Tuesday, 2 January 2018

SQL Server Installation Checklist

Windows OS Installation
  • .     All drives partition aligned.
  • .     Hyper threading disabled in the BIOS.
  • .     OS and installed applications drive use RAID 1 and use NTFS with default Allocation Unit Size.
  • .     OS installed to C Drive.
  • .     Domain Administrators group added to the Local Administrators group.
  • .     Account Policies enforced  or set explicitly.

a.     Password Policy
                                          i.    Enforce password history = Last 10
                                         ii.    Maximum password age = 60 days
                                        iii.    Minimum password age = 7 days
                                        iv.    Minimum password length = 8
                                         v.    Password must meet complexity requirements = Enabled
b.    Account Lockout Policy
                                          i.    Account lockout threshold = 5 invalid login attempts
  • .     Local Policies enforced  or set explicitly.

a.     Audit Policy set to audit Success and Failure of
                                          i.    Audit account logon events
                                         ii.    Audit account management
                                        iii.    Audit logon events
                                        iv.    Audit policy change
                                         v.    Audit system events
b.    Security Options
                                          i.    Interactive logon: Do not display last user name – Enabled
                                         ii.    Interactive logon: Message text for users attempting to log on – Set to Legal Disclaimer for access to production servers
                                        iii.    Interactive logon: Message title for users attempting to log on – Set to Legal Message Titled for access to production servers.
  • .     Everyone User removed from non-C drives.
  • .     All applications installed to D Drive and not C Drive.
  • .     Windows Updates configured to download but not install.
  • .     NIC’s configured as teamed (if appropriate), set to Full Duplex and maximum network speed (usually 1GB).
  • .     Validate IO Subsystem configuration is optimal using SQLIO and test alternate configurations to determine optimum configuration for SQL.
  •   .  If using SAN Storage test HBA Queue Depth settings at 64 and 128 in conjunction with SAN admin to determine the optimal setting for the server based on IO demands and impact to other systems using the SAN, ensure that MPIO is configured properly.  (Going to high on the SQL Server can allow it to dominate the SAN, reducing performance of other systems using SAN storage on different disk arrays)
  •   .  Anti-Virus Software installed and configured to update from root server. Configure antivirus software to skip LDF/MDF/NDF files.
  •   .  Backup Software installed and configured to skip LDF/MDF/NDF files.
  •   .  System Tools Added to solution (TSM, SCOM, SCCM ).


Pre-Installation of SQL Server
  • .     Install prerequisites and run the Upgrade Advisor if this is an upgrade.
  • .     Separate RAID Arrays for Data and Log files.  Tempdb on dedicated array.
  • .     Data, Log, and Tempdb drives formatted with 64K Allocation Unit Size.
  • .     The Backup volume should allow for 3 local database backups plus 10-20% Growth for each                   instance
  • .     SQL Server Admins Group added to the Local Administrators Group.
  • .     Create AD Service Account, or Local Account for non-domain servers, with no permissions.  (IS           Request created per SQL Server Instance …attach service account details) )
  •    Add the readServicePrincipalName and writeServicePrincipalName permissions to the Service     Account in AD (http://support.microsoft.com/kb/319723)
  •      Configure individual Data drive (with default Drive letter E in Windows.)
  •      Configure individual Log drive (with Drive letter L in Windows.)
  •      Configure individual TempDB drive (with Drive letter T in Windows.)
  •     Configure additional Data drives with Drive letter F, G, etc. skipping previously reserved Drive letters        and M (cluster MSDTC) and Q (cluster Quorum).
  •     Add the AD Service User Account to the Root path with Full Control of Data(s), and List Folder              Contents Permissions for Data, Log and Tempdb Drives.
  •     If required create SQLData folder on Data and Tempdb Drives
  •     Add the AD Service Account with Full Control of SQLData folder on Data and Tempdb Drives
  •     Create SQLLogs folder on Log Drive
  •     Add the AD Service Account with Full Control of SQLLogs folder on Log Drive


SQL Server Installation
  • .     Use the previously configured Service Account as the startup account for the SQL Service.
  • .     Install the binaries to the D Drive or allocated drive other than C.
  • .     If installing SQL Server  set the default file paths according to the previous drive configuration.
  • .     Set SQL Server and SQL Agent to startup automatically.  Disable the Browser Service unless installing Named Instances or multiple instances on the Server.
  • .     Apply latest Service Pack and Security patch based on SQL Server version. Use the following script to determine the service pack installed on the system.
  •       SELECT CONVERT(char(20), SERVERPROPERTY('productlevel'));


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

PowerShell script to backup/restore procedures for Migrating each database

  Below is the PowerShell script that will implement backup/restore procedures for each database which we want to migrate to complete the mi...