SQL Server Magazine UPDATE—brought to you by SQL Server Magazine and SQL Server Magazine Connections


THIS ISSUE SPONSORED BY

Windows Server 2003

SQL Server Magazine Connections: Win a Harley
(below COMMENTARY)

Faster Back-up:
(below NEWS AND VIEWS)


SPONSOR: WINDOWS SERVER 2003

You're being asked to do more. You're being asked to do it with less. Microsoft(R) Windows(R) Server 2003 is designed to help you manage those opposing forces and deliver powerful software solutions with less time, money, and hassle. For more information and to get a free Evaluation Kit, go to:
    http://lists.sqlmag.com/cgi-bin3/DM/y/ecI20COG2X0BRZ0BBFd0A3


August 7, 2003—In this issue:

1. COMMENTARY

  • Security IS Your Concern

2. SQL SERVER NEWS AND VIEWS

  • Microsoft Slashes Price of SQL Server Developer Edition
  • Results of Previous Instant Poll: DTS Expertise
  • New Instant Poll: SQL-DMO

3. ANNOUNCEMENTS

  • Special Offer from SQL Server Magazine
  • Register Now for WinSummit 2003

4. RESOURCES

  • What's New in SQL Server Magazine: Doing More with Less
  • Hot Thread: SQL Agent Proxy Account
  • Tip: Accessing a Named Instance with UDP Port 1434 Closed

5. HOT RELEASES (ADVERTISEMENTS)

  • Win $25,000 in Free Classes at Insider Training
  • SSMU Announces Performance Tuning Mini-Series

6. NEW AND IMPROVED

  • Analyze and Report
  • Display Model Information at Various Levels

7. CONTACT US
See this section for a list of ways to contact us.


1. COMMENTARY

  • SECURITY IS YOUR CONCERN

  • (contributed by Brian Moran, news editor, brianm@sqlmag.com)

    Don't think that you're responsible for security at your site? Maybe it's not your primary focus, but security, or the lack thereof, is too important for you to ignore just because "it's not my job." In this day and age, we all need to take some responsibility for the security of our database systems, even if that's not our official job function. With that in mind, I'd like to encourage you to read the Microsoft white paper "SQL Server 2000 SP3 Security Features and Best Practices".

    This paper includes deep technical information as well as a handy checklist, making it valuable whether you're directly or indirectly responsible for managing security at your organization. Written by some of the most knowledgeable security experts in the SQL Server development team—Girish Chander, James Hamilton, Willis Johnson, and Richard Waymire contributed their expertise—this paper is a must-read for SQL Server administrators, developers, and managers.

    The paper focuses on SQL Server 2000 Service Pack 3 (SP3), but it's guidelines and best practices also apply to pre-SP3 installations. You'll find recommendations about SQL Server installation, administration, and deployment as well as under-the-cover details about SQL Server's security model.

    If you don't have enough time to read the entire paper, at least review the comprehensive appendix, "Checklist: Security Best Practices." The checklist covers the most important lock-down items from a development, administration, and third-party Independent Software Vendor (ISV) perspective.

    The amount of space devoted to security-related topics on the Microsoft SQL Server home page signals the company's increasing focus on best practices for SQL Server security. The Web site's "Focus on Security" section includes quick links to valuable security-related resources including a list of the top 10 things you can do today to improve the security of your SQL Server installations.

    Remember, we all need to assume some responsibility for security. Threats from serious and recreational hackers are too real and numerous to ignore. If you're involved with SQL Server in a technical or management capacity, take the time to read this white paper and get serious about security.

    P.S. Many SQL Server Magazine UPDATE readers also enjoy the monthly print version of SQL Server Magazine, and I want to take a minute to congratulate the entire magazine staff and family of authors on a recent accomplishment. SQL Server Magazine recently received the prestigious "Magazine of the Year" award from the American Society for Business Publication Editors (ASBPE). Entries were judged on writing, reporting, and editing quality; value and usefulness to the reader; editorial organization and flow of content in the magazine; interaction with readers; and layout and design. The judges said, "SQL Server Magazine does a superb job for its audience." Congratulations, team!


    SQL SERVER MAGAZINE CONNECTIONS: WIN A HARLEY

    October 12-15, SQL Server Magazine Connections is running concurrently with Microsoft ASP.NET Connections, Visual Studio Connections, and Microsoft Office System Connections. Stay on top of today's technology and maintain your competitive edge on the job. Learn from the Microsoft architects who built these technologies plus world-renowned third-party gurus who will share their real-world tips and techniques. Register today and save $200 off the registration fee and get access to 4 conferences for the price of 1! One attendee is guaranteed to win a new Harley-Davidson motorcycle. Register online or call 800-899-5325 or 203-268-3204.
       http://lists.sqlmag.com/cgi-bin3/DM/y/ecI20COG2X0BRZ0ggP0Am


    2. SQL SERVER NEWS AND VIEWS

  • MICROSOFT SLASHES PRICE OF SQL SERVER DEVELOPER EDITION

  • Microsoft has released the new low-cost version of Microsoft SQL Server 2000 Developer Edition, slashing the price from $499 to $49. Designed for developers, SQL Server Developer Edition has all the functionality of SQL Server 2000 Enterprise Edition but is license-restricted from use in a live server environment and runs on client OSs such as Windows XP and Windows 2000 Professional Edition. For more information about the new pricing and SQL Server Developer Edition in general, see
        http://www.microsoft.com/sql/howtobuy/development.asp.

  • RESULTS OF PREVIOUS INSTANT POLL: DTS EXPERTISE

  • The voting has closed in SQL Server Magazine's Instant Poll for the question, "How would you describe your level of expertise with Data Transformation Services (DTS)?" Here are the results (+/- 1 percent) from the 503 votes (deviations from 100 percent are due to a rounding error):
    • 7% Expert
    • 26% Advanced
    • 40% Intermediate
    • 26% Novice

  • NEW INSTANT POLL: SQL-DMO

  • The next Instant Poll question is "Have you used SQL Distributed Management Objects (SQL-DMO) to write scripts or an application?" Go to the SQL Server Magazine Web site and vote for 1) Yes, 2) No, but I plan to, or 3) No, and I don't plan to.
        http://www.sqlmag.com

    SPONSOR: FASTER BACK-UP

    Slash backup/restore time, improve reliability — and lower costs. With EMC CLARiiON backup-to-disk storage solutions you can cut backup time by as much as one-third compared to tape. And restore in up to 80% less time. EMC CLARiiON. It's fast, reliable — and more affordable than you think. Get the free white paper, "Stepping Up to Disk Based Backup."
       http://lists.sqlmag.com/cgi-bin3/DM/y/ecI20COG2X0BRZ0BBI80AN


    3. ANNOUNCEMENTS


    (brought to you by SQL Server Magazine and its partners)

  • SPECIAL OFFER FROM SQL SERVER MAGAZINE

  • SQL Server Magazine presents the SQL Server Technical Education Package, including a 1-year print subscription to SQL Server Magazine, full SQL Server Magazine Web site access, and a 1-year subscription to the SQL Server Magazine Master CD (2 CDs), for only $39.95 (US)! Click here for this incredible limited-time offer!
    http://lists.sqlmag.com/cgi-bin3/DM/y/ecI20COG2X0BRZ0BBno0At

  • REGISTER NOW FOR WINSUMMIT 2003

  • WinSummit 2003 is the biggest European Windows Developers' Conference of the year. Featuring around 20 of the most known speakers delivering over 100 sessions and seminars. All the sessions are technical with a tutorial value. WinSummit is an event held by developers for developers. For further information and to register visit:
        http://lists.sqlmag.com/cgi-bin3/DM/y/ecI20COG2X0BRZ0BBnp0Au

    4. RESOURCES

  • WHAT'S NEW IN SQL SERVER MAGAZINE: DOING MORE WITH LESS

  • When infrastructure spending drops, IT has to figure out how to do more with less. SQL Server offers by far the best value of any enterprise database system, providing a wealth of built-in capabilities that many customers aren't taking advantage of. In "Doing More with Less," Michael Otey explains how getting more out of what you already have is almost as good as money in the bank. Read this August SQL Server Magazine article at
        http://www.sqlmag.com/articles/index.cfm?articleid=39438

  • HOT THREAD: SQL AGENT PROXY ACCOUNT

  • Wingenious has three different SQL Server 2000 Standard Edition systems, running at Service Pack 3 (SP3), where the proxy account for the SQL Server Agent has to be reset periodically (sometimes daily). The involved application is browser-based, and the affected code works most of the time, then suddenly stops. Resetting the proxy account password for the SQL Server Agent fixes the problem temporarily. This problem affects all three servers almost simultaneously, which might indicate that something external to the servers is causing the SQL Server Agent proxy account password to change. See what other DBAs have said, and offer your advice, on SQL Server Magazine's Administration forum at the following URL:
        http://www.sqlmag.com/forums/messageview.cfm?catid=3&threadid=17975

  • TIP: ACCESSING A NAMED INSTANCE WITH UDP PORT 1434 CLOSED

  •     (contributed by Brian Moran, savvy@sqlmag.com)

    In the SQL Server Magazine May Q&A "Checking Port Numbers" (InstantDoc ID 38444), I responded to the following reader question: "I created a server alias that uses the TCP/IP network library. The client-side server alias is configured to "Dynamically determine port." How can I find out which port the client is using so that I can lock down our firewall?"

    I said that you must keep UDP port 1434 open in the firewall so that you could communicate with the named instance. That's not true.

    UDP port 1434 needs to be open if you have to determine the TCP/IP port that a named instance is using or if you connect to the server by using only the name of the instance. However, you can easily use the Client Network Utility to create a client-side alias for a named instance that includes the IP address and port that the instance uses. You can then use the alias to access the named instance through a firewall without exposing UDP port 1434. With this approach, each client connecting to the server must know its TCP/IP port number in advance, so you'll have to change the client-side settings if you ever change the port that the named instance uses.

    Several attacks have exploited well-known vulnerabilities related to UDP port 1434, so having the option of keeping UDP port 1434 closed is valuable. This technique is also useful for letting pre-SQL Server 2000 client tools connect to a named instance of SQL Server 2000. Thanks to Chip Andrews, who runs SQLSecurity.com ( http://www.sqlsecurity.com ), for sharing this security tip.

    Send your technical questions to savvy@sqlmag.com

    5. HOT RELEASES (ADVERTISEMENTS)

  • WIN $25,000 IN FREE CLASSES AT INSIDER TRAINING

  • AFFORDABLE, QUALITY TRAINING! Insider Training has revolutionized IT learning. We have merged the best of LIVE classroom and self-paced training into a powerful, Internet-based learning system. Sign up for our promo or view a demo:
        http://lists.sqlmag.com/cgi-bin3/DM/y/ecI20COG2X0BRZ0BBLq0AN

  • SSMU ANNOUNCES PERFORMANCE TUNING MINI-SERIES

  • The Performance Tuning Mini-Series advanced-level online training course for SQL Server professionals will be presented September 3, 10, 17, and 26 from 1:00 to 2:00 p.m. Eastern Time by Kimberly L. Tripp. Register today!
        http://lists.sqlmag.com/cgi-bin3/DM/y/ecI20COG2X0BRZ0BBUk0AQ

    6. NEW AND IMPROVED


    (contributed by Carolyn Mader, products@sqlmag.com)

  • ANALYZE AND REPORT

  • WINSIGHT announced WebAnalyst, a complete software suite for analysis and reporting based on Analysis Services and any other OLE DB for OLAP data sources. WebAnalyst is a secure environment for you to connect to reports and make reports available to others. You can create reports by using a Web browser and traditional OLAP capabilities such as dice, drilldown, and slice. The software incorporates different types of graphs such as histograms, pies, evolutions, and plans. Contact WINSIGHT at winsight@winsight.fr.
        http://www.olapwebhouse.com

  • DISPLAY MODEL INFORMATION AT VARIOUS LEVELS

  • Datanamic Solutions announced DeZign for Databases 3.0, database design and modeling software that features a new scripting engine and support for stored procedures and triggers. The database development tool visually supports the layout of entities and relationships. The software supports Entity-Relationship (ER) modeling techniques. DeZign for Databases displays model information at various stages of model development and conveys model information in abstract form. You can use reports that DeZign for Databases generates to show complex designs in simplified formats. The software also extends your modeling power for subdiagrams; you can divide a large or complex model into smaller subdiagrams. DeZign for Databases includes an integrated scripting engine that uses templates or scripts to generate SQL schemas or XML output files. The software supports SQL Server, Microsoft Access, IBM DB2, Oracle, and Sybase. Pricing is $229.
        http://www.datanamic.com

    7. CONTACT US


    Here's how to reach us with your comments and questions:

    • ABOUT THE COMMENTARY — brianm@sqlmag.com
    • ABOUT THE NEWSLETTER IN GENERAL — kathy@sqlmag.com
      (please mention the newsletter name in the subject line)
    • TECHNICAL QUESTIONS — http://www.sqlmag.com/forums
    • PRODUCT NEWS — products@sqlmag.com
    • QUESTIONS ABOUT YOUR SQL SERVER MAGAZINE UPDATE SUBSCRIPTION?
      Customer Support — sqlupdate@sqlmag.com
    • WANT TO SPONSOR SQL SERVER MAGAZINE UPDATE?
      More than 102,000 people read SQL Server Magazine UPDATE every week. Shouldn't they read your marketing message, too? To advertise in SQL Server Magazine UPDATE, contact Beatrice Stonebanks at bstonebanks@sqlmag.com or 800-719-8718.

    SQL Server Magazine UPDATE is brought to you by SQL Server Magazine, the only magazine completely devoted to helping developers and DBAs master new and emerging SQL Server technologies and issues. Subscribe today.
    http://www.sqlmag.com/sub.cfm?code=ssei211x1y

    Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
    http://www.winnetmag.net/email