A few colleagues of mine, Andy Leonard, Jason Massie, and Chuck Boyce, are all on Twitter. As a matter of fact, Jason blogged on some folks he follows on Twitter with regards to SQL Server. I've also read Scoble talking about Twitter and decided to give it a look. Of course, I would pick a time to start when they are experiencing back-end issues. Maybe they should take Andy's advice.
Brian's Twitter Page
I have a CTP of SSRS 2008 deployed to one of my servers. Today I built a couple of reports and from one of my systems, they all tested fine. However, this system, because it is a testing server, doesn't receive the Group Policy Object (GPO) controlling IE security settings that our standard systems do. Now the IE GPO contains what's necessary to do Windows integrated authentication against our Intranet-based web servers, to include Kerberos delegation. But for whatever reason, the systems which receive the GPO kept prompting users to log in.
One of the issues with troubleshooting is the fact that SSRS 2008 is no longer a web application under IIS. As a result, the places to look for logs, for security settings, and the like are all different. One thing that isn't is that since Windows authentication is involved, the audit failures should still be logged on against the Security event log for the OS. They were. I didn't see any Kerberos pre-authentication errors. The only errors I saw was when the domain/realm picked up the name of the server instead of the name of the Active Directory name. However, there weren't anywhere near the # of audit failures as people were getting prompted. It almost seemed like every time SSRS retrieved a new file (such as an image file) it forced a re-authentication.
Since I needed the reports out for others to use, I rebuilt the reports for SQL Server 2005. This, not surprisingly, meant I had to drop back to Business Intelligence Development Studio (BIDS) for SQL Server 2005. The Data Source was able to publish, but not the reports themselves. The reports were simple queries displayed in tabular form, so it took just minutes to rebuild them, but that wasn't something interesting to see... if BIDS for SQL Server 2008 could publish to a SSRS 2005 server just by switching the Reporting Services target. It wasn't. There may be a way to force it... but I'll wait until next week to look at that in more detail. I'll also troubleshoot what IE settings broke the authentication in SSRS 2008 but which don't break SSRS 2005.
Last night the Midlands PASS Chapter had the pleasure of hosting SQL Server MVP Brian Knight. I was able to capture a few pictures from last night though they aren't the best quality.
Our next meeting is scheduled for July 10 and we are hosting John Welch, SQL Server MVP, who will be speaking on managing SSIS between different environments.
Tuesday, May 27, 2008
Speaker: SQL Server MVP Brian Knight
The Midlands PASS chapter will hold a special meeting on Tuesday, May 27, 2008, to host SQL Server MVP Brian Knight. Brian will be giving a presentation on Data Mining using SQL Server. The meeting will once again be held at Training Concepts off of Berryhill Road. We will begin our meet and greet time at 6:15 PM as usual and start the presentation at 6:45 PM. The meeting is sponsored by AgFirst Farm Credit Bank
Please feel free to forward this to anyone who you think would be interested in attending. If you plan on attending, please RSVP via SQLServerCentral.com Private Mail as soon as possible so we can ensure we have enough space and food. If you have time to help with setup, please email me and we’ll plug you in!
Brian’s Bio:
Brian Knight, SQL Server MVP, MCSE, MCDBA, is the co-founder of SQLServerCentral.com and JumpstartTV.com. He runs the local SQL Server users group in Jacksonville (JSSUG) and was on the Board of Directors of the Professional Association for SQL Server (PASS). Brian is a contributing columnist for SQL Server Standard and also maintains a regular column for the database website SQLServerCentral.com and does regular webcasts at Jumpstart TV. He has co-authored and authored more than 9 SQL Server books including Admin911: SQL Server (Osborne/McGraw-Hill Publishing), Professional SQL Server DTS, Expert SSIS, Professional SQL Server 2005 Administration and Professional SQL Server 2005 SSIS (Wrox Press). Brian has spoken at conferences like PASS, SQL Connections and TechEd and many Code Camps. Brian spends most of his time trying to think about how to use the word onomatopoeia in every day sentences.
The dates for Microsoft's TechEd 2008 are fast approaching here in North America. Sandwiched between the two weeks of this year's TechEd is the SQL Saturday Tweener, which will also be held at the Orange County Convention Center. Unfortunately, I'm not headed to TechEd this year, but if I were, I would certainly be at the SQL Saturday as well. I should note that SQL Saturday is but one of the events going on in parallel, as Joe Healy of Microsoft worked to get all of the technical communities in Florida access to the convention center over the weekend.
Having been to one of the SQL Saturdays, when I presented down in Jacksonville, I'm a believer that this kind of setup works. It's inexpensive to the attendees, it provides excellent professional development opportunities to the speakers, and it's a great and varied training day for everyone (speakers included). We'll be working to try to bring one up here in Columbia, SC. So if you've not been to one and can make it to Orlando, I'm sure it will be well worth your time!
SQL Server MVP Frank Kalis has posted a short review on How to Cheat at Securing SQL Server 2005, a book I was able to contribute two chapters to last year. The chapters I focused on were related to Authentication and DDL Triggers. It was a great experience and I am humbled by the positive review from Frank. I first met Frank on the forums at SQLServerCentral.com and he is one of the most knowledgeable and helpful people I have had the pleasure to interact with. You can find his review at SQL-Server-Performance.com:
Review: How to Cheat at Securing SQL Server 2005
For those who understand German, Frank's original review in German can be found here:
InsideSQL.org: How to Cheat at Securing SQL Server 2005
There are a few podcasts I tend to listen to as I have time. Since I work with a wide range of technologies, I've tried to group them together into a semblance of order. There are a few others I am evaluating, but since I haven't listened to a large enough body of work, I'll refrain from listing them at this time. If there's one you think is particularly valuable or interesting that I don't have listed, please leave it in the comments.
.NET
.NET Rocks - http://www.dotnetrocks.com/
This is one of the best done podcasts out there and they cover anything and everything related to Microsoft .NET. That's a broad brush of most anything that interacts with Microsoft technologies. This one runs twice a week and is about an hour each podcast, but if you can spare the time, it's worth the listen.
Plumbers @ Work - http://plumbersatwork.com/
These guys from Canada talk about a lot of different things, but most of it relates to .NET. They were quite for a while but then popped up two episodes in February and March. Another one I'm hoping gets more active again soon.
Architecture
ARCast - http://channel9.msdn.com/shows/ARCast.TV
ARCast used to be hosted by Ron Jacobs and covers architecture. While the focus is mostly on application architecture, there were some times when infrastructure architecture was covered. Unfortunately, this podcast has been on hiatus since the end of the year when Ron Jacobs moved on to another opportunity in Microsoft.
General Technology (Microsoft)
Behind the Code - http://channel9.msdn.com/shows/Behind_The_Code
Behind the Code talks to the people behind the technologies, and it's extremely interesting to hear the folks who have developed the things we use every day explain their challenges and ideas in their own words.
Going Deep - http://channel9.msdn.com/shows/Going_Deep
As the name implies, Going Deep is where folks do a deep dive on the technologies they are/were involved in. If you are interested in the Why? question, this is a great podcast.
RunAs Radio - http://www.runasradio.com/
As .NET Rocks is for the developer, RunAs Radio is for the infrastructure folks. It was spun off from .NET Rocks and is a weekly, half-hour show. Same quality as .NET Rocks and it shares some of the same people. If you work in IT infrastructure (in Microsoft or related technologies), this podcast should be right up your alley.
TechNet Radio - http://technet.microsoft.com/en-us/bb510143.aspx
Not sure why the folks at Microsoft don't have a more friendly link, but "it is what it is." This weekly podcast covers some aspect of Microsoft technology, usually whatever is "new" and "fresh."
MySQL
OurSQL - http://www.technocation.org/category/areas/podcasts
A podcast which focuses on MySQL. This one has also been quiet for a few months, but hopefully it'll pick back up again soon.
SQL Server
SQL Down Under - http://www.sqldownunder.com/
As the name implies, a podcast for SQL Server out of Australia. It's hosted by Regional Director and MVP Greg Low and the episodes typically have an extensive interview with a luminary in the SQL Server or general database category. It's not all technology stuff, either. For instance, the podcast with Kevin Kline talked a bit about family and the balance between life and work.
The Voice of the DBA - http://sqlservercentral.mevio.com/
This one is done by SQL Server MVP Steve Jones and it comes out every weekday. These generally tend to be short, they're not always on SQL Server, but as is standard Steve Jones' style, they make you think. This one is an easy one to stay up to date with and it's well worth the few minutes every day spent watching.
As a president of a local PASS chapter, one of the things I've struggled with is getting "locals" to give presentations. We have a couple of guys who have done so, but part of the reason local chapters exist is to go folks an opportunity to develop their professional skills in a safe and friendly environment. At the last SQL Saturday, Andy Warren and I talked about this problem, as he's had a bit more success getting folks involved. However, he has seen it as a problem, too, and has developed a course to help those who want to learn how to do presentations. It's a great start. If you really want to work on your speaking skills and you're not just concerned about technical speaking, Toastmasters International is a great organization. I joined about a year ago and it is a friendly, safe, and encouraging place for me to work on my presenting skills. It also helps developing listening skills as well as as the ability to think on one's feet. I cannot recommend it enough.
But speaking ability alone doesn't make for a great presentation. Scott Hanselman has a great post about achieving a successful technical presentation. #3, about when to move, is something I have to be conscious of, because I tend to like to walk as I talk. Another area that's related is my hands. When I think about my hands, I do a good job of using them to aid the presentation. When I don't, they can be distracting. #4, font size, is extremely important, too. At the Midlands PASS chapter we had one speaker who had font sizes so small you couldn't read anything on the screen. She didn't do anything to fix the issue and this was remarked on privately after the presentation. At the last SQL Saturday I asked what was viewable, but I should have already had my fonts set, as Scott recommends. I'm filing that away for next time. #6. knowing the presentation completely, is another one I saw as a problem with that presentation. The presenter had great information, but when asked specific questions, she couldn't respond. This didn't go over very well with the folks who were interested in her subject. And finally, I love his #11, care. I present on SQL Server security because I care about SQL Server and I care about security. Both are passions for me professionally. So when I get to mix the two, oh boy! But it is hard to give a presentation on something you aren't personally interested in. Folks will know. I was stuck in that situation in college when I gave another guy's presentation of his physics research. It was required for our undergrad requirements but at the last moment he couldn't be there. He gave the presentation privately to our physics instructors and I gave the public one because he was already on the schedule. I tried my best, but it was an area that I wasn't very interested in. I don't know how well I did, because everyone knew what was going on, but I know I couldn't carry it with the same passion as my own research presentations.
I ran across this a week or so ago. There were a couple of SQL Servers running named instances that we wanted to setup Kerberos authentication against (in the event we would use Kerberos delegation). Here is how the ports were set according to SQL Server Configuration Manager:
The problem here is that the TCP port is set under the TCP Dynamic Ports field. This is the default when dealing with named instances. Default instances are automatically configured to listen statically on TCP port 1433.
When SQL Server is set to use dynamic ports, it will check to see if the port it last used is available. Most of the time it is. But if it isn't, it will find the next available port. If you're not using Kerberos authentication, this isn't that big a deal unless you do things like lock down via IPSEC policy, ACLs on network equipment, etc. However, when it comes to Kerberos authenication, it will be a big deal if that port ever changes. The reason I cite this is because while I haven't had an issue on the Kerberos side, years back I did have an issue when the port did change when SQL Server restarted. We had a web application which faced the Internet and it was hardened so it could only talk to SQL Server on the particular port SQL Server was configured to listen on. Since the SQL Server was a named instance and even if it wasn't we wanted a different port, this became a problem when SQL Server started listening on the "wrong" port. For whatever reason, when it restarted, the port it had been listening on was in use. And since we had not configured it for a static port assignment, it chose a different port. Ugh. We ended up finding the offending process, stopping it, making the change in the server network utility (this was SQL Server 2000) and restarting SQL Server. Then the web application began working again. In SQL Server 2005 it's easy to ensure that the port is static:
Note that the entry is now on TCP Port. This will ensure SQL Server will only try to listen on that one port. Now, you may be thinking, "What if they port is in use?" Obviously, SQL Server won't listen on it. However, since Kerberos is specific to the port, Kerberos authentication would fail anyway if SQL Server was listening on a different port. You still have the ability to connect in via Shared Memory local to the server or to use Named Pipes, if that is configured (some apps still require it, for some reason). Or, you can find the offending process that's listening on your port by running netstat -ano from the command prompt on the server and comparing in Task Scheduler to figure out PID and therefore what process is listening on your port. Then deal with the offending process and restart SQL Server.
While this will remain a primarily technical blog, one thing I'm going to try and add is each Saturday I'll run an entry which is of interest to me (like the story of The Citadel Class of 1944) or where folks can give back in some way. The latter comes from my thoughts as to how junior high school students can have a positive impact on the world around us. I'm taking on the position of junior high youth minister at my church and one of the things I want them to see is that they aren't too young to make a difference.
This led me to thinking about something my wife and I have both done, which is donate our hair. There are two non-profit organizations which collect hair donations to provide hairpieces for children. This is something most folks, and especially youth, can participate in. I've donated my hair twice now and my wife three times. In my case I've gotten questions when I was letting my hair grow and it has led to others deciding to do the same thing.
The two organizations are:
Both require a ponytail or braid (clean). Locks of Love requires a length of at least 10 inches. Wigs for Kids wants a little more at 12 inches. Locks of Love tends to focus on alopecia areata, however, both provide hairpieces for children regardless of the reason as long as there is a need. If you aren't able to donate your hair, both organizations due take financial donations as the hairpieces are not cheap to make and they try to provide the hairpieces at little or no cost to the child receiving one.
As I went walking last night, I listened to two podcasts from RunAs Radio of interviews of Michael Manos and Danielle & Nelson Ruest. Michael Manos is the senior director of Data Center Services at Microsoft and he was talking about some of the optimizations Microsoft had made to reduce the energy consumption of their data centers. Things like doing studies and trying to cool with just outside air, measuring transactions for the power consumed, and the like were things that came out of the discussion. Virtualization was a topic with Mr. Manos and it was the primary topic for Danielle & Nelson Ruest.
There's a lot of focus on reducing energy usage by data centers and this is a good thing, obviously. Going green is in everyone's long term best interests. But it really got me thinking from an infrastructure architecture perspective as to what could potentially be done. With companies like Intel experimenting with cooling technologies and strategies and other organizations like HP looking at power management solutions, I think we've started to address how to reduce energy with respect to cooling. However, that's really only scratching the service.
When I think of solutions like Citrix's Provisioning Server, Citrix's XenServer, and VMware's ESX Server combined with these types of ideas, It would be theoretically possible to "spin up" only the hardware needed for the current load. For instance, if provisioning server is used to deploy images to servers, physical or virtual, as more users come on to systems and the load is increased, physical servers are started up and immediately "provisioned" with images. These are streamed, meaning they come up in minutes (POST checks and the like compromising most of this time). Applications are virtualized, meaning it would be possible to deploy the types of apps or services in an on demand model. XenServer and ESX Server can be used to spin up virtual machines and move servers around in real-time across different physical hosts (I'm not forgetting about Hyper-V, but the lack of real time movement of the virtual machine impairs the vision).
Now let's go a step further. If there was a larger command and control system which understood the power and cooling systems, where the physical hardware was, how the various systems interacted how increased load was supposed to be handled, and that system had the ability to interface with all of these systems, you could even bring systems up and down in accordance with demand and distribute them across the data center to maximize the effectiveness of the cooling and power systems, which means you can run them at lower capacity and ramp them up on demand as well.
I agreed that this is massively complex. And it is certainly pie in the sky and there are likely limitations that would prevent achieving this kind of vision. However, it would be awesome to model. My undergraduate background includes mathematical modeling so that's the direction my mind spun towards. This likely would involve non-linear solutions, but with the computing power at our disposal today, I wonder if it would be possible for such a command and control application to feasibly run on today's server hardware. If it could be done and the limitations overcome, in larger environments there could be a significant cost savings.
The Midlands PASS chapter will hold a special meeting on Tuesday, May 27, 2008, to host SQL Server MVP Brian Knight. Brian will be giving a presentation on Data Mining using SQL Server. The meeting will once again be held at Training Concepts off of Berryhill Road. We will begin our meet and greet time at 6:15 PM as usual and start the presentation between 6:30 and 6:45 PM. I will send out an agenda next week.
I was able this Saturday to head down to Jacksonville and speak at the SQL Saturday there. There were a lot of folks, a lot of good presentations, and the area in and around Jacksonville was gorgeous. I gave two presentations, both of them security related, and I was pleasantly surprised and encouraged by the number of attendees to those presentations.
Lately I've noticed a lot of interest in business intelligence (and rightly so), but not as much interest in security. Security is one of those areas every has to be aware of but the nitty gritty details of security just don't tend to be as appealing to most people as building engines which can sift through large amounts of data and find the jewels hidden within. That's the way I look at business intelligence and I know quite a few people who share the same opinion. Not everyone shares my opinion of the security field. I look at security as a cat and mouse game against known and unknown attackers. The idea is to raise the appropriate defenses to try and combat the attackers. Ultimately it's a battle of minds and mettle. Some of the security related movies have captured this idea. Sneakers is probably the best at doing so that I've seen.
But back to the topic at hand, I had a lot of fun doing the presentations. I admit that I was really only there during the afternoon. I had worked a lot of 60 hour weeks lately and devoted the morning time to my family, who came along with me. We went down to St. Augustine and viewed the Castillo de San Marcos national monument and watched them fire off one of the cannon. It was a really neat encounter. Of course, when we first walked into the fort, my wife looked at me and said, "Does this bring back memories?" It did, because it was surprising how similar the Citadel barracks are laid out, right down to the guard shack on the right side as you come into the fort. Friday night we were able to attend the World of Nations celebration event that was downtown near the stadiums. My boys had a blast.
I also spent some time talking to Andy Warren about possibly doing a SQL Saturday outside of Florida. I think we're going to try and do one here in Columbia. We are within driving distance for Charlotte, Raleigh, Augusta, Atlanta, Greenville, and Charleston, and even Savannah, so we've got a good central location. Microsoft has a strong presence in Charlotte and there are SQL Server MVPs all around us. We have I-26 and I-20 crossing through and I-77 ends in Columbia. I-95 crosses I-26 south of us in Santee and I-20 and I-85 cross nearer to Greenville. If you're reading this and you're interested in helping, speaking, sponsoring, etc., please contact me via Private Mail at SQL Server Central.
Also, if you didn't get my card or you lost it and you want a copy of either (or both) presentations, contact me via Private Mail at SQL Server Central via my Profile and I'll get a copy to you. I should be sending out to those who have emailed me either tonight or tomorrow.
The purpose of The Citadel, the Military College of South Carolina, is to prepare South Carolina's citizen soldiers. It is a purpose which has existed from The Citadel's founding in 1842. Though I was less than a model cadet, I am proud to have graduated from this institution as a member of the class of 1995. Today, as I was reading the news, I was humbled to learn that The Citadel will honor the class of 1944.
In the history of The Citadel, there are very few instances where a class did not graduate with the exception of the period of time when The Citadel was occupied by federal troops after the Civil War. One such class which did not graduate was the class of 1944. The reason they didn't graduate was simple: they were called to serve in World War II. Of that class, 34 lost their lives fighting for the United States. Their names, and the names of all other known Citadel war dead, are on the wall of Summerall Chapel on The Citadel campus. At the commencement ceremonies they will be honored.
