hoffer mdm11e pp ch11-jsf
TRANSCRIPT
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall 1
CHAPTER 11:CHAPTER 11:DATA AND DATABASE DATA AND DATABASE ADMINISTRATIONADMINISTRATION
Modern Database Management11th EditionJeffrey A. Hoffer, V. Ramesh, Heikki Topi
Modifications: Jeff Fineberg
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
OBJECTIVESOBJECTIVES
List functions and roles of data/database administration
Describe problems and techniques for data security Understand role of databases in Sarbanes-Oxley
compliance Describe problems and facilities for data recovery Describe database tuning issues and list areas where
changes can be done to tune the database Describe importance and measures of data availability Securing development and test data
2
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
TRADITIONAL ADMINISTRATION TRADITIONAL ADMINISTRATION DEFINITIONS DEFINITIONS Data Administration (managerial)Data Administration (managerial):
responsible for the overall management of data resources in an organization, including data definitions and standards
Database Administration (technical)Database Administration (technical): responsible for physical database design and for dealing with technical issues such as security enforcement, database performance, and backup and recovery
Same person may perform both roles3
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
TRADITIONAL DATABASE TRADITIONAL DATABASE ADMINISTRATION FUNCTIONSADMINISTRATION FUNCTIONS Analyzing and designing databases Selecting DBMS and software tools Installing/upgrading DBMS Troubleshooting Tuning database performance Improving query processing performance Managing data security, privacy, and integrity Data backup and recovery
4
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
TRADITIONAL DATA ADMINISTRATION TRADITIONAL DATA ADMINISTRATION FUNCTIONSFUNCTIONS Data policies, procedures, standards Planning Data conflict (ownership) resolution Managing the information repository Internal marketing of DA concepts
Raise awareness of the importance of practices
5
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
Multiple dissimilar data definitions, causing data integration problems / poor data value
Inappropriate data sources and timing, causing lowered reliability
Inadequate familiarity, causing ineffective use of data for planning and strategy
Accidental deletion or destruction (update cust set name = “” without using a
‘where’ clause!) Poor response time and excessive downtime Unauthorized access, leading to embarrassment
to organization
6
INEFFECTIVE DATA MANAGEMENT INEFFECTIVE DATA MANAGEMENT MAY RESULT IN POOR DATA QUALITYMAY RESULT IN POOR DATA QUALITY
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
DATA WAREHOUSE DATA WAREHOUSE ADMINISTRATIONADMINISTRATION New role, coming with growth in data
warehouses / rather than operational data work Similar to DA/DBA roles Emphasis on integration and coordination of
metadata/data across many data sources Specific roles:
Support decision support applications Manage data warehouse growth Establish service level agreements regarding data
warehouses and data marts
7
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
OPEN SOURCE (VS. OPEN SOURCE (VS. PROPRIETARY) DB PROPRIETARY) DB MANAGEMENTMANAGEMENT An alternative to proprietary packages such as Oracle, Microsoft SQL Server, or Microsoft Access
MySQL – an open-source DBMS Less expensive than proprietary packages Source code available, for modification Absence of complete documentation Ambiguous licensing concerns Not as feature-rich as proprietary DBMSs Vendors may not have certification programs
8
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
THREATS TO DATA SECURITYTHREATS TO DATA SECURITY Accidental losses attributable to:
Human error Software failure Hardware failure
Theft and fraud Loss of data integrity Loss of availability (e.g., through sabotage) For each, what preventative measures
can be taken?
9
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
THREATS TO DATA SECURITYTHREATS TO DATA SECURITY Loss of privacy or confidentiality
Loss of privacy (personal data) Loss of confidentiality (corporate data)
Production environments Principal of ‘least privilege’ Encrypting data ‘in transit’ (over the wire) Encrypting data ‘at rest’ (sitting on disk)
Development environments - Data Masking Protect PII (personally Identifiable Information – SSN,
Name/Address, Credit Card numbers, etc.) Can be done programmatically Number of vendors that provide elaborate methods mapping
real data to fictitious data
10
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
DATABASE SOFTWARE DATABASE SOFTWARE SECURITY FEATURESSECURITY FEATURES• Views or subschemas• Integrity controls• Authorization rules• User-defined procedures• Encryption• Authentication schemes• Backup, journalizing, and checkpointing
11
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
VIEWS AND INTEGRITY VIEWS AND INTEGRITY CONTROLSCONTROLS Views
Subset of the database that is presented to one or more users
User given access privilege to view without allowing access privilege to underlying tables
Integrity Controls Protect data from unauthorized use Domains–set allowable values Assertions–enforce database conditions Triggers – prevent inappropriate actions, invoke special
handling procedures, write to log files
12
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
AUTHORIZATION RULESAUTHORIZATION RULES Controls incorporated in the data
management system Restrict:
access to data actions that people can take on data
Authorization matrix for: Subjects Objects Actions Constraints
13
Figure 11-4 Authorization matrix
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
AUTHENTICATION SCHEMESAUTHENTICATION SCHEMES Goal – obtain a positive
identification of the user Passwords: First line of defense
Should be at least 8 characters long Should combine alphabetic and
numeric data Should not be complete words or
personal information Should be changed frequently
14
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
AUTHENTICATION SCHEMES AUTHENTICATION SCHEMES (CONT.)(CONT.) Strong Authentication Passwords can be flawed:
Users share them with each other They get written down, could be copied Automatic logon scripts remove need to explicitly
type them in Unencrypted passwords travel the Internet
Possible solutions: Two factor–e.g., key FOB, plus PIN Three factor–e.g., smart card, biometric, PIN
15
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
IT CHANGE MANAGEMENT – IT CHANGE MANAGEMENT – DOCUMENT ALL CHANGES - ITIL METHODSDOCUMENT ALL CHANGES - ITIL METHODS
The process by which changes to operational systems and databases are authorized
For database, changes to: schema, database configuration, updates to DBMS software
Segregation of processes: development, test, production
16
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
LOGICAL ACCESS TO DATALOGICAL ACCESS TO DATA Personnel controls
Hiring practices, employee monitoring, security training, separation of duties
Physical access controls Swipe cards, equipment locking, check-
out procedures, screen placement, laptop protection
17
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
DATABASE RECOVERYDATABASE RECOVERY Mechanism for restoring a database
quickly and accurately after loss or damage
Recovery facilities:• Backup Facilities• Journalizing Facilities• Checkpoint Facility• Recovery Manager
18
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
BACK-UP FACILITIES – VARIOUS BACK-UP FACILITIES – VARIOUS AMOUNT OF DOWNTIMEAMOUNT OF DOWNTIME DBMS copy utility that produces
backup copy of the entire database or subset
Periodic backup (hourly, nightly, weekly)
Cold backup–database is shut down Hot backup–system can be available Backups stored in secure, off-site
location19
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
JOURNALIZING FACILITIESJOURNALIZING FACILITIES Audit trail of transactions and database
updates Transaction log–record of essential data
for each transaction processed against the database
Database change log–images of updated data Before-image–copy before modification After-image–copy after modification
20
Produces an audit trail
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
RECOVERY AND RESTART RECOVERY AND RESTART PROCEDURESPROCEDURES
Disk Mirroring–switch between identical copies of databases
Transaction Integrity–commit or abort all transaction changes
Restore/Rerun–reprocess transactions against the backup
Backward Recovery (Rollback)–apply before images
Forward Recovery (Roll Forward)–apply after images (preferable to restore/rerun)
21
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
TRANSACTION TRANSACTION ACIDACID PROPERTIESPROPERTIES Atomic
Transaction cannot be subdivided Consistent
Constraints don’t change from before transaction to after transaction
Isolated Database changes not revealed to users
until after transaction has completed Durable
Database changes are permanent
22
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall 23
Figure 11-9 Basic recovery techniques a) Rollback
23Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall 24
Figure 11-9 Basic recovery techniques (cont.)b) Rollforward
24Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
CONTROL CONCURRENT CONTROL CONCURRENT ACCESSACCESS Problem–in a multi-user environment,
simultaneous access to data can result in interference and data loss (lost update problem)
Solution–Concurrency ControlConcurrency Control The process of managing simultaneous
operations against a database so that data integrity is maintained and the operations do not interfere with each other in a multi-user environment
25
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall 26
Figure 11-10 Lost update (no concurrency control in effect)
Simultaneous access causes updates to cancel each other.A similar problem is the inconsistent read problem.
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
CONCURRENCY CONTROL CONCURRENCY CONTROL TECHNIQUESTECHNIQUES Serializability
Finish one transaction before starting another
Locking Mechanisms The most common way of achieving
serialization Data that is retrieved for the purpose
of updating is locked for the updater No other user can perform update
until unlocked27
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall 28
Figure 11-11: Updates with locking (concurrency control)
This prevents the lost update problem28Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
LOCKING MECHANISMSLOCKING MECHANISMS Locking level:
Database–used during database updates Table–used for bulk updates Block or page–very commonly used Record–only requested row; fairly commonly
used Field–requires significant overhead; impractical
Types of locks: Shared lock–Read but no update permitted.
Used when just reading to prevent another user from placing an exclusive lock on the record
Exclusive lock–No access permitted. Used when preparing to update
29
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
DATABASE PERFORMANCE DATABASE PERFORMANCE TUNINGTUNING DBMS Installation
Setting installation parameters Memory and Storage Space Usage
Set cache levels Choose background processes Data archiving
Input/output (I/O) Contention Use striping Distribution of heavily accessed files
CPU Usage – Monitor CPU load / competing processes
Application tuning Modification of SQL code in applications Use of heartbeat queries (aka health tests)
30
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
COST OF DOWNTIMECOST OF DOWNTIME
31
Downtime is expensive (financially as well as to an organization’s reputation)
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall
DATA AVAILABILITYDATA AVAILABILITY How to maximize availability
Hardware failures–provide redundancy for fault tolerance
Loss of data–database mirroring Human error–standard operating procedures,
training, documentation Maintenance downtime–automated and non-
disruptive maintenance utilities Network problems–careful traffic monitoring,
firewalls, and routers (intrusion detection systems)
32
Chapter 11 © 2013 Pearson Education, Inc. Publishing as Prentice Hall© 2013 Pearson Education, Inc. Publishing as Prentice Hall 3333
Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Copyright © 2013 Pearson Education, Inc. Publishing as Prentice HallHall