Dirty Reads ...

When the term High Availability is used in the context of a SQL Server deployment, features such as database mirroring and failover clustering are almost always the focus of attention. Whilst their contribution to a highly available SQL Server environment is beyond question, they should be seen as a single, albeit important, component of a much broader solution.

Almost every DBA function can be viewed through the prism of high availability. Security breaches, corrupt backups and poor maintenance practices can all contribute to unexpected outages and missed availability targets. In many ways, high availability is as much a state of mind as it is a feature or installation option.

A critical component of any SQL Server solution, particularly those designed for high availability, is a Service Level Agreement (SLA) which defines a number of system attributes such as the acceptable data loss, disaster recovery time and transaction performance targets. A common SLA entry is the availability target, usually expressed as a percentage, for example, a 99% availability target allows approximately 3.5 days of downtime per year. In contrast, a 99.999% target allows 5 minutes. Each "9" added to the availability target significantly increases the cost of building an appropriate solution.

I'm frequently involved in meetings in which availability targets are discussed with the business. In almost all cases, the conversation goes something like this;

DBA: What's the acceptable data loss and database down time per year

Business: Zero

At this point, one of two things usually happens. The DBA will disappear for a few weeks designing a system, come back with a price in the millions, and the business will freak out. Alternatively, the discussion will veer off into an analysis of how much each "9" costs, for example, how much extra will it be to upgrade from 99 % to 99.9%. Such conversations are usually pointless, and miss the opportunity to focus on what's really important.

In my experience, the major mistakes made during SLA negotiations generally fall into 3 categories;

Unnecessary Expense; A lot of people tend to focus on availability targets with a religious zeal. For certain environments, that's fair enough, but for a lot of others, is there really much difference between 5 minutes downtime per year(99.999%) and 8 hours (99.9%)? Put another away, is the substantial amount of extra money required to build a "5 nines" system better spent on other things?

Scheduled Downtime; A common mistake is to only consider unexpected outages as downtime. For example, do you consider the outage associated with installing a service pack to be down time? From a customers point of view, down time is down time, regardless of the reason. The only thing worse than agreeing to a particular availability target without considering scheduled downtime is to avoid proactive maintenance in an attempt at meeting the target. Availability targets are, of themselves, not the be all and end all. What's far more important is a stable, secure and reliable system. The business is far more likely to agree to a series of planned outages in return for a stable system. In contrast, running at 100 % availability for a year or so before suffering a major catastrophe is not cool,

Scope; As mentioned earlier, highly available environments involve a lot more than features such as mirroring, log shipping and clustering. Here are a number of commonly overlooked items that are just as important;

• Validating storage systems for stability with SQLIOSIM before production implementation. Storage corruption problems are filthy and nasty. The only thing worse than physical corruption is getting into an argument with the SAN administrator/vendor about whose fault it is during downtime,

• Simulating small disasters such as dropping a table, and getting all DBA team members to practice recovering from backups up to the point of failure. Most disasters occur on a small scale, and it's quite astonishing the amount of sites that don't validate their backup strategy by actually running through simulated small scale disasters,

• Benchmark testing and baseline analysis to identify upcoming performance problems. Even though the database may be "available", if a user's query times out, they'll consider the database as unavailable

There are countless other examples of best practices which contribute to a highly available environment, most of which I've tried to address in my upcoming book.

In closing this post, I'd like to share a technique I use when negotiating SLA targets with a business. As mentioned earlier, it's very easy to get bogged down in a how many nines and how much will it cost conversation. To circumvent this and sharpen the focus on what's really important, I like to prepare options papers for the major high availability categories. For example, in regards to a backup solution, I'd present something like this;

                        OPTION A              OPTION B     OPTION C
----------------------------------------------------------------------------
NAME                SQL 2005 (native)  2008            SAN Snap/Clone
COST                 -                           10               20
BACKUP TIME     3hrs                      1.5 hrs         Instant*
RESTORE TIME   3hrs                      1.5 hrs         Instant*
COMPRESSION    no                         yes              no
ENCRYPTION      no                         yes               no
NOTES               -                           upgrade      training
                                                     required      required

Presented in this manner, a business can clearly see the pro/cons & cost of a number of options side by side, therefore making the decision much easier for all involved. It's certainly a lot easier than an esoteric argument around how many nines the business wants.

In the next post, I'll float an idea I've had for a while which uses end of year bonus payments (in lieu of on-call allowances) for meeting availability targets.

Cheers

Source: http://www.rodcolledge.com

One of the appendices in my upcoming book covers the daily, weekly and monthly tasks that a Production DBA should perform. Presented here are those tasks. Note that this is a suggested list only, and will obviously vary depending on the enviornment. Further, a lot of these tasks can obviously be automated using a variety of different tools, so this list is essentialy about the things that should occur, not necessarily how they should occur.

Daily Tasks

• Check for successful backup completion, including tape archives if using the disk then tape backup methodology,
• Confirm SQL Server Agent jobs completed successfully,
• Check free disk space on all disks including system drives and SQL Server data, log, tempdb and backup disks,
• Check free space of each database's data and transaction log files and expand if necessary to avoid autogrow operations,
• Check SQL Server errors logs and Windows event logs,
• Confirm DBCC checks executed without error by opening and inspecting the appropriate log files. Depending on the DBCC check frequency, this may be a weekly task,
• Check site specific tasks as appropriate, such as the success of archive batch job(s),
• Check technology specific tasks as appropriate, such as log shipping or database mirroring status/health,
• Throughout the day, monitor long running queries and general performance of critical servers using a dashboard of key performance monitor counters,
• Stay up to date with SQL Server via magazine/website articles, blogs (using a good RSS reader) and other general research. Good managers understand the importance of allocating time to this task

Weekly Tasks

• Collate and update performance monitor log information for baseline analysis purposes looking for emerging trends amongst counter values. This information will feed into the monthly capacity planning task,
• Review recent wait statistics and include alongside the performance monitor counter information in the performance baseline,
• Execute index and statistics maintenance jobs (during periods of low activity) as appropriate. For systems with large enough maintenance windows, this may be a simple rebuild of all indexes (whilst being aware of the impact on log shipping/database mirroring), or a more targeted approach which selects the appropriate technique (reorganize/rebuild) based on the fragmentation level,
• Record disk usage trends and note for the monthly capacity planning exercise,
• Review server configuration for unauthorized configuration changes. Policy based management is purpose built for this task

Monthly Tasks

• Review and update documentation and scripts as appropriate, ensuring their accuracy and suitability for use in disaster recovery situations,

• Review and plan the implementation of any service packs and/or hot fixes as appropriate,
• Conduct capacity planning using the inputs from the weekly baseline analysis and disk usage tasks. In addition to using this as a chance to identify upcoming budgetary requirements, this may also serve as an opportunity to consolidate databases and/or instances for a better performance/resource usage balance,
• Conduct "fire drills" to practice recovering from various failure conditions. Ideally these drills are random and unannounced, and involve simulated corruption (preferably not on production databases!) to ensure all staff are capable of recovering from a wide variety of possible failure conditions. The more these events are simulated and practiced, the quicker the recovery in the event of a real disaster

Cheers

For those that don't know, I've spent the last 15 months or so writing SQL Server 2008 Administration in Action, due to be published by Manning in May 2009. Writing a book whilst working 5-6 days a week is intense; add a young family to the mix, and it's arguably impossible. For those interested in such a process, I'll document my personal experiences with it in an upcoming blog.

With the writing phase now complete, I'm discovering life again, and apart from spending some desperately needed time with my family, one of the things I'll be doing is blogging. For this, the first post, I wanted to talk about Best Practices, specicifically DBA best practices.

One of the things I was very careful to do in the book was avoid making broad sweeping best practice statements; as we all know, there are always exceptions to almost every rule. Having said that, I think there are a number of things that we all agree are worst practices, and with that in mind, I give you, in no particular order, my Top 25 DBA Worst Practices;

1. Not considering service level agreements (SLAs) when designing a database environment and/or not considering the need for scheduled downtime for service pack/hotfix application,

2. Defining "disaster" too narrowly and not simulating/practicing a disaster recovery (DR) plan. Having a DR plan is fine, but how do you know it will work (and several people can follow it) when required?

3. Designing a storage system from a capacity perspective alone,

4. Assuming a SAN will meet/exceed performance requirements. Just because SANs are (typically) expensive does not mean the storage design process can be skipped,

5. Failing to track align disk partitions and formatting them with the default Windows allocation unit size,

6. Using RAID 5 volumes for write intensive applications,

7. Failing to validate an I/O subsystem for performance and validity before production implementation. The SQLIO/SIM tools are free; there's no reason not to use them,

8. Virtualizing/consolidating SQL Server instances and databases without consideration of the scalability, licensing, support, administration and performance profile implications,

9. Installing service packs, cumulative updates or hot fixes without reading the release notes and/or not installing them in a test environment first,

10. Installing all SQL Server features on the off chance they may be needed at some point in the future. Doing so increases the attack surface area and results in unnecessary running services that may reduce performance,

11. Installing multi-instance clusters without considering the resource implications of failover situations,

12. Creating logins/jobs with elevated privileges. Implementing least privilege can be tough work, but is essential in locking down a system for maximum security,

13. Changing configuration values from their default settings without adequate research and/or a detailed change log,

14. Placing data and transaction logs on the same physical disk(s),

15. Storing backups on the same disk as the database files,

16. Relying on Autogrow for file sizing, and leaving the TempDB database at its default size,

17. Not taking backups and/or not checking their validity and/or not practicing and documenting various recovery situations. All of these are equally as bad,

18. Leaving the database in the full recovery model without taking transaction log backups. A 2GB database with a 200GB transasction log ... Yes, we've all seen that before,

19. Implementing database mirroring in high safety (synchronous) mode without considering network latency and/or transaction log usage from index maintenance,

20. Not running regular DBCC checks,

21. Running REPAIR_ALLOW_DATA_LOSS as the primary/default recovery response, and not following up corruption events with a root cause analysis,

22. Not evaluating index usage and/or fragmentation levels as part of an index maintenance routine,

23. Updating statistics using the default sampling rate after a full index rebuild,

24. Using SQL Profiler in place of server-side traces, and using it as the primary performance analysis/tuning technique,

25. Manual administration with SQL Server Management Studio. For maximum efficiency and minimal errors, tasks should be scripted and automated along with appropriate monitoring and alerting mechanisms such as MOM or SQL Agent operators & alerts

I'm sure there's (lots) more that could be added to this list. Let me know if i've missed any common and obvious ones.

Cheers