SERVER LEVEL AUDIT IN MS SQL SERVER DBA

 

Server level Auditing in MS SQL Server:

• Audit of an instance of SQL Server or SQL Server database involves tracking and logging events that occur on the system.
• The SQL Server Audit object collects a single server instance or on the basis of equity and action groups to monitor.
• Verification is the SQL Server instance. You can have multiple audits per SQL Server instance.
• The specification of objects of verification server describes what to check. As its name suggests, this article focuses on the actions of the server instance.
• An audit server specification is associated with a server audit to design audit data is written.
• There is a one-to-one relationship between the specification of server object auditing and purpose of checking the server.
• A key element of any data security strategy is the ability to track who has accessed or attempted to access your data.
• This provides the ability to detect unauthorized access attempts or, where appropriate, to replenish stock malicious insiders misused their legitimate access.
• In addition, a rich and robust tracking capability can monitor sensitive configuration changes made by administrators.

       Audit SQL Server is designed with the following main objectives:

• Security - The audit function, and its objects are to be really sure.
• Performance - Performance impact should be minimized.
• Management - The audit function should be easy to manage.
• DiscoverAbility - Audit focuses on issues should be easy to answer.

permissions

Users with ALTER ANY DATABASE AUDIT permission can to create basic audit specification data and link them to any audit.

After an audit specification database is created, it can be accessed by managers with the control server, ALTER DATABASE all verification authorizations, or sysadmin account.

lenova

Using Transact-SQL:

           USE master ; 

           GO 

                Create the server audit.  

                CREATE SERVER AUDIT auditname 

                TO FILE ( FILEPATH ='path' )

            [WITH (QUEUE_DELAY = 0, ON_FAILURE = SHUTDOWN)] ;  

 Enable the server audit.  

       ALTER SERVER AUDIT auditname  

       WITH (STATE = ON) ; 

Alter the server level audit:

       Transact-SQL:

       ALTER SERVER AUDIT auditname

       TO APPLICATION_LOG

       WITH (QUEUE_DELAY = 1000, ON_FAILURE = CONTINUE)

• This statement creates an audit specification of the server to monitor backup / restore events, SQL Server service starts and stops, and changes in the composition of the server roles.

Transact-SQL:

  CREATE SERVER AUDIT auditname

   FOR SERVER AUDIT PCI_Audit

  ADD (BACKUP_RESTORE_GROUP),

  ADD (SERVER_STATE_CHANGE_GROUP),

  ADD (SERVER_ROLE_MEMBERSHIP_CHANGE_GROUP)

  WITH (STATE = OFF)

• Audit server specifications can be reassigned to a different server audit after their creation by using the ALTER SERVER AUDIT SPECIFICATION.
• This statement also provides the list of action groups checked change and the state of being switched between on (ON) and off (OFF).

The following example adds an action group for the specification created in the previous statement.

Transact-SQL:

  ALTER SERVER AUDIT auditname

  ADD (SERVER_PRINCIPAL_CHANGE_GROUP)

The following statement reads all audit files for a specific audit.

Transact-SQL:

SELECT * FROM auditname(

'D:\Audits\MyAudit-_C26128D1-F97B-4B82-9E47-B6A296045B05_*.sqlaudit',

default, default)

Configuring server level auditing in GUI method Video:

Read More

DBA Responsiblilities

DATABASE ADMINISTRATION:

Database Administrator is a person responsible for the database design,Implementation,Maintenance and repair of the data.
   
            The main goal of DBA is to keep the database server always up and make it available to users.In case of any failures DBA should minimize the data lose by implementing powerful backup   and restoring techniques.

DBA RESPONSIBILITIES:

AS a DBA we have to perform these.

1. Maintaining the availability of databases by minimizing the downtime Data recovery, We have to minimize the data loss in case of failures by implementing high availabilities.
2. provide high security in accessing the databases externally.
3. Database Administration with proficiency in SQL Server 2005, 2008 & 2012 Production Environment. 
4. Providing day-to-day Support and Maintenance for SQL Server databases.
5. Involved in Installation and configuration of MS-SQL Server 2005, 2008, 2012 in Windows environment.
6. Migration of databases from SQL server 2005 to SQL Server 2008 or 2012.Applying new service packs on production servers.
7. Need to monitor the performance of server,implement various techniques to increase the performance.
8. Regularly monitor database growth,disk space,sql server logs.Event viewer logs to avoid issues and to identify  any bottlenecks.
9. Performing and maintaining all types of Database backups and recovery operations. Creating and Administering the SQL Server Databases like data and log file placements.
10.  Performing maintenance tasks like rebuilding/reorganizing indexes and update statistics, resolving fragmentation issuesIdentifying and resolving Blocking by using Activity Monitor, System stored procedures and Profiler.
11. Experience in User Management activities like adding the user and managing the permissions.
12. Coordinating with user to resolve login failures issues.
13. Troubleshooting permission issues faced by users.
14. Refreshing databases from prod to test and prod to development environment.
15. Patching the sql server instances by applying Cumulative updates and coordinating the downtime with windows and application teams.
16. Follow ITIL process, creating change management, incidents, user service request.

Read More

SQL SERVER DBA LOG SHIPPING CONCEPT

 

LOG SHIPPING:

• Log shipping SQL Server allows you to automatically send transaction log backups from a primary database on a primary server instance to one or more secondary databases on separate secondary server instances.
• Backups of the transaction log are applied individually to each of secondary databases.
• It is a continuous process in the form of batches.

Logshipping requires 3 servers:

1.primary server:It contains source database for sending the transaction logs.

2.Secondary server:It contains destination database receiving the transaction logs.

3.Monitor server:

      An optional instance of SQL Server that tracks all of the details of log shipping, including:

• When the transaction log on the primary database was last backed up.
• When the secondary servers last copied and restored the backup files.
• Information about any backup failure alerts.
• Once the monitor server has been configured, it cannot be changed without removing log shipping first.

Log shipping mainly depend on 4 jobs:

1.Backup job:

• For backing up transaction logs on primary server database.
• this job always run on primary server.

2.Copy job:

• Copy job runs from secondary server,copies transaction log backup from primary server to secondary server.

3.Restore job:

• Restore run on secondary server to restore backups.

4.Alert job:

• A SQL Server Agent job that raises alerts for primary and secondary databases when a backup or restore operation does not complete successfully within a specified threshold.
• When log shipping is enabled on a database, job category "Log Shipping Alert" is created on the monitor server instance.

iphone 6s

Logshipping steps:

1. Before log shipping configuration,take full backup of primary database and restore it on secondary server.This is initial synchronization.
2. Create backup job on primary server to backup the transaction logs of primary database.
3. Create copy job on secondary server to copy the transaction logs.
4. Create restore job on secondary server to restore the transaction logs.
5. Create an alert job on monitor server to indicate a failure if the databases are out of synchronization beyond the configure threshold.

Failover steps:

Planned failover:

planned failover situations:

1. upgrade from 2008R2 to SQL Server2012
2. Hardware failure

In these situations keep primary server in offline and make secondary server database online.

1. Disable all log shipping jobs on both servers.
2. Make sure copy all backups copied to secondary server.
3. Restore all T-log backup in same order.
4. Change connection to secondary server and start jobs.

Unplanned/Disaster:

Need to identify crash time,when last backup,copy and restoration happened on server using 'dbo.logshipping_monitor'tables of MSDB databases.

1. Disable all log shipping jobs.
2. Perform Tail-log backups if log files available.
3. Manually copy last backup's from network share to secondary server.
4. Restore all T-log backups in same sequence.
5. Now secondary database will come online.
6. Sync all logins,jobs then find orphaned user and fix them.

Log shipping Prerequisites:

1. SQL Server 2005 or later.
2. Standard, Workgroup or Enterprise editions must be installed on all server instances involved in log shipping.
3. To setup a log-shipping you must have sysadmin rights on the server.
4. Make sure recovery model should be full.
5. Maintain same hardware between both server to avoid performance issue.
6. Services account running on both servers must have access to network share where log backups store.
7. Keep secondary server always in no recovery.
8. Make sure number of drives and name of drives should be same on both servers.

TUF file in log shipping:

• TUF file stands for Transaction Undo File(TUF).
• TUF file contains the modifications that were not committed on primary database.
• When transaction log backup was in progress and when log was restoring on secondary database.
• When next transaction restoring in secondary server,SQL Server uses the TUF file and starts restoring incomplete transactions

Log shipping Advantages:

1. Only logshipping allow to keep secondary database in stand by mode.
2. We can maintain multiple secondary databases.
3. No additional hardware or software required.

Logshipping Disadvantages:

More downtime possiable,We can not bring secondary server immediately.

Data loss possiable,as jobs run every 15 minutes.

We have to perform manual failover.

Need to perform several steps to bring secondary server online which we call warm stand by.

pendrive

Read More

Versions,Editions, Service Packs ,Compatability Levels of SQL SERVER

VERSIONS OF SQL SERVER:

Version               Year Codename
6.0                      1995 SQL95
6.5                      1996 Hydra
7.0                      1998 Sphinx
8.0 (2000)            2000 Shiloh
9.0 (2005)            2005 Yukon
10.0 (2008)          2008 Katmai
10.5 (2008 R2)     2010 Kilimanjaro
11.0 (2012)          2012 Denali
12.0 (2014)          2014 Hekaton

EDITIONS OF SQL SERVER:

SERVICE PACKS:

2005(4)         2008(4)          2008R2(3)  2012 (2)          2014(1)              
RTM 9.00.1399 10.00.1600 10.50.1600  11.00.2100 12.00.2000
SP1 9.00.2047 10.00.2531 10.50.2500  11.00.3000 12.00.4050
SP2 9.00.3042 10.00.4000 10.50.4000  11.00.5058
SP3 9.00.4035 10.00.5500 10.50.6000
SP4 9.00.5000 10.00.6000
QFE/CU 9.00.5324 10.00.6526-HF 10.50.6525-HF 11.00.5582-CU5

COMPATABILITY LEVELS:

Version Compatibility
6.0          60
6.5          65
7.0          70
2000          80
2005                  90
2008         100
2008 R2         100
2012 110
2014 120

pendrive

Read More

SQL Server Security Encryption Concept

          Encryption:

•  Encryption is a one of the important process in SQLServer security concepts.
•  Using encryption we can protect the confidential data while transferring data through       networks.
• It restricts hackers to access data. 

1. Encryption using certificate.
2. Encryption using asymmetric keys.
3. Encryption using symmetric keys.

1.Encryption using certificate:

• Certificate Encryption is used to identify users,devices and organizations.
• Certification authorities generate these certificates to provide high security.
• SQL service will use these certificates and encrypts data.

2.Encryption using asymmetric keys:

• asymmetric keys uses a public key that encrypts data before sending and private decrypts that message after receiving.Here we have 2 keys in encryption.

3.Encryption using symmetric keys:

• symmetric key uses same key to encrypt and decrypt the data.

NOTE:Transparent Data Encryption(TDE):TDE is a SQLServer2012 enhanced feature that allows encryption of data in better way.

Read More

STORAGE ARCHITECTURE & DATA FILE ARCHITECTURE OF MS SQL SERVER

 

STORAGE ARCHITECTURE & DATA FILE ARCHITECTURE:

File groups:

• The database files can be grouped in file groups for allocation and administration.
• No file can be a member of more than one group of files.
• The log files are never part of a group of files, log space is managed separately from data space.
• Files in a file group will not be autoGrow unless there is no space available on any of the files in the file group.
• Two types of file groups are there in SQL Server 1. Primary 2. User Defined.
• primary filegroup contains the primary data file and any other files not specifically assigned to another group of files.
• All pages for the system tables are allocated in the primary filegroup.
• Files user-defined groups are groups of files specified using the keyword filegroup in create database or alter database.
• A group of files in each database runs as the default file group.
• When SQL Server allocates a page to a table or index for which no filegroup is specified when they are created, pages are allocated from default filegroup.
• To change the default file group of a group of files to another file group must have db_owner fixed role db.
• By default primary filegroup is the default file group.
• User should have db_owner fixed db role to take backup of files and file groups individually.

Files:

• The databases have three types of files 1. Primary 2. Secondary datafile datafile file 3. Log
• primary datafile is the point of the database and points to other files starting in the database.
• Each database has one primary data file.
• We can give any extension to the primary data file, but the recommended extension is .mdf.
• secondary datafile is a file other than the primary data file in the database.
• Some databases can have multiple secondary data files.
• Some databases may not have a single secondary data file.
• Extension recommended for secondary datafile is .ndf, but we can give as our wish.
• Logfiles hold all the log information used to recover the database.
• Database must have at least a logfile.
• We can have several log files to a database.
• The recommended extension for logfile is .ldf, but we can change.
• Recommended Extension files to help identify use of the file.
• The location of all files in a database are stored in both master database and the main file of the database.
• when restoring master database
• Files with names 1. 2. two physical logic
• Logical name is used to refer to the file in all T-SQL statements
• Physical name is os_file_name, it must follow the rules of the OS
• The data files and logs can be placed on FAT or NTFS file systems, but can not be placed on compressed file systems
• We can have upto 32,767 files in one database.

Extents:

• Extents are the basic unit in which space is allocated to tables and indexes.
• A measure is 8 contiguous pages or 64 KB.
• SQL Server has two types of extents 1.Uniform 2.Mixed.
• uniform extents consist of only one object.
• Mixed extents are shared by up to eight objects.

Pages:

• It is the basic unit of data storage in MS SQL Server
• The page size is 8 kb
• The beginning of each page is 96 byte header used for information storage system such as the page type, amount of free space on the page and the object id of the object with the page

9 types of data pages are there in SQL Server

1. data --- data lines with all data except text, ntext and image data
2. Index --- Index entries
3. Test --- picture text, picture and data ntext
4. GAM --- the assigned extensions Information
5. SGAM --- Extensions Information allocated at system level
6. Free Space page (PFS) --- Information about free space on pages
7. Allocation Index map (IAM) --- Information extensions used by a table or index
8. Bulk changed the map (BCM) --- Information extensions modified by bulk operations since the declaration of last backup log
9. Differential Changed Map (DCM) --- Information on extensions that have changed since the last backup database statement

• The log files do not contain pages, but they contain a series of log records.
• offset table line starts at the end of the page.
• Row offset table contains one entry for each line on the page and each entry records how far the first byte of the line since the beginning of the page
• The inputs of the line offset table are in reverse order of the sequence of lines on the page

Read More

SQL SERVER - Introduction & Uses of SQL SERVER

SQL SERVER: 

• It is a software which is implemented from the specification of RDBMS.
• It is also ORDBMS.
• It is from Microsoft.
• It is high performance and low price RDBMS.
• It is platform dependent.
• It is both GUI and command based software.
• It supports SQL (SEQUEL) language which is IBM product, non-procedural, common database and case insensitive language.

SQL SERVER USES:

• To create databases
• To maintain databases
• To analyze the data (SSAS)
• To generate reports (SSRS)
• To do the ETL operations (SSIS)

Read More