Tuesday, December 19, 2006

SQl Server 2005 vs. Oracle 10g White Paper

As i have promised, At my company, CompuPharaohs (CPS), we have made up the two parts comparison into a PDF white paper.

To download it, please follow the following steps:

1-Copy and paste the following address at your address bar of your browser:

ftp://cpseg.com/cpseg.com/UploadedFiles

2- when prompt for username and password please type them as follows:
UserName : PdfDownloader
Password: Pdf@pdf@pdf

3 - Download the file named SQLvsOracle.pdf

You can freely download it

With complement of Ahmed Bahaa, and CompuPharaohs (CPS)

Saturday, December 02, 2006

SQL Server 2005 vs. Oracle 10g -Part2

5- Business Intelligence

5.1 Market shares and Rankings
In spite of the fact that SQL server 2005 has added many very powerful features to the its business intelligence feature group. SQL Server is considered the best integrated BI solution out of the box. The highly prestigious Intelligent Enterprises business magazine within its annual 2002 review, has ranked the MS SQL Server 2000 BI solution as the best BI solution allover the world. Actually, this shows that SQL Server has an old history in excelling the BI area.
According to a recent Paper published in Communications of ACM, (paper is available on the ACM digital library) SQL Server BI solution has been shown as the biggest market share for BI Market while Oracle has come in the Seventh place. The figure shown below shows the attitude of OLAP market share for both SQL Server and Oracle.





Figure 5: The market shares for different OLAP vendors till 2004

It is important here to mention that oracle always claims that they have the biggest market share in BI industry. Actually, this is inaccurate information because they use the revenue market share measure which is misleading for customer. If Oracle has the revenue leading market share then this is true because their solutions are very expensive not because they are the most widely used by enterprises.

5.2 Why SQL Server has the biggest Market Share?

Actually, this question could be answered in a book but the paper will try to answer this very quickly and shortly through representing the major reasons for that.

5.3 SQL Server 2005 BI Solution Advantages

The following is a depiction for the main advantages for SQL Server BI solution as an overall solution not for depicting the detailed features. This may need more detailed technical context that is out of the scope of this paper.

5.3.1 Data Warehouse and BI Phases coverage
SQL server delivers tool for every phase within the data warehouse building life cycle. In addition these tools could work independently and away of any data warehouse. For enterprises that don’t have real data warehouse but se OLAP for better decision support, Microsoft provide an easy to use solution with a broad range of tools. Figure 6 depicts those main tools for building a complete BI solution.




Figure 6:The SQL Server BI Tools

Figure 6 shows the set of services and tools that SQL Server provides out of the box. When the customer buy SQL Server 2005 he actually, buys all of these tools. For all other BI Tools vendors each of these tools is sold separately. Some very famous Data Warehouse and BI tools Vendors (e.g. Ardent Solutions) has built their business on selling just one of these products. At regular scenarios, any data warehouse needs to begin by Extraction, Transformation, and Loading (ETL) process. This process takes a place on what is called the staging area that maybe a relational DB. The Microsoft Integrations Services is responsible of accomplishing the ETL task. The Loading is done from the Staging area to the actual data warehouse where all historical resides. Actually the SQL Server Relational Engine is available to take the responsibility of holding huge data warehouses. Later in this paper, some references will be given for this context.. At most cases people needs to navigate through the data in a multidimensional fusion for better understanding about their own business data. That is why a multi dimensional database management system is needed in order to build and manage the data cubes. Actually, this is what Microsoft Analysis Services does. After building the required cubes and mining models, it is time to expose this for users. Microsoft provides the Reporting Service in order to achieve this by the users themselves without the need of bothering, or depending on the IT team all the time. Reporting Services integrates with the Visual Studio.net to build very complicated and powerful reports. Many Management tools are available for developing and customizing your BI tools and managing your Meta Data as well.

5.3.2 Cross integration out of the box

All the previously mentioned tools and servers are natively integrated together. No all only these tools are integrated together but also a broad range of Microsoft Tools and Servers. This includes; Microsoft Office, Microsoft SharePoint Portal Server, Microsoft Active Directory, Microsoft Map Point (for geo-spatial data), and many other servers.

5.3.3 Office integration

Actually the Microsoft Office integrates with the SQL BI solution by a unique way. This includes;
 Integration with Excel through, excel charts, pivot tables, and more.
 Integration with the Windows SharePoint Service for building a BI dashboard.
 Integration with Microsoft Office Business Score Cards for building score cards as well as balanced score cards for better KPI monitoring.

5.3.4 Broad Range of Data Mining Algorithms

Additionally, On Microsoft Analysis Service you can build whatever Data Mining models using the existing available seven algorithms in order to mine into broad range of problematic data. In addition to that, third party ISVs can develop algorithms that snap in seamlessly to the Analysis Services data mining framework. Depending on the data and the goals, different algorithms are preferred, and each algorithm can be used for multiple problems. In fact, this feature of developing new data mining algorithm is a very powerful feature that is not available at most of the data mining tools (Including Oracle tools).


5.4 BI Conclusion

The SQL Server BI solution is really far beyond Oracle BI solution

6. References and Case studies

The Following are some hints about some notable references for SQL Serve that should be highlighted here in order to show up its capacity:

6.1 Education and Research References

6.1.1 International References

 University of South Florida

The University of South Florida chose the Microsoft platform and SQL Server to build a complete Web-based student information system that extracts information from an IBM mainframe and other database systems throughout the 36,000-student campus, increasing scalability while also lowering total cost of ownership and development costs of the previous deployed solution. The Old available system was previously built on Oracle.

 The Henslow Research Group
Until recently, it has been believed that British naturalist Charles Darwin developed his theory of evolution in isolation, basing it on observations he made during his five-year voyage on the research ship Beagle from 1831 to 1836. However, an international research team based at Cambridge University in the United Kingdom, has used the analytical capabilities of Microsoft SQL Server 2005 to prove that one of the central tenets of Darwin’s theory is actually based on work by his mentor, J. S. Henslow. The Henslow Group examined fragile paper-based data collected more than 160 years ago and used the business intelligence (BI) capabilities of SQL Server 2005 to prove the importance of Henslow's work.

6.1.2 Local References
 Ministry of Education
The Thanwaya Amma result web based exposure project is one of the hot references and examples that show how much SQL Server is scalable, reliable, and available. During the night of launching the Tnahwaya Amma result for education year, more than 4 million users has hit the website in one night. The Performance was outstanding. This could be validated easily through asking Ministry of Education people.


6.2 Applications Related to the Education Domain

6.2.1 International References
 Barnes & Noble Giant Bookstores chain (Migrator from Oracle)
Barnes & Noble is a giant bookstores chain with 40,000 employees, and 4.5 Billion gross in 2005. “We Are currently Processing anywhere between 1 million and 3 million sales transaction records daily, and it take no more than 10 minutes to get the records into the data warehouse. That rate was not possible before” Said Eliot Gardner, the Data Warehouse project manager in Barnes & Noble.
Barnes & and Noble has already a previously implemented OLTP on Oracle, but moved to build there BI solution on SQL Server.

6.2.2 Local References
 IDSC and Helwan University
The Information and Decision Support Cabinet for Prime Ministry in Egypt (IDSC) has their newest version of their Library Management system from scratch using SQL Server 2005, and Visual Studio.NET 2005. They faced some problems regarding huge amount of fields that should be added based on DIWI categorization Library standard. Using The available out of the box XML support feature, they designed the books table to have a an XML field that contain an xml document for saving the not commonly used DIWI categorization data. The system is deployed now on Helwan University Central Library which is one of the Largest (if not being the largest) central library available in Egyptian universities (public and private) today.
Personal Contacts:
-Engineer Medhat Eltokhy, EALIS team leader, IDSC
-Engineer Medhat ElBakry, Applications Development CEO, IDSC.


6.3 Other References
 Verizon Communications
Verizon is one of the biggest two mobile as well as ground carrier in North America. They are operating a SQL Server database with a size of 50.7 Billion rows and it is expanding.

 United States Department of Agriculture (USDA)
United States Department of agriculture is responsible of about $1.24 Trillion, or 12.3% of the overall American GDP. USDA is one of the most rigid agricultural ministries all over the world. They have very firm standards for everything. USDA is running a 25 Terabyte Data warehouse on and SQL Server platform.

6.4 Other Local References
 Engineer Taha Shindy, The Information Center Manager, MCIT. :
Information center Manager has built and currently host the Arab League website using Visual Studio.Net and SQL Server.

6.5 SQL Server 2005 Fast Facts

According to study held in 2006 by Winter’s Corporation, about the database systems all over the world, the following findings has been produced:
 One of the top three largest OLTP databases in the world, by rows is running on SQL Server.
 Three of the largest OLTP databases in the world by volume are Running on SQL Server
 One of the Top Ten largest data warehouses in the world is running on SQL Server.
 65 percent of all SQL Server entries are at 2 terabytes or larger

Saturday, November 18, 2006

SQL Server 2005 vs. Oracle 10g -Part1

1- Information sources Background

1.1 Performance Tuning Corporation Background
Before getting into more details into this point, it is important to highlight who this company is. Performance Tuning Corporation is one of the largest corporates allover the world, who are interested in tinning the performance of the IT system for the major IT systems products. Its customers list contains; Oracle, HP, Dell, US Navy, US Marines, US Air Force, Verizon, Microsoft, and more…

1.2 Computer World Magazine
Computer world magazine is one of the most prestigious IT Magazines allover the world. It is more than 35 years old, and its editorial board consists of many very prestigious, very famous IT consultants.
1.3 Intelligent Enterprises Magazine
It is one of the top two magazines all over the world talking in BI and data warehouses. Its editorial board includes Ralph Kimball (the father of Data Marts), and Barry Devlin the builder of the oldest data warehouse known all over the world.

2-VLDB Enterprise Features

The most important features that any decision maker is highly interested to look for when taking a decision of buying certain VLDB (Very Large DataBase) are; availability, reliability, scalability, security, and performance. For VLDBs any weakness found in other features may affect the day-to-day operation of the system administrators, DB specialist, developers, or even the application for a while but, the weaknesses that could be discovered in the major features listed above here could be fatal as whole for utilizing certain VLDB. In fact, availability, reliability, scalability, security, and performance are the major reasons for any decision maker to use VLDBMS (Very Large DataBase Management System) instead of SDBMS (Small DataBase Management System). Based on that, this paper will concentrate at the beginning on these features.

2.1 Oracle RAC Marketing Materials Claims
Oracle Real Application Clusters (RAC) has been presented by Oracle as the one solution that addresses all scalability, performance, high availability requirements, at a lower cost than any other solution. Oracle claims that RAC running on a cluster provides the highest level of capability in terms of availability, scalability, and low-cost computing. According to Oracle claims, RAC is supposed to provide these benefits:

Availability: If a node in the cluster fails for any reason, Oracle RAC continues running on the remaining nodes. All the applications (users) connected to the failed node are transparently to be completed in 20 seconds.

Scalability: When more processing power is needed, new nodes can be easily added to the cluster, without having to modify the application or the database in any way. The load is redistributed so that it is balanced across all the nodes of the cluster. Oracle 10g R2 RAC supports up to 100 nodes in a cluster.

Cost Savings: : RAC reduces hardware cost by running applications just as efficiently on clusters of small (< 4 CPUs), standardized, low-cost commodity hardware as on the more expensive SMP systems. For example a 16 node cluster of 4 CPUs each costs significantly less than an equivalent 64 CPU SMP machine. There are a number of reasons for the price differential, including the fact that smaller boxes benefit from the economies of scale.2.2 RAC in a More Practical Look vs. SQL Server 2005

The following analysis is based on the Performance Tuning Corporation analytical comparison report:

There have been numerous heated technical debates about whether RAC really works as advertised. In depth technical analysis here maybe difficult to most of the readers to understand that is why the paper will try to unveil facts without getting into deep detailed technical matters.

2.2.1 Availability

Oracle RAC Availability

It is true that RAC offers a good solution for server failures. This solution could be implemented on the low cost commodity servers. This makes some cost reduction on the customer hardware budget (this doesn’t mean that RAC as a clustering solution is a cost saving solution, please refer to the part of the price comparison latter in this paper). The RAC architecture is depicted in figure 1 that is shown below:


Figure1: A typical 4-node RAC configuration

Figure 1 shows a typical 4-node RAC configuration. The Oracle RAC Database Servers run on all the nodes in the cluster. The data resides in the shared storage. All the nodes in the cluster have equal access to all the tables in the database. There is no notion of data being “owned” by any particular node. As a result data does not have to be partitioned, though very often it is partitioned to increase performance. Applications just connect to the RAC cluster, not to a specific node in the cluster; RAC distributes the load evenly across all the nodes of the cluster.

SQL Server Availability

Database mirroring is a new SQL Server 2005 technology for increasing database availability.
Database mirroring ships transaction log records directly from the primary server to a standby server, ensuring that at all times the standby is a mirror image of the primary database. Database Mirroring also quickly fails over to the standby server in the event of the primary server going down for any reason. You can code client applications to automatically redirect their connections so that in the event of a failover, they automatically connect to the standby database. While the precise time to failover depends on a number of factors, it is possible to failover in around 10 seconds (according to Microsoft materials, it could failover in duration between 3-5 seconds, but practical experiences says 10 seconds is more realistic number). Comparing the 10 seconds in SQL Server 2005 with the 20 seconds of Oracle RAC is something notable. The 10 seconds difference of waiting for high availability system may not be acceptable in many business domains users. SQL Server 2005 Database Mirroring does not require proprietary hardware and is easy to set up and manage. Mirroring supports a feature that is called client redirect. Mirroring architecture is shown in the figure below.





Figure 2: The SQL Server 2005 Mirroring Architecture

This feature enables system application to get automatically redirected to the mirrored server transparently if the session is dropped. This doesn’t need any changes to application code. This happens transparently because of that MDAC (Microsoft Data Access Component) is aware of Principal and Mirror servers. Upon initial connect to the Principal server, MDAC caches Mirror name. When client attempts to reconnect, if Principal is available, it connects to it, if not; MDAC automatically redirects connection to Mirror. It is important to mention here that the witness server, that is optionally used to make automatic failover, could be SQL Server Express which is free software. Moreover, the licensing model of Microsoft doesn’t charge for any standby server. Based on this, the standby server don’t requires extra license. There is an important piece of information that should be highlighted here which is that, Oracle claims that one of the most important features in Oracle that it supports clustering while SQL Server doesn’t. This is not true. Oracle has a clustering support because Oracle don’t have its own operating system. This is not the case for Microsoft. SQL Server is a Microsoft Product that runs always on a Microsoft Operating System (Windows). Clustering in Windows is supported by using the Clustering service of the windows. SQL Server doesn’t need to have its own separate extra layer for clustering instead, it integrated with the same vendor operating system to achieve this task without overwhelming the running sever with extra layers
2.2.2 Reliability
Oracle RAC Reliability
RAC by itself offers no protection against disasters or storage failures. RAC is based on shared-data architecture; therefore the storage is a single point of failure. If the storage fails for any reason, the whole cluster fails. Oracle offers DataGuard as the solution to this problem. DataGuard involves having one or more duplicate databases called “Standby” database. “Standby” databases are kept in sync with the “primary” using log-shipping technology. It must be noted that Oracle will charge full price for each “Standy”, so the total cost of an Oracle solution has to be multiplied by the number of standby databases. Away of the costing aspects, installing the Oracle DataGuard solution over the RAC that is installed over the Oracle 10g DBMS itself complicate the management and administration massively. It is widely known for all oracle products that when it comes to integration, Oracle products always suffer from many problems and difficulties.


SQL Server 2005 Reliability

It is apparent from the description above for the SQL Server 2005 mirroring feature architecture that SQL Server 2005 doesn’t work on a shared storage model. This solves the problem of single point of failure that could happen for the RAC solution without using the DataGuard solution. When the primary storage server failure happens the standby server with a complete another storage server failover and continue delivers system availability.


2.2.3 Availability/Reliability Comparison Conclusion

Both SQL Server 2005 and Oracle 10g can deliver a highly available solutions but, “SQL Server with Database Mirroring” can match the high availability capabilities of Oracle 10g RAC—at a substantially lower cost.

The above explanation shows that the Oracle RAC out of the box solutions is less reliable solution than the SQL Server out of the box solution. If DataGuard is added to the formula then, from technical point of view SQL Server 2005, and Oracle RAC delivers highly reliable solutions. It is important to highlight here that the Oracle DataGuard availability is based on a difficult to manage solution (this will be shown later.)

2.2.4 Manageability
Oracle Manageability
According to the Performance Tuning Corporation report, the Oracle RAC is very complex to get managed. The report stated that; RAC is an extremely complex piece of technology. Unless the complexity is reduced by an order of magnitude, RAC falls far short of its promise as a viable technology for the vast majority of database applications. Probably the single biggest reason to avoid RAC might be its complexity. The complexity associated with RAC is documented succinctly in “Real-World Challenges for Oracle RAC Implementation” paper (The paper is available in the following URL: http://www.linxcel.co.uk/Whitepapers/RealWorld%20Challenges%20for%20Oracle%20RAC%20Implementation-Issue%201.pdf). (i.e. linxcel is a famous Oracle partner that is specialized in delivering Oracle and Java Professional services in Europe.)
Here are the main problems in RAC manageability:

RAC requires Application and Schema Design Changes

Contrary to Oracle’s claims, according to many experiences has been that applications (and the associated database schemas) have to be specifically designed (or modified in the case of existing applications) in order to get them to perform on RAC. The nature and extent of the changes depends on a number of factors including the size of the clusters, the nature of the application (OLTP or DW), the speed of the cluster inter-connect and transaction volumes. Very often data has to be partitioned, especially tables that are hotspots.

RAC requires special storage solutions
Oracle RAC cannot run on a regular file system i.e. the file systems that usually ship with operating systems. Oracle RAC either works directly on raw devices or requires a clustered file system. This Includes:
¢ Oracle Cluster File System (OCFS)
¢ Oracle Automatic Storage Manager (ASM)
Due to the inherent complexity of using RAW storage devices, Oracle recommends OCFS or ASM, with more emphasis on ASM lately. While ASM has many interesting capabilities, it is very complex to manage and administer—it is a full-blown instance of Oracle requiring significant DBA time and skills to manage. Furthermore ASM is a proprietary file system; most of the backup & restore, diagnostics, monitoring and performance tuning tools that you are currently using will not work with ASM.

RAC is Composed of Many Components

Actually RAC into itself is composed of many several components:
¢ Global Cache Services (GCS)
¢ Cluster Read Service
¢ Automatic Workload Management
¢ Virtual Internet Protocol
¢ Oracle Cluster Registry


Patching RAC is difficult
Patches for RAC come in two flavors—those that can be applied one node at a time and those that need to be applied to the entire cluster at once. In the former case only the node to which the patch is being applied has to be down; the rest of cluster is functioning. In the latter case the entire RAC cluster has to be shutdown, thereby making the entire database unavailable. An analysis of Oracle’s patches shows the majority of the patches belong to the latter category. In this case Oracle recommends a very complicated technique for “rolling upgrades” that involve two standby RAC clusters connected with Oracle Data Guard.

Tuning RAC is Complex
The complexity of RAC and the numerous moving parts involved in a RAC setup makes it hard to debug and tune. In addition to all the things that a DBA needs to know to tune an Oracle database, with RAC a DBA has to take numerous other factors into account including interconnect traffic, inter-connect latency, pinging of data blocks between nodes, disk I/O for each of the nodes, table hotspots etc. Here is just a partial list of some of the workarounds that Oracle has suggested to get around the performance issues with RAC.
§ Assign transactions with similar data access characteristics to specific nodes, by partitioning users and applications.
§ Create data objects with parameters that enable more efficient access when globally shared.
§ Avoiding sequences as hotspots by creating node-specific staggered sequence ranges.
§ Reduce the number of rows-per-block (RPB) in order to reduce page contention.
§ Use as few indexes as possible to reduce intra-node pinging of index blocks.
§ Pre-allocate space by turning on dynamic space management.
§ Use reverse-key indexes to reduce index-page hotspots. This has the undesirable side-effect of eliminating the ability to use index-scans.
§ Design indexes such that the clustering factor is as close to the number of used blocks as is possible.

The list is based on content from the book “Oracle 10g and Real Application Clusters”. These are very complex tuning recommendations, requiring a deep understanding of the inner-working of the Oracle database management system. The book summarizes the situation quite aptly when it
says, “This may seem perplexing, since some of the suggestions are contradictory”!


SQL Server 2005 Manageability

MSSQL 2005 administration is as simple as every Microsoft product administration with a nice GUI and only a few parameters required a manual change. The major Goals for the SQL Server 2005 manageability focus on some main objectives to achieve. These objectives are listed below:
§ Integrated Management, Rich UI
§ Scale down time/effort for common management tasks
§ Server Transparency
§ Everything to be scriptable

SQL Server has many very easy to use management tools to do whatever administration task you need. This includes;

SQL Server Management Studio

§ This tool delivers integrated management environment for all SQL Server products including;
§ Relational DB
§ Analysis Services
§ Reporting Services
§ Notification Services
§ SQL Mobile
There are many tools that comes with MS SQL Server 2005 for manageability, Performance tuning, security analysis, and troubleshooting and diagnostics.




Manageability Conclusion

According to what is depicted above from much neutral technical comparison it could be discovered without any doubt that MS SQL Server is more manageable than Oracle enterprise solutions.
2.2.6 Scalability and Performance

Scalability is one of the most important enterprise features in any VLDB.
Oracle Scalability and Performance
It would appear that Oracle RAC has the edge here. Oracle 10g RAC R2 can support up to 100 nodes. Oracle does not specify whether there are any limitations on the number of CPUs per node. Therefore, in theory, Oracle RAC can scale beyond 64 CPUs. However, it must be noted that Oracle has not demonstrated publicly that Oracle RAC can scale beyond 64 CPUs. The largest TPC-C benchmark with Oracle RAC has 64 CPUs—a 16 by 4 cluster. The largest RAC installation widely known is a 64-CPU at Amazon, also a 16 by 4 cluster.
Oracle Claims that Oracle can scale out and always concentrate on scaling out rather than scaling-up. The main advantage of the scale-out solution of oracle is that it depends on low cost commodity servers. Oracle tries to promote this, claiming that this is a more cost effective solution (a more detailed look will concentrate on this).

SQL Server 2005 Scalability and Performance

Scaling Up With SQL Server 2005
SQL Server 2005 has proven that it can scale to 64 CPUs on a single SMP server. Interestingly, at some benchmarks, SQL Server 2005 has a better performance and price/performance than Oracle 10g RAC for 64 CPUs as can be seen from the table below.






Table 1 A TPC benchmarks for SQL Server 2005 and Oracle 10g

These two TPC-C benchmarks clearly demonstrate that that on a system with 64 CPUs, SQL Server 2005 can outperform Oracle 10g RAC, and is more cost effective.
It is important here to highlights that today the largest SMP server has 64 processors and can run over 99% of the world’s real-world applications! According to Winter Corp’s Annual Survey9 of the largest databases in production today, the largest OLTP and Data Warehousing database run on SMP servers, not clusters.


Scaling Out with SQL Server 2005
You might still prefer the scale-out architectures for the following reasons.

§ Some companies have standardized on commodity servers (e.g. Plate Servers), refusing to deploy medium or high-end SMP (Symmetric Multi-Processing) servers. Typically these companies have standardized on vendors such as Dell who do not offers servers with more than 4 processors.
§ Some customers have a highly distributed architecture that does not lend itself very well to large centralized SMP servers.
§ Some customers are uncomfortable with the a64 processor limit of SMP servers, even if the servers meet their current requirements. They want to know that their database can scale beyond 64 CPUs if the need arises in some distant future.

SQL Server 2005 offers a choice of scale-out technologies. Unlike Oracle, which is single mindedly pushing RAC as the only viable scale-out architecture, Microsoft has taken a more nuanced approach, offering multiple scale-out technologies. Each of these technologies has its own advantages and disadvantages. You should pick the technology that best meets you business requirements. The following are four scale-out strategies with SQL Server 2005.

§ Service Oriented Database Architecture (SODA)
§ Shared Scalable Database (SSD)
§ Peer-to-Peer (P2P) Replication
§ Data Dependent Routing
Getting in more details regarding these strategies is out of the scope of this context.




Scalability Conclusion
SQL Server is as scalable as Oracle 10g R2. They are peers. At some cases SQL Server can outperform Oracle 10g. Moreover, it delivers scale-up as well as scale-out solution in less cost than Oracle 10g.




2.2.5 Security

This is one of the peaking points for SQL Server 2005 over Oracle 10g. For years Microsoft products have suffered from security issues but, nowadays this doesn’t apply anymore. Microsoft has focused during the last couple of years in increasing the quality all its products from the security point of view. Bill Gates has launched and implemented an initiative to deliver a one week training for all Microsoft Campus developers (20,000 + developers). The training subject was (how to write a secure code). Moreover, Microsoft translates analyze every discovered security hole and learn lessons of it and transform this in a bad programming practices should be prohibited to be done by any Microsoft developer. The following are some very prestigious information sources that made a neutral comparison between SQL Server 2005, and Oracle 10g. As will be seen all of them depicts that SQL Server 2005 is more secured far beyond Oracle, and that one of the major advantages of SQL Server 2005 over Oracle 10g is Security.

2.2.5.1 David Lachfield Paper

David Litchfield who is one of the famous security specialists all over the world who used to criticize Microsoft for its poor security products has written a paper titled “Which database is more secure? Oracle vs. Microsoft”















Figure3: The number of security flaws in the Oracle and SQL Server


According to David’s paper, Figure 3 shows the number of security flaws in the Oracle and MS SQL Server database servers that have been discovered and fixed since December 2000 until November 2006. Each block







Figure 4 flaws that have been discovered by external security researchers in in Oracle 10g R2 and SQL Server 2005

According to David’s paper too, these two graphs indicate flaws that have been discovered by external security researchers in both vendors’ flagship database products – namely Oracle 10g Release 2 and SQL Server 2005. No security flaws have been announced for SQL Server 2005.
David has stated verbally that:

It is immediately apparent from these four graphs that Microsoft SQL Server has a stronger security posture than the Oracle RDBMS. Later at his paper he stated, SQL Server code is more secure than Oracle code. He expected that even if oracle have approached fixing these security bugs they may not be able to finish fixing them before end of 2007 or 2008!!

David said that he think the secret behind this gap between Oracle and SQL in the recent products is the Microsoft’s Security Development Lifecycle which is not as same security oriented as Oracle – SDL. SDL is far and above the most important factor. A key benefit of employing SDL means that knowledge learnt after finding and fixing screw ups is not lost; instead it is ploughed back into to the cycle. This means rather than remaking the same mistakes elsewhere you can guarantee that new code, whilst not necessarily completely secure, is at least more secure than the old code.
He added that, Oracle keep making the same basic mistakes and that some of their security “fixes” indicate that they don’t understand the problems they’re trying to fix.

Note: The Whole paper is downloadable from the following URL:
http://www.ngssoftware.com/research/papers/comparison.pdf


2.2.5.2 The Computer World Business Magazine

On 19th October 2006 the 35+ years old very prestigious IT business magazine-ComputerWorld- has published an article titled (Let's give Microsoft SQL Server some credit) In which the author has declared that at the same time that SQL Server proofs his powerful security level, Oracle began to suffer massively from security vulnerabilities. He rooted this to the difference in the SDLC of Microsoft as well as Oracle. The article is available for public at the following web address: http://www.computerworld.com/blogs/node/3778




2.2.5.3 The Common Vulnerabilities and Exposures (CVEs) Website (http://cve.mitre.org)

CVE is A list of standardized names for vulnerabilities and other information security exposures - CVE aims to standardize the names for all publicly known vulnerabilities and security exposures
The content of CVE is a result of a collaborative effort of the CVE Editorial Board. The Editorial Board includes representatives from numerous security-related organizations such as security tool vendors, academic institutions, and government as well as other prominent security experts. The MITRE Corporation maintains CVE and moderates Editorial Board discussions.

At the time of writing this paper, the reported common CVEs for SQL Server 2005 are just four while they exceeds 40 for Oracle 10g. This could be validated through checking the following URLs;
Oracle
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Oracle+Database

SQL Server
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Microsoft+SQL+Server

Important Note:
It is important to mention here that these two URLs contain all known CVEs for both products across all their versions.
Security Conclusion

According to all reports, papers, and articles above, with a high level of confidence it is clear that SQL Server is more secured far beyond Oracle 10g. Some neutral parties like the famous security expert; David Lachfield, the prestigious IT Magazine; Computer World, and Enterprise Strategy Group considered Microsoft, with proper execution, years ahead of Oracle in producing secure, and reliable database solutions.

2.2.7 Cost

In spite of the fact that Oracle claims that its hardware requirements costs less, when it comes to calculate the overall budget that is needed for an overall oracle solution (on less expensive commodity servers) you will find it more expensive than the overall MS SQL Server 2005 solution. It is true that the single high-end SMP servers that MS SQL Server 2005 requires is more expensive than the commodity servers that oracle requires but, let us calculate the hole payment:

Oracle: $40,000 (Oracle Price) + $25,000 (RAC Price) + $18,000 (the cheapest commodity server available) then, The total of Oracle solution on the Least expensive commodity server is 78,000$ per processor

MS SQL Server 2005: $25,000 (SQL Server Price) + $50,000 (The most expensive known high-end server) then, the total of SQL Server solution on the most expensive high-end server is $75,000 per processor.

Important note:

We are using the publicly available list prices for both Oracle 10g and SQL Server 2005. It is quite likely that academic as well as governmental accounts don’t pays full price for either product. However that does not change the relative pricing differential between Oracle and SQL Server 2005.
Cost Conclusion
Oracle on the cheapest commodity server is more expensive than SQL Server solution
If the claim that the Oracle required hardware solution costs less considered true then, it should be phrased as it cost less for Oracle benefit not the customer benefit. Simply because, Oracle, not the customer, who gets the difference and more.














Wednesday, November 08, 2006

SQL Server 2005 vs. Oracle 10g -An important introduction

This is something I have decided to do because I thought it is must and obligation on us as a Microsoft society to do.

A month a go, my friends in Microsoft Egypt has asked us to help them in comparing SQL Server 2005 to Oracle 10g as neutral consultants. They asked us to do so transparently, and honestly. This was because of that there was an important regional account who was about to take a decision to oracle 10g. I have accepted the request and began to prepare for this meeting not only as a technician but also as an academic guy. Actually, this makes difference because academic guys evaluate things by a rational and more scientific way, and according to non fuzzy results. I decided that this comparison should be posted to be used by many people who search for such a comparison. Actually, I have found during my work a whitepaper that has been previously published by an Oracle Partner Called WisdomForce.
For people who have read this paper, or may find it and read it later, please take in considerations the following facts:

1-The most recent version of this paper(version 1.2) has been published in November 2004 (when SQL Server was in Beta phase as much as i remember it was in beta2 phase). Based on this, many of the criticism that is done to SQL Server 2005 was done for the beta version that has massively enhanced in final release.

2-As evidence that this paper is not accurate into it is criticism is that it is talking about some SQL Server Obsolete products like DTS!!!!

3-Another evidence that this paper was not talking about SQL Server 2005 that it mentioned clearly that they are talking at specific points about SQL Server 2000, and even 7.0 sometimes!!!! (Why?!)

4-Wisdomforce has promised to launch another updated version later but they haven't up till the time of writing these lines.


Actually if you searched the Web, most probably you will find people talking about this white paper while it is not that accurate. Moreover it doesn't really talks about SQL Server 2005. Instead, it may talk about earlier version of this wonderful product.

According to all of that I decided to post our neutral prepared white paper in a series. For those who are interested to read it all, you can download the .PDF version of it that I will make it available at the end of this series.

Wednesday, November 01, 2006

VSTS At a Glance

Actually this is a composed of my first post about VSTS.

I have received a request from My friend, sherif Eltony (The ISV Evangelist in Microsoft Eastern Mediterranean) to make this composed version so, it could be read faster and easier.
I hope that it fulfill this requirement:
1-The Visual Studio Team Edition for Software Developers

Nowadays, software development tasks get more complicated. In a complicated development environment, developers need to build their application by easy way in order to be concentrating on the complicated business logic. Moreover, they need some tools that help them to test their applications before delivering it to the testing team.

This Edition empowers the developers with the following capabilities:
-Class Designers: for Building class graphically instead of writing it by code.
-Unit Testing: Generate necessary code for automating the test without the need to make the developer lose his time to make these tests manually. Unit tests can get its test data from a database. This feature can test lots of scenarios at no time.
-Code Coverage: Unit tests can insure that the known scenarios have been passed by the written code. But it doesn’t ensure that the scenarios covered the whole code. Code coverage can show the tested code colored. The fully tested code will be shown one color. The partially tested in a second color, while the not tested code is shown in a third color. This feature can eliminate the bugs that arise after deploying the solutions on the customer side. Moreover it can lead to a 100% tested code.
Static Code Analysis: Static code analysis can help team to write better object oriented code. Better standardized code, better code style that obeys to Microsoft design best practices, ..etc.
Performance Analyzer:
Performance Analyzer can help developer to optimize the performance of their application by reporting which functions are called most of the times, which function take long time to get executed,…etc.
2-Visual Studio Team Edition for Software Testers

This Client is directed to the testers. Using this edition of VSTS tester can perform the previously explained Units testing, Code Coverage, Static Code Analysis, and Performance Analyzer. In addition to that, this edition integrates with separate module which is Load agent module that enables the tester to perform what is called load test. Load tests are very important in order to test how my website will behave in front of huge amount of users. This feature is very important for corporations who build web systems that are exposed to customers for public on the web.
3- The Visual Studio Team Edition: Software Architect:

The problem that usually arises for architects is that each of the two architect types (Application, and infrastructure) works in an isolation of the other. The Application architecture may build his application to work on certain operating system (e.g. Win2003 SP1) while the infrastructure architect is not designing his network for this operating system (Use Win 2000). This may lead to a lot of deployment problems that couldn’t be caught before the deployment time. Problems of this kind may lead to disasters that may result in the whole project failure. The Visual Studio Team Edition for Software architects solve the architectural problems like this by empowering the architect with a graphical designer that make both architects capable of building his architecture graphically and then validate both of them based on the other.

Visual Studio Team Edition for DB Professional

Actually, this is the most recently released version of VSTS edition. This edition is delivering a broad range of capabilities to the database professionals. This includes:
Managing Database Objects and Schemas as Version Controlled Items
Importing Schemas from a existing DB
Comparing Schema changes
Generating Data
Compare Data between Different Data Sources
Generating DB Unit Tests

4-Microsoft Team Foundation Server
The team foundation server is the server through which all clients can communicate. For project managers it is very important to utilize the Team foundation Server (TFS) capabilities. These capabilities permit many important features for the team this includes:
Source and Version Control
This enables more control over the source code. This control can secure the source code in a centralized secured server, not on the client computers of developers.
Check In Policy
The Project Manager can define polices for all work that will be performed by certain team within certain project. This may include not being able to upload the source code unless passing certain tests. Moreover, it can enforce developers to apply design best practices to their code.
Build Automation
By this feature, the team can have at each night a complete build for the project that yields to a stable version of the system everyday. Build history reports are generated too.
Team Reporting
The Team Foundation server empowers the project manager with more control on the team by presenting a large set of predefined reports about the project status, remaining work, number of bugs,….etc.
Work Item Monitoring
Each Work Item could be tracked by means of its status. Who has gotten assigned with? Whether is it bug, risk, or regular task?
Team Portal
Once a team has been created on the team foundation server, a new portal is automatically generated to enable different members to communicate together. The Portal contains the required documentation, and the project status reports.
Process implementation
Team foundation Server can help the team to apply the MSF CMMI standard process to be able to get certified as CMMI team fast. It provides them with the documentation.
Extensibility capability
Tam foundation server is open for process modification. If certain team has different process than the MSF process to apply, the team can define the process by simple way.
Moreover, if the project manager needs to see more reports about the performance of the team, it is not a hard task to build his own extra reports.

Microsoft Excel and Microsoft Publisher Support

Excel and Project are the 4th, and 5th clients that could work within the Team System. With their easy to use interface new assignments could be granted for different team members.

Conclusion

Visual Studio Team System (VSTS) can help any software team by the following ways:

1-Empowers the manager with a good control level on what is going on the project. This happen through delivering a rich status reports about the project tasks

2- It helps the team members to increase the quality of their products by applying advanced testing techniques. e.g. Units tests, Web Tests, and Load Test

3- It helps to increases the overall team quality by enforcing process standards that can lead to getting certified as CMMI.

4- It increase the productivity of the overall team by establishing an automated communication channels between them subsequently saving their times to perform their architectural, development, and testing tasks.

5-VSTS is the least product by means of cost and Total Cost of Ownership (TCO) in comparison to other tools of other companies (i.e. IBM Rationale Clear Case Suite).

Tuesday, October 31, 2006

What is VSTS

As one of the Evangelism team of the Visual Studio Team System that works tightly couple with the DPE team of Microsoft Egypt, I feel that there is a self obligation to write about VSTS here. People who have time to read about 6-pages article about this subject are highly recommended to read this article. I will put another summerized one (about 3 pages) and i will call it VSTS in a Glance for people that needs something smaller to read.

Visual Studio Team System Overview

VSTS is a software development team integration and collaboration tool. It consists of 5 clients and one server in addition to the load agent and the usage of MS Excel, MS Project and Internet Explorer as extra clients.

Visual Studio Team System is based on the Visual Studio Professional Edition in addition to more the team integration features. These features help the Project Managers, Infrastructure Architects, Application Architects, Developers, and Testers to perform their tasks by a higher quality in a standardized way.

The following is a block diagram that shows the Visual Studio Team System:




As it is clear above there are Tree clients:

1-The Visual Studio Team Edition: Software Architect:

This edition I directed to the Software Architects. Usually, there are two kinds of Architects. The first type is the Infrastructure Architect. Infrastructure Architect is the one who is responsible of defining the network zones, security, operating systems, firewalls, ..etc. The second type is the Application Architect. This type of architects is responsible of defining the architecture on which the application will be built. This includes; Platform used (web/ windows/ Smart Devices), client server/Three Tiers, N-Tiers, Component architectures (COM+, .NET dlls, XML Web Services), ..etc.

The problem that usually arises here is that each of the two architects works in an isolation of the other. The Application architecture may build his application to work on certain operating system (e.g. Win2003 SP1) while the infrastructure architect is not designing his network for this operating system (Use Win 2000). This may lead to a lot of deployment problems that couldn’t be caught before the deployment time. Problems of this kind may lead to disasters that may result in the whole project failure. The Visual Studio Team Edition for Software architects solve the architectural problems like this by empowering the architect with a graphical designer that make both architects capable of building his architecture graphically and then validate both of them based on the other.


2-The Visual Studio Team Edition for Software Developers

Nowadays, software development tasks get more complicated. In a complicated development environment, developers need to build their application by easy way in order to be concentrating on the complicated business logic. Moreover, they need some tools that help them to test their applications before delivering it to the testing team.

This Edition empowers the developers with the following capabilities:

-Class Designers: for Building class graphically instead of writing it by code.
-Unit Testing: Generate necessary code for automating the test without the need to make the developer lose his time to make by his hand the test each time. Unit tests can get its test data from a database. This kind of tests (Data Driven Tests-DDT) can test a lot of scenarios very fast.
-Code Coverage: Unit tests can insure that the known scenarios have been passed by the written code. But it doesn’t ensure that the scenarios covered the whole code. Code coverage can show the tested code colored. The fully tested code will be shown one color. The partially tested in a second color, while the not tested code is shown in a third color. This feature can eliminate the bugs that arise after deploying the solutions on the customer side. Moreover it can lead to a 100% tested code. This is very hard to achieve by the normal visual studio tools. The following figure depicts how the code coverage result is shown to the developer.


Static Code Analysis: Static code analysis can help team to write better object oriented code. Better standardized code, better code style that obeys to Microsoft design best practices, ..etc. The rules, on which the static code analyzer test the code based on, can be extensible to include more rules than those who are built in.

Performance Analyzer:

Performance Analyzer can help developer to optimize the performance of their application by reporting which functions are called most of the times, which function take long time to get executed,…etc. Performance analyzer is utilizing to mechanism to accomplish its task. The first mechanism is the sampling. Sampling doesn’t consume a lot of time to have but at the same time it scans the whole code to generate its report. To have more detailed reports it is preferable to use the second mechanism which is Instrumentation. The following figure depicts how the one of the reports that are generated by the performance analyzer



3-Visual Studio Team Edition for Software Testers

This Client is directed to the testers. Using this edition of VSTS tester can perform the previously explained Units testing, Code Coverage, Static Code Analysis, and Performance Analyzer. In addition to that, this edition integrates with separate module which is Load agent module that enables the tester to perform what is called load test. Load tests are very important in order to test how my website will behave in front of huge amount of users. This feature is very important for corporations who build web systems that are exposed to customers for public on the web.

4-Microsoft Team Foundation Server

The team foundation server is the server through which all clients can communicate. For project managers it is very important to utilize the Team foundation Server (TFS) capabilities. These capabilities permit many important features for the team this includes:

Source and Version Control

This enables more control over the source code. This control can secure the source code in a centralized secured server, not on the client computers of developers.

Check In Policy

The Project Manager can define polices for all work that will be performed by certain team within certain project. This may include not being able to upload the source code unless passing certain tests. Moreover, it can enforce developers to apply design best practices to their code.

Build Automation

By this feature, the team can have at each night a complete build for the project that yields to a stable version of the system everyday. The build will be accompanied with group of reports that describes the build history of the application.

Team Reporting

The Team Foundation server empowers the project manager with more control on the team by presenting a large set of predefined reports about the project status, remaining work, number of bugs,….etc.

Work Item Monitoring

Each Work Item could be tracked by means of its status. Who has gotten assigned with? Whether is it bug, risk, or regular task?


Team Portal
Once a team has been created on the team foundation server, a new portal is automatically generated to enable different members to communicate together. The Portal contains the required documentation, and the project status reports.

Process implementation

Team foundation Server can help the team to apply the MSF CMMI standard process to be able to get certified as CMMI team fast. It provides them with the documentation.

Extensibility capability

Tam foundation server is open for process modification. If certain team has different process than the MSF process to apply, the team can define the process by simple way.
Moreover, if the project manager needs to see more reports about the performance of the team, It is not a hard task to build his own extra reports.

Microsoft Excel and Microsoft Publisher Support

Excel and Project are the 4th, and 5th clients that could work within the Team System. With their easy to use interface new assignments could be granted for different team members.

Conclusion

Visual Studio Team System (VSTS) can help any software team by the following ways:

1-Empowers the manager with a good control level on what is going on the project. This happen through delivering a rich status reports about the project tasks

2- It helps the team members to increase the quality of their products by applying advanced testing techniques. e.g. Units tests, Web Tests, and Load Test

3- It helps to increases the overall team quality by enforcing process standards that can lead to getting certified as CMMI.

4- It increase the productivity of the overall team by establishing an automated communication channels between them subsequently saving their times to perform their architectural, development, and testing tasks.

5-VSTS is the least product by means of cost and Total Cost of Ownership (TCO) in comparison to other tools of other companies (i.e. IBM Rationale Clear Case Suite).

Sunday, June 18, 2006

WinFx name has changed to be .NET Framework 3.0

It's official: Windows Communications Framework (Indigo) + Windows Presentation Framework (Avalon) + Windows Workflow Foundation (WinOE) + InfoCard (now known as Windows Cardspace) = .Net Framework 3.0. If you want a shorthand way of describing .Net Framework 3.0, it's the new Windows programming model that commences with Windows Vista.
On June 9, company officials disclosed the latest name change.
Microsoft has decided to avoid any confusion in the naming scheme for its core developer technology and is renaming it in an effort to better reflect the direction the company is pursuing.

Microsoft is making a move to rename WinFX to the .Net Framework 3.0.
WinFX is a programming model for Vista and is the follow-on to Microsoft's Win32 technology.
.Net Framework 3.0 consists of the .Net Framework 2.0, WCF (Windows Communication Foundation), WPF (Windows Presentation Foundation), WF (Windows Workflow), and InfoCard—now known as WCS (Windows CardSpace) as part of the renaming scheme.

According to the Microsoft Internal news, Windows Vista will be released for public users next January (Jan 2007) while being availalble for Enterprise accounts as early as October 2006.

Most of the Microsoft developers community is amazed from the WinFX new name (.NET Framework 3.0). They see that it was not an appropriate strategic move from Microsoft to launch two major versions of .NET framework in less than one year.

In contrast, I think it is a perfect move from Microsoft that shows how much this team has a very good plans.

I will talk about this very soon here but not now, as I should go to prepare for my Tomorrow Session (What is new in Windows Vista and .NET Framework 3.0) that will be held at Microsoft Egypt at 9:00 am.

Anyways, people who will attend will hear my comment about the rebranding issuee Live :)

see you later