DBMS files critical for DBMS recovery should be stored on RAID or other high-availability storage devices.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15119	DG0114-SQLServer9	SV-24100r2_rule	COBR-1	Medium

Description
DBMS recovery can be adversely affected by hardware storage failure. Impediments to DBMS recovery can have a significant impact on operations.

STIG	Date
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide	2015-06-16

Details

Check Text ( C-20466r2_chk )
Interview the System Administrator to determine if Failover Clustering is employed on the DBMS host and that SQL Server is using Failover Clustering. If the SQL Server instance employs Failover Clustering, this check is Not a Finding. If the instance employs other high-availability redundancy host or DBMS clustering, this check is Not a Finding. Failover clustering requires configuration of Microsoft Cluster Services (MSCS) to be running on the host (if available). View Services on the host to verify the service is active. Further, verify the Failover Cluster configuration by confirming that the MSCS service account has SYSADMIN privileges in the SQL Server instance. Review the file and disk storage specification for the SQL Server databases. From the query prompt: SELECT name FROM [master].sys.databases WHERE state = 0 Repeat for each database: USE [database name] SELECT physical_name FROM sys.database_files WHERE type_desc = 'LOG' Review the host disk system configuration. 1. Start / Administrative Tools / Computer Management 2. Expand Storage 3. Select Disk Management If the Layout column for the identified volume does not display type "mirror" or "RAID-5", this is a Finding.

Check Text ( C-20466r2_chk )

Interview the System Administrator to determine if Failover Clustering is employed on the DBMS host and that SQL Server is using Failover Clustering.

If the SQL Server instance employs Failover Clustering, this check is Not a Finding.

If the instance employs other high-availability redundancy host or DBMS clustering, this check is Not a Finding.

Failover clustering requires configuration of Microsoft Cluster Services (MSCS) to be running on the host (if available). View Services on the host to verify the service is active. Further, verify the Failover Cluster configuration by confirming that the MSCS service account has SYSADMIN privileges in the SQL Server instance.

Review the file and disk storage specification for the SQL Server databases.

From the query prompt:

SELECT name
FROM [master].sys.databases
WHERE state = 0

Repeat for each database:

USE [database name]
SELECT physical_name
FROM sys.database_files
WHERE type_desc = 'LOG'

Review the host disk system configuration.

1. Start / Administrative Tools / Computer Management
2. Expand Storage
3. Select Disk Management

If the Layout column for the identified volume does not display type "mirror" or "RAID-5", this is a Finding.

Fix Text (F-25725r1_fix)
Place SQL Server critical files including data, transaction and audit log files on fault-tolerant storage devices or employ SQL Server DBMS or OS clustering where supported by the DBMS.