A Credibility Gap

Almost a year after it was first slated to appear, it looks like Redmond is putting the finishing touches on its flagship SQL Server 7.0 database. Redmond has long been positioning SQL Server 7.0 as the cure for its enterprise scalability woes, but if recent news is any indication, Microsoft still has some way to go before it is capable of producing a mission-critical, enterprise-class database after the manner of universal datastores DB/2 and Oracle 8 from, respectively, IBM Corp. and Oracle Corp.

To promote its new "enterprise ready" database, Microsoft is orchestrating a number of publicity events, including the unveiling of its SQL Server 7.0-driven "TerraServer," an online datastore containing aerial photography provided by the U.S. Geological Survey and purportedly the largest database available on the Internet.

Containing more than 1 TB of compressed and 3 TB of uncompressed data, the TerraServer Web site is powered by Enterprise Edition versions of both Microsoft’s Windows NT Server operating system and forthcoming SQL Server 7.0 database. This software array is complemented by a single Compaq AlphaServer 8400 with eight 400-MHz Alpha microprocessors and a 3.5 TB Compaq StorageWorks RAID subsystem.

"I think that it goes a long way towards demonstrating that we’re scalable for these kinds of multimedia databases," maintains Jim Ewel, Microsoft product manager for SQL Server. "We think it goes a long way to showing people that we can handle the world’s largest applications."

If anything, however, TerraServer and the hoopla surrounding it have functioned thus far to raise questions about both Microsoft’s and SQL Server 7.0’s ability to scale. Immediately after the unveiling of the TerraServer Web site, surfers attempting to access the online database were too greeted with messages such as ""HTTP Error 403/403.9 Access Forbidden: Too many users are connected/This error can be caused if the Web server is busy and cannot process your request due to heavy traffic. Please try to connect again later." Many users reported not being able to connect to the TerraServer site at all, with http requests timing out.

Microsoft attributed the problems to unanticipated demand and indicated that it was installing additional servers to handle the load – but the damage had already been done.

"This is a big PR faux-pas for Microsoft," acknowledges an analyst with an IT consulting firm who asked not to be identified. "They’re out there trying to tout the scalability of SQL Server 7.0 and Windows NT and what happens? It looks like they’re plagued with the same scalability issues that have been hounding them from the beginning."

But Microsoft’s database problems aren’t simply limited to the forthcoming SQL Server 7.0. The discovery of a security flaw in early July that affects Microsoft’s SQL Server 6.5 database in both its standard and enterprise iterations suggests that Microsoft still has some way to go before both SQL Server and Windows NT can hope to play comfortably with their more scalable and more secure brethren.

According to a post on the Windows NT Bugtraq (ntbugtraq.ntadvice.com/archives/default.asp) mailing list, SQL Server 6.5 configured in standard mode stores user passwords in clear text in the Windows NT system registry. Potential hackers have only to search the system registry for password information to breach a SQL Server-based system configured for standard and not integrated security.