Use the below to prepare and perform all SQL Server installations. (SQL Server
Editions, Versions, Service Account, Database Recovery Model, etc….)
Don't install SQL Server services that which are not required,
such as Reporting Services or Analysis Services, if you are not going to use them.
SQL Server Ports
Best practice is each instance has to change its default ports from 1433/1434
to a unique port number and entered into your documentation database. The SQL
Server Browser service need is to be running only to connect named SQL Server
instances that use TCP/IP dynamic port . It is not necessary to
connect to default instances of SQL Server and named instances that use
static TCP/IP ports.
For best practice and more secure configuration, always use static TCP/IP
port and disable the SQL Server Browser service.
Naming Conventions
The instance name should not indicate a version number or
other sensitive or information capable of uniquely identifying the data
contained. SQL Server
instance names are (based on your environment format).
SQL Server Binaries
Binaries, system databases, tempdb, user data, logs and
backups should be isolated on separate physical disks, to reduce disk IO and
allow for improved database recovery and performance. Don't keep database files on
the C: drive.
Authentication Mode
Make sure that all sql instances should only run with Windows Authentication unless any risk Acceptable form has been submitted and approved. Any servers that have
Mixed Mode Authentication enabled will be configured to use Windows password
policy mechanisms. Make a documented
procedure and process be in place to ensure all SQL Login IDs are deleted
between the period of 60 and 90 days of inactivity by checking with owner of those logins.
SA Account
Disable SA account and create new sql Authentication account with proper name or Set a complex password and enter that password into your documentation
database and enable password complexity.
All SQL Server logins should be documented and have owners
information. This includes SQL Logins,
Windows Logins, service accounts and sa (sysadmin) logins.
Sample and Demo Databases, Development Tools
No sample or demo databases will be included with the
installation of any SQL server. Documentation, development tools and SDKs will
not be installed to any production server.
SQL Server Hotfixes and Service Packs
DBA’s are responsible for Testing, validating of all SQL hot fixes and Service Packs before installing in the production environment. We will be validated in
the appropriate non-production environment for two weeks prior to submitting a
Change Management Request and applying to production. DBA’s
has to work with Business and application owners to come up with a
standard schedule for the installation updates and SQL Server
reboot.
No comments:
Post a Comment