Presentation on theme: "Chapter 11: Data and Database Administration"— Presentation transcript:
1 Chapter 11: Data and Database Administration Jason C. H. Chen, Ph.D.Professor of MISSchool of Business AdministrationGonzaga UniversitySpokane, WA 99258
2 Objectives Define terms List functions and roles of data/database administrationDescribe role of data dictionaries and information repositoriesCompare optimistic and pessimistic concurrency controlDescribe problems and techniques for data securityUnderstand role of databases in Sarbanes-Oxley complianceDescribe problems and facilities for data recoveryDescribe database tuning issues and list areas where changes can be done to tune the databaseDescribe importance and measures of data availability
3 Ineffective data administration poor data quality Multiple data definitions, causing data integration problemsMissing data elements, causing reduction in data valueInappropriate data sources and timing, causing lowered reliabilityInadequate familiarity, causing ineffective use of data for planning and strategyPoor response time and excessive downtimeDamaged, sabotaged, and stolen dataUnauthorized access, leading to embarrassment to organization
4 Traditional Administration Definitions Data Administration: A high-level function that is responsible for the overall management of data resources in an organization, including maintaining corporate-wide definitions and standardsDatabase Administration: A technical function that is responsible for physical database design and for dealing with technical issues such as security enforcement, database performance, and backup and recovery
5 Traditional Data Administration Functions Data policies, procedures, standardsPlanningData conflict (ownership) resolutionManaging the information repositoryInternal marketing of DA concepts
6 Traditional Database Administration Functions Analyzing and designing databasesSelecting DBMS and software toolsInstalling/upgrading DBMSTuning database performanceImproving query processing performanceManaging data security, privacy, and integrityData backup and recovery
7 Data Warehouse Administration New role, coming with growth in data warehousesSimilar to DA/DBA rolesEmphasis on integration and coordination of metadata/data across many data sourcesSpecific roles:Support decision support applicationsManage data warehouse growthEstablish service level agreements regarding data warehouses and data marts
8 Open Source DB Management An alternative to proprietary packages such as Oracle, Microsoft SQL Server, or Microsoft AccessMySQL is an example of an open-source DBMSLess expensive than proprietary packagesSource code available, for modificationAbsence of complete documentationAmbiguous licensing concernsNot as feature-rich as proprietary DBMSsVendors may not have certification programs
9 Data SecurityDatabase Security: Protection of the data against accidental or intentional loss, destruction, or misuseIncreased difficulty due to Internet access and client/server technologies
10 Figure 11-2 Possible locations of data security threats
11 Threats to Data Security Accidental losses attributable to:Human errorSoftware failureHardware failureTheft and fraudLoss of privacy or confidentialityLoss of privacy (personal data)Loss of confidentiality (corporate data)Loss of data integrityLoss of availability (e.g., through sabotage)
13 Client – Server Application security Static HTML files are easy to secureStandard database access controlsPlace Web files in protected directories on serverDynamic pages are harderUser authenticationSession securitySSL for encryptionRestrict number of users and open portsRemove unnecessary programs
14 W3C Web Privacy Standard Platform for Privacy Protection (P3P)Addresses the following:Who collects dataWhat data is collected and for what purposeWho is data shared withCan users control access to their dataHow are disputes resolvedPolicies for retaining dataWhere are policies kept and how can they be accessed
15 Database Software Security Features Views or subschemasIntegrity controlsAuthorization rulesUser-defined proceduresEncryptionAuthentication schemesBackup, journalizing, and checkpointing
16 Views and Integrity Controls Subset of the database that is presented to one or more usersUser can be given access privilege to view without allowing access privilege to underlying tablesIntegrity ControlsProtect data from unauthorized useDomains–set allowable valuesAssertions–enforce database conditionsTriggers – prevent inappropriate actions, invoke special handling procedures, write to log files
17 Authorization RulesControls incorporated in the data management systemRestrict:access to dataactions that people can take on dataAuthorization matrix for:SubjectsObjectsActionsConstraintsFigure 11-4 Authorization matrix
18 Implementing authorization rules Figure 11-5a Authorization table for subjects (salespersons)Implementing authorization rulesFigure 11-5b Authorization table for objects (orders)Figure 11-6 Oracle privilegesSome DBMSs also provide capabilities for user-defined procedures to customize the authorization process.
19 Figure 11-7 Basic two-key encryption Encryption – the coding or scrambling of data so that humans cannot read themSecure Sockets Layer (SSL) is a popular encryption scheme for TCP/IP connections.
20 Authentication Schemes Goal – obtain a positive identification of the userPasswords: First line of defenseShould be at least 8 characters longShould combine alphabetic and numeric dataShould not be complete words or personal informationShould be changed frequently
21 Authentication Schemes (cont.) Strong AuthenticationPasswords are flawed:Users share them with each otherThey get written down, could be copiedAutomatic logon scripts remove need to explicitly type them inUnencrypted passwords travel the InternetPossible solutions:Two factor–e.g., smart card plus PINThree factor–e.g., smart card, biometric, PIN
22 Sarbanes-Oxley (SOX)Requires companies to audit the access to sensitive dataDesigned to ensure integrity of public companies’ financial statementsSOX audit involves:IT change managementLogical access to dataIT operations
23 IT Change ManagementThe process by which changes to operational systems and databases are authorizedFor database, changes to: schema, database configuration, updates to DBMS softwareSegregation of duties: development, test, production
25 IT OperationsPolicies and procedures for day-to-day management of infrastructure, applications, and databases in an organizationFor databases:Backup & recoveryAvailability
26 Database RecoveryMechanism for restoring a database quickly and accurately after loss or damageRecovery facilities:Backup FacilitiesJournalizing FacilitiesCheckpoint FacilityRecovery Manager
27 Back-up FacilitiesDBMS copy utility that produces backup copy of the entire database or subsetPeriodic backup (e.g. nightly, weekly)Cold backup–database is shut down during backupHot backup–selected portion is shut down and backed up at a given timeBackups stored in secure, off-site location
28 Journalizing Facilities Audit trail of transactions and database updatesTransaction log–record of essential data for each transaction processed against the databaseDatabase change log–images of updated dataBefore-image–copy before modificationAfter-image–copy after modificationProduces an audit trail
29 Figure 11-8 Database audit trail From the backup and logs, databases can be restored in case of damage or loss
30 Checkpoint Facilities DBMS periodically refuses to accept new transactions system is in a quiet stateDatabase and transaction logs are synchronizedThis allows recovery manager to resume processing from short period, instead of repeating entire day
31 Recovery and Restart Procedures Disk Mirroring–switch between identical copies of databasesRestore/Rerun–reprocess transactions against the backupTransaction Integrity–commit or abort all transaction changesBackward Recovery (Rollback)–apply before imagesForward Recovery (Roll Forward)–apply after images (preferable to restore/rerun)
32 Transaction ACID Properties AtomicTransaction cannot be subdividedConsistentConstraints don’t change from before transaction to after transactionIsolatedDatabase changes not revealed to users until after transaction has completedDurableDatabase changes are permanent
33 Figure 11-9 Basic recovery techniques a) Rollback
34 Figure 11-9 Basic recovery techniques (cont.) b) Rollforward34
36 Control concurrent Access Problem–in a multi-user environment, simultaneous access to data can result in interference and data loss (lost update problem)Solution–Concurrency ControlThe process of managing simultaneous operations against a database so that data integrity is maintained and the operations do not interfere with each other in a multi-user environment
37 Figure 11-10 Lost update (no concurrency control in effect) Simultaneous access causes updates to cancel each other.A similar problem is the inconsistent read problem.
38 Concurrency Control Techniques SerializabilityFinish one transaction before starting anotherLocking MechanismsThe most common way of achieving serializationData that is retrieved for the purpose of updating is locked for the updaterNo other user can perform update until unlocked
39 Figure 11-11: Updates with locking (concurrency control) This prevents the lost update problem
40 Locking Mechanisms Locking level: Types of locks: Database–used during database updatesTable–used for bulk updatesBlock or page–very commonly usedRecord–only requested row; fairly commonly usedField–requires significant overhead; impracticalTypes of locks:Shared lock–Read but no update permitted. Used when just reading to prevent another user from placing an exclusive lock on the recordExclusive lock–No access permitted. Used when preparing to update
41 DeadlockAn impasse that results when two or more transactions have locked common resources, and each waits for the other to unlock their resourcesFigure 11-12The problem of deadlockJohn and Marsha will wait forever for each other to release their locked resources!
42 Managing Deadlock Deadlock prevention: Deadlock Resolution: Lock all records required at the beginning of a transactionTwo-phase locking protocolGrowing phaseShrinking phaseMay be difficult to determine all needed resources in advanceDeadlock Resolution:Allow deadlocks to occurMechanisms for detecting and breaking themResource usage matrix
43 Versioning Optimistic approach to concurrency control Instead of lockingAssumption is that simultaneous updates will be infrequentEach transaction can attempt an update as it wishesThe system will reject an update when it senses a conflictUse of rollback and commit for this
44 Figure 11-14 The use of versioning Better performance than locking
45 Data Dictionaries and Repositories Data dictionaryDocuments data elements of a databaseSystem catalogSystem-created database that describes all database objectsInformation RepositoryStores metadata describing data and data processing resourcesInformation Repository Dictionary System (IRDS)Software tool managing/controlling access to information repository
46 Figure 11-15 Three components of the repository system architecture A schema of the repository informationSoftware that manages the repository objectsWhere repository objects are storedSource: based on Bernstein, 1996.
47 Database Performance Tuning DBMS InstallationSetting installation parametersMemory and Storage Space UsageSet cache levelsChoose background processesData archivingInput/output (I/O) ContentionUse stripingDistribution of heavily accessed filesCPU Usage – Monitor CPU loadApplication tuningModification of SQL code in applicationsUse of heartbeat queries
49 Data Availability How to ensure availability Hardware failures–provide redundancy for fault toleranceLoss of data–database mirroringHuman error–standard operating procedures, training, documentationMaintenance downtime–automated and non-disruptive maintenance utilitiesNetwork problems–careful traffic monitoring, firewalls, and routers
Your consent to our cookies if you continue to use this website.