Once you have been a DBA for any length of time, you will encounter the situation of a new vendor coming in with software that has a database back end. Wherever I am working or helping, I like to interject the idea of “DBA Input” as early into the process as possible and I go through a discussion with them.
I think of this as a job interview. You want an ideal candidate and you want the candidate to know about your expectations.
These are the questions I ask in initial conference calls or meetings with technical pre-sales or installation staff. They guide other conversations and help me better support the internal customer requesting this application.
- Which version(s) of SQL Server do you support?
- How do you test service packs/CUs?
- How many customers do you have on the setup we are planning to go with?
- How quickly do you normally certify for a newer version or service pack?
- Based on what you know about our expected usage can you tell me:
- What should I expect to see for performance characteristics? (I/O, Mem, CPU utilization)
- Will your app live in a shared instance that looks like x
- What sort of performance issues have your support folks commonly dealt with in similar environments?
- Does your application support a named instance? (sounds stupid but it isn’t.. ask any question)
- Does your application support and is it certified to communicate with a SQL Cluster? (again may sound stupid when you think about clustering and SQL with an instance only active on one node anyway)
- Can you explain your architecture? Looking for discussion about:
- Data Access methods – are they developing with performance in mind, are they using modern technology… Will you get hammered with a bunch of sp_cursorfetch statements?
- You may be “just” the DBA but we all know the DB gets blamed first Understand how they connect, if you are making the back end Highly Available, how is everything above the DB going to be HA?
- Can you share with me all of the recommended best practices your installation and support folks suggest for database maintenance?
- For an application of this category and usage, here is our general backup/recovery strategy. Do you have any issues with that? (Are there distributed transactions that need to have coordinated backup? Do they have issues with backup methods you use? Does the DB backup need to coincide with some XML file someplace?)
- Does your support have any processes that involve recycling the SQL instance? If so, is this mandatory? Why?
- Do you have any reference sites we can talk to? If the app is large enough, try and get a customer of similar scenario. Talk to their IT staff, talk to a DBA there. Maybe overboard but can be helpful if conditions warrant.
- Security!!! I saved my favorite for last.
- Windows authentication or SQL Authentication?
- What, if any, fixed server roles do you require?
- Is that just for the duration of the installation or the life of the app?
- Why so elevated? What happens if we trim that down? (Presuming they answer with SA or something )
- How do your users authenticate? (Does each user need a SQL login, do they need to belong to an AD group which has SQL login rights? or is it an app pool with the app handling security with tables in the database?)
- What type of access does your support team need? (important if a shared instance or you are a paranoid careful DBA)
- Out of curiosity, what database rights do your database user accounts have? (I hate hearing DBO, presuming I haven’t heard SA… I LOVE hearing they create a role with the minimum necessary permissions… Not the end of the world if DBO, only hurts their database but still…)
The list is not always covered verbatim but I bring it with me to help drive a conversation flow and get to the important items that I want to know about. I’ve been burned by not asking and not getting myself involved. If you pick up nothing else from this post: get involved as early as possible.
You’ll be surprised what you learn. I was working with a building security system once. Got to security and the answer was basically that they normally like to be on their own database server, and they generally use SA with a blank password. I was floored… I said to the install team from the vendor, “you guys are in security?!?” We went with them but I worked with them to find out what permissions they truly needed, gave them those, backed them down even further after DB was created and they live happily to this day as far as I know.
What do you ask? How have you been burned by not asking? What’s your funniest/saddest experience with vendor software?