For cost savings, we're moving from an managed SQL Server DB to a dedicated db on our own server.
What configuration checklist would you perform to ensure maximum security and reliability?
A:
For starters, remember to remove the sa login - it's amazing how many places I've worked that hadn't done this!
Apart from that, if you have the money, invest in fast disks - it makes a huge difference IMO. A lot of the other configuration depends on your individual application/customer needs.
Galwegian
2009-02-19 15:37:30
You mean give it a password (one not shared with anyone except the dbas), you do not ever want to remove the admin account! And make sure the app doesn't connect using sa.
HLGEM
2009-02-19 16:00:44
+1
A:
There is a ton of stuff, here is just a partial list
log and data files on different disks
tempdb on its own disk
buy as much memory as you can afford (RAM is alway faster than IO from disk)
after doing the restore or attach make SURE that you update the statistics with fullscan and rebuild all the indexes (this is very important if you want to have optimal plans)
See also SQL Server Best Practices on the microsoft site, there are a ton of white papers available
SQLMenace
2009-02-19 15:49:10
A:
Don't MS have a "best practice" tool?
Also, avoid SQL Server accounts and stick to Windows authentication, this allows you to keep usernames and passwords out of your connection strings. Then assign the operational user accounts specific permissions on the database objects they need, and nothing else (e.g. can execute SProcs but not look at the source).
Also, read through blog.stackoverflow.com, Jeff et al have had to do some work in this area.
Richard
2009-02-19 15:49:15
A:
Make sure you set the default server collation to what you need. This will stop you from creating new databases in the future and having to hard code collation changes between that and otehr databsaes.
ck
2009-02-19 15:57:47
+1
A:
- Set up a job or create a maintenance plan for doing full backups of all your databases daily, system databases weekly.
- If you're using Full recovery mode, add a transaction log backup job to run at least hourly.
- Make sure you have a process to know if the backup jobs aren't running (oops, someone stopped the agent a month ago, now we have no backups).
- Test your backups by restoring them on another server.
- You may need optimization jobs to keep your indexes under control daily/weekly/monthly depending on usage.
SqlACID
2009-02-19 16:34:17
#1 System databases daily too - they are small, don't lose a weeks data when you have disaster. #2 TLog backups every 10 minutes - same thing, don't lose an hours data. #5 do this daily if you have maintenance window. +1 for #3, #4
Kristen
2009-02-19 18:02:22