This appendix discusses:
Server options.
Required database configuration.
Implementing Transparent Data Encryption.
Microsoft SQL Server feature considerations.
This section discusses:
Delivered configuration.
Access ID.
Service Packs and QFE.
The PeopleSoft server configuration parameters are initially set to Microsoft SQL Server defaults. It's a good practice to review the parameters and modify them to your site requirements if necessary. Use the file PS_HOME\scripts\spconfig.sql on your database server to keep track of your changes. This file is used by the database configuration wizard when installing a PeopleSoft database.
Note. Don’t use "priority boost" when running additional applications like PeopleSoft Process Scheduler on your database server machine.
See Also
Microsoft SQL Server documentation
The user ID used as an ACCESSID is not required to be a member of the SQL Server "sysadmin" server role. This restricts the activities of this user ID, which enhances overall application security.
The PeopleSoft ACCESSID is a member of the following fixed database roles:
db_datareader
db_datawriter
db_ddladmin
Additionally, it is necessary to grant ALTER TRACE permissions to the ACCCESSID to take full advantage of the tracing capabilities available in PeopleTools.
Note. Keep in mind that utilizing these roles for the PeopleSoft ACCESSID login, restricts the ability to run administrative tasks not specific to PeopleSoft applications, such as creating backups and restoring them, defining new server logins, modifying server settings, creating and dropping databases, and so on.
PeopleSoft always runs certifications on the latest SQL Server service packs as they become available. Service packs contain large number of improvements and have been tested extensively by Microsoft.
A QFE is a fix intended to solve a specific problem that's usually documented in a Microsoft Knowledge Base (KB) article. PeopleSoft doesn't run certification tests for any particular SQL Server QFE, but considers them to be supported when they're recommended by Microsoft to solve specific problems. However, to install a QFE, PeopleSoft recommends appropriate testing before applying it to a production environment. It's important to take into consideration that a QFE is an enhancement targeted to solve a specific problem. “Secondary effects” as a result of its installation can be determined only with proper testing.
PeopleSoft does not distribute SQL Server QFE software; please contact Microsoft to determine if a QFE is required, and for instructions on how to download the software.
PeopleSoft applications require a standard database configuration that's not optional and should not be changed. This section discusses the options that you must enable:
ANSI nullability.
Quoted Identifier, Arithabort, and functional index.
Database collation settings.
Make sure your database uses ANSI nulls by default. This is a database option that will be set up at installation time. The configuration occurs automatically when using the Database Configuration Wizard and is enabled by the SQL script addobj.sql when installed manually.
The following line shows how to enable this parameter using Query Analyzer:
EXEC sp_dboption databasename, 'ansi null default', true
PeopleSoft uses computed columns that allow the creation of functional indexes. A functional index is an index created to keep uniqueness in a table when the number of keys exceeds the SQL Server limit, which is a maximum of 16 key columns for an index. What makes a functional index special is that it's required only when the number of key columns exceeds the SQL Server limit.
PeopleSoft implements the functional index by creating an index over a computed column. The computed column MSSCONCATCOL is the sum of all the key columns required to keep uniqueness.
In order to create indexes on computed columns, SQL Server requires the Quoted Identifier option to be enabled in the database. This is the default configuration, but this option could be overridden as a connection option from any client. If you are using Query Analyzer to run SQL scripts, look at Tools, Options, Connection Properties on your Query Analyzer menu and make sure the Quoted Identifier option is selected, which will activate it for that particular connection.
Another important option that needs to be enabled to operate computed columns is the database property Arithabort. Make sure this option is enabled for your PeopleSoft database.
Note. Both Quoted Identifier and Arithabort are explicitly set during installation automatically by the Database Configuration Wizard or when running the script, createdb_2005.sql, at the database installation.
See Also
Microsoft SQL Server documentation
The use of the right collation is very important for PeopleSoft applications. PeopleSoft delivers its applications with a standard collation of Latin1_General_Bin on SQL Server. This collation was selected for being compatible with the binary sort order used on previous versions of SQL Server.
However, PeopleSoft supports other sort orders with some applications. The application installation manual will point out whether this is permitted for a particular application. The sort order supported must be Kana sensitive, case sensitive and accent sensitive. Therefore a collation such as Latin1_CS_AS_KS is supported. Note that the Latin1_General_Bin collation also satisfies this requirement.
Consult your PeopleTools installation guide and the application installation manual for further details on the collation configuration required for your database server.
For environments running English-only databases and languages covered by the Latin1 character set (such as Western European languages), PeopleSoft recommends the collation delivered as default in the PeopleSoft installation scripts. The database collation is set when running the creatdb_2005.sql script at installation time. The script runs automatically when you use the database configuration wizard. It is a requirement to run the script when installing the database manually.
See PeopleTools 8.52 Installation for Microsoft SQL Server, Preparing for Installation
This section provides an overview and discusses how to enable Transparent Data Encryption (TDE).
Important! PeopleTools has not introduced any functionality for TDE with respect to Microsoft SQL Server; PeopleTools only supports the use of it. You should always refer to your Microsoft Documentation for any issues with respect to TDE for Microsoft SQL Server.
PeopleTools supports the use of Transparent Data Encryption (TDE) if you are running your database on Microsoft SQL Server 2008 (or higher). TDE provides enhanced encryption and decryption of both data files and log files through the use of database encryption files (DEK). This enables your organization to comply with numerous privacy laws, regulations, and guidelines that are required in certain industries. When implementing TDE for Microsoft SQL Server, you can apply the following AES or 3DES encryption algorithms without making any changes to your existing applications.
AES_128
AES_192
AES_256
TRIPLE_DES_3KEY
When specifying the desired encryption algorithm, make sure to enter it exactly as it appears in the list above.
While there will always be some overhead associated with any encryption processing, the performance impact introduced with TDE is minimal.
Important! Make sure you have read and fully understand all of the Microsoft documentation related to this feature before you implement it. This PeopleTools documentation outlines PeopleTools-specific items and is not intended to replace any existing Microsoft documentation. For example, make sure you are aware of the usage recommendations and restrictions described in the Microsoft documentation as they apply also to your PeopleSoft application databases.
See Also
http://msdn.microsoft.com/en-us/library/bb934049.aspx
http://msdn.microsoft.com/en-us/library/cc278098.aspx#_Toc189384686
To enable TDE:
Create a master key.
Create or obtain a certificate protected by the master key.
Create a database encryption key and protect it by the certificate.
Set the database to use encryption.
The following example illustrates encrypting and decrypting the TDEPT85X database using a certificate installed on the server named PeopleToolsEncryptCert.
USE master; GO /* Create Master Key Using a strong password. */ CREATE MASTER KEY ENCRYPTION BY PASSWORD = '<UseStrongPasswordHere>'; go /* Create a PeopleTools Encryption Certificate. *?/ CREATE CERTIFICATE PeopleToolsEncryptCert WITH SUBJECT = 'PeopleTools Encrypt Certificate'; go USE TDEPT85X; GO /* Create Database Encryption Key Using PeopleTools Encryption Certificate. */ CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = AES_128 ENCRYPTION BY SERVER CERTIFICATE PeopleToolsEncryptCert; GO /* Enable Database Encryption. */ ALTER DATABASE TDEPT85X SET ENCRYPTION ON; GO
Note. When implementing TDE, all files and filegroups in the database are encrypted. If any filegroups in a database are marked read only, the database encryption operation will fail.
This section discusses:
Recovery model.
Nested triggers.
Auto create statistics and auto update statistics.
Automatic file growth.
Autoshrink.
Read Committed Snapshot Isolation.
File management.
Tempdb.
Trace flags.
Database monitoring.
PeopleSoft recommends using the Full recovery model on SQL Server databases. All production databases should use this model for better reliability. The PeopleSoft applications do not require any particular recovery model but using the Full recovery model is considered the best practice.
See Also
Microsoft SQL Server documentation
Some PeopleSoft applications take advantage of database triggers. Make sure that the nested triggers option is enabled for the database server hosting the PeopleSoft databases. You can use sp_dboption or Enterprise Manager to enable this option on the server.
Microsoft SQL Server enables you to create statistics and update them automatically. It’s recommended that you leave this feature enabled for PeopleSoft applications.
However, sometimes you should disable these features for a particular table. For example, if you want to modify the sample size used to create the statistics, you need to do so manually.
Another example is when the data varies considerably, and the statistics that are created are not accurate. For this you might want to disable auto create statistics and auto update statistics manually, and adjust the statistics as needed.
In general, auto create statistics and auto update statistics should be enabled for most of the tables in your database unless you need to disable the feature for specific reasons.
See Also
Microsoft SQL Server documentation.
Microsoft SQL Server enables you to let a database file grow automatically when it's full. PeopleSoft recommends that you leave this feature enabled, however, it should be used with caution. When the database server is in the process of increasing the size of a data file, all other activities in the server stop, which can cause server performance problems. Ideally, in a well-tuned environment this won’t occur — properly sizing the data files eliminates the performance problem.
When installing PeopleSoft applications using the Database Configuration Wizard, you have the option to let the data files grow until there's no more space on the storage devices. When installing the database manually, it's necessary to manually review and modify the file PS_HOME\scripts\createdb_2005.sql. It includes the following lines that the database administrator should review and update with appropriate values:
-- ALTER DATABASE <DBNAME> MODIFY FILE (NAME = <DATANAME>, MAXSIZE = UNLIMITED) -- go -- ALTER DATABASE <DBNAME> MODIFY FILE (NAME = <LOGDATANAME>, MAXSIZE = UNLIMITED) -- go
For PeopleSoft databases, make sure the autoshrink option is disabled. In very specific scenarios it will be necessary to "shrink" a database file. This should be done with caution; in general, it's a better practice to do it manually.
PeopleSoft applications use a "pessimistic" implementation of the READ COMMITTED isolation level. SQL Server supports optimistic concurrency control with its implementation of the READ COMMITTED isolation level, called READ COMMITTED SNAPSHOT.
Optimistic concurrency control has these benefits:
The overhead required for managing locks is minimized.
Data modification operations cannot be blocked by read operations.
Disabling Read Committed Snapshot Isolation
Under normal circumstances, this feature should always remain enabled. You can disable it if a critical problem is identified.
Before disabling the feature:
Make sure there are no open transactions. This means that you must close down the application server and the process scheduler.
If there is a risk that users are still connected with open transactions, then change the database to single user mode before continuing.
The command to disable the feature is:
ALTER DATABASE dbname SET READ_COMMITTED_SNAPSHOT OFF
The command to change the database to single user mode is:
ALTER DATABASE dbname SET SINGLE_USER ON
See Also
Microsoft SQL Server documentation.
PeopleSoft recommends the use of separate physical disks for the Microsoft SQL Server data files. Ideally, databases like master, tempdb, and application databases should be on separate disks, as should the operating system paging file (in case you run some additional applications other than the database software). As a general rule, the more spindles the better; always choose more smaller-size disks over fewer larger-size disks. If you don't have separate physical disks for each of the datafiles, you should at least place your tempdb, data, and log files on separate physical devices. Make sure that your log device is using its own disk controller and is not accessed by any other device.
Note. You should always consider disk fault tolerance when deciding how you want the database server configured.
Microsoft SQL Server maps each database using a set of operating system files. All database objects and data are stored within these files. A database can have one or more data files (.mdf and .ndf extensions) and transaction log files (.ldf extension).
Filegroups are logical containers that enable the database files (.mdf, .ndf, and .ldf) to be grouped together for administrative and data placement purposes. While a filegroup can contain more than one database file, each database file can be a member of only one filegroup.
Note. While the number and placement of data files may have an impact on system performance, the number and organization of filegroups has no direct correlation to performance.
Because of the large number of tables and the complex IO patterns of a PeopleSoft database, you must consider the placement of the data files carefully to maximize performance. The best approach is to use a RAID-10 disk configuration and spread the data over as many disks as possible. Use a large number of smaller sized disks, rather than a small number of larger disks.
In addition to the main database, give careful consideration to the configuration and placement of the SQL Server Tempdb database, because PeopleSoft applications use it heavily. Given the unusual input/output characteristics of this database (on average, 50% read, 50% write), you should create your Tempdb database on a separate RAID-10 disk with multiple database files. Generally, it's appropriate to make the number of data files equal to the number of processors used.
See Also
Microsoft SQL Server documentation
Microsoft Windows documentation
PeopleSoft heavily uses the tempdb database. Consider moving tempdb to its own set of disks or disk array. The size of tempdb should be adjusted to be approximately 15% to 20% of the total size of your PeopleSoft database.
Another good practice is to distribute tempdb into several data files of the same size. As a guideline, you might want to have one file for each processor assigned for SQL Server. If possible, spread these data files on a high performance disk array.
Moving Tempdb
During installation of Microsoft SQL Server, tempdb is put in the default data directory. If you wish to move it to a separate disk and resize it, the following scripts are an example of how this can be accomplished:
-- To find out where tempdb resides: -- The following stored procedure will show on which drive tempdb -- data and log files reside. sp_helpdb tempdb -- This example script moves tempdb to drive f: alter database tempdb modify file ( name = ’tempdev’ , filename = ’f:\data\tempdb.mdf’ ) go alter database tempdb modify file ( name = ’templog’ , filename = ’f:\log\tempdblog.ldf’ ) go -- This example script resizes the tempdb data file to 500MB -- and the tempdb log file to 500MB alter database tempdb modify file ( name = ’tempdev’ , size = 500MB ) go alter database tempdb modify file ( name = ’templog’ , size = 500MB ) go
When reporting problems to PeopleSoft support, it is advisable to generate files with traces of the problem that you want to report. Use the trace flags incorporated in PeopleSoft tools to generate these files. The trace flags are accessible through the configuration files for the Process Scheduler and the application server and through the selection of several flags when using the PeopleSoft Configuration Manager on your developer workstation.
Use “TRACESQL=63” to display the SQL statements executed when using PeopleSoft applications. This trace flag is very useful to identify problems in the SQL being executed against a database that hosts a PeopleSoft application.
The trace flag will show the details about the execution of a SQL statement, including:
if the statement was recompiled.
if the statement was using an old query plan.
the time it took to execute.
the time between executions.
if the SQL was parametrized.
Once you find the SQL with problems, you can use the SQL Server profiler to reproduce this outside of your PeopleSoft application.
Note. Keep in mind that tracing could affect performance considerably, and you won't be able to reproduce some problems with tracing enabled.
See Also
Setting Application Server Domain Parameters
Using PeopleSoft Configuration Manager
Available through the configuration files for the Process Scheduler and the Application Server, the activation of the EnableDBMonitoring option allows you to populate context information of the query executed against the database. This is particularly useful to gather information about the PeopleSoft user running a particular SQL statement.
Examples of SQL Statements
The following are examples of SQL statements that will display the context information of a user once EnableDBMonitoring is selected. Modify the scripts according to your needs.
--SQL to get OPRID only select (substring(cast(context_info as varchar(128)),0, PATINDEX('%,%',cast(context_info as varchar(128))))) from master..sysprocesses where spid=<spid> --SQL to select the network id if it is there select substring(cast(context_info as varchar(128)), len(substring(cast(context_info as varchar(128)),0, PATINDEX('%,%',cast(context_info as varchar(128)))))+2, PATINDEX('%,%',substring(cast(context_info as varchar(128)), len(substring(cast(context_info as varchar(128)),0, PATINDEX('%,%',cast(context_info as varchar(128)))))+2,128))-1) from master..sysprocesses where spid=<spid> --SQL to select network host select substring(substring(cast(context_info as varchar(128)), len(substring(cast(context_info as varchar(128)),0, PATINDEX('%,%',cast(context_info as varchar(128)))))+2 +PATINDEX('%,%',substring(cast(context_info as varchar(128)), len(substring(cast(context_info as varchar(128)),0, PATINDEX('%,%',cast(context_info as varchar(128)))))+2,128)) ,128),0,PATINDEX('%,%',substring(cast(context_info as varchar(128)), len(substring(cast(context_info as varchar(128)),0, PATINDEX('%,%',cast(context_info as varchar(128)))))+2 +PATINDEX('%,%',substring(cast(context_info as varchar(128)), len(substring(cast(context_info as varchar(128)),0, PATINDEX('%,%',cast(context_info as varchar(128)))))+2,128)) ,128))) from master..sysprocesses where spid=<spid> --SQL to select App server domain select reverse(substring(reverse(cast(context_info as varchar(128))),0, PATINDEX('%,%',reverse(cast(context_info as varchar(128)))))) from master..sysprocesses where spid=<spid> --SQL to select all the information trimming blanks select substring(cast(context_info as varchar(128)),0, 128-PATINDEX('%,%',reverse(cast(context_info as varchar(128))))+10) from master..sysprocesses where spid=<spid>