still have full access to Twitter, Facebook, and Instagram. We apologize in advance about that, because we’re going to be posting a lot of photos about this year’s company retreat.
This year, we’re spending a week on the Oregon coast – specifically, Manzanita, an adorable little town in Tillamook County – population 598. We’ve rented a couple of houses for us, our spouses, and our dogs. (In the past, we’ve done our retreat on a cruise ship, and a couple of times in a beachfront house in Cabo.)
For immediate assistance, please contact Microsoft Support at 1-800-642-7676.
During some testing with SQL Server 2014’s new cardinality estimator, I noticed something fun: the new CE can give you different index recommendations than the old one.
I’m using the public Stack Overflow database export, and I’m running this Jon Skeet comparison query from Data.StackExchange.com. (Note that it has something a little tricky at the top – it’s using a local variable for the @UserId, which itself makes for a different execution plan. When literals are used in the query, the behavior is different, but that’s another story for another blog post.)
First, here are the two different execution plans, both of which do about 1mm logical reads:
It’s a really subtle difference in the plans – at first glance, just looks like the 2014 CE removed a single operator – but the big difference is in the number of estimated rows returned:
- Old CE estimated 82 rows returned
- New CE estimated 352,216 rows returned
In actuality, 166 rows get returned with this particular input variable – the new CE is just flat out making bad guesses on this data.
Here are the different index recommendations:
CREATE NONCLUSTERED INDEX NewCE_OwnerUserId_Includes ON [dbo].[Posts] ([OwnerUserId]) INCLUDE ([ParentId],[Score]); CREATE NONCLUSTERED INDEX OldCE_OwnerUserId_PostTypeId_Includes ON [dbo].[Posts] ([OwnerUserId],[PostTypeId]) INCLUDE ([ParentId],[Score]);
And when I run sp_BlitzIndex® after doing a little load testing, both missing index recommendations show up in the DMVs:
But surely the new CE’s recommendation is better. We’ll create just the one it recommends, and the resulting execution plan does 57k logical reads. Both the new CE and the old CE produce an identical plan, albeit with wildly different row count estimates (old 83, new says 37,423, actual is 166):
HAHAHA, now the new CE agrees that it needs the index recommended by the old CE in the first place. So let’s remove the new CE’s recommendation, and only create the old CE’s recommended index. Both the old and new CE choose to use it:
And even better, the old CE’s recommendation results in only 175 logical reads.
So what’s the takeaway? If you’re relying on the execution plan’s missing index recommendations for fast performance tuning, you’re not going to get the best results – no matter which cardinality estimator you’re using. With 2014, the recommendations are different, not necessarily better.
The real keys are knowing how to do it yourself, and we teach those in the Advanced Querying and Indexing 5-day in-person class next month.
Holy cow, people, we have a lot of free stuff coming your way. Here’s just some of the highlights:
- Digging Into THREADPOOL Waits
- How Do You Fix a Slow TempDB?
- Advanced Shared Storage
- How to Prove Hardware is the Problem
- SQL Server High Availability Options Explained
- Watch SQL Server Break and Explode
- The Art of Stress-Free Database Administration
- Prove It! Collecting The Right Performance Metrics
- What’s New in SQL Server 2016
To sign up for ’em all, just put in your contact info here. You don’t even have to check any boxes. Learnin’ doesn’t get much easier than that. These webcasts won’t be recorded, so be there or be square.
I’ve touched a lot of SQL Servers over the years. After my share of trips to HR for inappropriate touching, here’s the questions I ask first these days:
- Is this in production now?
- If this goes down, what apps go down with it?
- When those apps go down, is there potential for loss of life or money?
- How sensitive are these apps to temporary slowdowns?
- When was the last successful backup?
- When was the last successful restore test?
- Is everyone okay losing data back to the last successful backup?
- When was the last successful clean corruption test?
- Do we have a development or staging environment where I can test my changes first?
- Is there any documentation for why the server was configured this way?
- What changes am I not allowed to make?
- Who can test that my changes fixed the problem?
- Who can test that the apps still work as designed, and that my changes didn’t have unintended side effects?
You’re working with SQL Server, and you really want to learn how to make it faster and more reliable, but your boss just won’t let you go off to our upcoming training classes.
Good news – we’ll bring the training to you. Just download our training catalog PDF and choose from modules on how to diagnose your SQL Server pains, treat them, manage your existing servers, and build new ones.
Then email us at Help@BrentOzar.com with your list of modules, the location where you’d like training, and the number of folks who will attend. We’ll get you pricing information and the latest scheduling from Brent, Jeremiah, and Kendra’s calendars.
Let’s get together and talk SQL Server!
That’s the message you get in your tray if you open SSMS 2016 today:
Then click Tools, Check for Updates, and you get:
What’s awesome is that I didn’t even install SQL Server Management Studio from the new standalone installer – this is my full CTP2.1 installation of SQL Server, and it’s still smart enough to know that SSMS can be updated separately.
Upon clicking the Update link, I’m taken to the Download SQL Server Management Studio page.
Some folks will probably say that it should update itself the way most apps do these days, by downloading and applying the update without launching a web browser. I think launching a browser is the right call, though – there are release notes to read, important gotchas to be aware of, and hey, who doesn’t like reading documentation? Okay, maybe that last part is just me.
Growing up as a young boy, my elementary teachers always warned me about the perils of putting stuff in master. But what’s the real deal? Why is this such a bad idea?
System databases are often located on space-limited drives. The default installation parameters for SQL Server throw master, model, and msdb all on the C drive. I’d rather not create tables that might grow when I’m not looking, and then possibly run my server’s limited boot drive out of space. Starting Windows with a full C drive is not a lot of fun.
In the event of a disaster, we don’t usually restore master. While you can indeed restore one server’s master database over to another, it’s just not a good idea. You’re failing over to another server because things are already going wrong – why make things worse by doing something you rarely practice? Plus, if you’re failing over due to corruption, you probably don’t want to bring over a possibly corrupt master database.
Even if you could restore it, you’ll lose data. You can’t do transaction log backups for the master database, so you’ll lose whatever changes were made since the last full backup.
Now, having said all this, I’m completely okay with putting utility stored procedures in the master database – things like sp_WhoIsActive, sp_Blitz®, and the like. After all, those objects take hardly any space, and we don’t need to restore them over to our DR environment.
Kendra says: You may have more in your master database than you think! It just takes one ‘oops’ on a deployment script, and there you go.
WANT TO LEARN MORE ABOUT HIGH AVAILABILITY AND DISASTER RECOVERY?
We just launched our new DBA’s Guide to SQL Server High Availability and Disaster Recovery – a 6-hour online video course that teaches you about clustering, AlwaysOn AGs, quorum, database mirroring, log shipping, and more.