540 likes | 554 Views
This guide explores the worst practices in SQL Server administration, design, development, installation, and more, helping you learn from others' mistakes.
E N D
SQL Server InfernalsA Beginner’s Guide to SQL Server Worst Practices Gianluca Sartori @spaghettidba
Gianluca Sartori Independent SQL Server consultant Data Platform MVP, MCTS, MCITP, MCT Works with SQL Server since version 7 DBA @ Scuderia Ferrari Blog: spaghettidba.com Twitter: @spaghettidba
Agenda • Best practices or Worstpractices? • What can go wrong? • Design • Development • Installation • Administration
Disclaimer: • Noteverythingisblack or white • «Itdepends» is the mostlikelyanswer There are edgecaseswhen some of theseworstpractices are the onlypossiblesolution, or notsuch a bad idea…
Best Practices vs. WorstPractices • Why Best Practices are notenough • Too many • No time • Lack of experience • Notalways clearwhathappensifwedon’tfollowthem • WhyWorstPractices help • They show the mistakes to avoid • We can learn from someoneelse’smistakes
WorstPracticesAreas Administration Design Development Installation Environment Schema design HW validation Recovery Data Types Code OS configuration Security Naming Test SQL installation Capacity Performance Monitoring
SQL Server Infernals • Worst Practices are sins that will put you in the SQL Server hell!! • I will guide you through the circles, as Virgil did with Dante
SQL Server InfernalsBINGO! • Check your sins in the your SQL Server Infernals BINGO card! • Download it from https://git.io/vARkN • Special treats for worst sinners!
Schema Design • Notnormalizing the schema • 1NF:A primarykey, atomicattributesonly • 2NF:Everyattributedepends on the wholekey • 3NF:Everyattributedependsonly on the key «The key, the wholekey, nothingbut the key, so help me Codd»
Clues of denormalization • Repeating data redundancies • Inconsistent data betweentables anomalies • Data separated by «,» • Ex: john@gmail.com, john@business.com • Structured data in «notes» columns • Columns with a numericsuffix • Ex: Zone1, Zone2, Zone3 …
LookupTables One lookuptable for eachattribute
OTLT: One True LookupTable CREATETABLELookupTable( table_namesysname, lookup_codenvarchar(500), lookup_descriptionnvarchar(4000) ) One lookuptable for allattributes
OTLT: One True LookupTable • No Foreign Keys • Generic data types nvarchar(SomeHighNumber) ImplicitConversions, Incorrect Data, Hugememorygrants… • CHECK constraintsmay help to a point… • Locking CHECK( CASE WHENlookup_code='states'ANDlookup_codeLIKE'[A-Z][A-Z]'THEN 1 WHENlookup_code='priorities'ANDlookup_codeLIKE'[0-9]'THEN 1 WHENlookup_code='countries'ANDlookup_codeLIKE'[0-9][0-9][0-9]'THEN 1 WHENlookup_code='status'ANDlookup_codeLIKE'[A-Z][A-Z]'THEN 1 ELSE 0 END= 1 )
EAV: Entity, Attribute, Value Disadvantages: • Generic data types Ex: varchar(4000) • No Foreign Keys • No CHECK constraints • Multiple accesses to the sametable • One access per attribute Advantages • Dynamic schema: no need to alter the database • Replication, distributedenvironments
EAV: Entity, Attribute, Value • Reporting isinsanely hard. • Writing to the EAV schema is a mess • Workaround: • Reads: PIVOT / Crosstab • Writes: View + INSTEAD OF triggers • Alternatives: • SPARSE columns • XML/JSON • Key-valuestoredatabases • Document-orienteddatabases
Data type Worst Practices • Numeric data types for non-numeric data • Storing data as their human-readable representation • Using deprecated data types • Using larger data types “just in case” • Using variable length data types for fixed size data • Storing durations in date/datetime columns • Getting Unicode wrong • Using different data types for the same data in different tables
Chaos Belongs to Hell • No PrimaryKey o surrogate keysonly «identity» isnottheonlypossiblekey! • No Foreign Keys They’re «awkward» • No CHECK constraint The applicationwillguaranteeconsistency… • Wrong data types • Data typeis the 1° constraint on the data • Use of NULL wherenot appropriate • Use of «dummy» data (ex: ‘.’ , 0)
Damnation by Namification • HungarianNotation(AKA «tibbing») • Insanely short names • Insanely long names • Mixing languages • Using the «sp_» prefix • Using reservedwords or illegalcharacters • Using systemgeneratedconstraintnames • No naming convention or multiple namingconventions Hungary is a nice str_country
Pollutors will be prosecuted • Developing in production • Using the test environment for development • Using a shared database for development • No source control • Developing with sysadmin privileges • Developing on a different version/edition from production(less problematic after 2016 SP1)
Pessimists are Optimists with Experience • Nottestingall the code Use meaningful data volumes • Testing in production Can alter production data Interferes with production users • Testing in developmentenvironment Usefulatmost for unittests
Development WorstPractices • No transactions • No errorhandling @@ERROR is a thing of the past! • Wrongisolationlevels NOLOCK = no consistency! • SELECT * • Dynamic SQL with concatenatedparams • Code vulnerable to SQL injection • No abstractionlayer Views, Functions, StoredProcedures It’s all about laziness
HW WorstPractices • Using inadequate or unbalanced HW • Reusingdecommissionedservers for new installations • SlowerCPUs (licensecosts the same on fast CPUs) • Less RAM supported • Planning storage with capacity in mind • Choosing the wrong RAID level
Installation WorstPractices • Installingacceptingall the defaults • Data files on the system drive • MAXDOP = 0 • Max Server Memory = +∞ • Installingunusedcomponents • Installing multiple services on the same machine • Giving up easy wins on I/O • Partitionmisalignment • Using the default allocationunit (4Kb)
Backup and RecoveryWorstPractices • No backup • With FULL recoveryit’s a timebomb • Ignoring RPO and RTO (it’snotyourdecision!) • No test restores • No consistencychecks • DBCCREPAIR_ALLOW_DATA_LOSS as default response to corruption Ourresponsibilityis to performrestores, not backups!
Security WorstPractices • Too manysysadmins • Everyone authenticating as ‘sa’ • Using SQL Authentication • Weakpasswords • 123 • P4$$w0rd • Sameas username • No auditing on sensitive data
Capacity Management WorstPractices • Notchecking disk space • No spaceleft = database halted! • FULL recovery and no log backups? • Relying 100% on autogrowth • Autoshrink • Autoclose • Notpresizingtempdb Different file size = latching (and striping) penalty
MaintenanceWorstPractices • Notmaintainingindexes and statistics • Obsessing over maintainingindexes and statistics • Using catch-allmaintenanceplans
Performance Tuning More effective Easier to implement
Query OptimizationWorstPractices RBAR: RowBy AgonizingRow • Cursors • WHILE loops • App-side cursors • Scalar and multi-statement functions
Query OptimizationWorstPractices Views on views on views… Might look like a brilliant idea at first (code re-use FTW!) • You can end up losing control • Unneeded multiple accesses to the same tables • Unnecessary JOINs
Neverendingnestedviews… SalesOrderHeader: 2 1 1 2 Customer:
Query OptimizationWorstPractices • One query to rulethemall The optimizerisgood, notperfect «divide et impera» deliversbetter performance • DISTINCT in allqueries … because “who wants stinkin’ duplicates?” • Query HINTsall over the place Especiallyindexhints
IndexingWorstPractices • Acceptingallsuggestions from Tuning Advisor • Duplicate indexes • An index for eachcolumn • Indexes are not for free! • SuboptimalClustered Index • Unique • Small • Unchanging • Everincreasing or decreasing
Server TuningWorstPractices • «Throwing HW» at the problem • A 2x faster machine mightmake RBAR code 2x faster • Using set-based code might make it 500x faster • Using «advanced» optionswithouttesting • NT Fibers (lightweightpooling) • PriorityBoost
Resources Detailed blog posts on spaghettidba.com One post for each circle: https://spaghettidba.com/category/sql-server/sql-server-infernals/
Resources Free Tool: Best Practices Analyzer • Highlightsconfigurationparametersthatdon’tcomply with best practices • Highlightspotentialproblems • Offersrecommendations http://www.microsoft.com/en-us/download/details.aspx?id=15289