I can speak SQL

Fluent SQL speaker

Archive for the ‘SQL SERVER’ Category

SQLSaturday presentation – CI for DB

Posted by kulmam92 on September 22, 2014

I presented “CI for DB” at SQLSaturday #340.(http://www.sqlsaturday.com/340/schedule.aspx)
Here’s the slides.



Posted in Deployment, SQL SERVER, SSIS | Tagged: , , , , , , , | Leave a Comment »

How to install Git Source Control Provider on SQL Server Data Tools

Posted by kulmam92 on September 5, 2013

Git Source Control Provider

If you decide to use Git as a SCM (Source Control Management) system, you may decide to use Git Source Control Provider since it’s integrated to the Visual Studio (SQL Server Data Tools). This is not available from the Extension Manager’s online gallery if you try to search it from the SQL Server Data Tools. However, you can download Git Source Control Provider from its codeplex page : http://gitscc.codeplex.com/.


If you click the “Installer for VS2010, VS2012”, “GitSccProvider.vsix” will be downloaded. Double clicking that file should install Git Source Control Provider but you will see the following error message.


The message means that SQL Server Data Tools which is a Visual Studio 2010 shell edition is not supported by Git Source Control Provider. Fortunately, there’s a workaround.


What is VSIX

It will be easier for you to understand what I’m doing, if you know what VSIX is. Below is the definition of VSIX quoted from the Quan To’s Visual Studio Extensibility blog.

The VSIX file is the unit of deployment for a Visual Studio 2010 Extension. Visual Studio will recognize the VSIX extension and install the contents of the file to the right location.

A VSIX file is a zip file that uses the Open Packaging Convention. You can rename the .VSIX extension to .ZIP and use any zip browser (including the Windows File Explorer) to browse its contents.In short it’s a deployment format for a Visual Studio Extension.


One of key files in VSIX is “extension.vsixmanifest”.


This file is the manifest that describes the extension. Basically this is a XML file. The details about XML schema can be found from VSIX Extension Schema 2.0 Reference. Element called “<SupportedProducts>” tells compatible versions and editions. As you can see “IntegratedShell” is not listed.

<SupportedProducts> <VisualStudio Version=”10.0″> <Edition>Ultimate</Edition> <Edition>Premium</Edition> <Edition>Pro</Edition> </VisualStudio> <VisualStudio Version=”11.0″> <Edition>Ultimate</Edition> <Edition>Premium</Edition> <Edition>Pro</Edition> </VisualStudio> </SupportedProducts>

So I added “IntegratedShell” to the <SupportedProducts> element like below and saved the changes.


You will see the following message, if you close the notepad.


Now you are ready to install Git Source Control Provider. If you double click the “GitSccProvider.vsix” file, you will the following installation popup.



Even though Git Source Control Provider doesn’t officially support Visual Studio Shell edition (SQL Server Data Tools), it’s working fine after the installation.  I modified the supported version list to fool the installer. I hope the developer of  Git Source Control Provider adds Visual Studio Shell edition to the official supported list.

Posted in Deployment, SQL SERVER, SSIS | Tagged: , , , , , , , , | Leave a Comment »

SSIS 2012 Continuous Integration using Jenkins and Octopus – A Journey to DB deployment automation

Posted by kulmam92 on September 4, 2013

Finally I was able to putting each component together. As I implement CI and Deployment system for the DB, I could understand why it is hard to find a novice friendly guide which explains all the basics and also provides step by step instructions. There are way too many options that you need to pick and choose. Furthermore, it’s not that simple to build one. My implementation isn’t even close to the ideal system. However, I’m sharing this hoping this lightens up those who are planning to create a DB CI system by looking at the working system.

Big Picture

DB CI Process

This diagram shows how I set up deployment system for SSIS. I’m using the same structure for SSRS and DB schema too.

Each Component

Component Tool Comment
SCM Visual SVN There are many SCM (Source Control Management) tools and you may choose different solutions. I used visual SVN because of the following reasons. Frist, SVN has better integration with the red-gate tools that I’m using. Second, Visual SVN is free. Having everything checked in is the one of the basic starting point for CI (Continuous Integration) and deployment. I used AnkhSVN as a SVN client since it’s integrated with visual studio. Key benefit of this is that it allows you to perform most of the version control operation directly from the visual studio.
CI Jenkins Jenkins is an open source continuous integration tool. If you are not accustomed to CI, I highly recommend you to read David Atkinson’s article Continuous integration for databases using Red Gate tools. This will give you a good overview of how it works and what’s involved in it.
Build MSBuildx32 As I mentioned in my previous post (Building SSIS 2012 using MSBuild), MSBuild doesn’t build SSIS by default. So you need to install SQL Data Tools from the SQL2012.ISO and copy Microsoft.SqlServer.IntegrationServices.Build.dll from the CodePlex project (Microsoft SQL Server Community Samples: Integration Services).
Testing X I searched for SSIS testing solution but wasn’t able to find good one.
Packaging Nuget NuGet is the package manager for the Microsoft development platform including .NET. You may consider a NuGet package (a .nupkg file) as zip file containing files to deploy and a manifest file. A manifest file describes the contents of the package and what needs to be done to add or remove the library.
You can get more details from the presentation of Damian Edwards “NDC 2011: NuGet in a caramel coated nutshell
Artifact Repository Nuget I used local NuGet server to keep packages. I’m currently reviewing Artifactory and Nexus.
Deployment OctopusDeploy Octopus is an automated release management system for .net developers. I chose this because, first, web developers were using this for their deployment, second, it’s easy to run command on a remote machine due to its agent, third, it keeps release on the target machines to make rollback easier.

CI Server

Below is the list of installed applications and files on the CI server.

  • Jenkins
  • Jenkins plug-ins
    • build-name-setter
    • Email-ext plugin
    • Extensible Choice Parameter plugin
    • Hudson PowerShell plugin
    • Jenkins Dynamic Parameter Plug-in
    • Jenkins Mailer Plugin
    • Jenkins Subversion Plug-in
    • MSBuild Plugin
    • Scriptler
    • Role-based Authorization Strategy
  • Build
    • MSBuild
    • Microsoft.SqlServer.IntegrationServices.Build.dll
    • SQL Data Tools from the SQL2012.ISO
    • SSIS.MSBuild.proj
  • Nuget Server
  • Octopus depoy

I’m not going to cover how to install Jenkins and other applications in the post. I may cover that in later post though. The main focus of this post will be how to create Jenkins and Octopus project to deploy SSIS.

Jenkins Project


Below shows how the project works.

Jenkins SSIS project

Global Setting


Jenkins –> Scriptler –> Add a new Script

Scriptler can be used if you want to create value dynamically or handle some complex logics.


I need to pass userkey value to the Octopus using API. API is executed under the user’s privilege tied with userkey. This groovy script will convert current Jenkins user to a proper Octopus userkey.



def result = ["-------"]

def auth=jenkins.model.Jenkins.instance.getAuthentication()

if ( auth == null ) return result

def userId=auth.getName()

if ( userId== "admin_speaksql" ) return "JNN2005CGJVGTVJZR3CH1GTKZ9"

if ( userId== "admin_01" ) return "KUE2489CGJVGTVJYE3CH1GKHZ8"

Global Choice Parameter

Jenkins –> Manage Jenkins –> Configure System


Environment list


Extended Email Notification

Notification email format setting

Jekins.Global.Extended E-mail Notification

Project Setting

Create a new Project(Job)

You can create a Project by selecting “Build a free-style software project” or choose “copy existing job” if you are going to create a similar job.

Jenkins –> New Job


Configure SSIS Project

Jekins –> Project name(DW.SSIS.Template) –> Configure

Build with Parameters


Project Name

I declared Project Name parameter since Jenkins Job name is different from the SSIS project name.


Version Number

I’m currently using static version number setting


Deploy Target

Deploy environment selection


Release Note

Release note which will be passed to the Octopus and included in the deployment success notification email


SSIS Protection Password

I use EncryptSensitiveWithPassword as a protection level of SSIS project. So I need to provide protection password.


Octopus UserKey

This will pick up UserKey of Octopus using “DynamicChoice_OctopusUserKey.groovy” that we set globally from the Scriptler menu.


Source Code Management

Source code repository URL


Build Environment

Define build name format.



Copy MSBuild script for SSIS(SSIS.MSBuild.proj)

Since the same build script will be used for all SSIS project build. I keep that file in a folder and copy it to the working directory of that project.


You can get SSIS.MSBuild.proj file from this link : https://gist.github.com/kulmam92/6433329

Prepare to create a Nuget package using MSBuild

You need two things to be able to create a Nuget package using MSBuild. First, spec file that describes package name, dependency and etc. Second, Build script for MSBuild. ImportTargetsForDB.ps1 file does that two things.


You can get related scripts from this link : https://gist.github.com/kulmam92/6433645

Build using MSBUild

This will build project and create a Nuget package using build output


Command Line Arguments

/t:SSISBuild,DeployNugetForDB /p:SSISProj=%SSIS_project_name%,Configuration=Development,ProtectionLevel=EncryptSensitiveWithPassword,ProjectPassword=%SSIS_protection_password%,DeployPackageName=%JOB_NAME%

Call Octopus deploy API to deploy Nuget package


c:\octopus\octo create-release --server=http://dbdeploy.XXXX.XXX:8880/api --project="%JOB_NAME%" --deployto="%deploy_target%" --waitfordeployment --apiKey=%UserKey% --releasenotes="<ul><li>[Updates] : %release_note_update%</li><li>[Impact] : %release_note_impact%</li><li>[Jira Tasks] : %release_note_jira%</li></ul>"

Post Build Action

Send notification Email

Success notification will be sent out from the Octopus deploy. The will send notification when the job fails.


Octopus Deploy Project

Global setting


Create necessary environments and add servers. You can add tags to the server and that tag will be used to determine deployment target. Since I set up single centralized ETLDB for all environment, the same server is appearing in multiple environments.


Create a SSIS Projects


Below is the list of the variables that I declared on each project.



This is the actual actions that the Octopus does. SSIS deploy project is consist of three projects.


File deploy

This step will grab Nuget package from the Nuget repository and deploy it to the target. Deploy role is defined using tag that you chose for the server.



PS Script to load SSIS package to SSIS catalog DB

Powershell script in this step will deploy SSIS project to the SSIS catalog DB. SSIS project’s deployment model should be project based model since SSIS catalog DB only accept that model.


powershell.exe -command e:\project_ssis\Install-ISProject.ps1 -IspacFullName "$LocalPackageDirectoryPath\$LocalProjectName.ispac" -ServerInstance "ETLDB1" -CatalogFolderName "$LocalEnvironmentName" -ISProjectName "$LocalProjectName"

You can get powershell scripts from this link : https://gist.github.com/kulmam92/5939944

Send Email Notification

Octopus will send out notification if all steps are finished successfully.



[CI] #{OctopusProjectName} – #{Octopus.Release.Number} deployed to [#{Octopus.Environment.Name}]


<p>Check console output at https://dbdeploy.AAAA.CCC/#{Octopus.Web.ReleaseLink} to view the results</p>


You are now ready to deploy a project using Jenkins and Octopus. You can start deploy from the following location.

Jenkins –> Project name(DW.SSIS.Template) –> Build with Parameters

Below is the screenshot of the page.


Clicking the build history will take you to the build status page.


If you want to check the detail log, you can check “Colsole Output”



I covered how I implemented SSIS project deployment system using Jenkins and Octopus deploy. This is not a continuous integration system and still has many rooms to improve. However, I hope you can get some tangible idea about the working SSIS deployment system.

Posted in Deployment, SQL SERVER, SSIS | Tagged: , , , , , | 6 Comments »

SSIS 2012 fail to start – execution timed out

Posted by kulmam92 on June 27, 2013

I’ve recently upgraded to SQL Server 2012 and created a centralized ETL server. Things were fine until I enabled the scheduled jobs. Jobs started to fail randomly after reporting the error below:

Started:  1:10:01 AM  Failed to execute IS server package because of error 0x80131904.
Description: The operation failed because the execution timed out.  Source: .Net SqlClient Data Provider  Started:  1:10:01 AM  Finished: 1:10:07 AM  Elapsed:  5.6 seconds.  The package execution failed.  The step failed.

I searched the web and found that I wasn’t the only one. Furthermore, MS has yet to release a patch for this issue. The relevant reported MS Connect post:

SSIS package fails to start – application lock timeout in SSISDB.catalog.create_execution

My environment

Name Value
Product Microsoft SQL Server Standard (64bit)
Operating System Microsoft Windows NT 6.1 (7601)
Platform NT x64
Version 11.0.3368.0
Memory 8191 (MB)
Processors 1

What I did

I started my investigation by checking dmv and ended up modifying one of the SPs in SSISDB. I know that this isn’t a good choice but did that to fix quickly.

Process Monitoring

I ran a query against sys.dm_exec_requests and got the following results. I noticed that there was a lot of blocking going on and the execution timed out error had occurred because of this.


I was able to track down that xp_userlock was being called by sp_getapplock in catalog.create_execution SP.

Index creation

Many have pointed out the problem of missing indexes on SSISDB. Phil Brammer shared a missing index creation script via SSIS 2012 – Catalog Indexing Recommendations. I was hoping this error was due to the missing indexes, so I simply applied Phil Brammer’s script instead of spending more time investigating. Unfortunately, it didn’t help and I still got an execution timed out error. At this point I thought it’d be better to use a different approach. I started to review the logic of catalog.create_execution SP thoroughly.

catalog.create_execution modification

Since I needed to fix this timeout issue in a single day, I decided to take an extreme route by modifying the catalog.create_execution SP. I will explain what I changed shortly, but first, the sys.dm_exec_requests query result. As you can see, the blocking issue has been resolved.


You can download the modified code here : [catalog].[create_execution_new].


Looking at the big picture, this SP generates data on four tables: operations, operation_permissions, executions and execution_parameter_values.

Logic flow

The developer of this SP took a procedural and very conservative approach to ensure the following two things: first, that data don’t change until insertion to execution and execution_parameter_values and second, that there was an assurance that different error messages can be returned for each step.

Transaction Lock Step No Main step Sub Step
1 Check if the sp(catalog.create_execution) is called using windows Authentication Returns an error if it’s called using SQL Server Authentication.
2 Insert data into operation table [internal].[insert_operation]
3 Insert data into operation_permissions table [internal].[init_object_permissions]
T X 5 Begin transaction
T X 6 Start application lock EXEC sp_getapplock @Resource = ‘MS_ISServer_Create_Execution’, @LockTimeOut= 5000, @LockMode = ‘Exclusive’
T X 7 Get project_id and version
T X 8 Get environment information Get environment information using reference_id
Check if there’s any discrepancy in data type or sensitivity between parameter and environment variable
T X 9 Update operations.object_id to project_id
T X 10 Insert data into executions table INSERT into [internal].[executions]
T X 11 Create key to decrypt and encrypt sensitive data CREATE CERTIFICATE
T X 12 Insert execution_parameter_values 1) insert non-sensitive parameter doesn’t reference environment variable
2) insert sensitive parameter doesn’t reference environment variable
3) Insert records for object_type=50(instance of execution)
4) insert non-sensitive parameter referencing environment variable
5) insert sensitive parameter referencing environment variable
6) update sensitive parameter value after converting data type if it’s date, double or decimal
7) insert any missing parameter from project level object parameter
8) insert any missing parameter from package level object parameter
9) update parameter value to object_parameters.design_default_value if sensitive=0 and required=0 and value_set=0
T X 13 close symmetric keys
T X 14 commit

Now, the Code

I modified the original code to assure the following principals.

  1. Keep SERIALIZABLE isolation level as short as possible
    • I assumed the developer wanted to guarantee that the same meta information for the package is retrieved until he finishes the data insert.
    • You don’t need to keep the SERIALIZABLE isolation level once you have necessary data
  2. Take out application locking
    • I assumed the SERIALIZABLE isolation level is enough to guarantee that meta data wouldn’t be changed during retrieval.
  3. Keep transactions as short as possible
    • A transaction is used only when DML is executed.
  4. Convert the procedural approach to a set-based approach
Transaction Lock Step No Main step Sub Step
1 Check if the sp(catalog.create_execution) is called using windows Authentication Returns an error if it’s called using SQL Server Authentication.
2 Insert data into operation table [internal].[insert_operation]
3 Insert data into operation_permissions table [internal].[init_object_permissions]
X 5 Get project_id, version and environment information convert logic to single SQL statement
X 6 Create key to decrypt and encrypt sensitive data CREATE CERTIFICATE
X 7 Generate data for execution_parameter_values and insert into temp table convert logic to single SQL statement
T 9 Begin transaction
10 Update operations.object_id to project_id
T 11 Insert data into executions table INSERT into [internal].[executions]
T 12 Insert execution_parameter_values INSERT INTO [internal].[execution_parameter_values]
T 13 close symmetric keys
T 14 commit

Things that you should know:

  1. I took out the permission check logic. As for the reasons:
    • I worried that permission check logic might make the modified query too complicated.
    • In my environment I don’t have any need to set different permission settings for SSISDB objects
  2. I used base tables instead of views.
    • I wanted to be able to predict the execution plan and control access path.


If you capture what’s been called when you execute a package in an Integration Services Catalogs using the profiler, we will find that three SPs, [catalog].[create_execution], [catalog].[set_execution_parameter_value] and [catalog].[start_execution], are called. Below is the trace that I captured:

Declare @execution_id bigint
EXEC [SSISDB].[catalog].[create_execution] @package_name=N’Package.dtsx’, @execution_id=@execution_id OUTPUT, @folder_name=N’DEV’
, @project_name=N’Test2′, @use32bitruntime=False, @reference_id=1
Select @execution_id

exec sp_executesql N’DECLARE @var0 smallint = 1
EXEC [SSISDB].[catalog].[set_execution_parameter_value] @execution_id,  @object_type=50, @parameter_name=N”LOGGING_LEVEL”, @parameter_value=@var0
‘,N’@execution_id bigint’,@execution_id=10010
exec sp_executesql N’EXEC [SSISDB].[catalog].[start_execution] @execution_id’,N’@execution_id bigint’,@execution_id=10010

I created my SP [catalog].[create_execution_new] and checked if both [catalog].[create_execution] and [catalog].[create_execution_new] generates the same result. I also checked if the execution result of both were identical, and they were. I then created a backup copy of [catalog].[create_execution] and replaced [catalog].[create_execution] with my SP. It’s been several days since I made the replacement and it’s still working well.


I’m afraid that I had to choose an extreme workaround. However, it was a good chance to peek at both how the SSIS catalog works and what the developer was thinking. I hope this helps those who are experiencing the same issue and that a fix from MS is coming soon.

Posted in SQL SERVER, SSIS | Tagged: , , , , | 7 Comments »

SSISDB ERD – A Journey to DB deployment automation

Posted by kulmam92 on June 17, 2013

I decided to reverse engineer the SSISDB to have a better understanding of the SSIS catalog. Reza Rad posted a really good article called “SSIS 2012 Catalog series“. However, I thought it would be better to create my own version of an ERD to have better understanding of it. Here’s what i came up with.



Yon can download the pdf version of this from SSISDB_ERD


Main tables

Object related tables

There are four object tables: folder, environment, project and package. I think you can easily figure out the purpose of each table. Other than these key tables are the tables for relationship (environment_reference), parameters, versions and permissions. SSISDB keeps a project’s previous versions as binary data in the internal.object_versions table. You can specify how many versions that you want to keep by using the properties of an SSIS catalog.



This table contains one row for each operation in the Integration Services catalog. You can track all logical operations that were performed on the server using this table, such as project deployment or package execution. Below are the operation_type values from BOL:

operation_type Value operation_type Description object_id Description object_name Description
1 Integration Services initialization NULL NULL
2 Retention window (SQL Agent job) NULL NULL
3 MaxProjectVersion (SQL Agent job) NULL NULL
101 deploy_project (Stored procedure) Project ID Project name
106 restore_project (Stored procedure) Project ID Project name
200 create_execution and start_execution (Stored procedures) Project ID NULL
202 stop_operation (Stored procedure) Project ID NULL
300 validate_project (Stored procedure) Project ID Project name
301 validate_package (Stored procedure) Project ID Package name
1000 configure_catalog (Stored procedure) NULL NULL


[executions] has a one-to-one relationship with [operations], which means the [execution] table is a subset of the [operations] table. If you look at the ERD closely, the relationship from operation to execution is made only when the operation type is 200 – create_execution and start_execution (Stored procedures). This means only operation_type value 200 will generate a record in the execution table.


If you want to know which package in a project was executed, you can use the following query. This is the creation script of the [catalog].[executions] view.

SELECT     execs.[execution_id],
opers.[operation_guid] as [dump_id],
FROM       [internal].[executions] execs INNER JOIN [internal].[operations] opers
ON execs.[execution_id]= opers.[operation_id]
LEFT JOIN [internal].[operation_os_sys_info] ossysinfos
ON ossysinfos.[operation_id]= execs.[execution_id]
WHERE      opers.[operation_id] in (SELECT id FROM [internal].[current_user_readable_operations])
OR (IS_MEMBER(‘ssis_admin’) = 1)
OR (IS_SRVROLEMEMBER(‘sysadmin’) = 1)

Message related tables

If you want to check the execution log of a package, these are the tables that you need to query. [operation_messages] and [event_messages] have a one-to-one relationship similar to [operation] and [event]. [event_messages] is a subset of [operation_messages]. The below is the source code of the [catalog].[event_messages] view.

Declare @ExecutionID NVarChar(max)
select @ExecutionID=N’132′
SELECT     opmsg.[operation_message_id] as [event_message_id],
message_source_name =
WHEN (opmsg.message_source_type = 10) THEN ‘ISServerExec’
WHEN (opmsg.message_source_type = 20) THEN ‘Transact-SQL stored procedure’
ELSE eventmsg.message_source_name
FROM       [internal].[operation_messages] opmsg LEFT JOIN [internal].[event_messages] eventmsg
ON opmsg.[operation_message_id] = eventmsg.[event_message_id]
WHERE      opmsg.[operation_id] = @ExecutionID

If you execute an SSIS package deployed to a SSIS catalog and it fails, you will see a message similar to the following.

Executed as user: NT Service\SQLSERVERAGENT. Microsoft (R) SQL Server Execute Package Utility  Version 11.0.2100.60 for 32-bit  Copyright (C) Microsoft Corporation. All rights reserved.    Started:  4:09:59 PM  Package execution on IS Server failed. Execution ID: 120092, Execution Status:4.  To view the details for the execution, right-click on the Integration Services Catalog, and open the [All Executions] report  Started:  4:09:59 PM  Finished: 4:10:27 PM  Elapsed:  28.641 seconds.  The package execution failed.  The step failed.

You will need to use either a prebuilt standard report or query the SSISDB tables to get a detailed error message. The following screenshot shows where you can locate that report. If you decide to query the SSISDB, you may want to consider using the SSIS Reporting Pack developed by Jamie Thomson.


Table definition

Here I list the tables and its definitions copied from BOL.


Table name


internal catalog_encryption_keys Contains SSISDB encryption key
internal catalog_properties Contains the properties of the Integration Services catalog.
internal data_type_mapping Contains SSIS data type and SQL data type mapping
internal environment_permissions
internal environment_references Contains the environment references for all projects in the Integration Services catalog.
internal environment_variables Contains the environment variable details for all environments in the Integration Services catalog.
internal environments Contains the environment details for all environments in the Integration Services catalog. Environments contain variables that can be referenced by Integration Services projects.
internal event_message_context
internal event_messages Contains information about all messages passed during events like OnWarning, OnError
internal executable_statistics Contains Detailed execution log for each executable
internal executables Contains Information about each executable object in packages
For example : Package itself, Execute SQL Task, ETC.
internal execution_component_phases Contains Detailed execution log for each data flow component.
internal execution_data_statistics Contains Number of rows sent through data flow and few other details
internal execution_data_taps Contains information about data taps
Data Taps are new features in SSIS 2012 which provides ability to log whole data stream in one of data flow’s data paths. and the best part of story is that you can add and remove data taps to a package at the time of execution
internal execution_parameter_values Contains the actual parameter values that are used by Integration Services packages during an instance of execution.
internal execution_property_override_values Contains information about property values that set at the time of execution of package and overrides default values.
internal executions Contains the instances of package execution in the Integration Services catalog. Packages that are executed with the Execute Package task run in the same instance of execution as the parent package. With every execution of package, an Execution_id will be assigned
internal extended_operation_info Contains extended information for all operations in the Integration Services catalog.
internal folder_permissions
internal folders Contains the folders in the Integration Services catalog.
internal object_parameters Contains the parameters for all packages and projects in the Integration Services catalog.
internal object_versions Contains the versions of objects in the Integration Services catalog. In this release, only versions of projects are supported in this view.
internal operation_messages Contains messages that are logged during operations in the Integration Services catalog.
internal operation_os_sys_info Contains system information like cpu count, available physical memory and total physical memory at the time of operation
internal operation_permissions Contains the effective permissions for the current principal for all objects in the Integration Services catalog.
internal operations Contains the details of all operations in the Integration Services catalog. Each operation can be applied to an object and have a status as a result.
internal packages Contains the details for all packages that appear in the Integration Services catalog.
internal project_permissions
internal projects Contains the details for all projects that appear in the Integration Services catalog.
internal validations Contains the details of all project and package validations in the Integration Services catalog.


Code definition tables

Reza Rad shared a script that creates code conversion tables. I created and added a table for permsssion_type. You can download the script from SSISDB_CodeTables.

Posted in Deployment, SQL SERVER, SSIS | Tagged: , , , , | 1 Comment »

A Journey to DB deployment automation-Planning

Posted by kulmam92 on June 8, 2013

The mind map below shows what I had in mind when planning and implementing automation for DB Deployment. I will cover the details in a later series.


Covered topics

Posted in Deployment, SQL SERVER | Tagged: , , , , , , , , , , | Leave a Comment »

Building SSIS 2012 using MSBuild – A Journey to DB deployment automation

Posted by kulmam92 on June 7, 2013

This post is the first in a series of entries I am planning to write detailing my experience while attempting to create a process in deploying a DB schema, SSIS and SSRS.

SQL Server Data Tools – Visual Studio Shell

SQL Server Data Tools (SSDT) is an extension of the environment provided by Visual Studio 2010 Shell.


Wikipedia describes Visual Studio Shell

Visual Studio 2008 introduced the Visual Studio Shell that allows for development of a customized version of the IDE. The Visual Studio Shell defines a set of VSPackages that provide the functionality required in any IDE. On top of that, other packages can be added to customize the installation. The Isolated mode of the shell creates a new AppId where the packages are installed. These are to be started with a different executable. It is aimed for development of custom development environments, either for a specific language or a specific scenario. The Integrated mode installs the packages into the AppId of the Professional/Standard/Team System editions, so that the tools integrate into these editions.

The binary of the SQL Server Data Tools is devenv.exe typically found in C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE.



SSIS Deployment model in 2012

To give an explanation as to why I decided to use the Project Deployment model with EncryptSensitiveWithPassword as the protection level, I will briefly describe it here. I will cover the topic at a greater depth in a later series.

Project Deployment Model

The 2012 version of Integration Services supports two deployment models: the Project Deployment model and the Package Deployment model. The Project Deployment model enables you to deploy your projects to the Integration Services server. The Project Deployment model has many benefits compared to the Package Deployment model. You can read Deployment of Projects and Packages and SSIS Package Deployment Model in SQL Server 2012 to get more information about the differences between the two deployment methods.


If you build an SSIS project file using the project deployment model, a project deployment file will be created (.ispac extension). The project deployment file is a self-contained package that includes only essential information about the packages and parameters in the project. You can check it contents using a file archiver like 7zip.


If you double click the created (.ispac) file, the Integration Service Deployment Wizard will be launched. The Integration Service Deployment Wizard has a command line interface (ISDeploymentWizard.exe).  You can get the created command in the summary screen.


SSIS Catalog

The SSIS catalog is a new type of storage for SSIS. It’s a user database so you can query tables and easily backup/restore the whole repository. You may refer to SSIS Catalog and SSIS 2012 Configuration Guide – Part 1: Introduction for more information.

The SSISDB catalog is central to working with Integration Services (SSIS) projects that you’ve deployed to the Integration Services server.In an example case, you would need to set project and package parameters, configure environments to specify runtime values for packages, execute and troubleshoot packages, and manage Integration Services server operations.


Security for SSIS Packages

To protect the data in an Integration Services package, you can set the protection level.


Access Control for Sensitive Data in Packages give us an example of protection level settings based on the package life cycle.

Typically, you change the protection level as listed through the following steps as requirements change:

  1. During development, leave the protection level of packages set to the default value of EncryptSensitiveWithUserKey. This setting helps ensure that only the developer is able to see sensitive values in the package. You can also consider using EncryptAllWithUserKey, or DontSaveSensitive.
  2. When it is time to deploy your packages, the protection level should be changed to one that does not depend on the developer’s user key. Therefore you would typically have to select EncryptSensitiveWithPassword, or EncryptAllWithPassword. Encrypt the packages by assigning a temporary strong password that is also known to the operations team for the production environment.
  3. After the packages have been deployed to the production environment, the operations team can re-encrypt the deployed packages by assigning a strong password that is known only to them. Alternatively, they can encrypt the deployed packages by selecting EncryptSensitiveWithUserKey orEncryptAllWithUserKey and using the local credentials of the account that will run the packages.

Command line build of SSIS packages

You may assume that MSBuild will be able to support an SSIS project file (..dtproj extension) by default, though this is not the case. You may see the following error message when attempting to build.



As I have mentioned earlier, SSDT functionality can be utilized by running devenv.exe, which also provides access to a command line interface. You may refer to Devenv Command Line Switches for the available options. Building using devenv.exe works fine as long as your project’s protection level is not EncryptSensitiveWithPassword, or EncryptAllWithPassword. You can get devenv.exe by installing SQL Data Tools from the SQL2012.ISO. Just a note, The free SSDT tools from the web don’t have BI functionality. You can read Richard Fennell’s Getting SQL 2012 SSIS packages built on TFS 2012.2 for additional information.

D:\App_temp\SSIS\DeployDemo>”C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv” DeployDemo.sln /build “Development|Default”

Microsoft (R) Visual Studio Version 10.0.40219.1.
Copyright (C) Microsoft Corp. All rights reserved.
—— Build started: Project: DeployDemo, Configuration: Development ——
Build started: SQL Server Integration Services project: Incremental …
Starting project consistency check …
Project consistency check completed. The project is consistent.
File ‘D:\App_temp\SSIS\DeployDemo\DeployDemo\obj\Development\DeployDemo.dtproj’get updated.
File ‘D:\App_temp\SSIS\DeployDemo\DeployDemo\obj\Development\Project.params’ get updated.
File ‘D:\App_temp\SSIS\DeployDemo\DeployDemo\obj\Development\LEN-062_JY2012.nxa_repository.conmgr’ get updated.
Applied active configuration to ‘Project.params’.
Applied active configuration to ‘Package.dtsx’.
DeployDemo -> D:\App_temp\SSIS\DeployDemo\DeployDemo\bin\Development\DeployDemo.ispac
Build complete — 0 errors, 0 warnings
========== Build: 1 succeeded or up-to-date, 0 failed, 0 skipped ==========

However, if you change the protection level to either EncryptSensitiveWithPassword or EncryptAllWithPassword, a window will pop up and ask you to enter the protection password. There’s no switch that allows you to provide a password from the command line.


It was due to this issue that I explored using MSBuild for the build process.


It’s important to know what MSBuild is in order to understand how the new solution works. Let’s read the description from MSDN’s MSBuild page:

The Microsoft Build Engine is a platform for building applications. This engine, which is also known as MSBuild, provides an XML schema for a project file that controls how the build platform processes and builds software. Visual Studio uses MSBuild, but it doesn’t depend on Visual Studio. By invoking msbuild.exe on your project or solution file, you can orchestrate and build products in environments where Visual Studio isn’t installed.

Visual Studio uses MSBuild to load and build managed projects. The project files in Visual Studio (.csproj, .vbproj, .vcxproj, and others) contain MSBuild XML code that executes when you build a project by using the IDE. Visual Studio projects import all the necessary settings and build processes to do typical development work, but you can extend or modify them from within Visual Studio or by using an XML editor.

In short MSBuild uses an XML-based project file format to retrieve the necessary configuration:

MSBuild.exe MyProj.proj /property:Configuration=Debug

You may consider reading Walkthrough: Creating an MSBuild Project File from Scratch to understand more about the MSBuild Project file (AKA MSBuild script). The error message I got when I tried to build an SSIS project file (.dtproj extension) earlier indicated that the XML format of an SSIS project file is not recognized by MSBuild.

SSISMSBuild and MSBuild script

There’s a codeplex project (Microsoft SQL Server Community Samples: Integration Services) where you can create Microsoft.SqlServer.IntegrationServices.Build.dll. You can also get an MSBuild script that links Microsoft.SqlServer.IntegrationServices.Build.dll from here: msbuild script for building and deploying a SSIS .ispac file. Below is the MSBuild script from that link.

<?xml version="1.0" encoding="Windows-1252"?>
<Project  xmlns="http://schemas.microsoft.com/developer/msbuild/2003"
  <!--Requires a property called $(SSISProj) to be defined when this script is called-->
  <UsingTask TaskName="DeploymentFileCompilerTask" AssemblyFile="C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.SqlServer.IntegrationServices.Build.dll" />
  <Target Name="SSISBuild" Condition="'$(SSISProj)' != ''">
    <Message Text="**************Building SSIS project: $(SSISProjPath) for configuration: $(CONFIGURATION)**************" />

  <UsingTask TaskName="DeployProjectToCatalogTask" AssemblyFile="C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.SqlServer.IntegrationServices.Build.dll" />
  <Target Name="SSISDeploy" Condition="'$(SSISProj)' != ''">
    <Message Text="**************Publishing SSIS project: $(SSISProj) to: $(SSISServer) to folder: $(PROJECTNAME)**************" />

This MSBuild script performs two functions: SSISBuild and SSISDeploy. I saved the code to a file called “SSIS.MSBuild.proj” and executed MSBuild.exe illustrated below.

D:\App_temp\SSIS\DeployDemo\DeployDemo>MSBuild SSIS.MSBuild.proj /t:SSISBuild,SSISDeploy /p:SSISProj=”DeployDemo”,Configuration=”Development”,ProtectionLevel=”EncryptSensitiveWithPassword”,ProjectPassword=”1234″,SSISServer=”LEN-062\JY2012″,ProjectName=”DeployDemo”


How to build Microsoft.SqlServer.IntegrationServices.Build.dll

I will explain how to compile Microsoft.SqlServer.IntegrationServices.Build.dll using the source code from the codeplex project (Microsoft SQL Server Community Samples: Integration Services). I’d like to mention the small challenges that I faced while trying to compile the source code.

  1. Prerequisites: The following should be installed on a machine that you are going to use.
    1. MS SQL Server 2012
    2. Visual studio 2010
  2. Download source code
  3. Unzip downloaded file
  4. Go to SSISMSBuild project folder (sqlsrvintegrationsrv-100610\main\SSISMSBuild).
    There are two projects under SSISMDBuild, 2008 and Project. Project is for 2012 is C:\sqlsrvintegrationsrv-100610\main\SSISMSBuild\Project
    SSIS Junkie mentioned SSISMSBuild is included in MSBuild extension pack. However, that integration is done only for a 2008 project.
  5. Reference hint path modification
    Open C:\sqlsrvintegrationsrv-100610\main\SSISMSBuild\Project\Microsoft.SqlServer.IntegrationServices.Build.csproj from the text editor.image_thumb26Change the highlighted part to full path.image_thumb29
  6. Open C:\sqlsrvintegrationsrv-100610\main\SSISMSBuild\Project\Microsoft.SqlServer.IntegrationServices.Build.csproj using visual studio.
    If you try to compile it, it will generate an error due to a missing key file. You can see the following line from the project file.
  7. Sign an AssemblyWith the project node selected in Solution Explorer, from the Project menu, click Properties (or right-click the project node in Solution Explorer, and click Properties). In the Project Designer, click the Signing tab. Then you will see the following screen.
  8. Choose new and provide file name and uncheck Protect my key file with a password.

    Check Signing an Assembly in Visual Studio for more details
  9. Compile
  10. Copy created Microsoft.SqlServer.IntegrationServices.Build.dll file to the following folder
    C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies


It took me quite a while to figure this out and I hope this can save you time when setting up an automated build process using MSBuild. I think it would be great if MSBuild adds support for SSIS projects by default in the future.

Posted in SQL SERVER, SSIS | Tagged: , , , , , , , , , | 53 Comments »