Microsoft Server Product PortfolioCustomer Solution Case Study

Upgraded the enterprise-wide database in preparation for the revised

OverviewCountry or Region: KoreaIndustry: ChemicalCustomer ProfileAs a comprehensive petrochemical company, HPC has led the growth of heavy chemical industries of Korea. Also HPC is providing plastics, synthetics, and basic chemicals. The company has the largest shares in HDPE, PP and MEG in the Korean market.Business SituationAn enterprise-wide database access control and encryption project was promoted to prepare the revised privacy law.SolutionHonam Petrochemical Corp. encrypted SAP data using TDE encryption of SQL Server 2008, which was followed by encryption of systems containing personal information among databases across the company.Benefits Improved IT regulatory compliance Reduced initial instruction and

maintenance cost No performance compromise by

encryption Optimized the enterprise-wide data

platform

“There was no difference in CPU utilization and response time of SAP operation whether it was on the SQL Server 2005 environment without data encrypting or on the upgraded SQL Server 2008 with TDE encryption. On the contrary to this, SAP file encrypting using the third-party appliance consumed 9.6% more time to execute T-Code of main module.”

Dae Won Kang, Assistant Manager of Information Strategy Team

Honam Petrochemical Corp. upgraded all the company-wide SQL Servers from version 2005 to 2008. The background of this project was to thoroughly prepare an enforcement of new privacy law with the database access control and encryption related regulation added. At first, Honam Petrochemical Corp. considered the proprietary solution and equipment for the access control and encryption. Access control would be solved by using domestic solution to make an environment enabling control and audit which they hope to achieve, but the encryption was quite a different thing. Though a well known proprietary encrypting appliance was decided to be introduced, the problem which code was broken during data backup and restoring was found in advance test. This was an abnormal phenomenon being deviated from the internal encryption work guideline of Honam Petrochemical. Honam Petrochemical immediately had tried to find alternative method, and finally made a decision that the Transparent Data Encryption (TDE) of SQL Server 2008 could meet the encryption criteria of it. According to the self-assessment, using TDE had a great advantage of performance, the most important metric of encryption. There is no performance difference in encoding and decoding of SAP data between using SQL Server 2005 and 2008 upgrade version with TDE enabled. It’s a remarkable result considering no upgrade of server was done. On the other hand, the proprietary solution showed 9.6% performance penalty imposed by encoding and decoding of files. Honam Petrochemical changed its plan and activated TDE feature with upgrading a high priority SAP database environment to SQL Server 2008 for complying with privacy law. And then, they have entered upgrading more than 100 databases across the company.

SituationOctober, 2010, Honam Petrochemical Corp. successfully finished its database access control and encryption as a part of groundwork in preparation for new privacy law. The project was first planned in the early of 2009, and at that time, the movement in preparation for privacy law was just about to come in sight among the businesses dealing lots of customers’ personal information like finance field.

The first plan of Honam Petrochemical was the use of proprietary solution and equipments. The company wanted to sophisticate a secure system to meet the revised privacy law with the configuration changes of more than 100 databases minimized. As for the Honam Petrochemical, the Enterprise Resource Planning (ERP) was the most directly affected system by the revised privacy law. Because ERP has the most part of the personal information to be protected, so the high priority of access control and encryption was given to it.

Honam Petrochemical’s ERP environment was being used in 5 companies including head office and its subsidiaries under the single instance system based on SAP. Considering SAP, the database access control and encryption was a big task and Honam Petrochemical had to pay close attention to choose the solution. For database access control, it was not difficult to choose solution. Honam Petrochemical could easily found the solution required for fundamentally preventing indiscreet access to the database by developers or managers and meeting the audit functions for various works.

On the other hand, database encryption needed some trials and errors to find optimal choice. At first, Honam Petrochemical thoroughly inspected 2 options, the modification of SAP application and the use of proprietary appliances. In this regard, Dae Won Kang, Assistant Manager of Information Strategy Team, said, “Encryption by modifying ABAP application of SAP needs too much cost and time in the respect of investing developers. So, we made a mind to introduce a proprietary appliance for database encryption to review various domestic equipments, and then finally chose a C solution of V company to do the benchmarking before actual introduction.”

Unexpected issue was found at the benchmarking. After the data being encrypted, its operation in SAP environment was good, but the problem which code was broken during backup and restoring of database was found. Dae Won Kang, Assistant Manager of Information Strategy Team, said, “After knowing the problem in backup and restoring process, as an alternative of appliance, a promotion of pilot project to verify disk level of encryption was internally agreed.”

SolutionThe most thoroughly verified feature by the Honam Petrochemical was a Transparent Data Encryption (TDE) of SQL Server 2008 through the pilot project. Generally, companies concerns 2 things when they consider the use of encryption feature built in database. One thing is how it can be applied to their existing database, and the other is performance compromise of server being overloaded by encoding and decoding.

2 5

Honam Petrochemical completely solved these concerns through the pilot project. They found an answer to the first concern, being applied to the existing environment, that it can be solved by database upgrading to the SQL Server 2008. And as for the second concern of performance compromise issue, there was no need to worry. The testing showed less compromise compared to using proprietary appliance. They found a succinct solution, just upgrade of the existing database system to the SQL Server 2008 without application modification, database configuration changes or high-performance server introduction.

Honam Petrochemical chose SAP database for the first target after deciding upgrade of SQL Server 2008 as a preceding task for disk level of encryption. Considering that the ERP was used for 5 companies, Honam Petrochemical made a careful upgrading plan of action. The biggest concern of staffs while preparing was if there would be any problem in operating SAP service. First, advancing issue caused by database version-up of 2005 to 2008 can be easily apprehended through upgrading support tools like SQL Server Upgrade Advisor. General problems, for instance, problems that could happen because of disappearing or changing of grammar, function or option through version up, were easily settled. And OS/DB migration check and support package provided by SAP were useful for the stable verifying of the application linked to the SAP.

Honam Petrochemical had changed its SAP operation database to the SQL Server 2005 in accordance with the version upgrade of

SAP ECC in the last 2007. To upgrade it to the SQL Server 2008, they carried on total two times of simulated training for system analysis, plan, test environment deployment and the advance running verification for a 5-month schedule. For your information, Honam Petrochemical utilized the system of disaster recovery center to make testing environment with the cluster-based real SAP operating situation reflected.

A real running was carried on while engineers of Microsoft Korea and SAP were standing by. The upgrade to the SQL Server 2008 was carried on after advance work like SAP service suspending, database backup and procedure deleting. And all series of work, such as updating the statistics of total database and restarting the SAP service, was completed with pinpoint accuracy.

On the other hand, besides SAP, Honam Petrochemical has a plan to gradually upgrade the SQL Server for each Line of Business (LOB) application to the SQL Server 2008, and to finish up the sophistication of company-wide data platform with SAP BI in 2011.

Benefits

Improved IT regulatory compliance

As of December 2010, Honam Petrochemical has the industry’s most advanced security. It’s beyond a required security level of revised privacy law. Dae Won Kang, Assistant Manager of Information Strategy Team, said, “To fulfill the new privacy law, both access control and encryption have to be satisfied. For the petrochemical business, this year isn’t the

3 5

legal deadline, but Honam Petrochemical made a smart move to be prepared in advance.”

For your information, in case of Honam Petrochemical, all access, whether it is a structured access through the application like SAP or unstructured access through the undefined application like SQL tool, are strictly controlled. The work is enabled only through the database access approval procedure on the electronic authorization engine whether he is a manager or developer. The data encrypting also applied to the company-wide database level. The company-wide guideline of Honam Petrochemical is composed of 7 articles, 1) encrypting total database not just a separate table or column 2) impossible to detach from the database and attach to the other server 3) impossible to restore to the other server after database backup 4) maintaining the encrypting while configuring the mirror database 5) no performance compromise by encrypting 6) encrypting even to the backup file 7) easy to manage the encoding/decoding key, and TDE ideally satisfied these.

Reduced initial instruction and maintenance cost

Honam Petrochemical carried on the encrypting task through the TDE built in SQL Server 2008 without additional cost, and unexpected cost reduction could be drawn as a result. Dae Won Kang, Assistant Manager of Information Strategy Team, said, “We could do the encryption task even to the other business database as well as the SAP without additional cost. Compared to introducing proprietary appliance, cost reduction is run to 300~400

million won. And no additional investment for its initial introduction and operation was necessary.”

In fact, there is more important effect than cost reduction for Honam Petrochemical. It is the fact that the company need not modify the configurations of database related solution. Dae Won Kang, Assistant Manager of Information Strategy Team, said, “Upgrading to the SQL Server 2008 alone can solve the encrypting issue, so we don’t need to modify the application or configuration of related solutions like mirror database, Symmetric Remote Data and Facility.”

No performance compromise by encryption

The biggest concern of every company in encrypting task is performance compromise. At least in this concern, Honam Petrochemical need not worry. Because they drew a better result than using the proprietary appliance even though they did the disk level encrypting by TDE of SQL Server 2008. Dae Won Kang, Assistant Manager of Information Strategy Team, said, “There was no difference in CPU utilization and response time of SAP operation whether it was on the SQL Server 2005 environment without data encrypting or on the upgraded SQL Server 2008 with TDE encryption. On the contrary to this, SAP file encrypting using the third-party appliance consumed 9.6% more time to execute T-Code of main module.”

There was another notable result. When using the TDE, there was no burden of spending down time with mission-critical system like ERP. Dae Won Kang, Assistant

4 5

Manager of Information Strategy Team, said, “There was an advance assessment that when using TDE, encrypting task is possible online, but proprietary appliance need the down time to work because it cannot be encrypted online.”

Optimized the enterprise-wide data platform

Taking this encrypting, Honam Petrochemical could raise the operational efficiency and security level of company-wide data platform. Dae Won Kang, Assistant Manager of Information Strategy Team, said, “When using TDE, the compression feature, another powerful feature of the SQL Server 2008, is not available. Besides the encrypting task, making the better use of disk was also an improving point of this company-wide database version upgrade. So, the TDE feature was applied to the database containing personal information after upgrading, but compression feature was activated to the others.” This is way Honam Petrochemical can optimize the operation and management efficiency of more than 100 SQL Server-based databases across the company according to their role.

Microsoft Server Product PortfolioFor more information about the Microsoft server product portfolio, go to:www.microsoft.com/servers/default.mspx

5 5

For More InformationFor more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers who are deaf or hard-of-hearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234 in the United States or (905) 568-9641 in Canada. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to: www.microsoft.com

For more information about LG Electronics’s products and services, visit www.lge.co.kr

Partner InformationFor more information about LG CNS’s products and services, visit www.lgcns.co.kr

For more information about Inbrein’s products and services, visit www.inbrein.com

This case study is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Document published January 2011

Software and Services Products

− Windows Server 2008 R2− SQL Server 2008 R2− SQL Server Analysis Services− SQL Server Integration Services