Microsoft REALLY needs to start creating slip-stream downloads or .ISO files of SQL Server with Service Packs Rolled in.

They provide instructions on how to slip-stream Service Packs into SQL Server Installation DVDs by yourself, but, honestly, who wants to go through all of that headache. Take a look at the instructions, and you’ll see what I mean.

More importantly, that’s NOT always feasible. Right now I’m installing SQL Server on a machine for a client. Only the machine in question is a hosted/managed server. So we either had to snail-mail the installation DVD, or download the .ISO from MS according to the license agreement. Downloading is OBVIOUSLY the nicest choice, but I’m back to being stuck with a SQL Server 2008 installation DVD that doesn’t have SP1 slip-streamed in. (Likewise, if I wanted to slipstream SP1 into play by myself, I’d then have to snail-mail/FedEx the disk to the hosting company. Lame.)

Without the slipstream in place?

Well, that’s where things get seriously lame, as the process to install SQL Server 2008 on Windows Server 2008 R2 is cheesy:

A) Install Service Pack 1 for SQL Server 2008. The installer will install a bunch of needed files, then will ‘barf’ when it doesn’t find a SQL Server instance to patch.

B) Install SQL Server 2008.

C) Now install SQL Server 2008 SP1.

If you don’t go that route, you won’t be able to install the patch, and your SQL Server won’t run (as J.D. Wade points out in this blog post).

Call me crazy, but it would be MUCH nicer if Microsoft made SQL Server 2008 with SP1 disks/.ISOs available for download. (Especially when Windows Server 2008 R2 won’t even let you install SQL Server 2008 without SP1 – without warning/nagging you that you’re installing a version of SQL Server with known compatibility issues.)

One of the great benefits of being a DBA is that you can end up with COOL ‘code names.’

For example, back in my day as a Production DBA at Coldwater Creek, I was known as “The White Camel”.

Sounds powerful and mysterious no?

The Secret behind “The White Camel”
In Perl-Land, if you’re a White Camel, that means you’re a badass. I’d like to think I’m a badass too, but my the story behind my ‘code name’ is a bit more simplistic.

One day a CWC employee was trying to figure out what they’d need to do to gain access to a report or some data. So they asked a co-worker. The conversation went something like this:

Employee: Hey, what do I need to do to gain access to the such and such report?
Co-Worker: You’ll need to talk to Mike Campbell about that – he controls access to all that stuff.
Employee: Who the HELL is the White Camel?

Hard to imagine something funny like that not sticking.

Question is, if you’re a DBA, do you have a code name? Hmmmm?

My personal philosophy is that when you give, you actually don't lose anything. Instead, you gain something. Sometimes putting that philosophy into practice can be tough. But I'm convinced that putting the true spirit of giving to the test is a great way to build character – and make a better world.

Consequently, my most recent DevProConnections Update was about unsung benefits of SQL Server. Specifically, I addressed three aspects of the SQL Server Community that I really love and appreciate.

Two other recent events have also helped increase my respect for the SQL Server Community as well.

Interactions with Other Consultants
Over the past few weeks I've had the opportunity to speak with a couple of other SQL Server Consultants – that I didn't know previously.

During these interactions we've talked shop a bit and/or talked about ways to lend each other a hand with various projects here and there.

In each case though, these interactions have been great – meaning not only professional but cool in the sense that it almost seemed like I was talking with instant/old friends. Which is all the more cool given that these other consultants are technically my competition.

Brent Ozar's Interviews of Pass Candidates
Another great aspect of the SQL Server Community that I've enjoyed over the past few weeks has been Brent's great series of interviews with PASS Board Member Candidates. Brent sent off a questionnaire to this year's candidates, and has been posting their replies on his blog:

• Meet PASS Board Candidate Jeremiah Peschka
• Meet PASS Board Candidate Brian Moran

Reading through these replies so far has been very enlightening – and it's great to see these candidates express similar sentiments about how great the SQL Server community is and how great it is to belong to that community.

It's always a good time to be a DBA (assuming you don't mind a healthy dose of stress here and there).

But it would appear that being a DBA right now also makes sense while the economy is in the crapper.

And, since a picture is worth a thousand words, check out the great graph by the fine folks out at indeed.com:

Maybe it's just me, but when the economy was doing well (or seemingly doing well) a while back, it seems like companies were getting rid of DBAs at alarming rates. Now it seems like companies are paying a premium to keep their data safe?

I keep seeing tweets about how Microsoft is ignoring a security flaw. One that involves a potential risk for passwords to be exposed.

I think the folks who found this problem are likely VERY intelligent. And I think raising this flaw was a good move on their part. And I don't think that they're guilty of a publicity stunt. I think folks like these are. I also think they're dead wrong – because this isn't an issue. 

How can Exposing Passwords NOT be a security issue?
At the heart of this problem is the fact that passwords for SQL Server Authentication users are stored, in memory, in plain text. Granted, that seems like a bit of a problem and I wouldn't be surprised to see it corrected some day (maybe in future service packs and/or future versions). But I certainly agree that it doesn't need any immediate attention. Nor, in fact, do I think it really needs any attention.

Why don't I care? Because in order to take advantage of this information, you would need to be a part of the Trusted Computing Base (TCB) on a server to gain access to these passwords. In other words, you'd either have to be running code as an Administrator or as Local System/etc. So, in other words, to be able to take advantage of this exploit, you'd need to be an administrator on the box you're targeting.

An Analogy
My kids all have bedroom doors that lock. My bathrooms all have doors that lock.

Those locks offer some great security – when you close the door from the inside, and turn the little knob inside the door-knob, you're locked in.

Sadly though, because my children (when they were smaller) were able to accidentally lock either their bedroom door or the bathroom door without being able to figure out how to unlock it, I've also got little 'keys' scattered in my house on top of door frames. And these keys are either nothing more than little thin slats of metal provided by door knob-manufactures, or cannibalized sardine-can openers. Point is: any parent with small children knows exactly what I'm talking about.

And in relation to this, what this security exploit is crying wolf about is analogous to saying that if thieves are able to break into your home, they might be able to unlock your kid's doors.

But what about…?
And as for any arguments that people testers or others might have admin perms when they shouldn't have, those are are all moot. If you trust those people enough to give them access to your systems at TCB level, or if you trust code enough to run it at that level, then you've got way bigger problems than the fact that code or a rogue admin might find out that Ted's password over in accounting is hotdog1. And if Ted's using that password everywhere within your enterprise, then he should be connecting to your SQL Server with Windows Authentication – not SQL Server Authentication. So this shouldn't even be a problem – and if it is, it's not because of this exploit, but because you haven't secured your system as you should. In other words, about the only time when using SQL Server Authentication makes sense is when you're letting web users or other applications access your system that can't (for one reason or another) use Integrated/Windows Authentication. And being able to discover those people's or application's passwords is a moot point.

I just finished up my Hyper-V Unleashed online presentation – and was happy to see that there were over 600 attendees.

At the end of my presentation I provided a slide with a list of additional resources – and a number of people have asked for those links. There were also a couple of great questions that I've touched upon with additional resources as well.

------------------------------------------------------------

Hyper-V Home on Technet:
- http://technet.microsoft.com/en-us/library/cc753637.aspx

Understanding Microsoft Virtualization Solutions eBook:
- http://csna01.libredigital.com/?urmvs17u33

Error Code Dictionary:
- http://technet.microsoft.com/en-us/library/dd578337.aspx

John Howard / HVRemote:
- http://blogs.technet.com/jhoward/archive/2008/11/14/configure-hyper-v-remote-management-in-seconds.aspx
- http://blogs.technet.com/jhoward/archive/2008/03/28/part-1-hyper-v-remote-management-you-do-not-have-the-requested-permission-to-complete-this-task-contact-the-administrator-of-the-authorization-policy-for-the-computer-computername.aspx

VHD Servicing Tool 2.0
- http://blogs.msdn.com/taylorb/archive/2009/01/06/vhd-servicing-tool-2-0.aspx
- http://technet.microsoft.com/en-us/library/cc501231.aspx

VHDTool
- http://code.msdn.microsoft.com/vhdtool

QUESTION: Transferring OEM licenses to work as guest licenses on Hyper-V hosts:
- http://blogs.technet.com/jhoward/archive/2005/05/27/405432.aspx
The above information is QUITE dated – but still accurate: You typically can NOT transfer OEM licenses to new hardware – so consolidating OEM licenses runs afoul of licensing terms in most cases. However, SOME OEM terms will allow you to transfer licenses to new hardware - you just need to consult your specific terms from your vendor.
Microsoft will let you look up those terms here: (Only works in IE)
- http://www.microsoft.com/about/legal/useterms/
Likewise, you can also call 800-426-9400 to get more information/help.

QUESTION: Hyper-V R2
- http://technet.microsoft.com/en-us/library/dd446676(WS.10).aspx

QUESTION: More Details on Enlightenments (including Win2k3 Device Drivers)
- http://blogs.msdn.com/tvoellm/archive/2008/01/02/hyper-v-integration-components-and-enlightenments.aspx
- http://social.technet.microsoft.com/Forums/en-US/winserverhyperv/thread/1b755fa5-1023-4817-98b3-263368edc022

Just saw some tweets come across the wire and figured I'd check into it: sure enough, my upcoming SQL Server event looks like it's scheduled for June 30th and it recently made the front page of SQLMag.com (SQL Server Magazine is sponsoring this event).

From SQL Server Magazine:

SQL Server Unleashed, free virtual event

Unleash SQL Server's Full Potential to Maximize ROI. Join us on June 30, 2009. Sessions will be led by SQL Server expert, consultant, and author Michael K. Campbell.

Here's a more complete overview from the registration site:

SQL Server Unleashed!

Unleash SQL Server's Full Potential to Maximize ROI

Business reliance upon SQL Server databases continues to grow. Yet fewer and fewer businesses are spending the time, energy, and resources needed to sufficiently train DBAs, developers and other IT professionals about SQL Server options and capabilities. Not only does this drastically decrease ROI on SQL Server licensing costs, but it frequently comes at the expense of making operations more difficult for IT personnel, DBAs and developers left to solve complex problems and issues on their own.
Don't wait any longer! Stop merely using SQL Server and start unleashing it to maximize its full potential! Make plans to attend "SQL Server Unleashed," an interactive live virtual event produced by SQL Server Magazine.
Join SQL Server expert, consultant, and author Michael K. Campbell in a clear, insightful, and independent look at ways in which your business can better take advantage of SQL Server capabilities to decrease management costs and improve reliability, uptime and performance.
In just three hours, directly from your own computer you will:

• See how virtualization and consolidation benefits apply to SQL Server and understand why there's never been a better time to virtualize SQL Server deployments.
• Learn how to best virtualize SQL Server in order to optimize provisioning, uptime and consolidation without allowing virtualization to impair workload throughput.
• Understand the benefits and limitations of each of SQL Server's native high-availability options, and learn how to evaluate each option based upon business needs, network latency and other real-world considerations.
• Learn the difference between High-Availability solutions and disaster recovery solutions and ensure that both critical concerns are handled in the best way possible.
• Gain insights into what causes SQL Server performance problems and learn about the best ways to profile, load-test and tune SQL Server workloads rather than just throwing more and more expensive hardware at each problem as it is encountered.

Gain valuable insights as these topics are covered in detail. Each session also includes sufficient Q&A time to make sure that your questions are answered. Boost ROI and improve your business' bottom-line. You'll also be able to improve stability, increase up-time and maximize performance. Time to unleash the power of SQL Server within your organization!

Otherwise, you can find details about all three sessions: SQL Server Virtualization, SQL Server High Availability, and SQL Server Performance here.

The event is free, and registered participants get a free one-year (DIGITAL) subscription to SQL Server Magazine. So either way you slice it, it's a great deal.

Toad for SQL Server just took Best of TechEd 09 for Database Development.

And I'm not surprised.

For the May issue of SQL Server Magazine, I took Toad for SQL Server for a test-drive, and I was floored at how responsive, capable, and CUSTOMIZABLE it was. In fact, the Technical Editor for my article was a bit worried that my article came across as tooo glowing.

Short story though? If you're not impressed with some of the limitations that SSMS currently 'enjoys' make sure to give Toad for SQL a test-drive. It's quite compelling – especially for developers.

If you're interested in learning more about what Hyper-V brings to the table, and whether or not it's ready for prime-time, make sure to check out Hyper-V Unleashed – a free Web Seminar from WindowsITPro.

The event will be on July 21st, and I'll be presenting the 'Hyper-V In Depth' session. Registration is free, and there are some great goodies/freebies available for registrants – in addition, of course, to the content.

Here's a recap of the Agenda:

11:00 a.m.

Hyper-V In-Depth

This session would provide detailed information about Hyper-V. We will begin with the Hyper-V architecture and a discussion of the differences in the Hyper-V role and Hyper-V Server 2008 standalone edition. We also would cover storage and networking options; installing and managing Hyper-V on Server 2008 and Server Core; and advanced topics such as offline VHD access, backup and recovery, high availability options, and management.
12:30 p.m.

Partner Technical Presentations

1:45 p.m.

VMware ESX vs. Microsoft Hyper-V

This session would compare ESX server and Hyper-V, showing the differences between their architectures. We would look at the different features and management interfaces and compare the performance of the two products. In addition, we would look at the more advanced enterprise management capabilities offered by VI3 and SCVMM.
3:00 p.m.

Highly Available Hyper-V

This session would present the different high-availability features offered by Hyper-V. We would cover setting Failover Clustering at both the Hyper-V server and guest level and provide an overview of Live Migration, discussing how Live Migration works and then showing how to set up and use Live Migration with Hyper-V and Server 2008 R2

I knew that one of my articles was going to be in the April issue of SQL Magazine, so imagine my surprise when the April issue actually arrived with two feature articles from yours truly.

Maximize Storage Performance – Sadly only what amounts to a fairly introductory approach to maximizing disk performance, but something that I've been keenly aware of in terms of how few SQL Server Deployments really take advantage of correctly.

Using SQL Server 2008 FILESTREAM Storage – I always wondered if the conventional wisdom which dictated that storing images and other files in a database truly did result in a performance hit, and in this article I tackle some of those conventional theories while addressing how to use SQL Server 2008's new FILESTREAM storage options. (Which I think I'll have to cover in a video here in a while too… )