Vous êtes sur la page 1sur 33

CHAPTER 11: DATA AND DATABASE ADMINISTRATION

Modern Database Management 11th Edition

Jeffrey A. Hoffer, V. Ramesh, Heikki Topi


Modifications: Jeff Fineberg

Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall

OBJECTIVES

List functions and roles of data/database administration Describe problems and techniques for data security Understand role of databases in Sarbanes-Oxley compliance Describe problems and facilities for data recovery Describe database tuning issues and list areas where changes can be done to tune the database Describe importance and measures of data availability Securing development and test data
2

Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall

TRADITIONAL ADMINISTRATION DEFINITIONS


Data Administration (managerial): responsible for the overall management of data resources in an organization, including data definitions and standards Database Administration (technical): responsible for physical database design and for dealing with technical issues such as security enforcement, database performance, and backup and recovery Same person may perform both roles

Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall


3

TRADITIONAL DATABASE ADMINISTRATION FUNCTIONS


Analyzing and designing databases Selecting DBMS and software tools Installing/upgrading DBMS Troubleshooting Tuning database performance Improving query processing performance Managing data security, privacy, and integrity Data backup and recovery
4

Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall

TRADITIONAL DATA ADMINISTRATION FUNCTIONS


Data

policies, procedures, standards Planning Data conflict (ownership) resolution Managing the information repository Internal marketing of DA concepts
Raise

awareness of the importance of practices

Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall

INEFFECTIVE DATA MANAGEMENT MAY RESULT IN POOR DATA QUALITY


Multiple dissimilar data definitions, causing data integration problems / poor data value Inappropriate data sources and timing, causing lowered reliability Inadequate familiarity, causing ineffective use of data for planning and strategy Accidental deletion or destruction

(update cust set name = without using a where clause!)

Poor response time and excessive downtime Unauthorized access, leading to embarrassment to organization
6

Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall

DATA WAREHOUSE ADMINISTRATION


New role, coming with growth in data warehouses / rather than operational data work Similar to DA/DBA roles Emphasis on integration and coordination of metadata/data across many data sources Specific roles:

Support

Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall

decision support applications Manage data warehouse growth Establish service level agreements regarding data warehouses and data marts
7

OPEN SOURCE (VS. PROPRIETARY) DB MANAGEMENT


An alternative to proprietary packages such as Oracle, Microsoft SQL Server, or Microsoft Access MySQL an open-source DBMS Less expensive than proprietary packages Source code available, for modification Absence of complete documentation Ambiguous licensing concerns Not as feature-rich as proprietary DBMSs Vendors may not have Inc. certification programs Pearson Education, Publishing as Prentice Hall Chapter 11 2013

THREATS TO DATA SECURITY

Accidental losses attributable to:


Human

error Software failure Hardware failure

Theft and fraud Loss of data integrity Loss of availability (e.g., through sabotage) For each, what preventative measures can be taken?

Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall


9

THREATS TO DATA SECURITY

Loss of privacy or confidentiality


Loss of privacy (personal data) Loss of confidentiality (corporate data) Principal of least privilege Encrypting data in transit (over the wire) Encrypting data at rest (sitting on disk) Protect PII (personally Identifiable Information SSN, Name/Address, Credit Card numbers, etc.) Can be done programmatically Number of vendors that provide elaborate methods mapping real data to fictitious data
10

Production environments

Development environments - Data Masking


Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall

DATABASE SOFTWARE SECURITY FEATURES

Views or subschemas Integrity controls Authorization rules User-defined procedures Encryption Authentication schemes Backup, journalizing, and checkpointing
11

Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall

VIEWS AND INTEGRITY CONTROLS

Views

Subset of the database that is presented to one or more users User given access privilege to view without allowing access privilege to underlying tables Protect data from unauthorized use Domainsset allowable values Assertionsenforce database conditions Triggers prevent inappropriate actions, invoke special handling procedures, write to log files
12

Integrity Controls

Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall

AUTHORIZATION RULES
Controls incorporated in the data management system Restrict:

access

to data actions that people can take on data

Authorization matrix for:


Subjects Objects

Actions
Constraints
Figure 11-4 Authorization matrix
13

Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall

AUTHENTICATION SCHEMES
obtain a positive identification of the user Passwords: First line of defense
Goal
Should

be at least 8 characters long Should combine alphabetic and numeric data Should not be complete words or personal information Should be changed frequently
Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall
14

AUTHENTICATION SCHEMES (CONT.)


Strong

Authentication
can be flawed:

Passwords
Users

share them with each other They get written down, could be copied Automatic logon scripts remove need to explicitly type them in Unencrypted passwords travel the Internet
Possible
Two

solutions:

factore.g., key FOB, plus PIN Three factore.g., smart card, biometric, PIN
Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall
15

IT CHANGE MANAGEMENT DOCUMENT


ALL CHANGES - ITIL METHODS

The process by which changes to operational systems and databases are authorized For database, changes to: schema, database configuration, updates to DBMS software Segregation of processes: development, test, production

Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall

16

LOGICAL ACCESS TO DATA


Personnel
Hiring

controls

practices, employee monitoring, security training, separation of duties

Physical

access controls

Swipe cards, equipment locking, check-out procedures, screen placement, laptop protection
17

Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall

DATABASE RECOVERY
Mechanism for restoring a database quickly and accurately after loss or damage Recovery facilities:

Backup Facilities Journalizing Facilities Checkpoint Facility Recovery Manager


18

Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall

BACK-UP FACILITIES VARIOUS AMOUNT OF DOWNTIME


DBMS copy utility that produces backup copy of the entire database or subset Periodic backup (hourly, nightly, weekly) Cold backupdatabase is shut down Hot backupsystem can be available Backups stored in secure, off-site location

Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall


19

JOURNALIZING FACILITIES
Audit trail of transactions and database updates Transaction logrecord of essential data for each transaction processed against the database Database change logimages of updated data Before-imagecopy before modification After-imagecopy after modification

Produces an audit trail

Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall

20

RECOVERY AND RESTART PROCEDURES


Disk Mirroringswitch between identical copies of databases Transaction Integritycommit or abort all transaction changes Restore/Rerunreprocess transactions against the backup Backward Recovery (Rollback)apply before images Forward Recovery (Roll Forward)apply after images (preferable to restore/rerun) Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall

21

TRANSACTION ACID PROPERTIES


Atomic
Transaction

cannot be subdivided

Consistent
Constraints

dont change from before transaction to after transaction changes not revealed to users until after transaction has completed changes are permanent
22

Isolated
Database

Durable
Database
Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall

Figure 11-9 Basic recovery techniques a) Rollback

Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall

23

Figure 11-9 Basic recovery techniques (cont.) b) Rollforward

Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall

24

CONTROL CONCURRENT ACCESS


Problemin

a multi-user environment, simultaneous access to data can result in interference and data loss (lost update problem) SolutionConcurrency Control
process of managing simultaneous operations against a database so that data integrity is maintained and the operations do not interfere with each other in a multiuser environment Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall
The

25

Figure 11-10 Lost update (no concurrency control in effect)

Simultaneous access causes updates to cancel each other. A similar problem is the inconsistent read problem.
Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall
26

CONCURRENCY CONTROL TECHNIQUES

Serializability

Finish one transaction before starting another

Locking Mechanisms
The

most common way of achieving serialization Data that is retrieved for the purpose of updating is locked for the updater No other user can perform update until unlocked
Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall
27

Figure 11-11: Updates with locking (concurrency control)

This prevents the lost update problem


Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall
28

LOCKING MECHANISMS

Locking level:

Databaseused during database updates Tableused for bulk updates Block or pagevery commonly used Recordonly requested row; fairly commonly used Fieldrequires significant overhead; impractical Shared lockRead but no update permitted. Used when just reading to prevent another user from placing an exclusive lock on the record Exclusive lockNo access permitted. Used when preparing to update
29

Types of locks:

Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall

DATABASE PERFORMANCE TUNING


DBMS Installation

Setting installation parameters Set cache levels Choose background processes Data archiving

Memory and Storage Space Usage


Input/output (I/O) Contention

Use striping Distribution of heavily accessed files CPU Usage Monitor CPU load / competing processes

Application tuning

Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall

Modification of SQL code in applications Use of heartbeat queries (aka health tests)

30

COST OF DOWNTIME

Downtime is expensive (financially as well as to an organizations reputation)


Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall
31

DATA AVAILABILITY

How to maximize availability


Hardware

failuresprovide redundancy for fault

tolerance Loss of datadatabase mirroring Human errorstandard operating procedures, training, documentation Maintenance downtimeautomated and nondisruptive maintenance utilities Network problemscareful traffic monitoring, firewalls, and routers (intrusion detection systems)
Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall
32

Copyright 2013 Pearson Education, Inc. Publishing as Prentice Hall

Chapter 11 2013 Pearson Education, Inc. Publishing as Prentice Hall

33