Professional Documents
Culture Documents
The Symphony Database portal has been designed to be used in conjunction with database
management tools like SQL Server Management Studio (SSMS) providing very few limitations
from a traditional environment in regards to database management and design.
When Savvis initially configures your Symphony Database service, an Admin account is created
that you can use to access your databases for administrative purposes. The Admin account
password is randomized and not provided after installation, the password must be reset through
the SavvisStation Portal in order to use the account. If you are going to use Microsoft SQL
Server Management Studio (SSMS) to manage your databases, and would like to see the
database and all of its objects in object explorer, you will need to use this account.1
Once you have initiated a Symphony Database configuration, you may create a database using
an empty template or using a pre-existing backup. The route you choose will depend on your
application. To import Databases into your Symphony Database you will need to enable SFTP
access which is covered later in this document.
Access to your Symphony Database databases is limited to the IP Addresses and/or Subnets you
allow in the Symphony Database firewall.
Unless the database is a Disaster Recovery log shipping destination, by default Savvis creates a
backup of your database nightly; this can be disabled in the SavvisStation Portal. If Database
mirroring is subscribed to, Transaction Log backups occur in conjunction with the nightly
backup. Savvis does support Tape Backups, but tape backups are not included; please see the
Tape Backup SSG for details around backups, backup retention policies and integration with
Tape Backups.
Monitoring
Symphony Database is a fully managed offering, and all critical systems are monitored 24x7.
Due to the shared/multi-tenant architecture of the Symphony Database environment, and the
significant investment in redundant components, access to the infrastructure monitoring feeds
will be limited to Savvis personnel. Savvis does provide trap feeds for customer level
1
This requirement is due to the Admin account being the database owner for all of your
databases. While you can add additional users to the db_owner role of a database, these users
do not actually own the database and cannot see the database in the SSMS object explorer.
components, like the database, and these traps are outlined in the Savvis service guide (SSG).
Savvis does not have the ability to provide custom monitoring from within the environment but
can provide remote monitoring from the client side. This custom monitoring could include
health checks validating everything from network latency to simple connectivity tests.
System Maintenance
An important component of system administration and management is keeping the system up-
to-date. System maintenance includes keeping the system current with all patches, to help
prevent security compromises or operational reliability issues. Savvis will, from time to time,
schedule the installation of system patches, as deemed necessary by Savvis’ support staff.
Savvis will notify you of such maintenance windows in advance. The advanced notification will
allow both parties to prepare for the patching, as well as provide ample time for discussion
regarding the potential impact the patch may have on your specific applications.
Support
If you need support for any reason, please call the Savvis Hosting Help Desk at 888-638-
6771 opt. 2 or email Request@savvis.net before performing the maintenance. The Help
Desk is available on a 24/7/365 basis.
Marketplace
Marketplace is where new Symphony Database subscriptions can be created and existing
subscriptions can be changed by increasing and decreasing the service tier.
Orchestrator
Orchestrator is available to all customers who have purchased Symphony Database
services. Symphony Orchestrator allows you to manage several operational aspects of your
Symphony Database services such as managing the firewall, creating additional schemas,
adding and deleting users etc.
Symphony Orchestrator can be opened by clicking Services and then Symphony Orchestrator or
by clicking Database Dashboard in MarketPlace.
When you first open the Orchestrator Database Dashboard you are presented with a hierarchical
view of all your Symphony Databases. This view provides both health at a glance and the ability
to drill down into your services. The tree provides a root for each datacenter, and the
immediate children are Symphony Database subscriptions with child schemas. The default view
is the Compute Dashboard and not Database Dashboard, so you will need to click the Database
Dashboard tab.
Database Dashboard
The Database Dashboard gives you a tree view of your subscriptions and the locations they
belong in. Microsoft SQL subscriptions are denoted by the Microsoft squiggly and contain
children that are the databases of your subscription. When selecting a subscription you will get
The dashboard also gives your health at a glance for each subscription, which will always be red
for new subscriptions for up to the first 8 hours while statistics are gathered. Health will be Red
when the Cache Hit Ratio is below 75% which is a sign that you are low on memory and yellow
when below 80%. If Orange and blinking it’s because you have a pending request against the
subscription that was initiated by you or another user of your Symphony Database subscription
within SavvisStation.
At this point in the provisioning process, you also have the option to choose a minimum amount
of storage ‘commitment’ for your service. By selecting a minimum amount of for each type of
storage, you will now be billed for a fixed amount of storage, instead of paying for storage in
1GB increments. This can help with planning and budgeting for you project. It is important to
note, however, that you are not required to purchase a minimum amount of storage. Initially, a
default of 10GB is displayed in the drop down. But, you can change that to ‘0’ and you will be
billed for actual usage. You can change from usage based billing to a committed amount of
storage at any time by selecting ‘change service tier’ from the general tab in your Symphony
Database resource group.
Note: Symphony Database Compute Resources are not accessible from Private IP Addresses like those found in the
following three ranges: 10.0.0.0 thru 10.255.255.255, 172.16.0.0 thru 172.31.255.255 & 192.168.0.0 thru
192.168.255.255 the firewall only accepts IPv4 addresses at this time, contact the Savvis helpdesk if an IPv6 address is
required.
Click MarketPlace and then click Symphony Database under the Add Services section on the left
or under the Add section in the center pane to bring up the order form. From here you can
select Microsoft SQL as the Database Platform, the Location to use Symphony Database from,
Compute size for the subscription, any minimum amount of storage, and IP Addresses to seed
the firewall from.
The IP Address listed is the IP of the device you are currently accessing the Savvis portal from.
Be careful not to continue with this IP address in the form if it’s not an IP Address you want to
access your Symphony Database subscription. You can always modify this address at a later
time via the Firewall Tab in your Symphony Database subscription.
Once you have completed your shopping click the “Next Step 2” button in the lower-right
corner to price your offering and complete the shopping experience.
Each Symphony Database Compute Resource has its own firewall rules that are managed
through the SavvisStation Portal. The Firewall must have at least one IP Address or Subnet
defined at all times, and subnets can be no larger than /24 (255.255.255.0). The firewall does
not prohibit access to the SavvisStation Portal, but it does prohibit access to the databases and
data within. The firewall is not limited in the number of IP Addresses or Subnets defined for a
Symphony Database Compute Resource.
Note: Symphony Database Compute Resources are not accessible from Private IP Addresses like those found in the
following three ranges: 10.0.0.0 thru 10.255.255.255, 172.16.0.0 thru 172.31.255.255 & 192.168.0.0 thru
192.168.255.255 the firewall only accepts IPv4 addresses at this time, contact the Savvis helpdesk if an IPv6 address is
required.
Each database in the SavvisStation Portal has an example .Net Framework connection string
under the General tab, the details in this string can be used to create other connection strings
like the examples below.
Note: The portal-provided connection string uses “?” for the username & password values. Each “?” must be replaced with
the actual username & password for the connection string to work.
If Database Mirroring is enabled for a database you will need to append the blue text at the end
of applicable examples below to your connection string using the appropriate Server Name and
TCP Port for the Mirror to take advantage of automated failover in your applications.
SQLCMD:
C:\>SQLCMD –Stcp:s123456sc8sql01.sdb.savvis.net,20101 –dmaster –Us123456sc8sql01.MyUser
–PmyPassword
Connection encryption:
All communication with Savvis Symphony Database’s Microsoft SQL Servers is protected with a
128-bit TLS/SSL certificate. The communication channel between the client and the server is
fully encrypted with this configuration, including the logon session. This encryption is forced
from the server-side and cannot be disabled.
The TLS/SSL certificate is a wildcard certificate for *.savvis.net, the parent domain of both
public & private namespaces to which the servers belong. Some clients do not support Wildcard
certificates when comparing the hostname of the server to the name of the server connection.
The workaround for client connections that experience this problem is to turn off encryption on
the client connectivity tool. This does not mean that encryption has been turned off; it just
means that the client does not require encryption which is not a problem as the server forces it.
Clients that do not support encryption will not be able to create a connection with the server.
Clients with this problem will need to be upgraded to a version that supports a TDS session over
TLS/SSL.
Databases: DML
All DML within a database is supported by Savvis at this time.
Databases: DDL
All DDL for a database is supported except ALTER, CREATE and DROP Database at this time.
2
If you do not login to SQL Server Management Studio with your Admin account you
will not see your databases in Object Explorer
3
When capacity is not available, but the datacenter can satisfy the request a migration of the
entire Symphony Database Compute Resource will be required which is an offline operation.
Note: when a Symphony Database Subscription is deleted its contents are unrecoverable, this includes backups, snapshots,
mirrors and databases. If you have inadvertently deleted your subscription contact the Savvis helpdesk immediately.
Note: the firewall must have at least 1 IP address or subnet at all times.
Note: When a login is deleted it permissions are also deleted and will no longer appear under a database.
When selected a popup will appear requesting the selection of the collation you would like to
change the database to.
Note: if you have a Database snapshot or Mirror you will not be able to add Files to database
until the mirror and snapshots have been removed.
SINGLE_USER: Only the first user to access the database with ownership rights can use the
database.
RESTRICTED_USER: Only database owners can access the database
MULTI_USER: All users can access the database
Note: When a database is in SINGLE_USER mode the SavvisStation Portal will provide limited functionality until the
database is placed into a less restrictive mode.
Note: When a database is in Read-Only mode the SavvisStation Portal will provide limited functionality until the database is
placed into Read-Write mode.
Database snapshots
Note: All users that are connected to a snapshot when it is being refreshed will be forcefully disconnected from the
snapshot.
Database snapshot refresh schedules can be created to refresh the snapshot every day or
specific days at an X time, or every 4, 6, 8 or 12 hours starting at X time and ending at Y time.
Restore Interval: [1, 2, 4, 6, 8, 12, or 24] - The number of hours between each Log
Shipping SQL job execution, starting at 00:00 UTC. For example, an interval of 4 would result
in the job running daily at 00:00, 04:00, 08:00, 12:00, 16:00, and 20:00 UTC.
Full Backup Retention: [1~90] - The number of days’ worth of full backups to keep in the
database’s backup folder. Each time the Log Shipping SQL job successfully executes it will
delete all full backups (.BAK files) with a header-embedded start time older than the current
time minus the configured number of days. Subsequent transaction log backups (.TRN files)
in the same backup set(s) are also deleted. Only 1 is required, but additional retention may
satisfy a business requirement or allowing greater point-in-time recovery flexibility.
Revert a database from a log shipping destination (DR mode) to online (Live)
In the “Disaster Recovery” tab of your Symphony Database Databases is the “Make Primary”
action. This action will restore any outstanding backups before proceeding to delete the
database’s Log Shipping Job and removing the database from Standby/Read-Only mode. The
names of any database users introduced via the provided backups will be pre-pended with their
resource group name (s123456dc3sql99.username) to ensure uniqueness.
In the “Disaster Recovery” tab of your Symphony Database Databases is the “Resume” action.
The antithesis of “Pause”, this action will re-enable the Log Shipping SQL job. All outstanding
backups will be processed at the next scheduled interval.
In the event that your request has an error you will see a failure message containing a ticket
number which can be tracked by clicking Support Cases Recent as shown below:
FTP is open to the internet from a firewall perspective, however when SFTP is not enabled for a
Symphony Database there is no attack surface. This is important as Savvis recommends
enabling SFTP access only when it is needed, and disabling it when not in use. Savvis does have
precautions in place to mitigate attacks ranging from account lockouts on invalid login attempts
and explicit home directory mapping to command filters, URL sequence filters and file type
filters.
If your company limits outbound access you will need to have your corporate or personal
firewalls updated to allow FTP over TCP port 21 to Symphony Database for the control channel
and TCP ports 5000 through 5999 for the Data channel. It is important to reiterate that this is
not plain FTP, and attempts to connect with traditional FTP are prohibited by Savvis’ systems.
Only FTPES is allowed making some traditional command line utilities inoperable for accessing
your Symphony Database. Because of this limitation with traditional command line utilities
Savvis recommends the use of FileZilla or WS_FTP for connecting to your Symphony Database
FTPES site.
Using FileZilla
This is a step by step guide on how to use the free FileZilla client to connect using FTPES to your
Symphony Database.
2. The “Username:” and “Password:” textboxes will be filled out with your username and
password for FTP access. The Username was emailed to you when SFTP access was enabled,
and the password was set when the account was created.
3. The “Port:” should be set to the standard 21
4. You are ready to connect, just click the “Quickconnect” button and accept the security
certificate.
Downloading files
The files on your local computer are in the left pane and the files in your Symphony Database
are in the right pane. It is important to note the following:
.TRN files are Transaction Log backups; these are only available when Database Mirroring is
enabled.
.BAK files are Full Backups
If you download a .TRN file make sure that you also download all of the .TRN files up to an
including the last .BAK file before the .TRN file you are downloading was created.
If Database Encryption is enabled you will need to download the last .CER and .PVK files that
were created for the database in order to restore the database outside of your Symphony
Database. The .PVK file is password protected and the password can be obtained from the
Savvis helpdesk through a support ticket.
WinSCP is the recommended free FTP client when utilizing Symphony Database’s MSSQL DR/Log
Shipping capability due to WinSCP’s scripting capabilities. Appendix E demonstrates an example
configuration using WinSCP to automate FTP uploads of backups.
Connect screen
1. In the “Host name:” textbox enter the domain name you are connecting to.
Uploading files
The files on your local computer are in the left pane and the files in your Symphony Database
are in the right pane. It is important to note the following:
Only .BAK and .TRN files can be uploaded into your Symphony Database
Only Microsoft SQL Server Native Backup files can be uploaded
Only Full, Differential and Log backups are supported at this time
All folders other than the \Archive folder have content retention policies deleting all contents
older than 4 days. If you need to keep a backup for more than 4 days it should be placed in
the \Archive folder.
If you have to make any network changes you should note the following:
The protocol is TCP
4
The destination address is the IP Address of your Symphony Database subscription
The destination port is the port of your Symphony Database subscription5
The source port is 1024 through 65535
The source address can be ANY, an IP Address or a Subnet
4
Available in the SavvisStation Portal under the firewall tab as “IP Address”
5
Available in the SavvisStation Portal under the firewall tab as “TCP Port”
FileZilla
http://filezilla-project.org/
WinSCP
http://winscp.net
Input Parameters
Parameter DataType Require Defaul Descriptio
d t n
@Database NVARCHAR(128 Yes The name
) of the
database
you want to
turn a trace
on for.
@TraceStopTime DATETIME Yes The time to
stop the
trace at
(must be a
future
date/time)
@TraceLevel INT No 0 A value of
(0,1,2,3,4)
that
represents
the trace
level to
invoke
@TraceMaxFileSiz BIGINT No 1024 The size in
e MB before
the trace
file should
be rolled
Trace Levels:
The following table outlines what each @TraceLevel value represents and the benefit of each:
Notes:
When a trace is running and after it has been stopped or finished the output of the trace can
be found in the FTPS site for your subscription under the folder with the name of the database
All trace files have a file extension of .trc and the date/time the trace was created in the name
of the file
If a trace file fills up to the @TraceMaxFileSize value, a new trace file will be created with a
number appended to the end of the file name
To view the contents of a trace you will need to stop the trace and open the file in SQL Profiler
or a similar tool that is capable of interpreting a SQL Trace
Requirements
Database backups have to be enabled for the database, otherwise the trace will not initialize
Only the .admin account for a subscription can enable, disable or change a trace
Caveats:
System databases (master, msdb, model, tempdb) are not available to run a trace against
Only databases in the connected subscription can have a trace enabled
If the SQL Engine is restarted the trace will not automatically restart
Every time a trace is created for the same database the .trc file name increments with the
date/time the trace was enabled
The trace file will be locked while the trace is running, and cannot be accessed until the trace
has stopped
Example 1:
The following example enables a standard trace
DECLARE @StopTime DATETIME = (SELECT GETDATE()+1)
EXEC master.dbo.SavvisDbTrace @Database='S123456_TestDB',
@TraceStopTime=@StopTime, @TraceLevel=1
Example 2:
The following example disables any currently enabled or running trace
DECLARE @StopTime DATETIME = (SELECT GETDATE()+1)
EXEC master.dbo.SavvisDbTrace @Database='S123456_TestDB',
@TraceStopTime=@StopTime, @TraceLevel=0
The procedure below assumes the portable version of WinSCP has been downloaded from
http://winscp.net and has been extracted to C:\LogShipping.
Before continuing, ensure the target database has been created and that FTPS has been enabled
via the portal. This action will also send an email which provides your FTP host & username,
used below.
Click “Login” to attempt a connection. Once connected for the first time, WinSCP may request
acceptance of the savvis.net certificate. If prompted, click “Yes” to store the certificate for future
use. Again, this is a one-time task.
# This script will upload any .BAK or .TRN files from D:\MSSQL\Backups\APPDB
# to the S123456_YOURDB folder in user S123456SC8SQL01’s home directory
# of FTP site sc8sftp.sdb.savvis.net if the files exist at the source but not the destination
#
option batch on
option confirm off
open S123456SC8SQL01@sc8sftp.sdb.savvis.net
synchronize -filemask="*.bak; *.trn" remote D:\MSSQL\Backups\APPDB \S123456_YOURDB
exit
The information contained in this document represents the current view of Savvis, Inc. on the
issues discussed as of the date of publication. Because Savvis must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Savvis, and Savvis
cannot guarantee the accuracy of any information presented after the date of publication.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting
the rights under copyright, no part of this document may be reproduced, stored in, or
introduced into a retrieval system, or transmitted in any form or by any means (electronic,
mechanical, photocopying, recording, or otherwise), or for any purpose, without the express
written permission of Savvis Corporation.
Savvis may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Savvis, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.