Reynaldo FadriSQL Server Portfolio

Phone: 818-373-9202Email: reynaldo.fadri@setfocus.comhttp://www.linkedin.com/in/rfadricasql

1

Table of Contents•Introduction. . . . . . 3•JungleBooks . . . . . 4•Library . . . . . . 8•PiggyBank . . . . . . 14•DBA Practicals . . . . . 19•Reporting Services. . . . . 22•BlockFlix . . . . . . 28•About Me. . . . . . . 34

2

Introduction•This portfolio contains examples of my development skills in MS SQL Server. It is a result of my work during a 13-week hands-on experience with The SetFocus Master’s Program.•SetFocus utilizes Microsoft Official Curriculum in conjunction with its own materials to produce some of the following coursework:

• RDBMS and XML•Querying using Transact SQL•Implementing and maintaining a MS SQL Server 2005 Database•Designing an MS SQL Server 2005 Infrastructure•Designing security for MS SQL Server 2005•Designing High Availability Database Solutions using MS SQL Server 2005•Troubleshooting and Optimizing Database Servers using MS SQL Server 2005•SQL Server Integration Services•SQL Server Reporting Services

3

•In addition to the coursework and programming labs, the program included challenging real-world projects where I have applied the skills experienced in class.

• Junglebooks is a book company which has a database consisting of books, authors, orders and customers.

• In this project a database diagram is given and a database is created according to the diagram.

• Fictitiously, we are working with an application programmer who is building a client application using .NET.

• We are asked to create queries for different forms of the application.

• For example, The Cheap Books form displays available books below a certain price. The user enters 15 in the txtUnitPrice form field. Return ISBN, title and publisher in order by title.

• The sample code would be …

4

JungleBooks

5

JungleBooks Database Diagram

6

Large Orders page from JungleBooks

The Large Orders page is a report displaying the largest number of items sold per order. Display the Order ID, Customer ID and Name along with the total number of items they ordered. Display the record with the largest quantity first. Alias as: “Order ID’, ‘Cust ID’, ‘Customer’ and ‘# of items’.

7

Search for Customers by Credit Card page from JungleBooks

The Search For Customers by Credit Card page allows the user to search for Customers by the last four digits of their credit card number. The user inputs ‘’7889” in the txtLastFourDigits form field. Return all information from the Customer table. Alias as: ‘ID’, ‘Name’, ‘CurrentAddress’, ’CardType’, ‘CardNumber’, ‘Expires’. In case you have different customers using the same credit card, order by Customer ID in ascending order.

8

Library

• The Library Database is created to support the principal functions of a lending library’s day-to-day operations.

• This database has been used for a couple of projects:– Create queries against the Library Database that returns

a number of results which uses string concatenations, different types of joins, UNION statements, CASE statements, Execution plan, date manipulation, and aggregate functions.

– Design back-end stored procedures that satisfy some of the functionalities of Library operations such as Add Adult, Add Juvenile, Check in a Book, Check out a Book, Add Book, Renew Membership, Change Juvenile to Adult, Update Adult. The procedures incorporated input validations and provides adequate error handling using TRY/CATCH.

9

Library Database Diagram

10

Sample Library Query 1Write and execute a query that returns member_no, firstname, lastname and sum of fine_paid for members who have paid the highest fines to date. Members should only appear once in the list. Display the highest fine first. If more than one member has paid the same amount display the records in order by member_no.

11

Sample Library Query 2Using joins and a UNION clause, write a query to retrieve a single list of members both adult and juvenile, who have reserved ISBN number 288. The list must include the ISBN, title, member_no and name (i.e.: Smith, John) of each member who has the reservation. Additionally, the list should indicate whether the member is an adult or a juvenile. Output the records by name.

12

Sample Library Stored Procedure 1Add A Juvenile member

13

Sample Library Stored Procedure 2Check Out Item

14

PiggyBank

• The PiggyBank Database simulates bank operations such as Overdraft Accounts, Customer and Accounts relationships, and Transactions.

• This database has been used for a couple of projects:– Create an Entity Relationship Diagram given some

specifications such as Overdraft Fees, Error Information when a transaction fails, Login Failures, and Customer/Account relationships.

– Design back-end stored procedures, DDL/DML triggers, parameterized stored procedures that select from views. Some of the actions created are Create/Update Customer, Create Checking/Savings Accounts, Deposit/Withdrawal Procedures, Simulate ATM Balances, Customer Account History (bank statements) and Use of Overdraft Accounts.

15

PiggyBank Database Diagram

16

PiggyBank Stored Procedure Example

Create a Deposit

17

PiggyBank DDL/DML Example

18

PiggyBank Stored Procedure Selecting from a view Example

19

DBA Practicals

• The DBA Practicals project are numerous examples and questions relating to Designing, Troubleshooting, Tuning and Optimizing Database Servers using Microsoft SQL Server 2005

• Here are some of the topics that I have worked on• Snapshot Restore

Scenario• Deleted Table Restore• Schemas• Statement Permissions• Ownership Chains• Execution Context• Data Partitioning• Developing an Archive

Plan

• Web Application using XML• Using Bulk Insert• Optimizing Queries• Securing SQL Server• Choosing Replication Types• Performance Counters &

Alerts• XML, X-Queries• Case Studies

20

1. You can mitigate code-injection attacks by doing the following:

• Constrain and sanitize input data - You can check for known good data by validating for type, length, format, and range.

• Use type-safe SQL parameters for data access – For example, you can use parameters with stored procedures or dynamically constructed SQL command strings.

• Use an account that has restricted permissions in the database – Grant execute permissions to stored procedures in the database and do not provide direct table access.

• Avoid disclosing database error information – Do not disclose detailed error messages to the user.

2. You can use SQL Server 2005 Surface Area Configuration tool to minimize the surface attack area for SQL services and components quickly.

3. You can secure the sa login by Using Windows Authentication Mode instead of Mixed Mode; disable the sa login (Status page under the Login Properties of sa); and assign a strong sa password. 4. To implement the principle of least privilege for Notification Services service accounts, a specific user account should be created with only the privileges that are needed to run Notification Services. If Notification Services is only running on the local server then use a local user account. If Notification Services is running on the network then use a domain user account. Using an administrator account, the Local Service account, or the Network Service account are not recommended. 5. When upgrading to SQL Server 2005, xp_cmdshell does not run anymore because it is disabled on new installations. It can be enabled from Surface Area Configuration for Features tool or by running sp_configure.

DBA Practicals – Securing a SQL Server Solution

21

DBA Practicals – For XML Explicit ExampleR

esu

lts:

Resu

lts:

22

Reporting Services

In the Reporting Services Project I have created SSRS Reports against the Library Database.

Here is a list of some of the reports created:

• Complete List of Books• Number of Copies per Title• Most Active Members• List of Books on Loan• Adult Member Detail• ‘Kids Club’ Report• Expired Memberships• Reference and Special Collection

Items• Current Fines for Overdue Books• Total Fines by Member

23

Design a “Most Active Members” (# of checkouts/loans per member) with report parameters for calendar month and calendar year. Use just the loanhist table for this report- however if you include current loans (from the loan table), 1 point EC will be granted.

Reporting Services – Most Active Members

24

Reporting Services – Adult Member Detail, Part 1“Adult Member Detail” report. Details about adult members: name, address, total number of active checkouts (loan table), with a drill down option for total fines assessed, total fines paid, total fines waived, and total due (for now- use loanhist only for this fine information). Please also include a hyperlink (drill through) to a second report showing any dependants and that displays each juvenile’s checkout/fine information (also via drill down). (Note: address information here is not necessary as it will be the same as the sponsoring adult in the Library database).

25

Reporting Services – Adult Member Detail, Part 2

26

Reporting Services – ‘Kids Club’ ReportDesign a “Kids Club” report. There is a special reading club (among many other such efforts) for 7 year olds, 8 year old, and 9 year olds. Design a report that displays all juvenile library members that belong within these three groups. Please distinguish between the three groups on the report by utilizing conditional expressions to implement an appropriate color scheme, and be sure to explain this scheme to the user in a legend. Creativity in naming such groups, and decorating the report would be appreciated. Please be sure that this report calculates a birthday by the given date- and not the datetime of the given birthdate.

27

Reporting Services – Current Fines for Overdue Books“Current Fines for Overdue Books.” A report for all overdue books, member name, and current fines due against books that have not been checked in (use the Loan table – don’t worry about fine information in the Loan History table) Calculate these fines as 25 cents per day.

28

BlockFlix

BlockFlix is our Final Group Project where I was honored to be Project Manager. This database implemented almost all I have experienced in the program. A Presentation was conducted by the group upon Graduation. The following are some of the specifications for the project:– The Database will be used to track inventory of movies, customers and

their membership types, and payments by customers.– Show a demo of inserting an XML file containing new releases into the

database showing Title, Genre, Rating, up to 3 actors, 2 producers, etc.– Each store has an individual database to keep track of local sales

information which is uploaded to the central database nightly via snapshot replication.

– Create reports for upper management and marketing department for lost/damaged movies, most rented movies, most active customers, list of customers in each membership type, etc.

– Research details in how to stream online video rentals and propose how to implement this for SQL Server 2005 as well as SQL Server 2008.

– Details on implementing partitioning, high availability, hardware considerations, users, groups, logins, permissions, roles, encryption, certificates, and application security features

29

BlockFlix Database Diagram

30

RESULTS“Before”

“After”

BlockFlix – Monthly Fee Stored Procedure

31

BlockFlix – Credit Card Encryption Code

Sensitive Data Encryption: Credit card number – Encrypted

Real card number – Not Directly Stored Only BFManager role can get the real number Encrypted card number is stored with symmetric /

asymmetric keys protection.

32

Central Database:4 Dell PowerEdge 2950 III Rack Server (Configured N+1 Clusters)– 2 Quad-Core Intel Xeon Processors 5400 series at 3.33GHz– 8GB 667MHz Dual Ranked DIMMs– Microsoft Windows Server 2008 Datacenter x64 bit– Microsoft SQL Server 2005 Enterprise EditionDell PowerVault NX1950– 6.75TB (450GB x 15 Serial Attached SCSI Hot Plug Hard Drives)– RAID 1+0 Configuration

Store Database:3 Dell PowerEdge 840 (Configured for Database Mirroring)– Implemented with High Safety Mode - Witness Server for Automatic

Failover STORE DATABASE - Database Mirroring – High Safety mode with Automatic Failover

CENTRAL DATABASE – N + 1 Cluster

BlockFlix – High Cost Hardware Proposal

33

BlockFlix – Video Streaming• SQL Server 2005 supports standard binary large object (BLOB) through varbinary(max) datatype.

• Issues with the varbinary(max) datatype in SQL Server 2005 was performance, maintaining transactional consistency between data, managing backup and restore and scalability issues.

• In SQL Server 2008, they introduced a new feature called, filestream.• FILESTREAM:

– An attribute/property to set on varbinary column so that the data is stored on the file system. (Binary data is stored as individual files outside the database.)

– Transact SQL statements apply– Limitation of 2GB file size on the varbinary(max) column removed– Filestream data is secured like other data, by granting permissions at the table or column levels.– Filestreams stored in the filestream groups.

• SQL Server 2005 supports standard binary large object (BLOB) through varbinary(max) datatype.• Issues with the varbinary(max) datatype in SQL Server 2005 was performance, maintaining transactional consistency

between data, managing backup and restore and scalability issues.

• In SQL Server 2008, they introduced a new feature called, filestream.• FILESTREAM:

– An attribute/property to set on varbinary column so that the data is stored on the file system. (Binary data is stored as individual files outside the database.)

– Transact SQL statements apply– Limitation of 2GB file size on the varbinary(max) column removed– Filestream data is secured like other data, by granting permissions at the table or column levels.– Filestreams stored in the filestream groups.

34

About MeGraduated with a Bachelors in Electrical

Engineering, I have pursued the Information Technology field in 1996. At the time, I have become a Certified Novell Engineer and worked with a CTS Group and Nat Sherman Inc. in the New York City.

Since then, I moved to Los Angeles and joined VivoRx Inc. in 1999. During this time, I obtained MCSE status. As a Systems Administrator, I have been working for VivoRx, AmCyte, and ReNeuron for almost 9 years. In this position I acquired the necessary skills to manage an IT infrastructure of a small biotech company. Although my primary responsibilities include maintaining servers, backups, and workstations in a Windows environment, I have implemented databases in SQL Server for scientists to use in scientific analysis. I have created functions, stored procedures, triggers, and other database objects in the back end, and designed forms and reports in MS Access for the front end application.

ReNeuron closed its Santa Monica branch in May of 2008 due to the economic slowdown. After looking for new opportunities in IT, I have decided to update my skills in SQL and enroll in the SetFocus SQL Masters Program.

I am looking for a SQL Database Administrator position where I can use my skills I have experienced with SetFocus in combination with my technical background with Windows Systems. I have a passion of working as database developer and currently pursuing learning programming languages such as .NET, which goes hand-in-hand with SQL.