© 2007 by prentice hall 1 chapter 12: data and database administration modern database management 8...
Post on 21-Dec-2015
228 views
TRANSCRIPT
© 2007 by Prentice Hall© 2007 by Prentice Hall 11
Chapter 12:Chapter 12: Data and Database Data and Database
AdministrationAdministration
Modern Database Modern Database ManagementManagement
88thth Edition EditionJeffrey A. Hoffer, Mary B. Prescott, Jeffrey A. Hoffer, Mary B. Prescott,
Fred R. McFaddenFred R. McFadden
22Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
ObjectivesObjectives Definition of termsDefinition of terms List functions and roles of data/database administrationList functions and roles of data/database administration Describe role of data dictionaries and information Describe role of data dictionaries and information
repositoriesrepositories Compare optimistic and pessimistic concurrency controlCompare optimistic and pessimistic concurrency control Describe problems and techniques for data securityDescribe problems and techniques for data security Describe problems and techniques for data recoveryDescribe problems and techniques for data recovery Describe database tuning issues and list areas where Describe database tuning issues and list areas where
changes can be done to tune the databasechanges can be done to tune the database Describe importance and measures of data qualityDescribe importance and measures of data quality Describe importance and measures of data availabilityDescribe importance and measures of data availability
33Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Traditional Administration Traditional Administration DefinitionsDefinitions
Data AdministrationData Administration:: A high-level function A high-level function that is responsible for the overall that is responsible for the overall management of data resources in an management of data resources in an organization, including maintaining organization, including maintaining corporate-wide definitions and standardscorporate-wide definitions and standards
Database AdministrationDatabase Administration:: A technical A technical function that is responsible for physical function that is responsible for physical database design and for dealing with database design and for dealing with technical issues such as security technical issues such as security enforcement, database performance, and enforcement, database performance, and backup and recoverybackup and recovery
44Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Traditional Data Administration Traditional Data Administration FunctionsFunctions
Data policies, procedures, standardsData policies, procedures, standards PlanningPlanning Data conflict (ownership) resolutionData conflict (ownership) resolution Managing the information repositoryManaging the information repository Internal marketing of DA conceptsInternal marketing of DA concepts
55Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Traditional Database Traditional Database Administration FunctionsAdministration Functions
Selection of DBMS and software toolsSelection of DBMS and software tools Installing/upgrading DBMSInstalling/upgrading DBMS Tuning database performanceTuning database performance Improving query processing Improving query processing
performanceperformance Managing data security, privacy, and Managing data security, privacy, and
integrityintegrity Data backup and recoveryData backup and recovery
66Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Evolving Approaches to Evolving Approaches to Data AdministrationData Administration
Blend data and database administration into one Blend data and database administration into one rolerole
Fast-track development – monitoring development Fast-track development – monitoring development process (analysis, design, implementation, process (analysis, design, implementation, maintenance)maintenance)
Procedural DBAs–managing quality of triggers and Procedural DBAs–managing quality of triggers and stored proceduresstored procedures
eDBA–managing Internet-enabled database eDBA–managing Internet-enabled database applicationsapplications
PDA DBA–data synchronization and personal PDA DBA–data synchronization and personal database managementdatabase management
Data warehouse administrationData warehouse administration
77Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Data Warehouse Data Warehouse AdministrationAdministration
New role, coming with the growth in data New role, coming with the growth in data warehouseswarehouses
Similar to DA/DBA rolesSimilar to DA/DBA roles Emphasis on integration and coordination of Emphasis on integration and coordination of
metadata/data across many data sourcesmetadata/data across many data sources Specific roles:Specific roles:
Support DSS applicationsSupport DSS applications Manage data warehouse growthManage data warehouse growth Establish service level agreements regarding Establish service level agreements regarding
data warehouses and data martsdata warehouses and data marts
88Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Open Source DBMSsOpen Source DBMSs
An alternative to proprietary packages An alternative to proprietary packages such as Oracle, Microsoft SQL Server, such as Oracle, Microsoft SQL Server, or Microsoft Accessor Microsoft Access
mySQL is an example of open-source mySQL is an example of open-source DBMSDBMS
Less expensive than proprietary Less expensive than proprietary packagespackages
Source code available, for modificationSource code available, for modification
99Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Figure 12-2 Data modeling responsibilities
1010Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Database SecurityDatabase Security
Database Security:Database Security: Protection Protection of the data against accidental or of the data against accidental or intentional loss, destruction, or intentional loss, destruction, or misusemisuse
Increased difficulty due to Increased difficulty due to Internet access and client/server Internet access and client/server technologiestechnologies
1111Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Figure 12-3 Possible locations of data security threats
1212Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Threats to Data SecurityThreats to Data Security Accidental losses attributable to:Accidental losses attributable to:
Human errorHuman error Software failureSoftware failure Hardware failureHardware failure
Theft and fraudTheft and fraud Improper data access:Improper data access:
Loss of privacy (personal data)Loss of privacy (personal data) Loss of confidentiality (corporate data)Loss of confidentiality (corporate data)
Loss of data integrityLoss of data integrity Loss of availability (through, e.g. sabotage)Loss of availability (through, e.g. sabotage)
1313Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Figure 12-4 Establishing Internet Security
1414Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Web SecurityWeb Security
Static HTML files are easy to secureStatic HTML files are easy to secure Standard database access controlsStandard database access controls Place Web files in protected directories on Place Web files in protected directories on
serverserver Dynamic pages are harderDynamic pages are harder
Control of CGI scriptsControl of CGI scripts User authenticationUser authentication Session securitySession security SSL for encryptionSSL for encryption Restrict number of users and open portsRestrict number of users and open ports Remove unnecessary programs Remove unnecessary programs
1515Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
W3C Web Privacy StandardW3C Web Privacy Standard Platform for Privacy Protection (P3P) Platform for Privacy Protection (P3P) Addresses the following:Addresses the following:
Who collects dataWho collects data What data is collected and for what purposeWhat data is collected and for what purpose Who is data shared withWho is data shared with Can users control access to their dataCan users control access to their data How are disputes resolvedHow are disputes resolved Policies for retaining dataPolicies for retaining data Where are policies kept and how can they be Where are policies kept and how can they be
accessedaccessed
1616Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Database Software Database Software Security FeaturesSecurity Features
• Views or subschemasViews or subschemas• Integrity controlsIntegrity controls• Authorization rulesAuthorization rules• User-defined proceduresUser-defined procedures• EncryptionEncryption• Authentication schemesAuthentication schemes• Backup, journalizing, and Backup, journalizing, and
checkpointingcheckpointing
1717Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Views and Integrity ControlsViews and Integrity Controls
ViewsViews Subset of the database that is presented to one Subset of the database that is presented to one
or more usersor more users User can be given access privilege to view User can be given access privilege to view
without allowing access privilege to underlying without allowing access privilege to underlying tablestables
Integrity ControlsIntegrity Controls Protect data from unauthorized useProtect data from unauthorized use Domains–set allowable valuesDomains–set allowable values Assertions–enforce database conditionsAssertions–enforce database conditions
1818Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Authorization RulesAuthorization Rules Controls incorporated in the data Controls incorporated in the data
management systemmanagement system Restrict: Restrict:
access to dataaccess to data actions that people can take on dataactions that people can take on data
Authorization matrix for:Authorization matrix for: SubjectsSubjects ObjectsObjects ActionsActions ConstraintsConstraints
2020Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Some DBMSs also provide capabilities for user-defined procedures to customize the authorization process
Figure 12-6a Authorization table for subjects (salespeople)
Figure 12-6b Authorization table for objects (orders)
Figure 12-7 Oracle privileges
Implementing authorization rules
2121Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Encryption – the coding or scrambling of data so that humans cannot read them
Secure Sockets Layer (SSL) is a popular encryption scheme for TCP/IP connections
Figure 12-8 Basic two-key encryption
2222Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Authentication SchemesAuthentication Schemes Goal – obtain a Goal – obtain a positivepositive
identification of the useridentification of the user Passwords: First line of defensePasswords: First line of defense
Should be at least 8 characters longShould be at least 8 characters long Should combine alphabetic and Should combine alphabetic and
numeric datanumeric data Should not be complete words or Should not be complete words or
personal informationpersonal information Should be changed frequentlyShould be changed frequently
2323Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Authentication Schemes Authentication Schemes (cont.)(cont.) Strong AuthenticationStrong Authentication
Passwords are flawed:Passwords are flawed: Users share them with each otherUsers share them with each other They get written down, could be copiedThey get written down, could be copied Automatic logon scripts remove need to explicitly type them inAutomatic logon scripts remove need to explicitly type them in Unencrypted passwords travel the InternetUnencrypted passwords travel the Internet
Possible solutions:Possible solutions: Two factor–e.g. smart card plus PINTwo factor–e.g. smart card plus PIN Three factor–e.g. smart card, biometric, PINThree factor–e.g. smart card, biometric, PIN Biometric devices–use of fingerprints, retinal scans, Biometric devices–use of fingerprints, retinal scans,
etc. for positive IDetc. for positive ID Third-party mediated authentication–using secret keys, Third-party mediated authentication–using secret keys,
digital certificatesdigital certificates
2424Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Security Policies and Security Policies and ProceduresProcedures
Personnel controlsPersonnel controls Hiring practices, employee monitoring, security Hiring practices, employee monitoring, security
trainingtraining Physical access controlsPhysical access controls
Equipment locking, check-out procedures, screen Equipment locking, check-out procedures, screen placementplacement
Maintenance controlsMaintenance controls Maintenance agreements, access to source code, Maintenance agreements, access to source code,
quality and availability standardsquality and availability standards Data privacy controlsData privacy controls
Adherence to privacy legislation, access rulesAdherence to privacy legislation, access rules
2525Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Database RecoveryDatabase Recovery
Mechanism for restoring a Mechanism for restoring a database quickly and accurately database quickly and accurately after loss or damageafter loss or damage
Recovery facilities:Recovery facilities:• Backup FacilitiesBackup Facilities• Journalizing FacilitiesJournalizing Facilities• Checkpoint FacilityCheckpoint Facility• Recovery ManagerRecovery Manager
2626Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Back-up FacilitiesBack-up Facilities Automatic dump facility that produces Automatic dump facility that produces
backup copy of the entire databasebackup copy of the entire database Periodic backup (e.g. nightly, weekly)Periodic backup (e.g. nightly, weekly) Cold backup–database is shut down Cold backup–database is shut down
during backupduring backup Hot backup–selected portion is shut Hot backup–selected portion is shut
down and backed up at a given timedown and backed up at a given time Backups stored in secure, off-site Backups stored in secure, off-site
locationlocation
2727Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Journalizing FacilitiesJournalizing Facilities Audit trail of transactions and Audit trail of transactions and
database updatesdatabase updates Transaction log–record of essential Transaction log–record of essential
data for each transaction processed data for each transaction processed against the databaseagainst the database
Database change log–images of Database change log–images of updated dataupdated data Before-image–copy before modificationBefore-image–copy before modification After-image–copy after modificationAfter-image–copy after modification
Produces an audit trailaudit trail
2828Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Figure 12-9 Database audit trail
From the backup and logs, databases can be restored in case of damage or loss
2929Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Checkpoint FacilitiesCheckpoint Facilities
DBMS periodically refuses to accept DBMS periodically refuses to accept new transactionsnew transactions
system is in a system is in a quietquiet state state Database and transaction logs are Database and transaction logs are
synchronizedsynchronized
This allows recovery manager to resume processing from short period, instead of repeating entire day
3030Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Recovery and Restart Recovery and Restart ProceduresProcedures
Disk Mirroring–switch between identical Disk Mirroring–switch between identical copies of databasescopies of databases
Restore/Rerun–reprocess transactions Restore/Rerun–reprocess transactions against the backupagainst the backup
Transaction Integrity–commit or abort Transaction Integrity–commit or abort all transaction changesall transaction changes
Backward Recovery (Rollback)–apply Backward Recovery (Rollback)–apply before imagesbefore images
Forward Recovery (Roll Forward)–apply Forward Recovery (Roll Forward)–apply after images (preferable to after images (preferable to restore/rerun)restore/rerun)
3131Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Transaction ACID PropertiesTransaction ACID Properties
AtomicAtomic Transaction cannot be subdividedTransaction cannot be subdivided
ConsistentConsistent Constraints don’t change from before Constraints don’t change from before
transaction to after transactiontransaction to after transaction IsolatedIsolated
Database changes not revealed to users until Database changes not revealed to users until after transaction has completedafter transaction has completed
DurableDurable Database changes are permanentDatabase changes are permanent
3232Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Figure 12-10 Basic recovery techniques a) Rollback
3333Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Figure 12-10 Basic recovery techniques (cont.)b) Rollforward
3434Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Database Failure Database Failure ResponsesResponses
Aborted transactionsAborted transactions Preferred recovery: rollbackPreferred recovery: rollback Alternative: Rollforward to state just prior to abortAlternative: Rollforward to state just prior to abort
Incorrect dataIncorrect data Preferred recovery: rollbackPreferred recovery: rollback Alternative 1: rerun transactions not including inaccurate data updatesAlternative 1: rerun transactions not including inaccurate data updates Alternative 2: compensating transactionsAlternative 2: compensating transactions
System failure (database intact)System failure (database intact) Preferred recovery: switch to duplicate databasePreferred recovery: switch to duplicate database Alternative 1: rollbackAlternative 1: rollback Alternative 2: restart from checkpointAlternative 2: restart from checkpoint
Database destructionDatabase destruction Preferred recovery: switch to duplicate databasePreferred recovery: switch to duplicate database Alternative 1: rollforwardAlternative 1: rollforward Alternative 2: reprocess transactionsAlternative 2: reprocess transactions
3535Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Concurrency ControlConcurrency Control ProblemProblem–in a multiuser environment, –in a multiuser environment,
simultaneous access to data can simultaneous access to data can result in interference and data lossresult in interference and data loss
SolutionSolution––Concurrency ControlConcurrency Control The process of managing simultaneous The process of managing simultaneous
operations against a database so that operations against a database so that data integrity is maintained and the data integrity is maintained and the operations do not interfere with each operations do not interfere with each other in a multi-user environmentother in a multi-user environment
3636Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Figure 12-11 Lost update (no concurrency control in effect)
Simultaneous access causes updates to cancel each otherA similar problem is the inconsistent readinconsistent read problem
3737Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Concurrency Control Concurrency Control TechniquesTechniques
SerializabilitySerializability Finish one transaction before starting Finish one transaction before starting
anotheranother Locking Mechanisms Locking Mechanisms
The most common way of achieving The most common way of achieving serializationserialization
Data that is retrieved for the purpose of Data that is retrieved for the purpose of updating is locked for the updaterupdating is locked for the updater
No other user can perform update until No other user can perform update until unlockedunlocked
3838Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Figure 12-12: Updates with locking (concurrency control)
This prevents the lost update problem
3939Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Locking MechanismsLocking Mechanisms Locking level:Locking level:
Database–used during database updatesDatabase–used during database updates Table–used for bulk updatesTable–used for bulk updates Block or page–very commonly usedBlock or page–very commonly used Record–only requested row; fairly commonly Record–only requested row; fairly commonly
usedused Field–requires significant overhead; impracticalField–requires significant overhead; impractical
Types of locks:Types of locks: Shared lock–Read but no update permitted. Shared lock–Read but no update permitted.
Used when just reading to prevent another user Used when just reading to prevent another user from placing an exclusive lock on the recordfrom placing an exclusive lock on the record
Exclusive lock–No access permitted. Used Exclusive lock–No access permitted. Used when preparing to updatewhen preparing to update
4040Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
DeadlockDeadlock An impasse that results when two or more An impasse that results when two or more
transactions have locked common resources, and transactions have locked common resources, and each waits for the other to unlock their resourceseach waits for the other to unlock their resources
Figure 12-13The problem of deadlock
John and Marsha will wait John and Marsha will wait forever for each other to forever for each other to release their locked release their locked resources!resources!
4141Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Managing DeadlockManaging Deadlock Deadlock prevention:Deadlock prevention:
Lock all records required at the beginning of a Lock all records required at the beginning of a transactiontransaction
Two-phase locking protocolTwo-phase locking protocol Growing phaseGrowing phase Shrinking phaseShrinking phase
May be difficult to determine all needed May be difficult to determine all needed resources in advanceresources in advance
Deadlock Resolution:Deadlock Resolution: Allow deadlocks to occurAllow deadlocks to occur Mechanisms for detecting and breaking themMechanisms for detecting and breaking them
Resource usage matrixResource usage matrix
4242Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
VersioningVersioning
Optimistic approach to concurrency Optimistic approach to concurrency controlcontrol
Instead of lockingInstead of locking Assumption is that simultaneous updates Assumption is that simultaneous updates
will be infrequentwill be infrequent Each transaction can attempt an update Each transaction can attempt an update
as it wishesas it wishes The system will reject an update when it The system will reject an update when it
senses a conflictsenses a conflict Use of rollback and commit for thisUse of rollback and commit for this
4343Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Figure 12-15 The use of versioning
Better performance than locking
4444Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Managing Data QualityManaging Data Quality Causes of poor data qualityCauses of poor data quality
External data sourcesExternal data sources Redundant data storageRedundant data storage Lack of organizational commitmentLack of organizational commitment
Data quality improvementData quality improvement Perform data quality auditPerform data quality audit Establish data stewardship program (data Establish data stewardship program (data
stewardsteward is a liaison between IT and business is a liaison between IT and business units)units)
Apply total quality management (TQM) practicesApply total quality management (TQM) practices Overcome organizational barriersOvercome organizational barriers Apply modern DBMS technologyApply modern DBMS technology Estimate return on investmentEstimate return on investment
4545Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Data Dictionaries and Data Dictionaries and RepositoriesRepositories
Data dictionaryData dictionary Documents data elements of a databaseDocuments data elements of a database
System catalogSystem catalog System-created database that describes all database System-created database that describes all database
objectsobjects Information RepositoryInformation Repository
Stores metadata describing data and data processing Stores metadata describing data and data processing resourcesresources
Information Repository Dictionary System Information Repository Dictionary System (IRDS)(IRDS) Software tool managing/controlling access to Software tool managing/controlling access to
information repositoryinformation repository
4646Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Figure 12-16 Three components of the repository system architecture
A schema of the repository information
Software that manages the repository objects
Where repository objects are stored
Source: adapted from Bernstein, 1996.
4747Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Database Performance Database Performance TuningTuning DBMS InstallationDBMS Installation
Setting installation parametersSetting installation parameters Memory Usage Memory Usage
Set cache levelsSet cache levels Choose background processesChoose background processes
Input/Output (I/O) ContentionInput/Output (I/O) Contention Use stripingUse striping Distribution of heavily accessed filesDistribution of heavily accessed files
CPU UsageCPU Usage Monitor CPU loadMonitor CPU load
Application tuningApplication tuning Modification of SQL code in applicationsModification of SQL code in applications
4848Chapter 12 © 2007 by Prentice Hall© 2007 by Prentice Hall
Data AvailabilityData Availability Downtime is expensiveDowntime is expensive How to ensure availabilityHow to ensure availability
Hardware failures–provide redundancy Hardware failures–provide redundancy for fault tolerancefor fault tolerance
Loss of data–database mirroringLoss of data–database mirroring Maintenance downtime–automated and Maintenance downtime–automated and
nondisruptive maintenance utilitiesnondisruptive maintenance utilities Network problems–careful traffic Network problems–careful traffic
monitoring, firewalls, and routersmonitoring, firewalls, and routers