topic 4 database recovery
TRANSCRIPT
Topic 4Database Backup & Recovery
CISB314 Database II
2
Learning OutcomesAt the end of the topic, you should be able to:• Describe four basic facilities for database
backup & recovery.• Describe five types of recovery techniques
used depending on the nature of failure.• Describe types of database failure and indicate
its suitable recovery technique.
CISB314 Database II
3
Why backup data?• Backing up data is vital for businesses.• Common cause of data loss:
• Hardware failure• Incorrect or invalid data• Human error• Computer virus• Natural disaster
• Database recovery: mechanisms for restoring database quickly and accurately after loss or damage
CISB314 Database II
Backup and recovery overview• At t1, a database backup operation is performed• At t2, a problem that damages the database occurs• At t3, all committed data is recovered
5
Basic facilities for database backup & recovery
Section 1
CISB314 Database II
6
• DBMS should provide four basic facilities for backup & recovery of a database:1. Backup Facility
- Periodic backup2. Journalizing Facility
- Audit trail of transaction3. Checkpoint Facility
- Suspends and synchronize4. Recovery Manager
- Restore and restart processing
CISB314 Database II
7
1. Backup Facility• Provide periodic copies of entire database or a
subset of database.• Backup copy at least once per day.• Some DBMS provides COPY utility that
produces a backup copy (save) of the entire database or a subset of the database.
• Some DBMS require DBA to set up commands to perform backups.
CISB314 Database II
8
• Automatic database backup configuration script simplifies database backup management tasks for DBA.
• To configure automatic backup in DB2:• Graphical user interface tool
Configure automatic maintenance wizard• Command line interface
auto_db_backup, auto_maint• Stored procedure
AUTOMATIC_SET_POLICY system stored procedure
CISB314 Database II
• Backup Types:a) Full backups: all selected data will be backed upb) Incremental backups: record changes made
since the last backupc) Differential backups: record changes made
since the last full backup
10CISB314 Database II
• Backup modes:a) Cold backup / offline backup
• Database is shut down during backup• Does not allow other applications or processes to access
the databaseb) Hot backup / online backup
• Selected portion is shut down and backed up at a given time
• Allow other applications or processes to access the database while the backup is happening
• Is also called as dynamic backup or active backup
12
2. Journalizing Facility• Maintain audit trail of transaction and database
changes in logs or journals.• In the event of failure: consistent database
state can be re-established using the information in the journals together with the most recent complete backup.
CISB314 Database II
Transaction: A group of one or more SQL statements treated as one single unit. End with COMMIT or ROLLBACK
13
• Two basic logs or journals:a) Transaction log – record of essential data for
each transaction processed against the database• e.g. Transaction code, action, time, terminal no/user ID,
input data values , tables/records accessed & modified and the old & new field values.
b) Database change log - images of updated data• Before-image: copy of a record before modification• After-image: copy of a record after modification
CISB314 Database II
Source: http://www.sqlbackuprestore.com/transactionlog.htm
• Database logging in DB2:a) Circular logging
• For non-production systems• Logs that become archived, can be overwritten• Suitable for offline backup
b) Archival logging• For production systems• History of log files is maintained• No logs are deleted.• Some are stored online (with active logs), others offline
in an external media• Suitable for online backup
16CISB314 Database II
17
3. Checkpoint Facility• Allow DBMS to periodically suspend all
processing and synchronize its files and journals to establish a recovery point.
• At this point, system is in a quiet state, and database and transaction logs are synchronized.
• DBMS writes a checkpoint record to the log file, that contains information necessary to restart the system.
CISB314 Database II
When a system with concurrent transactions crashes and recovers, it behaves in the following manner − The recovery system reads the logs backwards from the end to the last checkpoint. It maintains two lists, an undo-list and a redo-list. If the recovery system sees a log with <Tn, Start> and <Tn, Commit> or just <Tn,
Commit>, it puts the transaction in the redo-list. If the recovery system sees a log with <Tn, Start> but no commit or abort log found, it
puts the transaction in undo-list. All the transactions in the undo-list are then undone and their logs are removed. All the
transactions in the redo-list and their previous logs are removed and then redone before saving their logs.
19
4. Recovery Manager• A module of the DBMS that restores the
database to a correct condition when a failure occurs and then resumes processing user requests.
• The recovery manager used the logs to restore the database.
• Type of restart used depends on the nature of failure.
CISB314 Database II
20CISB314 Database II
21
Recovery and restart procedure
Section 2
CISB314 Database II
22
• The type of recovery procedure that is used in a given situation depends on the nature of failure, sophistication of the DBMS recovery facilities and operational policies and procedures.
• The most frequently used recovery procedures:a) Disk Mirroring–switch between identical copies of databasesb) Restore/Rerun–reprocess transactions against the backupc) Transaction Integrity–commit or abort all transaction changesd) Backward Recovery (Rollback)–apply before imagese) Forward Recovery (Roll Forward)–apply after images
(preferable to restore/rerun)
CISB314 Database II
23
1. Disk Mirroring• 2 copies of the database must be kept & updated
simultaneously.• Media failure occurs: processing switch to the duplicate
copy.• Allows fastest recovery for applications requiring high
availability.• Hot-swappable: damaged disk can be rebuilt from
mirrored disk with no disruption in service to user.• Does not protect against power loss or catastrophic
damage.
CISB314 Database II
24CISB314 Database II
25
2. Restore/Rerun• Involves reprocessing the day’s transactions (up
to the point of failure) against the backup copy of the database
Database is shut down The most recent copy of the database /file to be
recovered is mounted All transactions that have occurred since that
copy (stored on the transaction log) are rerun
CISB314 Database II
26CISB314 Database II
• Advantage:• Simplicity
• DBMS does not need to create a database change journal & no special restart procedures required
• Disadvantage:• Time to reprocess transactions may be prohibitive
• Processing of new transactions delayed until recovery completed• Sequencing of transactions will often be different from when
they were originally processed: may lead to different results. For example,• Original Run: customer deposit may be posted before withdrawal• Rerun: Withdrawal transaction may be attempted first.
• Used as last resort in database processing.
27
• DB2 restore utility:• Restore utility is the complement of backup utility• Restores database or table space from a previously
taken backup• TAKEN AT – specify the time stamp of the database
backup image. Backup image timestamp is displayed after successful completion of a backup
• Without prompting – overrides any warnings
CISB314 Database II
28
3. Maintaining Transaction Integrity• Integrity of transactions: DB is updated by
processing transactions that results in changes to one or more DB records
• When processing transactions, DBMS must ensure that the transactions follow four well-accepted properties:• Atomic• Consistent• Isolated• Durable
CISB314 Database II
29
a) Atomic• Transaction cannot be subdivided• Once transaction is processed – changes are committed• Transaction fails - aborted
b) Consistent• Constraints that are true before or after the transaction
c) Isolated• Changes to DB are not revealed to users until transaction is
committed
d) Durable• Changes are permanent – once committed no failure can reverse the
effect of the transaction
CISB314 Database II
30
• To maintain transaction integrity – DBMS must provide facilities for the user or application program to define transaction boundaries, i.e. logical beginning and end of a transaction.
CISB314 Database II
BEGIN TRANSACTION..
UPDATEINSERT
.
.COMMIT
31
4. Backward Recovery (Rollback)• DBMS backs out of or undo unwanted changes
to the DB – before images captured• Reverse the changes made by transactions that
have aborted or terminated abnormally
CISB314 Database II
32
• Example: Transfer RM100 from CUSTOMER A account to CUSTOMER B account• Program reads the record for customer A and subtracts
RM100 from the account balance• Program reads the record for customer B and adds RM100
to the account balance• Program writes the updated record for customer A to the
database • In attempting to write the record for customer B, program
encounters an error condition and cannot write the record• An UNDO command – recovery manager to apply the before
image for record customer A to restore account balance to its original value
CISB314 Database II
33
5. Forward Recovery (Rollforward)• A technique that starts with an earlier copy of
the database. After images are applied to the database and the database is quickly moved forward to a later state.
• Much faster than Restore/Rerun:• The time consuming logic of reprocessing each
transaction does not have to be repeated• Only the most recent after-images need to be
applied. DB record may have series of after image – most recent (good) after image is required for rollback
CISB314 Database II
34CISB314 Database II
35
Types of database failureSection 3
CISB314 Database II
36
1. Aborted transactions – A transaction in progress that terminates abnormally
2. Incorrect data – Database that has been updated with incorrect, but valid data
3. System failure – Some components of the system fails (due to power loss, loss of communication transmission, system software failure) but the database is not damaged
4. Database destruction – The database is lost, destroyed or cannot be read (which is usually caused by disk drive failure)
CISB314 Database II
Types of database failure
37
Responses to database failure1. Aborted transactions
Preferred recovery: rollbackAlternative: Rollforward to state just prior to abort
2. Incorrect dataPreferred recovery: rollbackAlternative 1: rerun transactions not including
inaccurate data updatesAlternative 2: compensating transactions – human
intervention
CISB314 Database II
38
3. System failure (database intact)Preferred recovery: switch to duplicate databaseAlternative 1: rollbackAlternative 2: restart from checkpoint
4. Database destructionPreferred recovery: switch to duplicate databaseAlternative 1: rollforwardAlternative 2: reprocess transactions
CISB314 Database II
39
Disaster recovery• Contingency plan is established to deal with
unusual events that are not part of the normal daily routine
• Contingency plans detail the response necessary to deal with the types of event that may occur
• Example of unusual events that may occur:a) Natural – flood, earthquake, tornadosb) Man-caused – sabotage, wars, terrorist attacks
CISB314 Database II
40
Components of a disaster recovery plan (DRP):1. Develop a detailed DRP2. Schedule regular test of DRP3. Choose and train a multi-disciplinary team to
carry out plan4. Establish an offsite data center 5. Send back up copies of database to backup
data center on a scheduled basis
CISB314 Database II
41
Supporting reading material• Modern Database Management 11th edition
• Chapter 11 Data and Database Administration
CISB314 Database II