Tuesday, October 17, 2017

Modifying Endpoint URLs on Availability Group Replicas

I recently had to modify the Endpoint URLs on our SQL Server Availability Group replicas. 

The reason for this blog post is that I could not answer the following questions:

Do I need to suspend data movement prior to making this change? 

Would this change require a restart of the database instance?

I spent enough time searching on my own to no avail that I tossed the question to the #sqlhelp hashtag on Twitter and Slack but didn't get an answer prior to executing the change request.

After reading the relevant documentation, I think it's probably a good idea to suspend data movement for this change.

The T-SQL is straightforward. 

USE MASTER
GO

ALTER AVAILABILITY GROUP [AG1] 
MODIFY REPLICA ON 'SQL2012-1' WITH (ENDPOINT_URL = 'TCP://10.10.10.1:5022');

ALTER AVAILABILITY GROUP [AG1] 
MODIFY REPLICA ON 'SQL2012-2' WITH (ENDPOINT_URL = 'TCP://10.10.10.2:5022');

ALTER AVAILABILITY GROUP [AG2] 
MODIFY REPLICA ON 'SQL2012-1' WITH (ENDPOINT_URL = 'TCP://10.10.10.1:5022');

ALTER AVAILABILITY GROUP [AG2] 
MODIFY REPLICA ON 'SQL2012-2' WITH (ENDPOINT_URL = 'TCP://10.10.10.2:5022');

ALTER AVAILABILITY GROUP [AG3] 
MODIFY REPLICA ON 'SQL2012-1' WITH (ENDPOINT_URL = 'TCP://10.10.10.1:5022');

ALTER AVAILABILITY GROUP [AG3] 
MODIFY REPLICA ON 'SQL2012-2' WITH (ENDPOINT_URL = 'TCP://10.10.10.2:5022');

I completed this change successfully last night. I suspended data movement for each replica prior to executing their respective ALTER. I'm not sure suspending data movement was required but it didn't hurt. 
This change did not require a restart of the SQL instance. 

Tuesday, September 5, 2017

Uptight Database Security

If you need a practical approach to managing database administrator access without always granting the sysadmin role to your database administrators then I encourage you to vote for my GroupBy session for the December lineup. 


As the SQL Server security model has become more granular, it is now easier to do routine database administration without sysadmin access. Starting with SQL Server 2005, administering SQL Server without sysadmin access is now possible for many of the typical DBA tasks.

For example, a DBA only needs the ALTER SETTINGS permission to use the sp_configure command on a database instance. To run SELECT queries on Database Management Views requires either VIEW SERVER STATE or VIEW DATABASE STATE depending on the DMV being queried. To use Query Store requires only VIEW DATABASE STATE. CONTROL SERVER can be granted to DBAs that allows them to do almost all the tasks that sysadmin allows but unlike the sysadmin role, it can be DENYED access to data that the business considers sensitive.

This session will review a proven process for managing database administrators permissions without giving uncontrolled sysadmin access.

If you want more practical advice on how to manage database administrator access, vote for this session.

Thank you for your consideration.








 

Monday, June 5, 2017

Azure Portal CPU Graph Bug or Feature?

I support an Azure PaaS application.

We had a brief outage recently.

Given that the code had not been changed in a month, we suspected some maintenance in an Azure data center stepped on our application.

Ping tests and self-tests failed for approximately 10 minutes.

The outage resolved on its own without intervention.

I submitted a ticket to Azure Support to determine the cause of the outage but the reason I'm writing this post is because of the behavior I observed with the CPU graphs for Cloud Services while investigating the outage.

The CPU graphs show different results depending on the time range selected.

I would expect to see the CPU spike with the same value no matter what time range I selected. But, to see the spike that fired the alert, I had to to "Edit" the chart and select different time ranges to see the differences. It wasn't until I selected a narrow custom time range that the CPU graph would display the CPU spike that corresponded to the alert firing. The alert fires if the CPU percentage exceeds 80% over 15 minutes. So, if you "know" something happened, try different time ranges but especially the custom range to find what you are looking for.

This behavior has been documented and forwarded to the Azure portal team for review. It appears in both the Classic and current Azure portal.

The response from Azure Support when I raised this concern.
"I have had discussion with our Azure UI team and Azure Monitoring team regarding the portal graph.

As they mentioned, When we look at the 24 hours of data in the portal, the data is aggregated at 1 hour granularity and the average is shown. Similar is the case for 1 week of data shown on the portal. Since the spike exist for 5 to 10 minutes, we need to see the custom data option instead of using the 24 hour and 1 week. These 24 hours/ 1 week graph will be helpful when you have spike for more than an hour."

The CPU spikes are lower in the graphs that have a longer time range because of the aggregation and averaging. This is not a bug with the Azure graphs, it's a feature. ;-)








Wednesday, January 11, 2017

Rediscovering SQL Server Agent Alerts...

Having moved from a Fortune 50 company using BMC Patrol for SQL Server Monitoring to a small software company of less than 200 people, I'm rediscovering SQL Server Agent Alerts.

Why might you ask? Because small companies can't afford expensive tools and need to use the out-of-the-box features as much as possible.

This past week, I rediscovered that you can alert on SQL Server performance conditions using SQL Server Agent. I needed to alert on database transaction log usage. 

How to create SQL Server Agent alerts can be found at the link below.

https://msdn.microsoft.com/en-us/library/ms180982.aspx

Under Options, I suggest you set a delay of 10 minutes. Unless you like to be spammed every minute when bad things happen.

I'm hoping it will provide enough notice to prevent an undesirable event from complicating my life.

Do this before your storage runs out of space on a holiday. ;-)





Sunday, June 26, 2016

If at first you don't connect, try again...


I've noticed on several occasions that my first attempt to connect to an Azure Sql Server using SQL Server Management Studio 2016 doesn't always succeed.

First attempt















The fix? Press OK and try again. 




I have no explanation but it always seems to connect the second time.























I'm assuming you have your security and firewall rules setup correctly.



Wednesday, April 13, 2016

Azure Status Alerts via Outlook Rules

My current duties involve production support for an Azure PaaS application, therefore, I must know when Microsoft Azure services are experiencing issues.

I do have alerts set up on the Azure portal and in Application Insights to notify me when availability or performance thresholds are violated but I also need to know if there is a global or regional issue that might affect our app so that I can respond and notify the staff when appropriate. Azure status changes are reported on the Azure Status web page.

The following will describe how to use the Azure Status page RSS feeds and Outlook rules for notification if things go sideways in Microsoft Azure.

The Azure Status page has RSS feeds for nearly all of its services. 
























First, You'll need to add relevant feeds to the RSS Feeds folder in Outlook. I am using Outlook 2016. 
Click on the orange RSS feed icon for each service you are interested in to show the feed URL, copy the URL, and add to your Outlook RSS Feeds folder by right-clicking the RSS Feeds folder. This brings up a context menu where you can select "Add a New RSS Feed...".  







Enter the URL for the feed in the dialog box and click Add.













Here's what my RSS Feeds folder in Outlook looks like currently.




















Then, create rules to forward a copy of the RSS posts to your Inbox so that Outlook will notify you when an Azure Status change has occurred. You will NOT be notified if you simply move a copy to your Inbox. Outlook notifies me when new mail arrives in my Inbox on both my laptop and mobile phone.

























You must check the box in red below for these rules to work properly.





















With the above in place, I am now being alerted by Outlook on my laptop and mobile phone when a status change occurs on the Azure Status page. 

















http://quotesgram.com/quotes-about-the-night-shift/

Thursday, March 31, 2016

February was busy but good...

February was very busy because I had to prepare for my 18th SQL Saturday, prepare abstracts for the 2016 PASS Summit Call for Speakers and keep up with big things happening at work. <Cue sad violin music...>

I submitted two sessions for SQL Saturday Tampa and ended up giving both of them. One in the morning and one in the afternoon. 

My morning session on Monitoring and Alerting for an Azure PaaS Application earned me Speaker of the Month from The Scary DBA and PASS EVP Grant Fritchey. I truly appreciate his recognition and feedback. I WILL incorporate it in future sessions.

In the afternoon, I did a session on how to lock down SQL Server so that DBAs don't have unfettered access to business data. This makes your Compliance staff smile, trust me. 

After SQL Saturday was the final push to get my abstracts done for the 2016 PASS Summit Call for Speakers. They were due the Wednesday after the Tampa SQL Saturday. Do you now understand why February was busy? I submitted four abstracts for consideration for this year's PASS Summit. Two were technical and two were professional development.

Allen White always starts his talks with a little blurb about how we all know something that we can teach others to encourage new speakers.To prove that point, this guy asked me questions via Twitter about my security session. I got a huge kick out of someone with such a stellar reputation score on dba.stackexchange.com asking me for help.

Finally, I've joined my company's Toastmaster club in the hope that it will improve my speaking skills for future PASS events.

Whew!