Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 123»»»

Is RDP Access Needed for a SQL Server Administrator? Expand / Collapse
Author
Message
Posted Monday, December 16, 2013 2:30 PM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Friday, September 12, 2014 4:03 PM
Points: 47, Visits: 146
Our SQL DBAs have not been given RDP access to the SQL machines in our environment. While they realize they do not need RDP access to setup maintenance plans because this can be done via SSMS, they claim it is helpful to be able to see (things) like the amount of free space on the drives, where the data and log files are stored, access to the server Event Logs, access to the server Task Manager Performance tab, access to the Services, and a few other OS functions. Is it common and necessary for SQL DBAs to have RDP access to the Windows Server or can they perform all their work via SSMS?
Post #1523436
Posted Monday, December 16, 2013 2:43 PM
SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Monday, September 8, 2014 8:17 AM
Points: 5,991, Visits: 12,939
do they do installs? RDP is needed for that.

Is remote DAC enabled so DBAs could get on if SQL is unresponsive?

whilst all SQL based work can be done via SSMS having RDP access makes it easier for DBAs to do the full range of their tasks especially when troubleshooting so why do you want to make it harder for them? A dBA can do a lot of damage (including branching out to the OS) via the high level of access they will have in Sql server, so what are you trying to protect against?

If a server supports SQL DBAs should be trusted as much as the sysadmins on that server.


---------------------------------------------------------------------

Post #1523440
Posted Monday, December 16, 2013 2:46 PM
SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Monday, September 8, 2014 8:17 AM
Points: 5,991, Visits: 12,939
...........and no they cannot do all their work via SSMS.

As a DBA I have performed all those other functions you mention and more


---------------------------------------------------------------------

Post #1523442
Posted Monday, December 16, 2013 3:04 PM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Friday, September 12, 2014 4:03 PM
Points: 47, Visits: 146
They do not do installs.

Not sure what DAC enablement is for? If the server is down, we bring it back up for them.

We just feel the DBAs need to stay off the server to prevent any possible damage to the server itself.

If SSMS gives them what they need, why risk giving them RDP access?
Post #1523449
Posted Monday, December 16, 2013 3:14 PM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Today @ 11:26 AM
Points: 13,436, Visits: 12,299
defyant_2004 (12/16/2013)
They do not do installs.

Not sure what DAC enablement is for? If the server is down, we bring it back up for them.

We just feel the DBAs need to stay off the server to prevent any possible damage to the server itself.

If SSMS gives them what they need, why risk giving them RDP access?


So you trust these people to manage, maintain and secure the company's most valuable asset (data) but at the same time you do not trust these same highly technical people with a server? I know that is how some shops work but it seems overly paranoid to me.

Honestly what exactly are you trying to protect? What IS the risk of a DBA having RDP access to the server they are responsible for keeping running well? I am honestly curious because I would like to know what the risk truly is for this.

[sarcasm]


We just feel the DBAs need to stay off the server to prevent any possible damage to the server itself.


I agree 100% that no DBA should be allowed to sit, hang or any other things I envision from the old suitcase commercials with the gorillas to any self respecting server.

[/sarcasm]


_______________________________________________________________

Need help? Help us help you.

Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.

Need to split a string? Try Jeff Moden's splitter.

Cross Tabs and Pivots, Part 1 – Converting Rows to Columns
Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs
Understanding and Using APPLY (Part 1)
Understanding and Using APPLY (Part 2)
Post #1523452
Posted Monday, December 16, 2013 3:24 PM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Today @ 6:48 AM
Points: 12,915, Visits: 32,075
As a DBA, the #1 reason (for me) I seem to need access to the server itself are for diagnosing ETL issues and managing of SSIS packages;

we have a lot of SSIS packages, adn they exist and are executed on the server.

We have a large number of scheduled jobs migrate data from various flat file resources to staging folders for further processing; think of the classic migrating of SFTP files from one source to the server, so they can be bulk inserted, bcp, or have an SSIS package fiddle with them.

I very often need to open those files directly, and for that
access to the proper folders or shares.


Lowell

--There is no spoon, and there's no default ORDER BY in sql server either.
Actually, Common Sense is so rare, it should be considered a Superpower. --my son
Post #1523456
Posted Monday, December 16, 2013 3:25 PM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Friday, September 12, 2014 4:03 PM
Points: 47, Visits: 146
We really want to protect the server and limit the amount of unnecessary access. Although I am not an expert at DBA work, I have used SSMS in the past and it seems to provide everything our DBAs should need to maintain our SQL Servers without logging onto the server itself and messing things up. We have a 90% uptime we must keep. We also want to prevent any risk for corrupting our Windows Server installations.
Post #1523457
Posted Monday, December 16, 2013 3:27 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Thursday, May 15, 2014 5:11 PM
Points: 6,067, Visits: 5,283
I have worked in highly secure environments where ONLY RDP access was allowed. RDP access does make it much simpler and the real question is "do you trust the DBAs or not?" If the answer is no then why do you trust your system people MORE than your DBAs, people who specialize in the software? These people have VERY high level access, restricting RDP is not making you more secure, you are making it harder to do their work with no appreciable benefit.

CEWII
Post #1523459
Posted Monday, December 16, 2013 3:27 PM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Friday, September 12, 2014 4:03 PM
Points: 47, Visits: 146
We do not use SSIS or Reporting Services. We only use MS SQL database engine.
Post #1523460
Posted Monday, December 16, 2013 3:35 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Thursday, May 15, 2014 5:11 PM
Points: 6,067, Visits: 5,283
It doesn't matter, have "console" access to the machine running the database server makes things easier. I have yet to have someone give a valid reason to prevent RDP from either a system admin or a database admin.

What are you afraid of?

CEWII
Post #1523466
« Prev Topic | Next Topic »

Add to briefcase 123»»»

Permissions Expand / Collapse