© 2007 by prentice hall 1 chapter 12: data and database administration modern database management 8...

© 2007 by Prentice Hall© 2007 by Prentice Hall 11

Chapter 12:Chapter 12: Data and Database Data and Database

AdministrationAdministration

Modern Database Modern Database ManagementManagement

88thth Edition EditionJeffrey A. Hoffer, Mary B. Prescott, Jeffrey A. Hoffer, Mary B. Prescott,

Fred R. McFaddenFred R. McFadden

22Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall

ObjectivesObjectives Definition of termsDefinition of terms List functions and roles of data/database administrationList functions and roles of data/database administration Describe role of data dictionaries and information Describe role of data dictionaries and information

repositoriesrepositories Compare optimistic and pessimistic concurrency controlCompare optimistic and pessimistic concurrency control Describe problems and techniques for data securityDescribe problems and techniques for data security Describe problems and techniques for data recoveryDescribe problems and techniques for data recovery Describe database tuning issues and list areas where Describe database tuning issues and list areas where

changes can be done to tune the databasechanges can be done to tune the database Describe importance and measures of data qualityDescribe importance and measures of data quality Describe importance and measures of data availabilityDescribe importance and measures of data availability


Traditional Administration Traditional Administration DefinitionsDefinitions

Data AdministrationData Administration:: A high-level function A high-level function that is responsible for the overall that is responsible for the overall management of data resources in an management of data resources in an organization, including maintaining organization, including maintaining corporate-wide definitions and standardscorporate-wide definitions and standards

Database AdministrationDatabase Administration:: A technical A technical function that is responsible for physical function that is responsible for physical database design and for dealing with database design and for dealing with technical issues such as security technical issues such as security enforcement, database performance, and enforcement, database performance, and backup and recoverybackup and recovery


Traditional Data Administration Traditional Data Administration FunctionsFunctions

Data policies, procedures, standardsData policies, procedures, standards PlanningPlanning Data conflict (ownership) resolutionData conflict (ownership) resolution Managing the information repositoryManaging the information repository Internal marketing of DA conceptsInternal marketing of DA concepts


Traditional Database Traditional Database Administration FunctionsAdministration Functions

Selection of DBMS and software toolsSelection of DBMS and software tools Installing/upgrading DBMSInstalling/upgrading DBMS Tuning database performanceTuning database performance Improving query processing Improving query processing

performanceperformance Managing data security, privacy, and Managing data security, privacy, and

integrityintegrity Data backup and recoveryData backup and recovery


Evolving Approaches to Evolving Approaches to Data AdministrationData Administration

Blend data and database administration into one Blend data and database administration into one rolerole

Fast-track development – monitoring development Fast-track development – monitoring development process (analysis, design, implementation, process (analysis, design, implementation, maintenance)maintenance)

Procedural DBAs–managing quality of triggers and Procedural DBAs–managing quality of triggers and stored proceduresstored procedures

eDBA–managing Internet-enabled database eDBA–managing Internet-enabled database applicationsapplications

PDA DBA–data synchronization and personal PDA DBA–data synchronization and personal database managementdatabase management

Data warehouse administrationData warehouse administration


Data Warehouse Data Warehouse AdministrationAdministration

New role, coming with the growth in data New role, coming with the growth in data warehouseswarehouses

Similar to DA/DBA rolesSimilar to DA/DBA roles Emphasis on integration and coordination of Emphasis on integration and coordination of

metadata/data across many data sourcesmetadata/data across many data sources Specific roles:Specific roles:

Support DSS applicationsSupport DSS applications Manage data warehouse growthManage data warehouse growth Establish service level agreements regarding Establish service level agreements regarding

data warehouses and data martsdata warehouses and data marts


Open Source DBMSsOpen Source DBMSs

An alternative to proprietary packages An alternative to proprietary packages such as Oracle, Microsoft SQL Server, such as Oracle, Microsoft SQL Server, or Microsoft Accessor Microsoft Access

mySQL is an example of open-source mySQL is an example of open-source DBMSDBMS

Less expensive than proprietary Less expensive than proprietary packagespackages

Source code available, for modificationSource code available, for modification


Figure 12-2 Data modeling responsibilities


Database SecurityDatabase Security

Database Security:Database Security: Protection Protection of the data against accidental or of the data against accidental or intentional loss, destruction, or intentional loss, destruction, or misusemisuse

Increased difficulty due to Increased difficulty due to Internet access and client/server Internet access and client/server technologiestechnologies


Figure 12-3 Possible locations of data security threats


Threats to Data SecurityThreats to Data Security Accidental losses attributable to:Accidental losses attributable to:

Human errorHuman error Software failureSoftware failure Hardware failureHardware failure

Theft and fraudTheft and fraud Improper data access:Improper data access:

Loss of privacy (personal data)Loss of privacy (personal data) Loss of confidentiality (corporate data)Loss of confidentiality (corporate data)

Loss of data integrityLoss of data integrity Loss of availability (through, e.g. sabotage)Loss of availability (through, e.g. sabotage)


Figure 12-4 Establishing Internet Security


Web SecurityWeb Security

Static HTML files are easy to secureStatic HTML files are easy to secure Standard database access controlsStandard database access controls Place Web files in protected directories on Place Web files in protected directories on

serverserver Dynamic pages are harderDynamic pages are harder

Control of CGI scriptsControl of CGI scripts User authenticationUser authentication Session securitySession security SSL for encryptionSSL for encryption Restrict number of users and open portsRestrict number of users and open ports Remove unnecessary programs Remove unnecessary programs


W3C Web Privacy StandardW3C Web Privacy Standard Platform for Privacy Protection (P3P) Platform for Privacy Protection (P3P) Addresses the following:Addresses the following:

Who collects dataWho collects data What data is collected and for what purposeWhat data is collected and for what purpose Who is data shared withWho is data shared with Can users control access to their dataCan users control access to their data How are disputes resolvedHow are disputes resolved Policies for retaining dataPolicies for retaining data Where are policies kept and how can they be Where are policies kept and how can they be

accessedaccessed


Database Software Database Software Security FeaturesSecurity Features

• Views or subschemasViews or subschemas• Integrity controlsIntegrity controls• Authorization rulesAuthorization rules• User-defined proceduresUser-defined procedures• EncryptionEncryption• Authentication schemesAuthentication schemes• Backup, journalizing, and Backup, journalizing, and

checkpointingcheckpointing


Views and Integrity ControlsViews and Integrity Controls

ViewsViews Subset of the database that is presented to one Subset of the database that is presented to one

or more usersor more users User can be given access privilege to view User can be given access privilege to view

without allowing access privilege to underlying without allowing access privilege to underlying tablestables

Integrity ControlsIntegrity Controls Protect data from unauthorized useProtect data from unauthorized use Domains–set allowable valuesDomains–set allowable values Assertions–enforce database conditionsAssertions–enforce database conditions


Authorization RulesAuthorization Rules Controls incorporated in the data Controls incorporated in the data

management systemmanagement system Restrict: Restrict:

access to dataaccess to data actions that people can take on dataactions that people can take on data

Authorization matrix for:Authorization matrix for: SubjectsSubjects ObjectsObjects ActionsActions ConstraintsConstraints


Figure 12-5 Authorization matrix


Some DBMSs also provide capabilities for user-defined procedures to customize the authorization process

Figure 12-6a Authorization table for subjects (salespeople)

Figure 12-6b Authorization table for objects (orders)

Figure 12-7 Oracle privileges

Implementing authorization rules


Encryption – the coding or scrambling of data so that humans cannot read them

Secure Sockets Layer (SSL) is a popular encryption scheme for TCP/IP connections

Figure 12-8 Basic two-key encryption


Authentication SchemesAuthentication Schemes Goal – obtain a Goal – obtain a positivepositive

identification of the useridentification of the user Passwords: First line of defensePasswords: First line of defense

Should be at least 8 characters longShould be at least 8 characters long Should combine alphabetic and Should combine alphabetic and

numeric datanumeric data Should not be complete words or Should not be complete words or

personal informationpersonal information Should be changed frequentlyShould be changed frequently


Authentication Schemes Authentication Schemes (cont.)(cont.) Strong AuthenticationStrong Authentication

Passwords are flawed:Passwords are flawed: Users share them with each otherUsers share them with each other They get written down, could be copiedThey get written down, could be copied Automatic logon scripts remove need to explicitly type them inAutomatic logon scripts remove need to explicitly type them in Unencrypted passwords travel the InternetUnencrypted passwords travel the Internet

Possible solutions:Possible solutions: Two factor–e.g. smart card plus PINTwo factor–e.g. smart card plus PIN Three factor–e.g. smart card, biometric, PINThree factor–e.g. smart card, biometric, PIN Biometric devices–use of fingerprints, retinal scans, Biometric devices–use of fingerprints, retinal scans,

etc. for positive IDetc. for positive ID Third-party mediated authentication–using secret keys, Third-party mediated authentication–using secret keys,

digital certificatesdigital certificates


Security Policies and Security Policies and ProceduresProcedures

Personnel controlsPersonnel controls Hiring practices, employee monitoring, security Hiring practices, employee monitoring, security

trainingtraining Physical access controlsPhysical access controls

Equipment locking, check-out procedures, screen Equipment locking, check-out procedures, screen placementplacement

Maintenance controlsMaintenance controls Maintenance agreements, access to source code, Maintenance agreements, access to source code,

quality and availability standardsquality and availability standards Data privacy controlsData privacy controls

Adherence to privacy legislation, access rulesAdherence to privacy legislation, access rules


Database RecoveryDatabase Recovery

Mechanism for restoring a Mechanism for restoring a database quickly and accurately database quickly and accurately after loss or damageafter loss or damage

Recovery facilities:Recovery facilities:• Backup FacilitiesBackup Facilities• Journalizing FacilitiesJournalizing Facilities• Checkpoint FacilityCheckpoint Facility• Recovery ManagerRecovery Manager


Back-up FacilitiesBack-up Facilities Automatic dump facility that produces Automatic dump facility that produces

backup copy of the entire databasebackup copy of the entire database Periodic backup (e.g. nightly, weekly)Periodic backup (e.g. nightly, weekly) Cold backup–database is shut down Cold backup–database is shut down

during backupduring backup Hot backup–selected portion is shut Hot backup–selected portion is shut

down and backed up at a given timedown and backed up at a given time Backups stored in secure, off-site Backups stored in secure, off-site

locationlocation


Journalizing FacilitiesJournalizing Facilities Audit trail of transactions and Audit trail of transactions and

database updatesdatabase updates Transaction log–record of essential Transaction log–record of essential

data for each transaction processed data for each transaction processed against the databaseagainst the database

Database change log–images of Database change log–images of updated dataupdated data Before-image–copy before modificationBefore-image–copy before modification After-image–copy after modificationAfter-image–copy after modification

Produces an audit trailaudit trail


Figure 12-9 Database audit trail

From the backup and logs, databases can be restored in case of damage or loss


Checkpoint FacilitiesCheckpoint Facilities

DBMS periodically refuses to accept DBMS periodically refuses to accept new transactionsnew transactions

system is in a system is in a quietquiet state state Database and transaction logs are Database and transaction logs are

synchronizedsynchronized

This allows recovery manager to resume processing from short period, instead of repeating entire day


Recovery and Restart Recovery and Restart ProceduresProcedures

Disk Mirroring–switch between identical Disk Mirroring–switch between identical copies of databasescopies of databases

Restore/Rerun–reprocess transactions Restore/Rerun–reprocess transactions against the backupagainst the backup

Transaction Integrity–commit or abort Transaction Integrity–commit or abort all transaction changesall transaction changes

Backward Recovery (Rollback)–apply Backward Recovery (Rollback)–apply before imagesbefore images

Forward Recovery (Roll Forward)–apply Forward Recovery (Roll Forward)–apply after images (preferable to after images (preferable to restore/rerun)restore/rerun)


Transaction ACID PropertiesTransaction ACID Properties

AtomicAtomic Transaction cannot be subdividedTransaction cannot be subdivided

ConsistentConsistent Constraints don’t change from before Constraints don’t change from before

transaction to after transactiontransaction to after transaction IsolatedIsolated

Database changes not revealed to users until Database changes not revealed to users until after transaction has completedafter transaction has completed

DurableDurable Database changes are permanentDatabase changes are permanent


Figure 12-10 Basic recovery techniques a) Rollback


Figure 12-10 Basic recovery techniques (cont.)b) Rollforward


Database Failure Database Failure ResponsesResponses

Aborted transactionsAborted transactions Preferred recovery: rollbackPreferred recovery: rollback Alternative: Rollforward to state just prior to abortAlternative: Rollforward to state just prior to abort

Incorrect dataIncorrect data Preferred recovery: rollbackPreferred recovery: rollback Alternative 1: rerun transactions not including inaccurate data updatesAlternative 1: rerun transactions not including inaccurate data updates Alternative 2: compensating transactionsAlternative 2: compensating transactions

System failure (database intact)System failure (database intact) Preferred recovery: switch to duplicate databasePreferred recovery: switch to duplicate database Alternative 1: rollbackAlternative 1: rollback Alternative 2: restart from checkpointAlternative 2: restart from checkpoint

Database destructionDatabase destruction Preferred recovery: switch to duplicate databasePreferred recovery: switch to duplicate database Alternative 1: rollforwardAlternative 1: rollforward Alternative 2: reprocess transactionsAlternative 2: reprocess transactions


Concurrency ControlConcurrency Control ProblemProblem–in a multiuser environment, –in a multiuser environment,

simultaneous access to data can simultaneous access to data can result in interference and data lossresult in interference and data loss

SolutionSolution––Concurrency ControlConcurrency Control The process of managing simultaneous The process of managing simultaneous

operations against a database so that operations against a database so that data integrity is maintained and the data integrity is maintained and the operations do not interfere with each operations do not interfere with each other in a multi-user environmentother in a multi-user environment


Figure 12-11 Lost update (no concurrency control in effect)

Simultaneous access causes updates to cancel each otherA similar problem is the inconsistent readinconsistent read problem


Concurrency Control Concurrency Control TechniquesTechniques

SerializabilitySerializability Finish one transaction before starting Finish one transaction before starting

anotheranother Locking Mechanisms Locking Mechanisms

The most common way of achieving The most common way of achieving serializationserialization

Data that is retrieved for the purpose of Data that is retrieved for the purpose of updating is locked for the updaterupdating is locked for the updater

No other user can perform update until No other user can perform update until unlockedunlocked


Figure 12-12: Updates with locking (concurrency control)

This prevents the lost update problem


Locking MechanismsLocking Mechanisms Locking level:Locking level:

Database–used during database updatesDatabase–used during database updates Table–used for bulk updatesTable–used for bulk updates Block or page–very commonly usedBlock or page–very commonly used Record–only requested row; fairly commonly Record–only requested row; fairly commonly

usedused Field–requires significant overhead; impracticalField–requires significant overhead; impractical

Types of locks:Types of locks: Shared lock–Read but no update permitted. Shared lock–Read but no update permitted.

Used when just reading to prevent another user Used when just reading to prevent another user from placing an exclusive lock on the recordfrom placing an exclusive lock on the record

Exclusive lock–No access permitted. Used Exclusive lock–No access permitted. Used when preparing to updatewhen preparing to update


DeadlockDeadlock An impasse that results when two or more An impasse that results when two or more

transactions have locked common resources, and transactions have locked common resources, and each waits for the other to unlock their resourceseach waits for the other to unlock their resources

Figure 12-13The problem of deadlock

John and Marsha will wait John and Marsha will wait forever for each other to forever for each other to release their locked release their locked resources!resources!


Managing DeadlockManaging Deadlock Deadlock prevention:Deadlock prevention:

Lock all records required at the beginning of a Lock all records required at the beginning of a transactiontransaction

Two-phase locking protocolTwo-phase locking protocol Growing phaseGrowing phase Shrinking phaseShrinking phase

May be difficult to determine all needed May be difficult to determine all needed resources in advanceresources in advance

Deadlock Resolution:Deadlock Resolution: Allow deadlocks to occurAllow deadlocks to occur Mechanisms for detecting and breaking themMechanisms for detecting and breaking them

Resource usage matrixResource usage matrix


VersioningVersioning

Optimistic approach to concurrency Optimistic approach to concurrency controlcontrol

Instead of lockingInstead of locking Assumption is that simultaneous updates Assumption is that simultaneous updates

will be infrequentwill be infrequent Each transaction can attempt an update Each transaction can attempt an update

as it wishesas it wishes The system will reject an update when it The system will reject an update when it

senses a conflictsenses a conflict Use of rollback and commit for thisUse of rollback and commit for this


Figure 12-15 The use of versioning

Better performance than locking


Managing Data QualityManaging Data Quality Causes of poor data qualityCauses of poor data quality

External data sourcesExternal data sources Redundant data storageRedundant data storage Lack of organizational commitmentLack of organizational commitment

Data quality improvementData quality improvement Perform data quality auditPerform data quality audit Establish data stewardship program (data Establish data stewardship program (data

stewardsteward is a liaison between IT and business is a liaison between IT and business units)units)

Apply total quality management (TQM) practicesApply total quality management (TQM) practices Overcome organizational barriersOvercome organizational barriers Apply modern DBMS technologyApply modern DBMS technology Estimate return on investmentEstimate return on investment


Data Dictionaries and Data Dictionaries and RepositoriesRepositories

Data dictionaryData dictionary Documents data elements of a databaseDocuments data elements of a database

System catalogSystem catalog System-created database that describes all database System-created database that describes all database

objectsobjects Information RepositoryInformation Repository

Stores metadata describing data and data processing Stores metadata describing data and data processing resourcesresources

Information Repository Dictionary System Information Repository Dictionary System (IRDS)(IRDS) Software tool managing/controlling access to Software tool managing/controlling access to

information repositoryinformation repository


Figure 12-16 Three components of the repository system architecture

A schema of the repository information

Software that manages the repository objects

Where repository objects are stored

Source: adapted from Bernstein, 1996.


Database Performance Database Performance TuningTuning DBMS InstallationDBMS Installation

Setting installation parametersSetting installation parameters Memory Usage Memory Usage

Set cache levelsSet cache levels Choose background processesChoose background processes

Input/Output (I/O) ContentionInput/Output (I/O) Contention Use stripingUse striping Distribution of heavily accessed filesDistribution of heavily accessed files

CPU UsageCPU Usage Monitor CPU loadMonitor CPU load

Application tuningApplication tuning Modification of SQL code in applicationsModification of SQL code in applications


Data AvailabilityData Availability Downtime is expensiveDowntime is expensive How to ensure availabilityHow to ensure availability

Hardware failures–provide redundancy Hardware failures–provide redundancy for fault tolerancefor fault tolerance

Loss of data–database mirroringLoss of data–database mirroring Maintenance downtime–automated and Maintenance downtime–automated and

nondisruptive maintenance utilitiesnondisruptive maintenance utilities Network problems–careful traffic Network problems–careful traffic

monitoring, firewalls, and routersmonitoring, firewalls, and routers

© 2007 by prentice hall 1 chapter 12: data and database administration modern database management 8...

Documents

data administration

data recovery

standards data administration

recovery data backup

standards data policies

role of data dictionaries

role blend data

integrity data backup