Академический Документы
Профессиональный Документы
Культура Документы
c o m a n d PA S S C o m m u n i t i e s
January/February 2005
Yukon Encryption 22
By K. Brian Kelley
PASS
Introducing Database 31
Mirroring
By Rick Heiges, PASS Director of Membership
Strengthening 34
European
Presence in 2005
By Professional Association for SQL Server
“ Ihasneed to know how my database
been accessed and modified.
With Entegra:
Copyright © 2004 Lumigent Technologies, Inc. All rights reserved. Lumigent, Entegra and the Lumigent Logo are trademarks or registered trademarks of Lumigent Technologies, Inc.
Editorial
Approaching Yukon
A publication of The Central Publishing Group It’s now known as SQL Server 2005, though I
Managing Editor have to admit that I like Yukon much better. How
Susan Page interesting would it be if the code names were
the actual names of the products? Wishful
Technical Editors:
thinking, but I’d sure like to install SQL Server
Trey Johnson Mark McCorkindale
Randy Lee Anthony Virgil Yukon or SQL Server Shiloh or even SQL Server
Jeff Niblack Sean Lambert Sphinx rather than SQL Server 2000. It makes as
Typesetting, Layout and Printing:
much sense as the current naming. 2000 is v8,
Paramount Printing 2005 is v9?!??!!
Copy Editor This issue marks a change for SQL Server
Susan Page
Standard. Not only is this the start of our second
Advertising: year, but we’ve also made a change in the way
Advertising@sqlserverstandard.com
we build the magazine. When we started this last
Subscription & Address Change:
year, we looked at lots of layout ideas and
http://www.sqlserverstandard.com
designs. Since artistic ability isn’t really one of
Feedback:
editor@sqlserverstandard.com
our talents, we let someone else choose the look,
and then scrambled to get content for the feel. A
Coyright:
year of scrambling has left us looking like most
Unless otherwise noted, all programming code and articles
in this issue are the exclusive copyright of the Central
other magazines. A theme and an article or two
Publishing Group. Permission to photocopy for internal to support it, but mostly we’re filling space with
personal use is granted to the purchaser of this magazine. whatever interesting articles we can find. And
SQL Server Standard is an independant publication and is we’re trying to put something in each magazine
not affiliated with Microsoft Corporation, Microsoft for everyone.
Corporation is not responsible in any way for the editorial
policy or other contents of this publication. SQL Server, No longer. This year our goal, and an ambitious
ADO.NET, Windows, Windows NT, Windows 2000 and Visual one at that, is to dedicate each magazine to a
Studio are registered trademarks of Microsoft Corporation.
Rather than put a trademark symbol in each occurance of
theme and try to fill it with articles that support
other trademarked name, we state that we are using the that theme. As you might have guessed, January
names only in an editorial fashion with no intent of is devoted to Yukon and we have 6 articles, all on
infringement of the trademark. Although all reasonable that very topic to get you ready for the next
attempts are made to ensure accuracy, the publisher does release of SQL Server. And we’ve got similar
not assume any liability for errors or omissions anywhere in
this publication. It is the reader’s responsibility to ensure that
plans for the remainder of the year; each issue
the procedures are acceptable in the reader’s environment devoted to a topic: replication, performance, just
and that proper backup is created before implementing any to name a few.
procedures.
Hopefully you’ll enjoy it and find some value in it.
SQLServerCentral.com Staff:
Brian Knight, President We’re trying something new here at
Steve Jones, Chief Operating Officer SQLServerCentral.com and we’d love to have
Andy Warren, Chief Technology Officer some feedback on whether this meets your
needs, if you like it, any improvements you’d like
to see, or even those topics that interest you.
Design Layout and Printing by: Send a note to articles@sqlservercentral.com
and we’ll take a look and see what we can do.
- Steve Jones
tools for
your SQL Server Enterprise
SQLsafe
Enterprise-scale backup and recovery
SQLconfig
Change and configuration management
SQLtool
Powerful Web-based administration
SQLschedule
Enterprise-class job management
DTx
Easy-to-use data transformation and migration
A Te c h n i c a l J o u r n a l f o r t h e S Q L S e r v e r C e n t r a l . c o m a n d P A S S C o m m u n i t i e s
Yukon Encryption 22
By K. Brian Kelley
PASS
Introducing Database Mirroring 31
By Rick Heiges, PASS Director of Membership
8
After the snapshot is created, you can connect to it as then I could customize the DTS package to do just that.
if it were a physical database. After you’re connected, you You can also have the package call another SQL Server
can query it in the same manner that you do a physical job after the maintenance is complete or execute T-SQL.
database with the exception of not being able to do You can reorder the way your maintenance workflow
UPDATE, INSERT or DELETE statements. Any user who occurs also.
has RESTORE permission can also use a snapshot as a
source for the restoration.
RESTORE DATABASE database FROM DATABASE_SNAPSHOT
= AdventureWorks_DecReport
To delete the snapshot, you must only issue a
standard DROP DATABASE command and specify the
snapshot name as shown here:
DROP DATABASE AdventureWorks_DecReport
Maintenance Plans
Maintenance plans in SQL Server 7.0 and 2000 were
a blessing for DBA’s who wanted the basic maintenance
to be performed on a regular basis for your server.
Maintenance plans to me always seem like a great feature
but lacked in some functionality to make it my dream tool. Figure 4: Maintenance plan as a dts package.=
For example, you couldn’t customize a maintenance plan
to meet your own standards. Maintenance plans in SQL Security Enhancements
Server 2005 have gone the extra mile. When you start, it This broad category represents a lot of the work that
asks you what type of tasks you’ll want to accomplish in was done in SQL Server 2005 for the administrator. The
your maintenance plan (shown in Figure 3). world is a lot different place than it was 5 years ago, and
we must dead-bolt the database door locks to make sure
hackers stay out and that we’re compliant with new
regulations like Sarbanes-Oxley. For more information on
the security enhancements in SQL Server 2005, see Brian
Kelley’s article “First Look at Yukon Security” in the
January 2004 issue of SQL Server Standard. Here are the
highlights, though.
An important change that will help SQL Server
comply with new government regulations is the ability for
the DBA to force the user to change his password every
so many days based on a server policy. A user can
potentially get locked out of the SQL Server if he does not
change his password within the set amount of days.
A constant nagging frustration for DBA’s is how SQL
Server 2000 binds users to schemas. In SQL Server 2000,
if your user bknight creates an object called History, the
table may be called bknight.History. In this case though,
Figure 3: Maintenance plan configuration.= you cannot remove the bknight user until you change the
After you answer a series of questions, it will create object owner. By doing this, though, you reset the
the maintenance plan as a DTS package (shown in Figure permissions on the object, which creates a DBA
4). The nice thing about having the maintenance plan headache.
created as a DTS package is it allows for customization. In SQL Server 2005, schemas can be unbound for the
For example, if I’d like to be notified if a backup fails but I user. You can create a schema, for example, called
don’t necessarily care if the update statistics didn’t create,
10
What’s New in SQL Server
Integration Services? By Allan Mitchell/Darren Green
12
to add a lot of glue code? (How can I change the filename
for a text file connection). Well, a lot of those needs are
gone. Now we have a truly amazing piece of functionality
that you can make as expressive as you want or as simple
as you want. Property Expressions can be placed on a
container so this means you can place them on objects
such as packages, tasks, Foreach Loop enumerators, For
Loop enumerators, Sequence containers, event handlers,
connection managers, and log providers to name but a
few. So what do they do? Well, they evaluate an
expression at runtime and substitute the expression for
the value to which it is mapped. The following image
shows how to find property expressions on a Text File
connection manager.
Figure 3 Figure 4
Once you have The good thing about the dialog is that we can click
selected the expressions on the ellipses button to the side of the expression text
tab you are offered the box and we are offered the chance to build our
chance to choose the expression using an editor. The language used is pretty
property you wish to set intuitive if you have spent anytime using IS and
and the value to which you expressions in other parts of the product. Let’s have a
wish to set it. look, then, at a couple of examples. The first example
shows us using the expression syntax to derive a value.
The second expressions shows us using a system variable
Control Flow Vs Data Flow value to use in our expression.
The introduction of the distinct Control Flow and Data “c:\\MyLoadFile_” +
Flow design surfaces is a striking and potentially confusing (DT_WSTR,4)DATEPART(“Year”,Getdate()) +
change for existing DTS users. The key point to remember (DT_WSTR,2)DATEPART(“Month”,Getdate()) +
is that the Control Flow hosts tasks. To help illustrate this, (DT_WSTR,2)DATEPART(“Day”,Getdate()) + “.txt”
here is a sample of tasks, some of which will already be
“c:\\MyLoadFile_” + @[System::MachineName] +
familiar to DTS users. “.txt”
• Bulk Insert Task • File System Task
We have tried to give you a very brief overview of
• Data Flow Task • Send Mail Task some of the conceptual changes as well as the practical
• Execute Package Task • WMI Event Task ones that we think will make your ETL processes
• Execute SQL Task • XML Task
considerably easier. If you can relate to some of the
improvements described above, then there are probably
another ten that we didn’t have space for this time round.
The Data Flow task is the replacement for the old Data
This article is based on SQL Server 2005 Beta 2 and Beta
Pump Task. However, that is where the similarity ends.
3 (Yukon).
Inside the Data Flow you can place sources and
destinations, collectively called adapters. You can then
manipulate the flow of the data between adapters by
Allan and Darren are both Microsoft SQL Server MVPs,
using transformations. To try and illustrate what you can specialising in Data Transformation Services and now
do in between here is a small selection of the embracing SQL Server Integration Services.
transformations available.
They run a successful consultancy, Konesans Ltd, providing
• Aggregate • Fuzzy Lookup support and design expertise to a variety of clients in a
• Conditional Split • Merge Join number of countries as well as providing community
• Data Mining Query • Pivot support through the Microsoft newsgroups and the popular
• Derived Column • Union All SQLDTS.com and SQLIS.com websites.
13
JANUARY/ FEBRUARY, 2005
Paging Result Sets Using
SQL Server 2005’s ROW_NUMBER By Joseph Sack
15
JANUARY/ FEBRUARY, 2005
and more complicated queries in Beta 3 and RTM.
Joseph Sack, MCDBA, is a SQL Server consultant based in
In the meantime, I’ve added ROW_NUMBER at the the Twin Cities. He is the author of SQL Server 200 Fast
top of my favorite improvement lists, and will definitely be Answers for DBA’s and Developers (Apress) and the
converting over my stored procedures to this new co-author of Beginning SQL Server 2000 DBA: Novice to
technique next year. Professional (Apress). He can be contacted via his website,
http://www.JoeSack.com.
16
you’ll be able to grant access to all objects in that SELECT... FROM mytable ...
schema to a set of users. Eg: …without qualifying the table name.
GRANT EXECUTE,INSERT,DELETE,UPDATE,SELECT ON In SQL Server 2005, users can be assigned a default
SCHEMA::person TO [HR] schema, which will result in similar behavior. I assign the
You can also continue to set permissions at the table CustomerService members to the Person schema, and
or view level, as appropriate. ensure the CustomerService role has the SELECT
For example, in the Training database, I have two permission on that schema; as a result, the following
schemas: Person and Course. Within the Person schema, statement will run for that user without error:
I have the tables and views related to all “people”
SELECT first_name, last_name FROM Students
elements of my business, such as the Address table, the
Instructors table, and the Students table. These tables are However, when the CustomerService rep runs:
referred to as Person.Address, Person.Instructors, and
Person.Students. In the Course schema, I have SELECT course_name FROM CourseTitles
Course.Vendors, Course.CourseTitles and …the statement will fail. Why? For objects that are not
Course.Categories. ie: qualified, SQL Server 2005 first looks in the user’s default
schema (Does Person.CourseTitles exist?), then in the
Schema: Person Schema: Course “dbo” schema (Does dbo.CourseTitles exist?). In order
Tables: Address Tables: Vendors for my CustomerService users to access the CourseTitles
Instructors CourseTitles table, I’ll have to ensure that the table name is always
Students Categories qualified with its schema. ie:
A CustomerService user will need to look up course
SELECT course_name FROM Course.CourseTitles
information to give to students, so I can grant
CustomerService the SELECT permission to the Course In addition, as long as they reside in separate
schema. Eg: schemas, objects can have the same name. Just like I can
have two files on my hard drive named “README.TXT,”
GRANT SELECT ON SCHEMA::Course TO
so long as they are stored in different directories, I can
CustomerService
have two views called vMyView, as long as they are
This gives the CustomerService users permission to located in different schemas.
select on all three tables in that schema. The same role SQL Server 2005 does maintain a default “dbo”
will need to enroll new students, so they’ll need the schema. This will make porting existing applications to
INSERT permission on the Person.Students table, but SQL Server 2005 easier. However, as you work with new
only SELECT permission on the Person.Instructors table. applications from this point forward, you’ll see how
I’ll need to assign permissions on the tables directly, much valuable multiple schemas are. When you start using
as is done in SQL Server 2000. Eg: schemas other than the default, you’ll need to ensure the
use of objects’ two-part name (schema.object). Even if
GRANT INSERT ON Person.Students TO
you’re not using SQL Server 2005 yet - and even if you
CustomerService
never intend using schemas other than dbo - you might
GRANT SELECT ON Person.Instructors TO
CustomerService want to ensure your organization continues the best
practice of using those two part names in your code.
From the permissions aspect, schemas provide a
much needed method of simplifying the assignment of
permissions. Often, an application will have several related
Wendy Sue Williams has worked with SQL Server since
tables, to which users need the same level of permission.
1996 as a developer and a DBA. As a Microsoft Certified
However, using multiple schemas introduces object name Trainer, she currently trains for a CPLS in New Jersey, and
resolution issues. Let’s take a look at some code. recently presented a session at the SQL PASS 2004
In SQL Server 2000, if all objects were owned by dbo, conference in Orlando, FL.
my CustomerService users could execute:
18
there was a method for various objects that allowed you now wrapped inside SMO to allow you to work directly
to script the current object. In 2005, there is a separate with them.
object that discovers the object and its dependencies, Capture Execution is one of the really interesting new
generates a list of objects that need to be scripted based features. Instead of having your application actually
on the discovery, and then the scripts are generated and submit statements to the server for execution, they can be
the resulting script returned. captured using SMO. Suppose you have a section of your
Dim oServer as Server code that creates a database or table, adds an index,
oServer = New Server populates data, for example, in an installation routine.
Dim oBackup as New Backup After testing, you can actually use SMO to capture this as
oBackup.Action = BackupActionType.Database a script for later execution, or on a separate server.
oBackup.BackupSetName = ‘Sample Backup’
oBackup.Database = ‘Northwind 3 Card Monty
Hopefully it doesn’t feel like that, but with the evolution
Figure 2. Backing up a Database using VB.NET
of the management objects, SMO has moved a number of
Optimized Instantiation things around. Books Online has a short list of what’s been
These are a couple of very fancy words that describe moved, though keep in mind that this is a Beta product. It’s
a performance enhancement that was implemented in entirely possible that more changes will be made in the
SMO. This means that as the programmer you can control RTM version. Look for a new article then :).
the level or amount of instantiation that occurs when you Conclusion
create an object. In DMO, all objects in a collection had to
While I normally don’t like wholesale changes
be instantiated, which could eat up lots of resources. Even
between versions, there are times that it’s warranted and
if you never intended to reference some of the objects,
this is one of them. With most everything else being
they would all be created. In SMO, you can partially
rewritten, the CLR added in, and more, SQL Server 2005
instantiate a collection, or even properties. It’s all up to
needed a change from DMO instead of adding Server3
you for each server. It’s not all good, however. Delaying
objects and more. I am glad that backwards functionality
the instantiation when you are planning on referencing
is retained, especially through SQL Server v7 when DMO
more objects or properties isn’t good for performance.
got very popular. It’s also great to see that COM
You’ll create lots of round trips to the server as you
functionality is still available, since I find quick and dirty
instantiate items.
VBScript command files to be an easy way to handle
There are 3 levels of instantiation that you can set. many administrative tasks.
Uninstantiated, nothing loaded, or full instantiated,
If you use DMO, I think you’ll be excited and find the
everything loaded (like DMO) are the most common
changes well worthwhile. It also appears the rewriting
levels that most programmers are familiar with. There’s
scripts from DMO to SMO should be fairly
also partial instantiation, which doesn’t load objects that
straightforward. In many cases, changing from a “2”
are not directly referenced. Once the object is referenced,
object to the single, i.e. Server2 to Server, should allow
then it is fully instantiated.
many of your scripts to work. I’m really looking forward to
New Features Beta 3 and RTM and hopefully much more detailed
The new features in SQL Server 2005 have documentation on the objects. As of now, many of them
corresponding items in SMO as well. HTTP and SOAP are not documented in Books Online. Look for an updated
requests can be handled by EndPoints objects. There are version of this article at SQLServerCentral.com once the
new objects inside the database object to work with Full product releases.
Text Search. The database object can work with snapshot
isolation and the new row level versioning feature. The
ability to spread tables and indexes across file groups has Steve Jones has been working with SQL Server since 1992 in
corresponding SMO objects. The new XML features, a variety of companies from small start-ups to large Fortune
including schema namespaces and indexes, are 500 companies. His primary area of expertise has been in
represented in SMO. Almost everything in the server that the Operations part of IT managing hundreds of databases.
He currently works full-time for SQLServerCentral.com
you can work with has a corresponding SMO
managing all aspects of their publishing business.
counterpart. In addition, the WMI provider objects are
20
when you need to write persistent code for an application
—Get Information About Tables that interacts with SQL Server 7 or 2000 metadata. A
Select * from INFORMATION_SCHEMA.TABLES where sample SQLDMO example is available in the download.
TABLE_TYPE = ‘BASE TABLE’
— returns information for each table
—Return column info for each table SQL Management Objects (SMO)
Select * from INFORMATION_SCHEMA.TABLES st SMO replaces SQLDMO in SQL Server 2005. As
Inner Join INFORMATION_SCHEMA.COLUMNS sc noted above, SQLDMO is compatible with SQL Server
On st.TABLE_NAME = sc.TABLE_NAME 2005 but no new features have been added. SMO was
where TABLE_TYPE = ‘BASE TABLE’ modeled with SQLDMO in mind and Microsoft has called
it a “logical continuation” to SQLDMO and explicitly
—Get Information About Stored Procedures stated that they have incorporated objects similar to
Select * from INFORMATION_SCHEMA.Routines SQLDMO objects when possible. SMO makes 150 new
—returns stored procedures and functions classes available to users. SMO is backwards compatible
Select * from INFORMATION_SCHEMA.PARAMETERS with SQL Server 2000 and 7.0 and is 100% managed
—returns parameter information for user-defined code. Like SQLDMO, SMO is very easy to work with,
functions and stored procedures especially if you are using Visual Studio 2005.
Unfortunately, if you want the convenience of
—Get Information About Views
intellisense and IDE debugging while writing your SMO,
Select * from INFORMATION_SCHEMA.VIEWS
you will need to use Visual Studio 2005. The Visual Studio
—returns information for each view
2003 IDE will not let you add a reference to the SMO
Select * from
managed library through its GUI (you can still use a
INFORMATION_SCHEMA.VIEW_TABLE_USAGE
‘Using’ statement and include SMO but you lose
—returns each view and the tables it is using
intellisense and debugging from within the IDE). You can
SQL Server Distributed Management still build an SMO application with VS 2003 or even
notepad but you will need to make your references while
Objects (SQLDMO)
using the command line compiler (you will need to use
If you are building a software application that needs the compiler in your Framework 2.0 folder, not your
metadata from a SQL Server 7.0 or 2000 database, this is Framework 1.1 compiler).
the way to go. In fact, SQL Server 2000 Enterprise
Manager uses SQLDMO for most of its actions. Conclusion
Database information is exposed nicely through an easy There are many ways to access SQL Server
to use COM object library that can be used in any COM metadata, and we covered some of the most common
aware language such as Visual Basic, and can also be methods in this article. In addition, we exposed some
used in .Net - although it requires using Interop. While pros and cons of those methods which can hopefully
using SQLDMO you work in a hierarchical manner to help you make the decision of which tool to use for the
access the data that you want. For example, a Server task at hand. There are still yet other alternatives to use
contains a collection of databases, a database contains a to access SQL Server metadata, from ADO.Net to TSQL
collection of tables, and each table contains a collection of functions like DATABASEPROPERTY() (see Books
columns. Microsoft SQLDMO documentation states that Online -> meta data -> functions for more TSQL
applications using SQLDMO can perform all functions metadata functions). Ultimately, you may need to do
performed by SQL Server 2000 Enterprise Manager, some additional research to determine the right tool for
making this a powerful but easy-to-use way to access whatever your needs may be, but I hope that this article
metadata. SQLDMO is supported by SQL Server 7.0 and has helped you get on your way.
2000. It can be used with SQL Server 2005, but was not
updated to support 2005 specific features. SQLDMO is
bundled up in sqldmo.dll so you simply need to add a Anthony Bressi is owner of Agilist Technologies Inc. which
specializes in software for SQL Server Database
reference to this object in your application. If you installed Administrators and SQL Server developers. Mr. Bressi has
your SQL Server files to the default location on your PC, over 8 years of hands-on experience in the Microsoft SQL
the file should be located in: C:\Program Files\Microsoft Server development environment.
SQL Server\80\Tools\Binn. SQLDMO is an ideal choice
22
CREATE DATABASE Sandbox sys.symmetric_keys in the given database and looking for
GO a certificate with the name of
USE Sandbox ##MS_DatabaseMasterKey##. The version stored in
GO the master database allows SQL Server to open the
CREATE USER TestUser1 database master key automatically (part of allowing SQL
CREATE USER TestUser2 Server to completely handle key management). The
CREATE ROLE EncryptionUsers
EXEC sp_addrolemember EncryptionUsers, version stored in the database is then used for
TestUser1 encryption/decryption as necessary.
EXEC sp_addrolemember EncryptionUsers,
TestUser2
GO Creating:
CREATE TABLE dbo.ExampleTable (
To create the master key, the following syntax is used:
ExampleID int IDENTITY, CREATE MASTER KEY ENCRYPTION BY PASSWORD =
EncryptMethod varchar(50),
PlainData nvarchar(1000), ‘<password>’
CipherData varbinary(1000) )
GO For the examples, make sure you are in the Sandbox
database and enter something similar to the following:
GRANT SELECT, INSERT ON dbo.ExampleTable TO
EncryptionUsers CREATE MASTER KEY ENCRYPTION BY PASSWORD =
GO ‘OneRingToRuleThemAll!’
If we try to create a certificate or key without a
The Database Master Key database master key and we haven’t specified some
SQL Server 2005 Beta 2 comes with the ability to other means to encrypt (such as a password), SQL
completely manage the keys and provide for encryption Server will return an error. For example, the following
almost completely behind the scenes. It does so using code to create a certificate will fail:
what is called a database master key. To understand how CREATE CERTIFICATE ExampleCert
this comes into play, let’s take a step back and talk a bit
about the service master key and the encryption WITH SUBJECT = ‘This fails without the db
hierarchy. master key’
When you install SQL Server 2005, a symmetric key The error message received is the this:
(a single stream of bits which can be used to both Msg 15581, Level 16, State 1, Line 2
encrypt and decrypt data) is created for the SQL Server
service. This service master key is used to encrypt a Please create a master key in the database or
whole host of important and sensitive things such as open the master key in the session before
linked server passwords, connection stings, and mapped performing this operation.
account credentials. It is also used to encrypt any and all This goes back to who is handling key management.
database master keys. A query against the If we don’t specify an encryption mechanism, we are
sys.symmetric_keys view in the master database will telling SQL Server we want it to handle the management.
reveal the existence of this key (name of Therefore, the database master key is needed.
##MS_ServiceMasterKey##).
When a database master key is created, it too is a Dropping:
symmetric key. The purpose of a database master key is Eventually you may want to remove the database
to encrypt the certificates and keys within the database if master key. To do so, just execute the following in the
no other encryption mechanism is specified. If we want proper database.
SQL Server to handle key management, the database
DROP MASTER KEY
master key is a requirement.
By default, SQL Server will take the database master However, if any keys or certificates are encrypted
key, encrypt that with the service master key, and store with the database master key, you’ll receive an error like
this result within private structures in the master the following:
database. SQL Server takes the database master key Msg 15580, Level 16, State 1, Line 1
encrypted with the password you’ve specified (more on Cannot drop Master Key since Certificate
this shortly) and stores this in the given database the key ‘’NorthwindCert’’ is encrypted by that.
applies to. You can verify its existence by querying
26
ENCRYPTION BY PASSWORD = ‘TheShire’ CASE
WHEN EncryptMethod = ‘AsymmKey1’ THEN
Altering: CONVERT(nvarchar(max),
As with certificates, the password encrypting the DecryptByAsymKey(AsymKey_ID(‘AsymmKey1’),
private key can be changed. The only difference in syntax CipherData))
is ASYMMETRIC KEY instead of CERTIFICATE as in the
WHEN EncryptMethod = ‘AsymmKey2’ THEN
following example:
CONVERT(nvarchar(max),
ALTER ASYMMETRIC KEY AsymmKey2
WITH PRIVATE_KEY ( DecryptByAsymKey(AsymKey_ID(‘AsymmKey2’),
ENCRYPTION_PASSWORD = ‘MasterFrodo’, CipherData,
DECRYPTION_PASSWORD = ‘TheShire’ ) N’MasterFrodo’))
28
deciding where to apply the encryption and whether or encrypted with the symmetric key.
not to use the database master key. SQL Server provides The holder of the private key can decrypt the
data encryption at two different “trust levels.” If DBAs are symmetric key and then use that symmetric key to
trusted, SQL Server can handle all of the key decrypt the data. It also makes a good practice for SQL
management using the database master key. This is by Server. Create an asymmetric key and then create a
far the simplest method of implementing encryption in symmetric key using the asymmetric key as the
the database. Asymmetric keys and certificates can be encryption mechanism. Encrypt the data with the
accessed automatically and symmetric keys should be symmetric key and you have a good balance of both key
opened fairly easily as well. security and performance.
If, however, due to business or other reasons even
the DBAs shouldn’t be able to decrypt the data, then the Issues to Consider
use of keys with passwords effectively keeps them out When implementing encryption, several issues must
from within SQL Server itself. Even profiler won’t reveal be addressed. The first is the one of key management. If
important contents of key commands. An administrator, SQL Server is not handling key management, you must
however, can hook up a debugger, and setting the come up with a secure mechanism to store passwords
proper breakpoints, see a query come through and see and allow an application to access keys. If a critical key is
the password. Of course, that’s true of any server. Using compromised, so is the data. Therefore, protecting the
SQL Server’s native encryption, these are the two options keys is almost as important as protecting the data itself.
provided. The second main issue is performance. This
The only other option is to build in encryption into the consideration has two prongs: performance loss due to
application and send encrypted data to SQL Server. This cycles spent encrypting and decrypting the data and
is considered a third “trust level” because it should be performance loss due to an inability to use indexes
completely independent of the DBAs and the SQL Server effectively since the data is encrypted. Using a hybrid
platform itself. cryptosystem like I mentioned above is probably the best
solution for the first prong. However, an expectation of
Use of a Hybrid Encryption Scheme slightly slower performance should be expected. With
In comparison of performance, symmetric key the second prong, it’s a matter of if the encrypted data is
algorithms tend to be substantially faster and if you’re used to filter or sort a result set. If not, there shouldn’t be
dealing with a lot of conversions (as with a database), a big performance problem. If, however, the encrypted
symmetric keys offer the best performance. However, data is used to do either of those two functions, indexes
symmetric keys are also weaker than asymmetric keys for are effectively out. Expect a slightly to significantly worse
the simple fact that once I have the key, I can encrypt and performance as a result.
decrypt the data at will. With an asymmetric key pair, I Conclusion
can expose the public key, which you can use to encrypt
Native encryption built into SQL Server 2005 looks
data intended for me. You can then send the encrypted
very promising. This addresses an item on the wish list of
data over a non-secure channel without worrying about
a number of DBAs and Microsoft looks to have
compromise. Once I receive it, I can decrypt using my
implemented a reasonable solution. Certificates,
private key. No one else can unless they’ve managed to
asymmetric keys, and symmetric keys are all supported
get my private key
within SQL Server and each encryption mechanism has
However, if we have a lot of data to send back and its own set of encryption/decryption functions. There are
forth, it’s better to use a symmetric session key and then trust and performance issues that must be addressed
encrypt it using my public key. I decrypt the session key before implementing a solution, but overall SQL Server
and then we encrypt all data using that session key. 2005 gives us a lot of flexibility to come up with workable
We’ve been able to exchange a symmetric key and we’ve solutions for our environments. I hope encryption
not had to send it in the clear over a non-secure channel. remains and makes it into the final product.
Therefore both of us possess the symmetric key securely
and are able to leverage the faster speed of the Brian Kelley is an Enterprise Systems Architect with AgFirst
symmetric encryption algorithms. These hybrid Farm Credit Bank and the regular security columnist for
cryptosystems are actually fairly popular. This is the SQLServerCentral.com. He is also the author of “Start to
Finish Guide to SQL Server Performance Monitoring” from
principle behind Secure Sockets Layer (SSL) as well as NetImpress and a member of the GSEC Advisory Board. You
Encrypting File System (EFS): A symmetric key is can contact him at SQLServerCentral.com.
encrypted with an asymmetric key pair and the data is
29
JANUARY/ FEBRUARY, 2005
PASS_0111204_SummitAd 12/7/04 2:35 PM Page 1
Present a Technical Session and Receive a Looking for a way to freshen up on your
Complimentary Registration and Worldwide SQL Server skills before attending one of the
Industry Recognition. PASS Conferences?
If you would like to share your expertise at the 2005 The 2004 PASS Community Summit technical sessions have all
European Conference, please submit your proposal at been compiled on a CD-ROM with full desktop capture, MP3
www.sqlpass.org. This is a great opportunity to solidify audio, live demos, speaker PowerPoint presentations and
your reputation as a SQL Server expert. much more! Order your copy today at www.sqlpass.org.
ORKING TOG
R S W ET
HE
S E
U R
d
E
u
ca it
tio un
m
n u Networking u Com
www.sqlpass.org
PASS The Definitive Global Community
for SQL Server Professionals
32
solution. During this period of Reporting for Duty…. Failover can occur over and
initial setup, the database will over again, but what about the
Another really cool feature in
have a session state of client applications? Clients can
SQL Server 2005 is the
synchronizing. This means that connect to the principal
Database Snapshot. Basically,
the database is working its way database either by using the
this feature allows a complete
to the synchronized state. latest MDAC or by a slight
copy of a database to exist at
Synchronized state occurs when modification of code (about 10
the time it commands to create
all updates from the principal lines) concerning the
the snapshot. It results in a very
have been sent and connection. Essentially, the
space-efficient, read-only copy
acknowledged that was sent by client tries to connect to the
of the database. We will not
the principal server. There is also principal. If it fails, it attempts
fully explore this feature here,
a suspended session state which connection to the secondary
but it can be very useful in
means that the database is server which will be the new
gaining another benefit. A
behind because it was principal if failover has
database snapshot maybe
suspended by the DBA, but occurred. At no time can a
created on the mirror server.
communication with the client connect to a database on
This allows read-only access to
partners is still possible. The last a server in the mirror role. The
the data stored on the mirror
state is called a disconnected servers that participate in
server at the point in time when
state. This means that the mirroring have their own IP
the commands were issued to
partner cannot communicate address and do not share a
create the database snapshot.
with the other partner. Only in third IP address, as is the case in
Once a transaction is processed
the SYNCHRONIZED state, you clustering.
after the command has been
are safe from data loss. The
issued, the database snapshot is
three other states indicate that
no longer up-to-date. But, this Summary
you are exposed to possible The Database Mirroring feature
does allow for the mirror server
data loss. on SQL Server 2005 provides a
to also be used as a reporting
This is the basic syntax for server. However, putting more much simpler method of
establishing a mirroring session stress on the mirror server can obtaining High Availability or
once the database is restored cause a slowdown of Disaster Recovery than before.
with NO RECOVER on the processing which may affect Although there are still many
mirror server. More information the mirroring session. This is good reasons to consider a
may be obtained in BOL. because it may affect the speed clustering solution, mirroring
ALTER DATABASE <database> in which the transaction is does not require any special
SET PARTNER = recorded which would in turn hardware or shared storage to
<server_network_address> affect the speed of the complete the setup. In
acknowledgement back to the addition to these reasons, a
This command is run on both principal server. Remember, the mirroring session may also
the principal and mirror servers. principal does not acknowledge provide access to data for
This syntax promotes simplicity. the transaction until the Mirror reporting purposes on the
If mirroring is for high responds that the transaction mirrored server. At the time of
availability, another T-SQL has been successfully recorded this article, there was no
command is issued to the when the safety is set to “full”. decision of which version of SQL
“ALTER DATABASE” syntax to Server this would appear in.
specify the Mirror server. Client Concerns
The discussions so far have
been focused on the database.
34
SQL Server Standard May/June, 2004
36