Digital Signatures In SAFE
We take a lot of pride in our efforts at making sure that SAFE really is 'safe'. For example, SAFE has always been part of the Microsoft Logo program which certifies that the application runs properly on Windows (in fact, SAFE is the only application we know of, in this industry that can so claim. But more than just making sure that SAFE is compatible with Windows, we also make sure that the application you think you are running each day is SAFE. This is accomplished using a Digital Certificate embedded in SAFE.

What is a Digital Certificate, you ask? A Digital Certificate is essentially a very long password that uniquely identifies the application as being genuine. We pay a recognized 'authority' such as Verisign or Thawte (which you've probably seen on web sites when performing an on-line transaction) to assign us this Certificate. When you start SAFE, Windows sees this Certificate and verifies from it's pre-determined list of authorities that, yep, it's genuine.

You can learn all about this stuff here: http://www.microsoft.com/winlogo/benefits/signature-benefits.mspx

ACTIVATION
By default, Windows does not check for a digital signature when you start an application. This is probably because many (if not most) applications are not certified to be compatible and do not have a digital certificate of authenticity (certification is time-consuming and expensive). But if you want to be sure that your applications are, well, 'safe', then you should enable this checking:

1. Open System in Control Panel.
    
2. On the Hardware tab, click Driver Signing.
    
3. Under File Signature Verification, click one of the following:

• Click Ignore to allow all device drivers to be installed on this computer, regardless of whether they have a digital signature.
   
• Click Warn to display a warning message whenever an installation program attempts to install a device driver without a digital signature.
   
• Click Block to prevent an installation program from installing device drivers without a digital signature.

If you are a logged on as an administrator or as a member of the Administrators group, click Apply setting as system default to apply the selected setting as the default for all users who log on to that computer.

A SMALL BUG
Every once in a while, a customer will contact us that SAFE has lost it's digital signature. In other words, they are receiving a warning that SAFE is no longer on the list of trusted applications. This can happen for a few reasons, usually having to do with an incomplete update. However, at least once we have verified that it can also happen because of a virus which has changed the SAFE application in a very subtle way.

If this happens, and you have the warning enabled, you will either a) be prevented from running SAFE altogether or b) receive an annoying warning about an unknown signature every time you attempt to start SAFE. If this happens, you have two choices:

1. Go into Settings and temporarily disable the certification check.

2. Contact us for a replacement file which we will send to you en tout suite!

A THING WORTH DOING?
You may have been running SAFE for years blissfully unaware of digital signatures. If so, you may wonder if enabling this warning is worth it... especially if you start getting annoying warning messages every time you start up one of your other programs! We think so for a couple of reasons. First, it is a small (but significant) check that the program you are running each day is genuine and in tact. Secondly, it's a gentle nag to encourage you to contact your vendors and get them to have their products certified and digitally signed. The more programs that comply, the safer we'll all be in the end.

The Windows Certified Logo program, and the Digital Signature are just two of our ongoing efforts at insuring the quality and safety of our products. In this article, we've shown you how to activate Windows File Signature Verification to make sure that your copy of SAFE (and all your important programs) are in tact every time they run.

Til Next Time!
 

SAFE Tip: Improve Performance. Divide And Conquer!
We get a certain amount of questions about improving performance. Much of the time, we focus on hard drives. Why? The truth is that, a speedy CPU isn't nearly as important for database applications as a speedy hard drive. Or drives... as we shall see. If you want proof of this (and you are geekly oriented) here's an experiment:

Sit at your server console, open Task Manager, switch to the Performance tab and watch the CPU meter as people use SAFE. Note that it usually moves very little. (By the way, while you're at it, also take a peek at the Page File monitor If it isn't dead flat, then you probably need more RAM, but that's for another article!) Now flip over to the Networking page. It looks like the stock market! That's all the database traffic and it's all whizzing back and forth, to and from your hard drive(s). So, the drive(s) work harder than the CPU and therefore must be configured optimally. And how does one do this? Divide and conquer.

We're going to assume that your brother-in-law (aka your 'Computer System Vendor) sold you good gear: At least 2 drives of SATA-300 or Ultra-SCSI varieties, with at least 7,200RPM rotation and at least 8MB caching. And of course, he sold you the good controllers and not the K-mart type that comes with the bargain-basement Dells which transfer data about as fast the U.S. Mail. If not, let us know. Or if you're beginning to doubt your brother-in-law, send us a spec sheet and we'll tell you.

Now to the configuration. SQL Server stores it's data in two physical files on the hard drive. One is the actual 'data'. The other is something called a 'transaction log' (Ed note: This is not the same as our Translog SAFEXtension). The transaction log keeps an 'audit trail' of changes to data which can be read by specialised software. As you might guess, the T/L tends to get BIG over time. Whenever a change is made in the database, it takes 2 writes to a hard drive: One to write the data file and a second to write the transaction log.

Now, like you, a hard drive can only do one thing at a time. It just seems like it can because it reads and writes so darned quickly. So when a change to any of your data is made, it takes 2 times as long as you might think.

However, if you have two hard drives, SQL Server can write the data and the transaction log at the same time---in other words, in parallel. You can get it to do this by telling the database that the data goes on one drive and the transaction log on the other. So for all practical purposes, it can read and write data twice as fast as only one drive. Now, before you get all excited, you need 2 real drives, not just a partition of one physical drive.

BUT WAIT, THERE'S EVEN MORE!
So a 2nd drive -can- be a huge performance booster. But what if you have a 3rd drive? Even better! Keep in mind that, while SQL Server is spinning data on and off of your drives, Windows (and other programs) are busy flailing away on the same drives. To squeeze the highest performance from SQL Server (and SAFE) you can add yet another drive, configured as below.
C Drive    Windows
D Drive    SQL Server Data
E Drive    SQL Server Transaction Log

MIRROR, MIRROR
Some of you more savvy types will notice that we haven't mentioned disk mirroring---the system of using multiple drives to keep a constant, running backup of your data. This is intentional. For most of you, running SQL Server with less than 20 users, we have found that the benefits of mirroring are simply not worth the performance hit unless you have the proper drive configurations (read: $$$). Good Gravy!, you say Aren't you being foolhardy, man! Nope. Here's why: Most of you will purchase systems with two or three drives set up in a basic mirror. This is by far the slowest way to run SQL Server. How come? Well, remember what we just learned. We're essentially using two drives as one. There is always a performance hit when using mirrored drives. So for SAFE and SQL Server, your very expensive raid system looks just like a fairly slow single drive.

Ah, but what about the safety? The reliability? We've found that within the past five years drives have indeed become commodities. They are cheap, fast and now quite reliable. Drive failures are just not that common any more--at least on machines with proper power supplies that don't get dropped too often! It is our feeling that the relatively small chance of catastrophic drive failure is so small that it's just not worth the huge performance hit.

Now don't take us wrong, mirroring is a good idea. It's just not the best use of your dosh if you're on a tight budget. To do it right with SQL Server, you will need at least five drives in order to approach the performance we describe above splitting the data and transaction logs onto separate drives. Yes, you read that correctly. You'll want to have mirrors for each drive, otherwise you're back to the original slow situation. And drives are cheap these days. We're seeing really nice SATA drives for less than $100 each, so that's $500. Two years ago, $500 bought only one or two such drives, so if you have the budget, go for it!

IN SHORT
SAFE performance benefits greatly from splitting SQL Server data files between hard drives. Doing this is, in our opinion, a better option for most small system users than disk mirroring due to the increased reliability of current drives. The best option, is of course, mirroring with the proper number of drives, but that entails more drives and higher configuration costs.

Til Next Time!
 

Ciaran's Corner: Hello... Is There Anybody In There?
...with apologies to Mssrs. Floyd.

As we are always saying, our relationship is a lot like a marriage. Or at least, we think it should be. (OK, not the marriage where the couple sits at either end of the house and plot how to kill each other. I mean that other movie. You know... where people love each other and so on...)

Many of you only contact us when something goes wrong or when you need something. Of course, those are important things, but there is also a more general level of communication that often gets missed, even in the best relationships.

Now you might say, 'What are you on about? Someone from our company is messaging you at least once a week for one reason or another.' Yeah, that's great, but that reminds me of a story..... <cue rippling flashback video>

One of the guys here, his father passed away a while back from colon cancer. Yuck. It turns out that colon cancer is one of the easiest things to treat when caught early. And one of the hardest if not. Now, why, with all the fancy health care was it not caught until too late? Ironically, because the poor man was seeing a doctor at least once a month. For a heart condition. Both he and the various 'specialists' all assumed that, because he was seeing all these doctors, all the time, someone was attending to 'the big picture'. So no one realized that, with all these appointments and attentions, the guy hadn't had a regular full physical in the five years he'd been treated for his heart. Oops. So who's to blame? No one. And everyone.

These rants of mine are almost always provoked by the events of the day. We have a customer now who, I think is upset trying to launch a new web site. There's a bug in Internet Explorer that some of you are experiencing and it's holding things up. Like all of us, they don't care about who's to blame. They want it to work! But here's the thing: we found out that it was affecting them a couple of weeks ago. But what we didn't know, until this week, was how much it was impacting on their plans. In other words, they had conveyed the facts, but we had not realised the  meaning of these facts. So, like the poor bloke in the story above, action hadn't been taken proactively.

Our tech reps are pretty good at sussing out feelings when we do hear from you. In this case, based on a seemingly innocent expression he read in a message about the problem he guessed correctly that the issue was A PROBLEM! Not just a problem.

Now we know that, to you, every problem should be Priority One! Perfectly understandable. But that's just not always possible. Some issues take longer to resolve than others. Maybe it's something beyond our control. Maybe a key person here is off on holiday in Barbados. (I'm kiiiiding.)

Or maybe there is something good going on: you're hiring new people; you have a new office in mind; you're purchasing new equipment. You have no idea how many urgent calls we get for help the day the new server arrives. (You know, that new machine everyone knew about six weeks ago...except us.) And in that case, it is just as important to let us know as when there is a FIRE!

My point is that, it is a marriage. We need to know what's going on with your business. Not 'just the facts' about what you comes to mind when you think of computers and software, but also 'the big picture': good, bad, indifferent. Maybe we have solutions to offer that you hadn't considered. Or maybe a problem you have is something we can help with---we network with so many different businesses. The point is, that I hope you'll check in every so often and let us know how things are going on any topic whatsoever. I promise you that this kind of feedback will be more than well worth the effort.

And remember: as Don Rumsfeld says, 'There are knowns. And there are known unknowns. And there are unknown unknowns.' So let's keep in touch. The more we know, the better we can serve you.

Til Next Time!

Ciarān Marron
Technical Support Manager
cm@suntowersystems.com

THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY. The information contained in this document represents the current view of Suntower Systems on the issues discussed as of the date of publication. Because Suntower Systems must respond to change in market conditions, it should not be interpreted to be a commitment on the part of Suntower Systems and Suntower Systems cannot guarantee the accuracy of any information presented after the date of publication. INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED 'AS IS' WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND FREEDOM FROM INFRINGEMENT. The user assumes the entire risk as to the accuracy and the use of this document. This document may be copied and distributed subject to the following conditions:
1. All text must be copied without modification and all pages must be included.
2. All copies must contain Suntower Systems' copyright notice and any other notices
    provided therein
3. This document may not be distributed for profit.

End of E-News From The Suntower, Volume VIII #21