Only use CLR when you need to

Published On: 2019-07-23By:

There are people out there that love SQL CLR, and there are people that hate SQL CLR. I have a slightly different opinion, which is that I hate how most people use SQL CLR.  The trick to SQL CLR is that you should only be using it for things that CLR does better than T-SQL does; which is mainly dealing with text manipulation such as RegEx.  T-SQL can’t do stuff like RegEx, so SQL CLR is the way to do that.  If you’re having SQL CLR do things like calling out to a web server or running SSIS packages, or pulling in stuff from a file server all from T-SQL, then you probably need to take a step back and look at what you’re trying to do, and possibly do a redesign of what you’re trying to do.

Denny

The post Only use CLR when you need to appeared first on SQL Server with Mr. Denny.


Contact the Author | Contact DCAC

Azure Bastion

Published On: 2019-07-15By:

The recently announced Azure Bastion service looks like a pretty slick service. It provides a secure way into your VMs without the need to VPN in. It gives you the same authentication that you’d expect from the Azure Portal (MFA, AAD Credentials, etc.) all while giving you a pretty easy to manage way to get into VMs in Azure. Now, this bastion service isn’t going to be for every situation, so it shouldn’t be used for that. But if you need a secure, logged way to connect to VMs in your Azure environment, this looks like a pretty good solution.

What the bastion service does is allow users to log in to the Azure portal, then select the VM that they want to connect to. From there they get an RDP session within their browser that lets them log into the VM that’s running in Azure.  From a security perspective, the cool thing about this is that you don’t have to give your VMs public IPs. Because the Azure Bastion service is the bridge between the public internet and your internal VMs, nothing needs a public IP address as nothing is going directly to the Internet.

If your in an environment when you need a way to give users RDP access to servers, this is going to give you a nice secure way of going so.

Like I mentioned earlier, this isn’t going to solve all problems. If you work from home and you need SQL access to VMs, then Azure Bastion isn’t going to help you as it doesn’t just pass traffic like SQL Traffic. You’d need to RDP into a machine, then run the SQL tools from there. So if you wanted to run something locally that could log into SQL Server, you’ll still need a VPN in that case.  But for situations where you need to RDP into machines, users that are remote logging into a terminal server for example where you don’t want to have to require that they install VPN software, this could be a good solution for them.

Currently, the Azure Bastion service is in Preview, so you’ll need to sign up for it which you can do from the Microsoft Docs. That doc will also tell you how to use the Azure Bastion service, as you can’t access it from the normal portal URL (yet).

There’s a couple of items to know about Azure Bastion.

  1. It isn’t available in all the regions yet. Because it’s a preview service isn’t only in a few Azure regions. The lack of regions will change, but while it’s a preview, it’s going to be a limited release.  Those regions the service is in today are:
  • West US
  • East US
  • West Europe
  • South Central US
  • Australia East
  • Japan East
  1. Today Azure Bastion can’t plan vNets. So if you have VMs in two different vNets, you’ll need to bastion services, one in each vNet. Hopefully, this will change by release.

Denny

 

The post Azure Bastion appeared first on SQL Server with Mr. Denny.


Contact the Author | Contact DCAC

For the Love of God, Stop Exposing Company Information

Published On: 2019-07-08By:

Companies (and the employees at them) need to stop posting private company information on the Internet. And they really need to stop posting private information in public spots with no password.  Just last week yet another company was found to be doing something stupid.  In this case, they had tons of information posted to an S3 bucket, and there was no password on the S3 bucket.  In this S3 bucket, they had backups from systems, One Drive backups from employees, credentials for customer environments, keys for their production environments, etc.

“System credentials can be found in a number of places in the Attunity data set and serve as a useful reminder of how that information might be stored in many places across an organization’s digital assets,” UpGuard researchers said in a report published yesterday.

This information should have never been posted to a publically accessible location, much less one without a password.  There’s no good reason why things like system credentials would be posted online.

As IT workers, we have to do better than this.  We just have to.  There are too many people out there who would do bad things with this information if they got there hands on it.

Do I have a solution, no I don’t. But this really isn’t a problem that needs a technical solution. Whoever did this, simply shouldn’t have done it. There is no excuse for exposing anything much less this much information.

Denny

The post For the Love of God, Stop Exposing Company Information appeared first on SQL Server with Mr. Denny.


Contact the Author | Contact DCAC

Today is MVP Day, and it was a good day for some not so for others

Published On: 2019-07-01By:
Today is “MVP Day” when Microsoft MVPs find out if they’ve been awarded for another year as Microsoft MVPs.  For some people it was not that great of a day as they weren’t renewed as Microsoft MVPs today. For others, today there was a really good email in their inbox. I’m happy to say that all 5 of the folks at DCAC that were Microsoft MVPs yesterday are still Microsoft MVPs today. Congrats to Joey, Monica, John and Meagan (and myself to make 5) on another year of being Microsoft MVPs. Denny The post Today is MVP Day, and it was a good day for some not so for others appeared first on SQL Server with Mr. Denny.
Contact the Author | Contact DCAC
1 2 3 346

Video

Globally Recognized Expertise

As Microsoft MVP’s and Partners as well as VMware experts, we are summoned by companies all over the world to fine-tune and problem-solve the most difficult architecture, infrastructure and network challenges.

And sometimes we’re asked to share what we did, at events like Microsoft’s PASS Summit 2015.

Awards & Certifications

Microsoft Partner       Insights Sccess Award    Technology Headlines Award    Golden Bridge Gold Award    CIO Review Top 20 Azure Solutions Providers    VMWare Partner
Microsoft Certified Master    Microsoft MVP