Blog

Independence Day Training Sale

By: on July 1, 2019 in SQLHAU, Training | No Comments

Hi everyone. Quick note. From today (July 1) until 11:59 PM Eastern on July 8, we are having a limited time sale on all SQLHAU training – 30% off everything. Use discount code JULY4 to get 30% off your entire order.

The sale includes all SQLHAU training scheduled on our events page including the two upcoming in person classes in Chicago (Modernizing Your SQL Server Infrastructure Boot Camp and the Always On Availability Group Boot Camp) and the two online live classes – Almost On: A Guide to Troubleshooting Availability Groups and FCIs in a few weeks and the Always On Availability Groups Boot Camp in December.

Supporting the Future – Win a Seat to the Availability Groups Boot Camp in August

By: on June 12, 2019 in Availability Groups, SQLHAU, Training | No Comments

Giving back is intrinsic to SQLHA’s values. Nearly every time we offer public training, we’ve given away a seat in at least one class. In 2016, it was WIT and we saluted the troops in 2017. The upcoming classes in Chicago in August are no exception. This time, we’re giving away one seat for the Always On Availability Groups Boot Camp from August 7 – 9.

For this giveaway, we’re focusing on the future. If you are between the ages of 18 and 25, a high school senior, currently enrolled in college, or just graduated college within the last six months, you are eligible to be in the running for that free seat. This is a very unique opportunity to get real world skills at a young age, so good luck to all entrants.

The Rules

  1. You have to be able to prove that you are at least 18 years of age but no older than 25, a high school senior, currently enrolled in college, or just graduated college in the last six (6) months.
  2. Send an e-mail to sales at sqlha dot com with the subject Give Me Real World Education and tell us why you think you deserve the seat and how it would impact you. You really have to demonstrate that you truly would benefit from attending.You do not have to send a tome, but one or two lines won’t cut it either. The grammar police won’t hold it against you if your e-mail is not up to snuff; we prefer heartfelt over perfect. Having said that, see #10 of The Fine Print. There is one exception.
  3. Entries must be in by Friday, June 28, at 5PM Eastern. A winner will be chosen and notified by Friday, July 5.
  4. Do not make or send a video, write a Word document, etc.; that will disqualify you. This should be e-mail only.

The Fine Print

  1. One entry per person.
  2. Winners will not be eligible for a free seat in a future class and are ineligible for winning any other free SQLHA LLC giveaway for 12 months after winning the seat in the class (excluding any giveaways in the class). If you cannot attend the class where you are chosen as a winner, you forfeit the prize.
  3. Do not enter if you cannot attend; it is not fair to those who can and a waste of everyone’s time.
  4. You have to get yourself to the class. That means you are responsible for all travel and expenses including, but not limited to: airfare, taxis, food, hotel, and so on. If you cannot meet this obligation for the class, please don’t enter. We’re just providing the class itself.
  5. Entries without the proper subject will be disqualified. Sorry.
  6. While we do not have delicate sensibilities, keep your entries clean.
  7. You are responsible for any taxes you may need to pay as a result of winning this contest.
  8. You must be eligible to win. For example, some who work in certain jobs or roles would be ineligible. Know if you can before you enter.
  9. All entries must be in English.
  10. While we understand that writing is not everyone’s forte, anyone who uses text speak such as ur will be disqualified as well. We have to have some standards, you know.

Not between the ages of 18 and 25 and still in or just out of school?

We have a few seats left in each class, so don’t miss your opportunity. Use the discount code GIVE20 to get 20% off of the Chicago classes. Don’t miss out!

Why SQLHA for your training needs?

Show your boss this. We offer the best in person training which includes labs. Keeping our class sizes smaller, our classes have great interaction. Between the labs and being in the room with one of the world’s recognized experts for availability on SQL Server, it doesn’t get much better.

A Letter to Myself at 20

By: on June 11, 2019 in Advice | No Comments

I don’t always participate in T-SQL Tuesday, but this month’s topic appealed to me. Hosted by Mohammad Darab (blog | Twitter), his idea is to write a letter to my 20 year old self and give some advice. I hope you find it both useful and entertaining. Enjoy!

Dear Allan,

You’ve learned a lot in just over a quarter of a century – sometimes not the way you would have liked, but hey, welcome to life. It’ll be a journey, not a destination. Below are some tips that will serve you well.

Working Harder is Not a Life Goal

Besides work, you will average over 50,000 miles a year on planes and play in two big bands as well as a few different small ensembles (among other things you do). Your schedule still tires people out (something you’ll hear often). You’re just as busy – if not busier – today than you were at 20. However, you require more than an hour or two of sleep. Remember to eat and drink. Listen to your body. You’re not invincible. You’re no good to anyone if you’re tired, run down, or sick. You’ll never have perfect work/life balance but taking time for yourself is important. Sometimes a simple recharge – it could be a quick power nap or a week off at the right time – can make all the difference in the world.

Turn off the computer and have a life outside of work. That last bit of whatever will still be there in the AM to finish. Life is about moments – as you get older and time goes by quicker, this becomes more apparent. Spend time with people and in places that matter because they – or you – could be gone tomorrow. At 20, 40 or 50 seems old. It’s not. You will experience loss and pain. Celebrate the good times, don’t wallow in the bad ones. Memories are forever; don’t miss them because you were stuck in front of a screen.

Try to save a few shekels along the way from all that hard work. Don’t pass up that Roboto mask or seeing Rush in Los Angeles in 2015, though. However, all the money in the world will not buy happiness or health. The former comes from within, the latter only if you do what I say above.

You Can Say “No”

“No” is an acceptable answer to many questions and situations. Saying “yes” to everything makes you a doormat, even if well intentioned. You can’t be all things to all people, nor will you please everyone. Also related: exposure bucks don’t pay the bills. Your time has value, even if you choose to give it for free. If you don’t and people don’t like it, that’s their problem. You will always have haters no matter how much good you do or help.

Make major decisions with the bigger picture in mind. Be able to pivot if necessary. You have a great gut instinct. Trust it.

Choose People Wisely

While you are ultimately responsible for yourself and your actions, surround yourself with people (friends, family, colleagues) that support and love you but at the same time can be honest and kick your behind when needed. You need people in your life who won’t put you on a pedestal. Having people in your corner that have your back and can offer trusted advice is crucial.

Unfortunately, some people will disappoint and hurt you both personally and professionally. When your Spidey sense is tingling, listen. Don’t let the haters and those who hurt you harden you or control your narrative. Rise above the noise.

Side people note: every interaction you have with people – good and bad – matters. You’ll see the impact of this more and more in the years to come. Be confidient and humble. You don’t know it all. Definitely don’t worry what people think or say.

Go with the Flow

You may or may not still be known to be outspoken, opinionated, and passionate (stop chuckling, people). As you get older you realize that life has a funny way of not always working out as you thought it might. Loosen up and go with the flow where possible. You have a terrible poker face, though. People will make memes about you (you’ll find out what a meme is). Have a laugh.

Worry about what you can control, don’t fret (too much) over what you can’t. This will serve you well personally and professionally. Always push forward, don’t live with regrets, and don’t let the stress consume you. Playing “what if” or living in the past is not productive.

Perfection Is the Enemy of Good (or Done …)

You are and will always be your own harshest critic. The bar of quality you set for your work is impossibly high. This is a blessing … and a curse.

Remember how you thought it’d be fun and awesome to write books? Yeah, about that. They’re rewarding, but a LOT of work. You won’t make much money, so being an author is not a “retire early and live on the royalties” plan. With your attention to detail and level of perfection expected (among other things that will happen along the way …)  the books you write are never simple to birth – think along the lines of having quintuplets. You will inevitably disappoint some people with how long it takes and feel bad about it. Get over yourself. Good and done is better than perfect and not done yet.

I’ll leave you with one last thought: Tokyo is every bit as amazing as you thought it would be, but if you can, get there about ten years earlier than I did. The CD shopping will be even more insane.

Love,

Your 47-Year-Old Self

Getting SQL Server 2019 CTP 3.0, Kubernetes, and Availability Groups Working

By: on June 10, 2019 in Availability Groups, Kubernetes, SQL Server 2019 | No Comments

Happy Monday everyone.

I haven’t written much about them yet (key emphasis there …) but AGs now being supported for containers in SQL Server 2019 is a big deal. Recently, SQL Server 2019 CTP 3.0 was released, but there’s a slight problem: if you try to deploy an AG with Kubernetes, you may see the following errors when trying to deploy the pods with the YAML that contains their definition. The services (i.e. instances of SQL Server) get created, but the pods do not.

YAML execution error (click to make bigger)

The fix, however, is easy. For CTP 3.0, a few things changed for the SQL Server operator. You have to modify the operator.yaml file with two changes which are documented below.

The first new thing is the word “update” is added to the verbs list in the section below.

The second is a new section that now must exist after MSSQL_K8S_NAMESPACE.

The updated operator.yaml file can be downloaded from my repository.

Also, remember in the YAML file where you define the pods, update the following two lines:

and

Hope this helps some of you.

Navigating the May 2019 Security Patches for SQL Server Deployments

By: on May 16, 2019 in Patching, Red Hat Enterprise Linux, Security, SQL Server, SUSE Linux Enterprise Server, Ubuntu, Windows Server | No Comments

This past week has been a doozy for security updates. There have been quite a few security alerts and patches. In this post, I’ll guide you through them as they relate to SQL Server and the operating systems that it runs on.

More Intel Processor Woes – Side-Channel Vulnerability/Microarchitectural Data Sampling (MDS)

After Spectre and Meltdown a few months back (which I cover in this blog post from January 4), another round of processor issues has hit the chipmaker. This one is for MDS (also known as a ZombieLoad) This one comprises the following security issues: CVE-2019-11091, CVE-2018-12126, CVE-2018-12127, and CVE-2018-12130. Whew! Fun fact: CVE stands for “Common Vulnerabilities and Exposures”.

As of now, this is only known to be an Intel, not AMD, issue. That is an important distinction here. The official Intel page on this issue can be found at this link. This issue does not exist in select 8th and 9th generation Intel Core processors as well as the 2nd generation Xeon Scalable processor family. (read: the latest stuff) This link in the Intel page is the detailed processor family list and what is/is not affected. If there are hardware-level fixes, those would come from your vendors such as Cisco, Dell, and HP. Many OSes as well as SQL Server have issued statements, guidance, and/or patches for this new Intel processor flaw.

Below is everything that relates to SQL Server or your underlying server configurations. Oh, and patch your systems RIGHT NOW.

Hyperthreading (Processor-level)

This is the biggie. If you look at most of the mitigations beyond patching, nearly everyone is, depending on the circumstance, recommending disabling hyperthreading (HT) on the physical processors. Guidance will vary from vendor to vendor. Doing this will require downtime as you will need to boot into BIOS/UEFI to do this. It will most likely impact performance if you were relying on HT, so check your SQL Server workloads. Before disabling HT, check the guidance from your vendors.

SQL Server

The Spectre/Meltdown KB article (4073225) was updated to include this new flaw. SQL Server does not require any specific patches for MDS. Please see the Windows Server section and specifically ADV190013 (linked below) for Microsoft’s full view on this.

Red Hat Enterprise Linux (RHEL)

SQL Server is currently supported on RHEL 7.3, 7.4, and 7.6. Red Hat did an excellent page explaining things which even has a video on how the attack could work. Even if you don’t use RHEL, the video is a good watch. Their specific vulnerability page for this new flaw can be found here. Read it, but if you want to skip to the conclusion, switch to the Resolve tab.

SUSE Linux Enterprise Server (SLES)

SQL Server is supported on SLES 12 SP2.

Here are their specific pages for each of the vulnerabilities and how to deal with them:

CVE-2019-11091

CVE-2018-12126

CVE-2018-12127

CVE-2018-12130

Ubuntu

SQL Server is supported on Ubuntu 16.04 which has a patch for MDS (the plain English stuff). The specificl Ubuntu Knowledge Base article for MDS can be found here which covers any updates that are needed.

VMware

VMware published a security advisory (VMSA-2019-0008) for the MDS issue. They cover all the versions affected and most importantly, which versions are the fixed ones. The main VMware Knowledge Base article linked you should be concerned with is KB67577. That article covers HT.

Windows Server

Microsoft updated their KB article on side-channel vulnerabilities (4072698) to include MDS. It has two very specific links: ADV190013 and KB4457591. Microsoft also has information for Azure IaaS VMs. I would read both carefully as they talk about the potential impact to performance. KB4457591 has a great section on whether or not you would need to disable HT, especially as it relates to Hyper-V.

From a fix perspective, the good news is that Microsoft shipped patches as part of the latest OS update released for Patch Tuesday covering Windows Server 2008, 2008 R2, 2012, 2016, and 2019. The link to the respective software is found at the bottom of ADV190013.

Amazon Web Services

AWS also had to deal with this flaw. Their information can be found in Security Bulletin AWS-2019-004. If you are using their IaaS services (EC2), you will have to check your IaaS VMs running in Google Compute Engine to make sure they are patched and that they are not running untrusted workloads.

Google Cloud Platform

Like AWS and Azure, GCP has this problem, too. Similar to AWS (and Azure), the hosts were taken care of according to their posted notice. You will have to check your IaaS VMs running in Google Compute Engine to make sure they are patched and that they are not running untrusted workloads.

Remode Code Execution Vulnerability in Remote Desktop Services (Terminal Services)

On May 14, Microsoft published security bulletin CVE-2019-0708 which details how a worm could happen with older versions of Windows desktop and server with Remote Desktop Services. The security bulletin describes how it would work, and what is – and is not – vulnerable. The good news is that if you are running Windows 8, 8.1, or 10 for the desktop or Windows Server 2012, 2012 R2, 2016, or 2019, you are safe. However, If your SQL Server instances are running on Windows 7 or Windows Server 2003, 2008, and 2008 R2 you are not. This one is bad enough that Microsoft patched Windows 7 and Windows Server 2003 which are out of support. While we do not see much Windows Server 2003 at our customers, there is a fair amount of Windows Server 2008 and 2008 R2 out there. The last version that was supported by Windows Server 2008 R2 was SQL Server 2014.

The security patches for Windows Server 2008 and 2008 R2 can be downloaded from this link. Note that this also affects Itanium processors if you still have those.

The security patch for WIndows Server 2003 can be downloaded from this link.

SQL Server 2017 – SQL Server Analysis Services

SQL Server released a rare security patch recently for SQL Server Analysis Services. According to KB4497700, There is a potential leak of restricted data that is not protected correctly by the Object-Level Security (OLS) system. This does not affect any other version of Analysis Services other than 2017, and is fixed in a GDR for RTM if you have not applied any CUs and a security update for CU14 (CU14 + GDR). CU14 is a re-release from March 25.

Other Stuff

There have been fixes to other things such as Adobe Flash, Internet Explorer, and more. I’ve coverd the major things, but anything that ships as part of the underlying OS is important to patch if it’s installed.

Call To Action

Security flaws need to be patched right away. Yes, that means downtime you probably didn’t plan, but do you want to be the next company to land in the headlines because you didn’t patch? We would be happy to help you figure out the right patching strategy and help you migrate to later platforms/versions that are more secure. Contact us today.

We have an upcoming webinar on June 5 Why Upgrades Matter where we will discuss the reasons you should do your best to stay up to date with releases and patching since there can be benefits, too. Read the abstract here and register today.