SQL Server 2008 installation
-
Need to install SQL Server on a new box. OS installed and ready etc...
The server has two drives:
C - RAID 1 across two 46GB drives
D - RAID 5 across 3 600GB drives
The new server is not in the trusted domain so can't use AD accounts.
See below of another server that was configured by someone else a few years back but I don't like the fact that the services are using the Administrator account?!
So my plan for the SQL Server installation is as follows:
1) Create new local accounts and let SQL Server assign the required permissions.
2) Ensure Anti-Virus software skips .MDF, .LDF and .NDF files
3) Enable Instant File Initialisation.
4) Use drive C for SQL Server installation and drive D for .MDF and .LDF files (including TempDB).
Is this okay?
---------------------------------------------------------
It takes a minimal capacity for rational thought to see that the corporate 'free press' is a structurally irrational and biased, and extremely violent, system of elite propaganda.
David Edwards - Media lens[/url]Society has varying and conflicting interests; what is called objectivity is the disguise of one of these interests - that of neutrality. But neutrality is a fiction in an unneutral world. There are victims, there are executioners, and there are bystanders... and the 'objectivity' of the bystander calls for inaction while other heads fall.
Howard Zinn -
Logs and data on the same drive is NOT a good setup - it's bad for both performance and integrity.
Also, while I have no objections to placing the installation files on C:, you should generally avoid placing databases there as bad things happen to your entire server if you actually fill this drive.
Kind regards,Vegard Hagen
Norwegian DBA, occasional blogger and generally a nice guy who believes the world is big enough for all of us.
@vegard_hagen on Twitter
Blog: Vegards corner (No actual SQL stuff here - havent found my niche yet. Maybe some day...)It is better to light a candle than to curse the darkness. (Chinese proverb) -
Vegard Hagen (11/19/2012)
Logs and data on the same drive is NOT a good setup - it's bad for both performance and integrity.Sure.... I agree but I didn't build the server so I'm not sure what the best way to deal with this.
As it stands I have 5 physical drives in the server:
Drive 1 & 2 = RAID 1 = 36GB = C drive (I'm using this for the OS and SQL Server)
Drive 3, 4 & 5 = RAID 5 = 600GB = D drive (Use for .MDF but where to put .LDF?!)
---------------------------------------------------------
It takes a minimal capacity for rational thought to see that the corporate 'free press' is a structurally irrational and biased, and extremely violent, system of elite propaganda.
David Edwards - Media lens[/url]Society has varying and conflicting interests; what is called objectivity is the disguise of one of these interests - that of neutrality. But neutrality is a fiction in an unneutral world. There are victims, there are executioners, and there are bystanders... and the 'objectivity' of the bystander calls for inaction while other heads fall.
Howard Zinn -
Not sure if I'm explaining this properly but I have 5 physical drive.
2 physical drisks map to 1 logical drive C - This I'm using for OS and SQL Server
3 physical disks map to 1 logical drive D - This I want to use for .MDF and .LDF
Is it worth creating additional logical drives so my files would split up like the below:
Drive D - .MDF files
Drive E - .LDF files
Drive F - tempDB .LDF file
Drive G - tempDB .MDF file
Drive H - .NDF files
Somehow I think it won't make a difference as these additional drives are not physical drives but does anyone know if I can get better performance by having these extra LUNs?
---------------------------------------------------------
It takes a minimal capacity for rational thought to see that the corporate 'free press' is a structurally irrational and biased, and extremely violent, system of elite propaganda.
David Edwards - Media lens[/url]Society has varying and conflicting interests; what is called objectivity is the disguise of one of these interests - that of neutrality. But neutrality is a fiction in an unneutral world. There are victims, there are executioners, and there are bystanders... and the 'objectivity' of the bystander calls for inaction while other heads fall.
Howard Zinn -
Logical drives wouldn't help performance nor recoverability, just manageability.
Two separate drives for tempdb data and log is overkill IMHO.
See here a for a nice SQLServer installation checklist: http://sqlblog.com/blogs/jonathan_kehayias/archive/2010/03/22/sql-server-installation-checklist.aspx
Hope this helps
Gianluca
-- Gianluca Sartori
-
Thanks Gianluca,
So I'm looking at the pre-installation checklist and there's one point I'm not sure I understand.
2. SQL Server Admins Group added to the Local Administrators Group.
Can somone explain?
---------------------------------------------------------
It takes a minimal capacity for rational thought to see that the corporate 'free press' is a structurally irrational and biased, and extremely violent, system of elite propaganda.
David Edwards - Media lens[/url]Society has varying and conflicting interests; what is called objectivity is the disguise of one of these interests - that of neutrality. But neutrality is a fiction in an unneutral world. There are victims, there are executioners, and there are bystanders... and the 'objectivity' of the bystander calls for inaction while other heads fall.
Howard Zinn -
You can read it as "DBAs group added to local administrators group".
-- Gianluca Sartori
-
Gianluca Sartori (11/19/2012)
You can read it as "DBAs group added to local administrators group".Ah but this is only valid for a server that's in the domain which mine isn't. Have I understood this correctly?
Also, if you don't mind me asking another question:
For the built in SQL Server SA account, can I use the local server Admin as the user?
---------------------------------------------------------
It takes a minimal capacity for rational thought to see that the corporate 'free press' is a structurally irrational and biased, and extremely violent, system of elite propaganda.
David Edwards - Media lens[/url]Society has varying and conflicting interests; what is called objectivity is the disguise of one of these interests - that of neutrality. But neutrality is a fiction in an unneutral world. There are victims, there are executioners, and there are bystanders... and the 'objectivity' of the bystander calls for inaction while other heads fall.
Howard Zinn -
Well, if your server is not in a domain, you will probably need an equivalent local group on this server.
I agree with SpaghettigDBA regarding disk config for tempdb: While it is nice to have a dedicated tempdb drive on large production servers, you don't need to split that up into separate drives for log and data.
As for your "I didn't build this server" comment... well, this is a known problem: people building servers without proper consideration of their actual config and purpose. Contrary to what a lot of people seem to think, 600 GB of disk is not just 600 GB of disk.
Kind regards,Vegard Hagen
Norwegian DBA, occasional blogger and generally a nice guy who believes the world is big enough for all of us.
@vegard_hagen on Twitter
Blog: Vegards corner (No actual SQL stuff here - havent found my niche yet. Maybe some day...)It is better to light a candle than to curse the darkness. (Chinese proverb) -
Vegard Hagen (11/19/2012)
I agree with SpaghettigDBA regarding disk config for tempdb: While it is nice to have a dedicated tempdb drive on large production servers, you don't need to split that up into separate drives for log and data.Fair point but I've created 3 folders on the new D drive, SQLData, SQLLogs and SQlBAckups. TempDB is going on the same drive as the everything else. What else can I do?!
As for your "I didn't build this server" comment... well, this is a known problem: people building servers without proper consideration of their actual config and purpose. Contrary to what a lot of people seem to think, 600 GB of disk is not just 600 GB of disk.
You should see how the other servers are configured... lol not to mention the number of people who know the Domain Admin account password! ROFL.....
Well, if your server is not in a domain, you will probably need an equivalent local group on this server.
Can you please expand on this a little more? I don't funny understand the need for the group. Why not just user the local Administrator user account for the SQL Server SA?
---------------------------------------------------------
It takes a minimal capacity for rational thought to see that the corporate 'free press' is a structurally irrational and biased, and extremely violent, system of elite propaganda.
David Edwards - Media lens[/url]Society has varying and conflicting interests; what is called objectivity is the disguise of one of these interests - that of neutrality. But neutrality is a fiction in an unneutral world. There are victims, there are executioners, and there are bystanders... and the 'objectivity' of the bystander calls for inaction while other heads fall.
Howard Zinn -
Abu Dina (11/19/2012)
Also, if you don't mind me asking another question:
For the built in SQL Server SA account, can I use the local server Admin as the user?[/quote]
I have no experience with this, but as I understand it, renaming the SA account has gotten a lot of people into trouble. Best practice is to set some strange password only you and your team would know about, then disable the account and have everyone connect with their own personal user. That way, you will always be able to trace who did what and not just see an "sa" or "local admin" changed something.
Kind regards,Vegard Hagen
Norwegian DBA, occasional blogger and generally a nice guy who believes the world is big enough for all of us.
@vegard_hagen on Twitter
Blog: Vegards corner (No actual SQL stuff here - havent found my niche yet. Maybe some day...)It is better to light a candle than to curse the darkness. (Chinese proverb) -
Vegard Hagen (11/19/2012)
I agree with SpaghettigDBA regarding disk config for tempdb: While it is nice to have a dedicated tempdb drive on large production servers, you don't need to split that up into separate drives for log and data.Fair point but I've created 3 folders on the new D drive, SQLData, SQLLogs and SQlBAckups. TempDB is going on the same drive as the everything else. What else can I do?!
As for your "I didn't build this server" comment... well, this is a known problem: people building servers without proper consideration of their actual config and purpose. Contrary to what a lot of people seem to think, 600 GB of disk is not just 600 GB of disk.
You should see how the other servers are configured... lol not to mention the number of people who know the Domain Admin account password! ROFL.....
Well, if your server is not in a domain, you will probably need an equivalent local group on this server.
Can you please expand on this a little more? I don't funny understand the need for the group. Why not just user the local Administrator user account for the SQL Server SA?
---------------------------------------------------------
It takes a minimal capacity for rational thought to see that the corporate 'free press' is a structurally irrational and biased, and extremely violent, system of elite propaganda.
David Edwards - Media lens[/url]Society has varying and conflicting interests; what is called objectivity is the disguise of one of these interests - that of neutrality. But neutrality is a fiction in an unneutral world. There are victims, there are executioners, and there are bystanders... and the 'objectivity' of the bystander calls for inaction while other heads fall.
Howard Zinn -
Abu Dina (11/19/2012)
Can you please expand on this a little more? I don't funny understand the need for the group. Why not just user the local Administrator user account for the SQL Server SA?As I mentioned in my previous post, this is a security an traceability matter.
The thing is that no one really knows who has access or what people are doing on the server if the only user showing up in logs is "sa" or "administrator". Basically, anyone who happens to learn the password for such a non-personal admin account can do whatever the heck they want and quite possibly never be held accountable for it.
Hence, for security reasons, everyone who has a job to do on your server should have their own personal user with only the permissions they actually need to do their job. You do need to set an SA password and a local admin password, but you should lock them up somewhere safe and no one outside your trusted admin team should even be aware of their existence.
Kind regards,Vegard Hagen
Norwegian DBA, occasional blogger and generally a nice guy who believes the world is big enough for all of us.
@vegard_hagen on Twitter
Blog: Vegards corner (No actual SQL stuff here - havent found my niche yet. Maybe some day...)It is better to light a candle than to curse the darkness. (Chinese proverb) -
Thanks Vegard. I now understand your point. I think my confusion is because I didn't see a SQL Admin group when I view the users/groups in computer management. I assume the idea is to create then add the group and assign privileges to the group rather than individual users.
This isn't something we have on any servers (domain or DMZ) but maybe now is the time to introduce such group.
What do you think?
---------------------------------------------------------
It takes a minimal capacity for rational thought to see that the corporate 'free press' is a structurally irrational and biased, and extremely violent, system of elite propaganda.
David Edwards - Media lens[/url]Society has varying and conflicting interests; what is called objectivity is the disguise of one of these interests - that of neutrality. But neutrality is a fiction in an unneutral world. There are victims, there are executioners, and there are bystanders... and the 'objectivity' of the bystander calls for inaction while other heads fall.
Howard Zinn -
I think now is always a good time to make improvements and a group is always more managable than having to make changes to each and every individual user account, even if it's just locally on a single server. Plus, if you adopt a good standard on your domain, you can then use basically the same setup on any single servers you may have to work with, only with local groups replacing the domain group(s). That way, you will have the same reasonable standard setup everywhere and the only diversion causing extra overhead is that you'll have to repeat all your domain group changes locally on each non-domain server.
Kind regards,Vegard Hagen
Norwegian DBA, occasional blogger and generally a nice guy who believes the world is big enough for all of us.
@vegard_hagen on Twitter
Blog: Vegards corner (No actual SQL stuff here - havent found my niche yet. Maybe some day...)It is better to light a candle than to curse the darkness. (Chinese proverb)
Viewing 15 posts - 1 through 14 (of 14 total)
You must be logged in to reply to this topic. Login to reply