• Home
  • About Us
  • Contact Us
  • Privacy Policy
  • Special Offers
Business Intelligence Info
  • Business Intelligence
    • BI News and Info
    • Big Data
    • Mobile and Cloud
    • Self-Service BI
  • CRM
    • CRM News and Info
    • InfusionSoft
    • Microsoft Dynamics CRM
    • NetSuite
    • OnContact
    • Salesforce
    • Workbooks
  • Data Mining
    • Pentaho
    • Sisense
    • Tableau
    • TIBCO Spotfire
  • Data Warehousing
    • DWH News and Info
    • IBM DB2
    • Microsoft SQL Server
    • Oracle
    • Teradata
  • Predictive Analytics
    • FICO
    • KNIME
    • Mathematica
    • Matlab
    • Minitab
    • RapidMiner
    • Revolution
    • SAP
    • SAS/SPSS
  • Humor

Tag Archives: Database

database replication

October 7, 2020   BI News and Info

Database replication is the frequent electronic copying of data from a database in one computer or server to a database in another — so that all users share the same level of information. The result is a distributed database in which users can quickly access data relevant to their tasks without interfering with the work of others. Numerous elements contribute to the overall process of creating and managing database replication.

How database replication works

Database replication can either be a single occurrence or an ongoing process. It involves all data sources in an organization’s distributed infrastructure. The organization’s distributed management system is used to replicate and properly distribute the data amongst all the sources.

Content Continues Below

reg wrapper curl database replication

Overall, distributed database management systems (DDBMS) work to ensure that changes, additions and deletions performed on the data at any given location are automatically reflected in the data stored at all the other locations. DDBMS is essentially the name of the infrastructure that allows or carries out database replication — the system that manages the distributed database, which is the product of database replication.

The classic case of database replication involves one or more applications that connect a primary storage location with a secondary location that is often off site. Today, those primary and secondary storage locations are most often individual source databases — such as Oracle, MySQL, Microsoft SQL and MongoDB — as well as data warehouses that amalgamate data from these sources, offering storage and analytics services on larger quantities of data. Data warehouses are often hosted in the cloud.

data management database replication mobile database replication

Database replication copies data from a principal location.

Database replication techniques

There are several ways to replicate a database. Different techniques offer different advantages, as they vary in thoroughness, simplicity and speed. The ideal choice of technique depends on how companies store data and what purpose the replicated information will serve.

Regarding the timing of data transfer, there are two types of data replication:

  • Asynchronous replication is when the data is sent to the model server — the server that the replicas take data from — from the client. Then, the model server pings the client with confirmation saying the data has been received. From there, it goes about copying data to the replicas at an unspecified or monitored pace.
  • Synchronous replication is when data is copied from the client server to the model server and then replicated to all the replica servers before the client is notified that data has been replicated. This takes longer to verify than the asynchronous method, but it presents the advantage of knowing that all data was copied before proceeding.

Asynchronous database replication offers flexibility and ease of use, as replications happen in the background. However, there is a greater risk that data will be lost without the client’s knowledge because confirmation comes before the main replication process. Synchronous replication is more rigid and time-consuming, but more likely to ensure that data will be successfully replicated. The client will be alerted if it hasn’t, since confirmation comes after the entire process has finished.

There are also several types of database replication based on the type of server architecture. The term leader will be used in these types to mean the same thing as model in the previous asynchronous vs. synchronous examples:

  • Single-leader architecture is one server that receives writes from clients, and replicas draw data from there. This is the most common and classic method. It’s a synchronized method, but somewhat inflexible.
  • Multi-leader architecture is multiple servers that can receive writes and serve as a model for replicas. It is beneficial for when replicas are spread out and leaders must be near all of them to prevent latency.
  • No-leader architecture is every server that can receive writes and serve as a model for replicas. This was pioneered by Amazon’s DynamoDB. While it offers maximum flexibility, it poses challenges for synchronization.

Advantages and disadvantages

Database replication is often overseen by a database or replication administrator. A properly implemented replication system can offer several advantages, including the following:

  • Load reduction. Because replicated data can be spread over several servers, it eliminates the likelihood that any one server will be overwhelmed with user queries for data.
  • Efficiency. Servers that are less burdened with queries can offer improved performance to fewer users.
  • High availability. Employing multiple servers with the same data ensures high availability, meaning that if one server goes down, the entire system can still provide acceptable performance.

Many disadvantages of database replication stem from poor general data governance practices. These disadvantages include the following:

  • Data loss. Data loss can occur during replication when incorrect data or iterations or updates of a database are copied and, consequently, important data is deleted or unaccounted for. This can happen if the primary key used to verify the quality of data in the replica is malfunctioning or incorrect. It can also occur if database objects are incorrectly configured within the source database.
  • Data inconsistency. Similarly, incorrect or out-of-date replicas can cause different sources to be out of sync with each other. This may lead to wasted data warehouse costs that are spent needlessly analyzing and storing irrelevant data.
  • Multiple servers. Running multiple servers has an inherent maintenance and energy cost associated. It requires either the organization or a third party to address these costs. If a third party handles them, the organization runs the risk of vendor lock-in or service issues beyond the organization’s control.

Evolution of database replication

Early instances of database replication were typically described as master-slave configurations, but comparable descriptions today tend to incorporate terminology such as master-replica, leader-follower, primary-secondary and server-client.

Replication techniques centered on relational database management systems have expanded with the advent of the virtual machine and distributed cloud computing, to include nonrelational database types. Again, replication methods vary among such nonrelational databases as Redis, MongoDB and the like.

While remote office database replication may have been the canonical example of replication for many years, fail-safe and fault-tolerant database backup schemes have also arisen as drivers of replication activity — as have horizontally scaling distributed database configurations, both on premises and on cloud computing platforms. Replication details vary between such relational systems as IBM Db2, Microsoft SQL Server, Sybase, MySQL and PostgreSQL.

In all cases, data replication design becomes a balancing act between system performance and data consistency. Database replication can be done in at least three different ways. In snapshot replication, data on one server is simply copied to another server or to another database on the same server. In merging replication, data from two or more databases is combined into a single database. And, in transactional replication, user systems receive full initial copies of the database and then receive periodic updates as data changes.

Database replication vs. mirroring

While data mirroring is sometimes positioned as an alternative approach to data replication, it is actually a form of data replication. In relational database mirroring, complete backups of databases are maintained for use in the case that the primary database fails. Mirrors, in effect, serve as hot standby databases. Data mirroring has found considerable use within the Microsoft SQL Server community.

With database replication, the focus is usually on database scale out for queries — requests for data. Database mirroring, in which log extracts form the basis for incremental database updates from the principal server, is typically implemented to provide hot standby or disaster recovery capabilities. Simply put, mirroring focuses on backing up what’s there, and replication focuses on improving operational efficiency as a whole — which involves maintaining secure data backups using mirroring.

Database replication tools

Companies can either use the database replication tool available offered by their database software provider or invest in third-party replication tools to execute and manage database replication processes. The latter option allows flexibility: Third-party tools are typically vendor-agnostic and can be used to create data replicas across multiple types of databases in an organization.

Database replication software

Third-party database replication tools that work with various databases include the following:

  • Qlik Replicate. A software package that focuses on being easy to learn and implement, Replicate uses automation and log-based capture to minimize IT operations workload. This involves capturing streams of continuous data, which is ideal for companies that need ways to process big data efficiently.
  • Informatica Data Replication. Informatica can target a wide range of database and data warehouse appliances. It offers the Data Engineering product series for streaming, integration, quality and masking enterprise data. Its website features a how-to library and list of guides to help customers.
  • Talend Open Studio for Data Integration. One of the most prominent open source data integration products, it includes a large repertoire of resources for those just getting started with the software. Talend offers tutorials, demos and blog posts on topics like the use of metadata and best practices for data model design best practices. There is also a community of experienced users that new users can reach out to for tips on using Talend’s data integration solution.
  • Quest SharePlex. This offering focuses mainly on Oracle database replication. It offers both on-premises and cloud solutions for Oracle database replication. Shareplex promises high availability, 24/7 customer support and a simple user experience that allows for quick replication and scaling.

Examples of database vendor replication tools include the following:

  • Microsoft’s SQL integration features. Including SQL Server Integration Services (SSIS) for Azure, these tools specialize in cleaning, aggregating, merging and copying data, as well as extracting and loading data.
  • Oracle GoldenGate. This tool offers log-based capture for Oracle databases. It promises simple configuration, extreme performance and comprehensive security. It features a visual management and monitoring feature called the Management Pack as well.
  • IBM’S Db2 SQL replication tool. This tool has two main replication options: Q and SQL. It is one of IBM’s most popular replication tools. It is useful for distributing source data to multiple targets, but may not be ideal for all replication scenarios because it has high latency.

Let’s block ads! (Why?)

SearchSQLServer

Read More

JSonar raises $50 million for AI-powered database monitoring products

June 9, 2020   Big Data

Database monitoring platform startup JSonar today announced it raised $ 50 million, the bulk of which it plans to put toward R&D and go-to-market efforts. Notably, it’s the company’s first-ever round of institutional funding as JSonar’s customer base eclipses 5 out of the world’s 10 largest banks.

Database monitoring is a critical part of most apps’ maintenance. Finding issues in time can help apps remain healthy and accessible, not to mention performant. But the adoption of cloud-based and dynamic, modern data systems make this challenging; legacy data activity monitoring and logging solutions sometimes fail to transform data into actionable insights.

JSonar claims its SonarW and SonarG analytics solutions perform better because they’re automated and AI-powered. The models underpinning them transform petabytes of raw database activity data into security recommendations, with capabilities that go beyond detection and deliver preventative controls. They helpfully funnel these controls and recommendations into existing workflows, and into third-party DevOps services and platforms via prebuilt integrations.

Using SonarW and SonarG, the latter of which is designed for IBM Guardium, users can develop custom analytical algorithms atop large-scale databases and automate reporting and governance processes. According to JSonar, this saves companies months they’d otherwise spend developing proprietary platforms.

VB Transform 2020 Online – July 15-17. Join leading AI executives: Register for the free livestream.

JSonar raises $50 million for AI powered database monitoring products

Beyond SonarW, JSonar offers Data-Centric Audit and Protection (DCAP) Central, a product that taps the company’s SonarC2 analytics engine to create data lakes capturing, retaining, and facilitating database management. Then there’s DBSec2.0, a fully managed SonarG offering that ingests database audit data and lets customers interact with it directly for security and compliance insights.

The JSonar suite supports virtually any database system on any cloud including infrastructure-as-a-service, platform-as-a-service, and database-as-a-service setups. This includes out-of-the-box support for Amazon Web Services, Google Cloud Platform (GCP), Microsoft Azure, Snowflake, MongoDB, Cassandra, Hadoop, Teradata, and more than 60 others.

The database security and monitoring market is anticipated to be worth $ 7.01 billion by 2022, Markets and Markets reports, and JSonar is far from the only startup attempting to corner it. Among others, there’s SolarWinds, which has been offering management and optimization tools for open systems and databases for years, and Netdata, which makes an open source database monitoring tool.

But JSonar founder and CTO Ron Bennatan, former cofounder of Guardium Database Activity (which IBM acquired in November 2009), believes his company’s reliance on automation sets it apart from the rest. “The rapidly shifting enterprise landscape, including cloud adoption, an explosion of database platforms, the pressing need for data security beyond only compliance, and years of frustration over runaway costs, has created a huge opportunity for us to rapidly expand,” he told VentureBeat via email. “Traditional database security solutions have proven to be too costly to be used broadly and provide little beyond a checkbox; the modern data landscape demands a new approach.”

Goldman Sachs led the investment in JSonar. As a part of the transaction, Goldman Sachs managing director David Campbell will join the startup’s board of directors.

Sign up for Funding Weekly to start your week with VB’s top funding stories.

Let’s block ads! (Why?)

Big Data – VentureBeat

Read More

Key Findings from the 2020 Database DevOps Survey

February 6, 2020   BI News and Info
SimpleTalk Key Findings from the 2020 Database DevOps Survey

Each year Redgate Software runs a survey to learn more about how organizations practice DevOps, especially when it relates to the database. This year, over 2000 individuals responded, and they are from diverse industries and company sizes.

The key findings in the report are:

  • Frequent database deployments are increasing: 49% of respondents now report they deploy database changes to production weekly or more frequently.
  • Frequent deployers who use version control report lower production defect rates.
  • Respondents who report that it is easy to get a code review for database changes report lower production defect rates and lower lead time for change deployment.
  • Although 38% of responders report the use of Change Approval Boards, we see no evidence that Change Approval Boards lower code defect rates, only that they increase lead time for changes.
  • Respondents who reported that all or nearly all their database deployments take place with the system online also reported lower lead time for changes and lower defect rates.
  • 60% of Enterprise respondents believe the move from traditional database development to a fully automated process for deployment can be achieved in a year or less. 66% in non-Enterprises believe this can be accomplished.

As I read through the report, one thing stood out to me: organizations who deploy more frequently have lower defect rates. In fact, “37% of those who have adopted DevOps across all projects report that 1% or less of their deployments introduce code defects which require hotfixes, compared to 30% for all other groups.”

When there is a defect in software, it’s usually easy to rollback changes. Maybe services must be reconfigured, or files replaced. Deployment issues with databases are much more critical and difficult to resolve. Typically, you can’t just do a restore of production because of data loss, and the database will not be available during the restore.

Instead of massive changes every few weeks or months, small changes are deployed frequently with DevOps. Frequent database changes do sound intimidating, but because these are small changes, there is less of an impact on stability. And that reported decrease in defect rates from 30% to 1% is impressive!

Even if your company is not “all in” yet, there are things you can do. Make sure that you are using source control to keep track of database changes. Begin automating database deployments to dev and other non-production environments. Make an effort to communicate with other teams to break down those silos.

There’s a lot to learn from the report, and I hope you take a look and consider participating in next year’s survey.

Commentary Competition

Enjoyed the topic? Have a relevant anecdote? Disagree with the author? Leave your two cents on this post in the comments below, and our favourite response will win a $ 50 Amazon gift card. The competition closes two weeks from the date of publication, and the winner will be announced in the next Simple Talk newsletter.

Let’s block ads! (Why?)

SQL – Simple Talk

Read More

But the Database Worked in Development! Preventing Broken Constraints

January 11, 2020   BI News and Info

You’re working in development, releasing a new version of the application. You’ve temporarily disabled constraints in the new version of the database, you’ve imported the current data, your hand is poised to enable constraints. Is it going to spring errors at you? What if it does?

Or, what if you synchronize a source with a target by changing the metadata, only to find that the process has an error saying a constraint, index or foreign key can’t be created?

How could this happen? What has happened in both cases is that the data does not comply with the constraints. Maybe you’ve added or altered some constraints, and you have tested them on a different version of the data, changing this data slightly to satisfy the new constraints but without providing your changes as a data migration script. Perhaps you’ve only tested the new or altered constraints using an artificial data set, with no troublesome duplicates or broken references? Possibly, you are working in development and staging is done by a different team. Deployment and release are often, from necessity, done by a different team to development. You release the new database version to staging, which perhaps is managed by a different team, and when they try to update the existing database to the new build, the build breaks.

Often, at this point, one or other of the teams will need to repeatedly try releasing while fixing all the bad data, one error message at a time. This isn’t going to help team bonding; you need a better way of dealing with these problems.

In this series of articles, I’ll provide a more reliable way to be able to tease out all the duplicates, the broken foreign key references or all the values that will cause CHECK constraint errors, before you run a deployment. It will not only report where the errors would occur, but which data in which tables would cause which constraints to fail.

Dealing with Data that Breaks the Build

Sometimes a database build breaks only when you try to release it to staging or, worse, to production. Up to that point everything is sweetness and light. Then you either synchronise or try to load the data. What has happened? Well, it could be that in the new version of the databases, you’ve added DEFAULT constraints, FOREIGN KEYs or unique indexes, as you should, or modified existing keys and constraints to enforce referential integrity, and do a better job at preventing ‘bad data’ from creeping into the database.

If you are very fortunate, you will have access to the real data, so you can enable constraints one at a time and, when one causes an error, fix the data that is recorded in the error, and develop the scripts to heal the data in a pre-deployment script in order to remove the duplicates and bad data and fix the broken FOREIGN KEY references that initially inspired you to do the work.

There’s nothing wrong with that sort of data migration script, of course, although it requires a lot of careful work, gathering up all the de-duplicating statements, making them idempotent, testing them, and then using them in a pre-deployment script for a release. Even after all this, new data may have been inserted into Production, since you took the backup for testing, which might still break the build. If you are importing the existing data into a new build, then you would disable all constraints, import the data, heal it in-situ with the data-migration script and then finally enable constraints.

What, though, if you can’t access the production data, for several good reasons? In this case, you’re most likely testing with an artificially generated set of data for testing or a masked copy of the production data. However, unless you are one of the wild men of IT, it isn’t the actual production data, and so doesn’t have all the real data’s failings. Now, either the Ops team will need to try to fix all the duplicates and bad data, until the build succeeds, or they will pass the baton back to you.

Unless you enjoy buying all the drinks on the Friday afternoon DevOps team meeting, you must never deliberately break the database build or release. What you need to do is to provide a way that the Ops people can check the data of the target database beforehand to make sure it will pass all the checks done by constraints and unique indexes, and that all the FOREIGN KEY references are in place. If it doesn’t, and this is the key difference, they will need a report of what data failed the new constraints, so that you can provide scripts to allow DevOps people to fix the data.

When you know what is failing, you can create the deduplication, broken FOREIGN KEY reference or data-sanitizing scripts. Then you re-test until you get a clean bill of health. Although I can’t really help with the actual de-duplication, I can, in this article, help you to generate the list of the constraints that will fail and why.

Duplicates

Duplicates are like rats: they get in unless you take active steps to stop them. Data just seems to want to reproduce itself. The grey-muzzled database developer will take elaborate steps to check for duplicates everywhere by using unique constraints, whilst the cub developers snigger amongst themselves at how impossible it would be for a duplicate to get in there anyway. The blighters always insinuate themselves wherever there are no checks against them. Duplicates, I mean, rather than cub developers. This means that every database revision seems to have more uniqueness checks, inspired by the labour of teasing duplicates out and stamping on them. If the production data has duplicates, this must be fixed before you can release new unique constraints successfully to that target database.

Constraints and Bad Data

However often I go on about CHECK constraints, there will always be a developer who will leave them out or mutter in a dignified manner about how all checks need to be done only at the application level. This attitude soon gets divine retribution. Bad data springs up like a rotting fungus over your database unless you add CHECK constraints to all your tables. This is fine but then how do you prevent the excellent and estimable habit of adding them to then interfere with a release? The constraints will stop the build if they meet bad data: it is what they are trained to do. If you don’t like that, then you must fix the bad data first.

Unreferenced Foreign Keys

These are less frequent, but I’ve seen them. What happens here is that you import your data, enable constraints, and you get a message about a foreign key reference. This happens if, for example, the name of a country that is referenced in an address list or currency table is missing. Getting data right in a referenced table can be like picking up lots of tadpoles and putting them in a jar. Unless you know what failed, this can be very tricky to fix.

Checking the CHECK Constraints: First Principles

We’ll show how to do a check. The whole point of this type of test is that it must report the breakages in enough detail that you can smilingly pass to the Ops Guy a script that will heal it.

Let’s do the very simplest check: a check of constraints. We’ll do this by assembling a batch as a string. This batch will execute every constraint in the database, on the table to which it belongs, and tot up the grand total of rows that failed a constraint.

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

DECLARE @AllTheFailures INT; –tally of all the

   –failures in the constraints

DECLARE @CheckAllYourConstraints NVARCHAR(MAX) =

   ‘Select @RowsFailed =0;

‘;

SELECT @CheckAllYourConstraints =

   @CheckAllYourConstraints –accumulate each query

  + N‘

    Select @RowsFailed=@RowsFailed+count(*) from ‘ –the table spec

  + QuoteName(Object_Schema_Name(CC.parent_object_id)) + N‘.’

  + QuoteName(Object_Name(CC.parent_object_id)) + N‘ WHERE NOT ‘

  + definition

  FROM sys.check_constraints AS CC

  WHERE is_ms_shipped = 0;

–Now we have a list of select queries that will accumulate

–the total number of rows that fail the condition

EXECUTE sp_executesql @CheckAllYourConstraints,

  N‘@RowsFailed int output’,

  @RowsFailed = @AllTheFailures OUTPUT;

SELECT @AllTheFailures;

We run this in our test copy of AdventureWorks2016. It returns no rows, because all the constraints are enabled and so the rows are already well-policed by those constraints if they are in a ‘trusted’ state.

The batch that was executed was this:

1

2

3

4

5

6

7

8

9

10

11

12

13

14

Select @RowsFailed =0;

Select @RowsFailed=@RowsFailed+count(*) from [Person].[Person]

WHERE NOT ([EmailPromotion]>=(0) AND [EmailPromotion]<=(2))

Select @RowsFailed=@RowsFailed+count(*) from [Sales].[SalesTaxRate]

WHERE NOT ([TaxType]>=(1) AND [TaxType]<=(3))

Select @RowsFailed=@RowsFailed+count(*) from [Sales].[SalesTerritory]

WHERE NOT ([SalesYTD]>=(0.00))

Select @RowsFailed=@RowsFailed+count(*) from [Sales].[SalesTerritory]

WHERE NOT ([SalesLastYear]>=(0.00))

Select @RowsFailed=@RowsFailed+count(*) from [Production].[Product]

WHERE NOT ([SafetyStockLevel]>(0))

Select @RowsFailed=@RowsFailed+count(*) from [Sales].[SalesTerritory]

WHERE NOT ([CostYTD]>=(0.00))

…and so on.

Now we’ll mangle our copy of AdventureWorks2016. Don’t worry, since it is a clone maintained by SQL Clone, I can do what I like and refresh it when I want it back to its pristine state. We’ll disable a constraint and alter the data so that when I try to reenable it, it will fail. Dave the Dev of AdventureWorks has decided that the MaritalStatus code in the employee table needs more options than M for married or S for single. What about P for Partner? He disables the CHECK constraint, CK_Employee_MaritalStatus.

ALTER TABLE humanResources.employee

NOCHECK CONSTRAINT CK_Employee_MaritalStatus

Then he makes the necessary changes.

1

2

3

4

5

6

7

8

9

10

11

12

13

14

UPDATE humanresources.employee SET maritalStatus=‘P’

WHERE BusinessEntityID=1  

UPDATE humanresources.employee SET maritalStatus=‘P’

WHERE BusinessEntityID=7  

UPDATE humanresources.employee SET maritalStatus=‘P’

WHERE BusinessEntityID=11

UPDATE humanresources.employee SET maritalStatus=‘P’

WHERE BusinessEntityID= 14

UPDATE humanresources.employee SET maritalStatus=‘P’

WHERE BusinessEntityID=17

UPDATE humanresources.employee SET maritalStatus=‘P’

WHERE BusinessEntityID=18

UPDATE humanresources.employee SET maritalStatus=‘P’

WHERE BusinessEntityID= 19

Developer Dave is just getting ready to change the constraint and enable it when he is called into an important team discussion, and he forgets.

Now we’ll rerun the code to monitor constraints. It will tell you that seven rows failed. It doesn’t tell you which rows in which table, and for which constraint. It is nice to have, but we’d want even more for the code to be useful.

If you want to play along and you don’t have SQL Clone, that is fine. We can replace the code this way once you’re done with testing.

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

UPDATE humanresources.employee SET maritalStatus=‘S’

WHERE BusinessEntityID=1  

UPDATE humanresources.employee SET maritalStatus=‘M’

WHERE BusinessEntityID=7  

UPDATE humanresources.employee SET maritalStatus=‘S’

WHERE BusinessEntityID=11

UPDATE humanresources.employee SET maritalStatus=‘S’

WHERE BusinessEntityID= 14

UPDATE humanresources.employee SET maritalStatus=‘S’

WHERE BusinessEntityID=17

UPDATE humanresources.employee SET maritalStatus=‘S’

WHERE BusinessEntityID=18

UPDATE humanresources.employee SET maritalStatus=‘S’

WHERE BusinessEntityID= 19

ALTER TABLE humanResources.employee WITH CHECK

CHECK CONSTRAINT CK_Employee_MaritalStatus

We can also alter what is in a constraint in order to simulate a problem

1

2

3

4

5

6

7

8

9

10

11

12

13

ALTER TABLE Production.Product DROP CONSTRAINT CK_Product_ProductLine;

GO

ALTER TABLE Production.Product WITH NOCHECK

ADD CONSTRAINT CK_Product_ProductLine

  –CHECK (upper([ProductLine])=’R’ OR upper([ProductLine])=’M’

  –  OR upper([ProductLine])=’T’ OR upper([ProductLine])=’S’

  –  OR [ProductLine] IS NULL);

  CHECK (Upper(ProductLine) = ‘A’

      OR Upper(ProductLine) = ‘B’

      OR Upper(ProductLine) = ‘C’

      OR Upper(ProductLine) = ‘D’

      OR ProductLine IS NULL

        );

This constraint is set as disabled in this code; otherwise it wouldn’t execute without an error since the existing data fails the check.

You can run the test and then check that the code has picked up the problem. Then when you are finished, you can revert the change or, in my case, revert the clone.

ALTER TABLE Production.Product DROP CONSTRAINT CK_Product_ProductLine;

GO

ALTER TABLE Production.Product WITH NOCHECK

ADD CONSTRAINT CK_Product_ProductLine

  CHECK (upper([ProductLine])=‘R’ OR upper([ProductLine])=‘M’

  OR upper([ProductLine])=‘T’ OR upper([ProductLine])=‘S’

  OR [ProductLine] IS NULL);  

Which Rows Violated which Constraints?

Now we decide what we really want. I can be sure that I want a copy of all the metadata about CHECK constraints in source control with each build, generated after the first build, so I can then test all the subsequent data sets in the deployment chain to make sure they are free from ‘breaking data’.

To store this information means a JSON document because it is text-based, and this can be more versatile. We are likely to need to test data held in a different version of the database, so we abandon the idea of using the metadata directly. I also like to know more about the data that was selected as failing the test. I would like the name of the table and the name of the constraint. I need where possible, to see a good sample of the data though this isn’t possible or necessary with CHECK constraints. We need to get more serious about the tests, even if we lose some of the elegance of the code. One other thing is necessary once we decide to make it possible to run this on other versions of the database: In the case of unique indexes and FOREIGN KEY constraints, we need to check whether all the columns and tables involved are there under the same name. With CHECK constraints, all we can realistically do is to check for the table’s existence.

Here is an example of the report we get:

word image 75 But the Database Worked in Development! Preventing Broken Constraints

It is easy to see what is wrong in the data. That MaritalStatus column will need to be either ‘M‘ or ‘S‘ until Developer Dave fixes the constraint.

My apologies that this sort of convenience makes for more code.

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

DROP PROCEDURE IF EXISTS #ListAllCheckConstraints;

GO

CREATE PROCEDURE #ListAllCheckConstraints

  /**

Summary: >

  This creates a JSON list of all the check constraints in the database.

  their name, table and definition

Author: Phil Factor

Date: 12/12/2019

Example:

   – DECLARE @OurListAllCheckConstraints  NVARCHAR(MAX)

     EXECUTE #ListAllCheckConstraints

           @TheJsonList=@OurListAllCheckConstraints OUTPUT

     SELECT @OurListAllCheckConstraints AS theCheckConstraints

   – DECLARE @OurCheckConstraints  NVARCHAR(MAX)

     EXECUTE #ListAllCheckConstraints

           @TheJsonList=@OurCheckConstraints OUTPUT

     SELECT Constraintname, TheTable, [definition]

      FROM OPENJSON(@OurCheckConstraints)  WITH

      (Constraintname sysname ‘$ .constraintname’,

           TheTable sysname ‘$ .thetable’,

      [Definition] nvarchar(4000) ‘$ .definition’ );

Returns: >

  the JSON as an output variable

**/

  @TheJSONList NVARCHAR(MAX) OUTPUT

AS

SELECT @TheJSONList =

  (

  SELECT QuoteName(CC.name) AS constraintname,

    QuoteName(Object_Schema_Name(CC.parent_object_id)) + ‘.’

    + QuoteName(Object_Name(CC.parent_object_id)) AS thetable,

    definition

    FROM sys.check_constraints AS CC

    WHERE is_ms_shipped = 0

  FOR JSON AUTO

  );

GO

DROP PROCEDURE IF EXISTS #TestAllCheckConstraints;

GO

CREATE PROCEDURE #TestAllCheckConstraints

  /**

Summary: >

  This tests the current database against its check constraints.

  and reports any data that would fail a check were it enabled

Author: Phil Factor

Date: 15/12/2019

Example:

   – DECLARE @OurFailedConstraints  NVARCHAR(MAX)

     EXECUTE #TestAllCheckConstraints

          @TheResult=@OurFailedConstraints OUTPUT

     SELECT @OurFailedConstraints AS theFailedCheckConstraints

  Returns: >

  the JSON as an output variable

**/

@JsonConstraintList NVARCHAR(MAX)=null,–you can either provide

   –a json document or you can go and get the current

@TheResult NVARCHAR(MAX) OUTPUT –the JSON document that gives

   –the test result.

as

IF @JsonConstraintList IS NULL

  EXECUTE #ListAllCheckConstraints

      @TheJSONList = @JsonConstraintList OUTPUT;

DECLARE @Errors TABLE (Description NVARCHAR(MAX));–to temporarily

      –hold errors

DECLARE @Breakers TABLE (TheObject NVARCHAR(MAX));–the rows that

      –would fail

DECLARE @TheConstraints TABLE –the list of check constraints

      –in the database

  (

  TheOrder INT IDENTITY PRIMARY KEY, –needed to iterate

     –through the table

  ConstraintName sysname, –the number of columns used in the index

  TheTable sysname, –the quoted name of the table wqith the schema

  Definition NVARCHAR(4000) –the actual code of the constraint

  );

–we put the constraint data we need into a table variable

INSERT INTO @TheConstraints (ConstraintName, TheTable, Definition)

  SELECT Constraintname, TheTable, Definition

    FROM OpenJson(@JsonConstraintList)

    WITH –get the relational table from the JSON

      (

      Constraintname sysname ‘$ .constraintname’,

       TheTable sysname ‘$ .thetable’,

      Definition NVARCHAR(4000) ‘$ .definition’ –the mapping

      );

DECLARE @iiMax INT = @@RowCount;

–to do the actual check

DECLARE @CheckConstraintExecString NVARCHAR(4000);

–make sure the table is there

DECLARE @TestForTableExistenceString NVARCHAR(4000);

–to get a sample of broken rows

DECLARE @GetBreakerSampleExecString NVARCHAR(4000);

–temporarily hold the current constraint name

DECLARE @ConstraintName sysname;

–temporarily hold the current constraint’s table

DECLARE @ConstraintTable sysname;

–temporarily hold the constraint code

DECLARE @ConstraintExpression NVARCHAR(4000);

–the number of rows that fail the current constraint

DECLARE @AllRowsFailed INT;

–a sample of failed rows

DECLARE @SampleOfFailedRows NVARCHAR(MAX);

–Did the table exist in the current database

DECLARE @ThereWasATable INT;

DECLARE @ii INT = 1;–iteration variables

WHILE (@ii <= @iiMax)

  ——————–start of the loop——————

  BEGIN –create the expressions we need to execute

        –dynamically for each constraint

    SELECT @CheckConstraintExecString = –expression that checks

                                        –the constraint

      N‘SELECT @RowsFailed=Count(*) FROM ‘ + TheTable + N‘ WHERE NOT ‘

      + Definition, @ConstraintName = ConstraintName,

      @ConstraintTable = TheTable,

      @GetBreakerSampleExecString = –expression that gets

                                    –sample of failed rows

        N‘SELECT @JSONBreakerData= (Select top 3 * FROM ‘ + TheTable

        + N‘ WHERE NOT ‘ + Definition + N‘FOR JSON AUTO)’,

      @ConstraintName = ConstraintName, @ConstraintTable = TheTable,

      @ConstraintExpression=[definition],

      @TestForTableExistenceString = –expression that checks

                                     –for the table

        N‘SELECT @TableThere=case when Object_id(‘” + TheTable

        + N”‘) is null then 0 else 1 end’

      FROM @TheConstraints

      WHERE TheOrder = @ii;

      –check that the table is there

    EXECUTE sp_executesql @TestForTableExistenceString,

      N‘@TableThere int output’, @TableThere = @ThereWasATable OUTPUT;

    IF @ThereWasATable = 1

      BEGIN –it is a bit safer to check the constraint

        EXECUTE sp_executesql @CheckConstraintExecString,

          N‘@RowsFailed int output’, @RowsFailed = @AllRowsFailed OUTPUT;

        IF @AllRowsFailed > 0 –Ooh, at least one failed constraint

          BEGIN–so we get a sample of the bad data in JSON

            EXECUTE sp_executesql @GetBreakerSampleExecString,

              N‘@JSONBreakerData nvarchar(max) output’,

              @JSONBreakerData = @SampleOfFailedRows OUTPUT;

            INSERT INTO @Breakers (TheObject)

              SELECT–and save the sample of bad rows along with

                    –information about the constraint

                (

                SELECT

                  Convert(VARCHAR(10), @AllRowsFailed) AS RowsFailed,

                  @ConstraintName AS ConstraintName,

                  @ConstraintTable AS ConstraintTable,

                  @ConstraintExpression AS Expression,

                  Json_Query(@SampleOfFailedRows) AS BadDataSample

                FOR JSON PATH, WITHOUT_ARRAY_WRAPPER

                );

          END;

      END;

    ELSE INSERT INTO @Errors (Description)

         SELECT ‘We Couldn’‘t find the table ‘

+ @ConstraintTable;

    SELECT @ii = @ii + 1; – and iterate to the next row

  END;

SELECT @TheResult= – so we construct the JSON report.

  (SELECT

    (SELECT Json_Query(TheObject) AS BadData

     FROM @Breakers FOR JSON AUTO) AS FailedChecks,

  (SELECT Description FROM @Errors FOR JSON AUTO) AS errors

FOR JSON PATH);

go

The first job the code does, using the temporary procedure #ListAllCheckConstraints is to create, from the development database a JSON-based list of all the check constraints that you can then use for the test. The obvious place to get this information from is the new build of the database. You don’t need any database data at this point as we’re just interested in the metadata. We just want to know what to check once you’ve imported the data and before you enable constraints.

With this data, stored as a JSON document to make it portable, we can then test the data within the target database this is done by #TestAllCheckConstraints

DECLARE @OurFailedConstraints  NVARCHAR(MAX)

     EXECUTE #TestAllCheckConstraints

        @TheResult=@OurFailedConstraints OUTPUT

     SELECT @OurFailedConstraints AS theFailedCheckConstraints

You can then run all the tests on the target database automatically, using the data in this JSON document. If the table no longer exists, it will report the fact and avoid an error by bypassing the constraint check. Ideally, the check should really be in the pre-deployment script because you may decide that you want to prevent the build from going ahead if there is bad data in a column.

Here is an error where I’ve duplicated a row. This indicates that you will not be able to enable the index AK_SalesTaxRate_StateProvinceID_TaxType or AK_SalesTaxRate_rowguid without getting an error. It is telling you what duplicates will cause the error.

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

[{

    “duplicatelist”: [{

        “duplicated”: {

            “indexName”: “AK_SalesTaxRate_StateProvinceID_TaxType”,

            “tablename”: “[Sales].[SalesTaxRate]”,

            “columnlist”: “[StateProvinceID],[TaxType]”,

            “duplicates”: [{

                “duplicatecount”: 2,

                “StateProvinceID”: 1,

                “TaxType”: 1

            }]

        }

    }, {

        “duplicated”: {

            “indexName”: “AK_SalesTaxRate_rowguid”,

            “tablename”: “[Sales].[SalesTaxRate]”,

            “columnlist”: “[rowguid]”,

            “duplicates”: [{

                “duplicatecount”: 2,

                “rowguid”: “683DE5DD-521A-47D4-A573-06A3CDB1BC5D”

            }]

        }

    }]

}]

You will, however, be relieved that there is no ‘errors’ array in this document. Yes, it is easy to test. Why would you be relieved? This is because, if there were errors, the routine would be telling you that for one or more of the tests, either the table or one of the columns is missing. It does this check first, and if it knows that the duplicate check couldn’t even run, it doesn’t do it. You have a minor but tedious problem if you’ve changed the table columns used in these indexes as part of the release. This is because you’ll need to amend the list to allow an automated test, but this will be a relatively minor task. The script to make changes requires judgement and is not easily automated, but an existence-check for the columns is there and the information yielded should make a repair easy.

Another concern is that you may want to only test for certain constraints. As tables get much larger, it just takes too long. You only want to do them where you are putting in a new or changed constraint. Here, the answer is simple: you store the JSON document in source control and generate a new JSON document that lists just the new or altered constraints to be tested.

Summary

One aspect of DevOps teamwork involves a sort of remote running of test software. You as a developer devise the test, it is run by someone else under circumstances you can’t directly control, and you get back a report that gives you enough information to fix any problems that come up. It is curiously like the old Sybase technique of sending queries via email to be run, but without the scary surface-area exposure.

This type of test should avoid throwing errors and should collect all the information you need to script out a solution. It should not add work for the person who runs the script.

In the next article, we’ll add the routines for foreign key references and unique constraints. Armed with these, we can tie it all together to show how it fits in with a sophisticated deployment system such as SCA.

Let’s block ads! (Why?)

SQL – Simple Talk

Read More

Database Security, People and Processes

December 28, 2019   BI News and Info

Database developers and DBAs can use many “mechanical” security mechanisms to safeguard corporate data. Robert Sheldon has written an excellent six part Introduction to SQL Server Security covering most of them. However, DBAs know that these alone are not enough, because they cannot fully secure data while ignoring human frailties: they should not merely operate a hermit kingdom.

No matter how good the mechanical security, the corporate database is vulnerable to the people and processes within the organization. Often the risks of breaches to sensitive data come not through intention or malice, but ignorance or expedience.

It is easy to deal with ignorance, but the lure of expedient decisions can be harder to resist. They are, by definition, a convenient way to deliver the desired results, in the short term, when it feels like the detrimental consequences don’t matter. It is, for example, tiresome for people to have only the ‘minimum required’ permissions to access the data, just enough for the role they are supposed to fulfil. How much more convenient it would be for a member of staff to have an elevated level of access. What could go wrong?

To meet the demands of society for the curation of personal data, and the vital need of a business for the security of its data, security must take precedence to convenience. Any expediency in dealing with matters of data curation and security must be cleared with the business, even when it is legal. It must be an explicit business decision at a senior level because it comes with a quantifiable risk in monetary and reputational terms.

Addressing ignorance

The key to dealing with a lack of knowledge about data curation and security is to ask questions.

What information do I need in order to be able to secure the data resource for which I am responsible and accountable?

Where is that information within the organization?

Who are the stewards of that information?

Am I a steward of any information that would help other employees to secure the resources for which they are responsible and accountable?

How can I, as a steward, keep others up to date with the information they need?

Is the data for which I am responsible secure, and how can I be sure?

The answers to these questions provide a checklist that should form part of an operational playbook, to be applies at the start of any new project or business initiative. These checklists and playbooks will ensure the consistency and completeness of a security assessment. The checklists are auditable artifacts that demonstrate compliance with organizational security policies. Under EU GDPR Article 35, organizations handling personal data are compelled to carry out a Data Protection Impact Assessment (DPIA). There will be a large overlap between the organizational security assessment and the DPIA. The UK information commissioner’s office provides handy checklists for awareness, screening, process and evaluation of DPIAs.

Communication and collaboration

Data curation requires that data is kept secure, that only the people who should access the data can do so, and that only the data that they need for their role is provided to them. It also requires information integrity. Is the data correct, can it be checked and corrected if necessary, and is it properly disposed of when no longer needed?

Data security and information integrity are closely linked, and they are both team sports. An effective data security regime needs communication and collaboration between technical and non-technical functions within the business. This is far easier in an Agile/DevOps culture, where a team should already comprise of most of the disciplines needed for that team to operate autonomously, although there will always be a few specialist functions that need to be accessed from outside the team. Rather than be embedded in a team, these specialist functions will work generically across teams. Examples of these are HR, legal, risk and compliance.

Information integrity also requires reconciliation of information between those disciplines or functions. Each discipline or function validates the information it receives from every other discipline or function. The organization is required to know where all copies of data are held and why, and what steps are taken to ensure that it is correct. The officers of any organization are responsible for legal compliance.

The diagram below focusses on the main communication paths necessary for a good security regime. The exact functions and boundaries may differ or blur from organization to organization. As a general principle every function shown in the diagram should be listening and talking to every other function. For simplicity’s sake, non-technical business functions are not represented (except for Human Resources).

word image 72 Database Security, People and Processes

For any of these functions, security by obscurity is not a good strategy. If the way in which information is secured is opaque, then it is as opaque to people who should be guarding that information as it is to those people we wish to guard against: possibly more so. We must consider what artefacts are useful to help each function build systems that are secure. The following table provides examples but does not represent a definitive list of useful security artefacts:

Artefact

Description

Employee directory
  • Current employees with their job roles
  • Organizational hierarchy
  • Data stewardship/ownership

Database roles and permissions documentation

A list of the database roles and what they are intended to represent. Thanks to Dr Codd’s rule 4 this does not have to be a static or offline document; it can be a dashboard or report driven directly from the database server.

Database access log

A facility to allow the analysis of patterns of behavior that are potential indicators of undesirable activity.

  • Who accessed the data?
  • Using what application?
  • When?
  • How much data was accessed?
  • From what location (geography, IP address)?
  • If data was changed then what was the change?

Data Catalog
  • Where the data resides
  • Business description of the data artefacts, down to the attribute level
  • Information type and sensitivity
  • Stewards and owners
  • Retention policy
  • Applicable regulations
  • Data lineage

Applications catalog

The current technical state of the organization:

  • Application versions and patch levels
  • Libraries and frameworks versions and patch levels
  • Authentication requirements
  • Infrastructure requirements
  • Database requirements
  • Service level agreements
  • Recovery time & point objectives

Active Directory structure
  • Active Directory groups and their intended purpose
  • Service account logins
  • Machine registrations

Network and infrastructure diagram
  • Subnets with their CIDR ranges,
  • Network access control lists (ACLs)
  • Security groups
  • Routing tables
  • Etc.

Architectural road map

Represents the future technical state of the organization. In effect this is what the future applications catalogue is intended to be.

Software vulnerability log

A collated list of software vulnerabilities for items in either the applications catalogue or architectural roadmap.

Security policies and procedures

Policies must be clear, unambiguous and written to help employees comply with any regulatory regime. These are most helpful when in the form of checklists or operational playbooks.

Having identified business functions and useful artefacts that will help those functions secure the information within the organization, we can now explore the roles each function plays in maintaining those artefacts.

Human Resources

HR are important actors in any security theatre. They are the first to know if an employee’s status has changed and they are privy to several items of information that are useful in securing data.

  • A list of current and active employees
  • A list of, and process for, starters, leavers and job changers. Mandatory for PCI-DSS and/or ISO27001 compliance.
  • A list of employees who are absent, sick or on holiday (ASH)
  • A list of employees on “Gardening Leave”
  • Organizational structure, job roles and line management

There must be a reconciliation process between HR’s records and the logins in the following systems:

  • Active Directory
  • Email systems
  • Databases
  • Applications including SaaS

Another important HR role in information security is to ensure that there is ongoing staff education. GDPR article 47 “Binding Corporate Rules” states that rules should specify that appropriate data protection training should be given to personnel having permanent or regular access to personal data. There must be dialogue between HR and the security and governance function to determine what form security training should take, and to provide an audit trail of who has had such training, the recency of that training, and the level of training provided.

As HR has access to some of the most personal of data, they must include themselves in any training. The other technical areas should be able to signal what training they require to ensure that what they build is secure.

It may be beneficial for HR to have the capability to deactivate user accounts given they will be the first to know if an employee has left the organization. It may also be judicious to disable logins when employees take annual leave or have extended periods of absence. This would not just be for security purposes but to help to safeguard the mental health of the employees on leave.

Development teams and infrastructure

The consequences of not having an application catalog were demonstrated back in 2003 by the SQL Slammer worm. Organizations with patched and up-to-date SQL Servers found their networks brought to a standstill by network traffic caused by the worm trying to propagate. Their suffering was caused by unpatched applications, of which they knew nothing, acting as attack vectors. If there had been a catalog, these applications could have been patched.

In an organization that has adopted a DevOps culture, most of the attributes mentioned earlier as part of an application catalogue are part of the software build. Practices that make the job of assembling such a catalog far easier, and even automatic, include:

  • Infrastructure as code
  • Configuration management
  • Continuous integration and delivery
  • Use of source control

A DevOps culture also addresses the consequences of involving network and infrastructure specialists too little and too late. Such late involvement threatens security because it means that the security infrastructure must be put together with avoidably imperfect knowledge, and in unnecessary haste.

Just as HR has a “starters and leavers” process, so an application catalog needs an “adopters and deprecators” process for the applications it holds. Applications need attention at all stages in their lifecycle. If an application is deprecated, then this represents an opportunity to reduce the attack surface area for the organization:

  • Removal of database logins for the application and possibly even databases
  • Removal of service accounts from Active Directory
  • Deprecation of infrastructure
  • Tightening of firewalls, network rules

Architects and architecture

In an Agile organization many of the disciplines that have traditionally been part of the architect role have been devolved, so they become part of the day to day tasks of the development teams.

Even so, it remains a primary duty of anyone aspiring to be an architect to control the technical diversity within an organization. The application catalog provides the means to monitor whether this is being achieved. For example, it will reveal that the organization is running multiple versions of the same application, library or framework, or ‘different’ libraries or frameworks that do more-or-less the same thing.

All complex systems have vulnerabilities. If you are using three ORM frameworks, then you have three sets of vulnerabilities to worry about. You also limit your internal pool of expertise to help address those vulnerabilities.

There is a cyclic relationship between the architectural roadmap and the applications catalog:

  • Architects use the applications catalog to form an architectural roadmap for the organization and to help design and plan future systems.
  • When implementing the architectural roadmap, much of the underlying detail that emerges should propagate through to the applications catalog.

The roadmap will also inform all parties as to what training needs to be incorporated into the plan.

Discussions regarding security tend to focus on blocking illegitimate activity. However, security also means ensuring that legitimate activity continues to take place. The architects also need to think about what performance metrics need to be available to ensure that applications, database and infrastructure folk build a system that is both secure and reliable.

Security and governance

In a post GDPR world, a new business idea may seem to be technically easy to execute, but will be on shaky ground, or maybe even quicksand, regarding laws and regulation.

  • Does the proposed feature depend on personal data that the organization has consent to use?
  • Is the data required for the feature necessary for the organization to carry out its primary business?

This is one of the reasons that a security and governance function inevitably has a proactive role. They must be subject matter experts advising on how to avoid introducing vulnerabilities and explaining what is required to implement good security practice.

GDPR article 25 requires us to build in data protection by design and default. It is far easier to build secure systems when security is a foundation stone of the design. You are likely to create more problems than you solve by attempting to secure something in retrospect.

Once again, the importance of an applications catalog, as well as a data catalog, becomes apparent. Its importance is in the detailing of the applications, libraries and frameworks in use within the organization and the versions and patch levels for each.

A fundamental duty of the security and governance function is to keep up to date with threats and vulnerabilities that might affect the organization, such as those arising from:

  • Software used by the organization, whether it be apps, libraries or frameworks
  • Tools and techniques that can invalidate security safeguards.
  • Legal and regulatory change, such as GDPR
  • Changing business requirements that may bring the organization under new regulatory bodies
  • Social engineering approaches to defeating security, such as phishing.
  • Organizational restructuring

Again, there should be cyclic relationship between the architectural roadmap and the work undertaken to identify vulnerabilities. The expertise of the security and government specialists informs the architectural roadmap, and so the architectural roadmap informs security and governance specialists as to what new software and tools will be required.

In the event of a vulnerability or threat, a security and governance function would provide an early warning for application developers, database teams and for those responsible for the network infrastructure. All parties should work closely together to ensure those vulnerabilities are addressed.

As vulnerabilities and threats are a moving target, they also have an important role in determining how security training should be updated so that people have the information they need to address new threats. Emerging training needs should be a feedback loop to HR.

Organizational behavior needed to build secure systems

If we accept that organizational security is a team sport, then we must consider the organizational behaviors needed to nurture a team mentality. Consider Patrick Lenceoni’s 5 dysfunctions of a team and what threat these dysfunctions pose when securing the organization. In this case each team member is an organizational function.

Trust

Team members need to trust in each other, and that other team members are competent. They need to feel that it is safe to admit to knowledge gaps and to ask for help from other team members, but also that they can hold each other to account and in turn be held to account themselves. Without trust, scarce resources are wasted because teams:

  • Build isolated fortresses, without covering the grey areas in between, resulting in security vulnerabilities in the overall systems
  • Build features to guard against the perceived incompetence of other team members rather than features to guard against real threats
  • Create unnecessary complexity, making system security difficult to test and verify

Dealing constructively with conflict

Conflict, in the positive sense, can be the action of holding each other to account or drawing attention to vulnerabilities. If conflict is avoided, due to fear of political ramifications, then the risk is that security is weakened because critical information and feedback is withheld.

Attention to results

The desired outcome is a secure, appropriately accessible corporate data asset. The organization needs to decide how it can measure the implementation and effectiveness of the security regime intended to deliver that outcome. This includes what “KPIs” are and how they are presented.

If the organization identifies the security regime it wants, without identifying and quantifying the KPIs it will use to prove it has achieved it, then team members will tend focus on just the KPIs that indicate their individual behavior rather than KPIs that indicate the success or failure of the team as a whole.

Commitment to act

The clearest, most informative security dashboard on Earth is of no use unless there is commitment to act on the information presented. This requires commitment from each team member:

  • To define appropriate processes in response to measures that indicate action is needed
  • To enact those processes promptly when required
  • To log actions taken and communicate that action to the team

Accountability

Each team member must be accountable for:

  • Providing the information that allows others in their team to fulfil their security obligations.
  • Making clear what information is required from other teams and departments
  • Highlighting when that information is not forthcoming

Measurement, surveillance and monitoring

Most security breaches are internal to the organization and are often unintended, or caused by employee complacency, or both. Employees already have legitimate access to organizational systems so are already within the company’s security perimeter. For this reason, there needs to be robust and continual monitoring and logging of items such as the following:

  • Changes to data
  • Changes to infrastructure configuration
  • Changes to application versions patch levels
  • Changes to permissions
  • Changes to role membership (both Active Directory and database)
  • Logins and logouts

As with any measurement regime, we can only recognize and detect abnormal behavior if we have a baseline for what constitutes normal behavior. The thresholds for “abnormal” require careful definition; too high and threats are missed, too low and the system “cries wolf” and is soon ignored.

Monitoring SQL Server Security: What’s Required?

A monitoring tool must help us defend against both known and unknown avenues of attack. It must be adaptable, monitor a diffuse collection of metrics, and then help us determine the reason for any sudden change in the patterns of access.

The purpose of any alert, report or dashboard is to support a decision or be a clear call to action. Brevity and clarity should be the guiding principles with the recipient being the arbiter of what is useful.

Third party security specialists should carry out both external and internal penetration testing on the system. They will flush out vulnerabilities that would only otherwise be found by hostile parties, and their testing will verify the effectiveness of systems intended to spot anomalous behavior. Penetration testing should show up in the logs and trigger appropriate alerts.

Another important consideration is the perceived neutrality of the third party. Audits can uncover painful truths and receiving those truths from a neutral third party can be more palatable; if not, it is rarely frowned upon to shoot an external messenger.

Summary and recap

  • Data security must ensure that legitimate people have access to the information they need, as well as preventing malicious actors from gaining access.
  • Information integrity is essential to ensure that data can be both checked and corrected, and that data curation complies with the law.
  • You must be able to prove that data security is not being compromised. It is no longer enough to claim you didn’t know about a breach.
  • Collaboration and corroboration both aid the implementation of an effective security regime
  • Housekeeping tasks help manage the security surface area thus making anomalies easier to spot
  • Security by obscurity is not a good strategy. It is as likely, if not more likely, to hide vulnerabilities as it is to act as a preventative measure
  • Database applications must, by design, allow the organization to meet the required standards of data security and information integrity.

Let’s block ads! (Why?)

SQL – Simple Talk

Read More

TigerGraph raises $32 million for graph database tools

September 25, 2019   Big Data
TigerGraph raises $32 million for graph database tools

TigerGraph, a Redwood City, California-based software developer providing a suite of enterprise graph database tools, today announced that that it’s secured $ 32 million in series B funding led by private equity firm SIG. The infusion of capital comes after a $ 31 million series A in September 2017 and nearly doubles the startup’s haul to $ 60 million, as it continues to attract marquee clients like Zillow, Intuit, Amgen, Wish, Kickdynamic, and China Mobile.

“Today’s vast amount of data, together with increasingly powerful processing capabilities enabled by the cloud, means it is now possible to ask complex questions across complex data, which is not always practical or even possible at scale using SQL queries,” said CEO and founder Yu Xu, a former IBM, Teradata, and Twitter engineer and systems architect who founded TigerGraph in 2011. “The funding will fuel a new wave of growth and expansion for TigerGraph to make deep link analysis accessible to virtually every organization in the world and help users unleash the power of interconnected data.”

Graph databases and graph-oriented databases leverage graph structures for semantic queries, with nodes, edges, and properties that store and represent data. They’re a type of non-relational technology that depicts the relationships connecting various entities (like two people in a social network, for instance) and that can analyze interconnected data.

TigerGraph says its cloud-hosted and pay-as-you-go service — which is now generally available — simplifies graph management and configuration organization-wide, even for departments lacking the technical prowess to produce graph databases from scratch. To this end, its three-step graph-generating tool ostensibly gets apps up and running within minutes to hours. Plus, TigerGraph delivers a dozen starter kits addressing use cases like fraud detection, personalized real-time recommendation, computation, explainable AI, machine learning, and supply chain analysis.

TigerGraph’s eponymous TigerGraph Cloud scales up to tens of terabytes, 100 billion vertices, and 600 billion edges on the high end. It can support with a single machine more than 100,000 real-time deep link analytics queries and 50GB to 150GB of data per second. On a cluster of 20 commodity machines, it’s capable of streaming over 2 billion daily events in real time.

TigerGraph’s SQL-like graph query language enables ad-hoc data exploration and analysis, while its architecture makes use of compression to minimize memory overhead. Graphs are structured such that vertices and edges act as parallel storage and computation units, each of which can hold any amount of arbitrary information. This allows TigerGraph Cloud to run multiple engines hosting graphs with different partitioning algorithms, queries to which a front-end server can automatically route based on type.

“At Kickdynamic we know that compelling, individualized experiences are the most effective way to create customer loyalty and drive revenue,” said Kickdynamic chief product officer Gabriele Corti. “Having tried various other solutions, we found that TigerGraph offered the best combination of performance and advanced, real-time, analytical capabilities. TigerGraph’s scalable graph database will enhance our platform and enable us to continue to achieve our vision of delivering advanced personalization in email.”

Markets and Markets anticipates the graph database market will reach $ 2.4 billion by 2023 from $ 821.8 million in 2018, and analysts at Gartner expect that enterprise graph processing and graph databases will grow 100% annually through 2022. Startups like Neo4j, MongoDB, Cambridge Semantics, DataStax, and others have risen to meet the need, in addition to incumbents like Microsoft and Oracle. Even Amazon threw its hat in the ring in November 2017 with the launch of Neptune, a fully managed graph database powered by its Amazon Web Services division.

Sign up for Funding Daily: Get the latest news in your inbox every weekday.

Let’s block ads! (Why?)

Big Data – VentureBeat

Read More

SQL Server 2019 Graph Database and SHORTEST_PATH

September 18, 2019   BI News and Info

My crystal ball seems to be working again: The new addition to SQL Server 2019, shortest_path, was the subject of many of the technical sessions I delivered as one of the missing features of SQL Server Graph Database.

I will use an example that is similar to the first article I wrote on this topic. You can create the database and tables needed for this article using this script. Maybe you would also like to read the previous blog post about some recent improvements in Graph Databases.

Since the data is essentially a graph, a solution to visually show the results is helpful. An application like Gephi to can be used to view the graph. (You can download this application here.) To use Gephi with SQL Server, make sure that the TCP/IP protocol and mixed authentication are enabled. The app only supports SQL authentication, so you will need a SQL Server login to connect.

Using Gephi

Follow these steps to view the graph in Gephi.

  • After opening Gephi, select New Project on the Welcome screen
  • On the File menu, select Import Database->Edge List. This will open the Database settings screen.

a screenshot of a cell phone description automati SQL Server 2019 Graph Database and SHORTEST PATH

  • In the Configuration Name field, create a name for the configuration, such as SQLServer2019.
  • In the Driver field, select SQL Server.
  • In the Host field, insert the machine/instance name of your SQL Server
  • In the Port field, enter the port used, typically 1433. If you’re not sure, look for the port number in the SQL Server Configuration Manager program.
  • In the Database field, insert the name of the database which contains the graph tables which is probably GraphDemo if you have been following along
  • In the Username field, enter the username of a SQL Server login with SELECT permission to the tables in the GraphDemo database.
  • In the Password field, insert the password for the SQL login.

In addition to the configuration required to connect to SQL Server, the Database settings screen also requires two queries: One to retrieve the list of nodes from the server and another to retrieve the list of edges from the server. I’ll explain those queries next.

The screen itself contains information at the top of the dialog about the columns the queries need to return, and it’s important to notice these columns are case sensitive.

The nodes table in SQL Server has the pseudo-column $ node_id, which is a JSON column. A good option is to extract the id from the JSON and use the MemberName as the label for the node. The query will look like this:

SELECT <strong>Json_value</strong>($ node_id, ‘$ .id’) AS id, 

       membername                   AS label 

FROM   forummembers 

The edge query has also to extract the id from  $ to_node and $ from_node, but besides that, you need to filter the nodes returned, because the nodes table from the previous article has a relation between two members and between members and messages. For this example, return only the relation between two members. Here is the query:

SELECT <strong>Json_value</strong>($ from_id, ‘$ .id’) AS source, 

       <strong>Json_value</strong>($ to_id, ‘$ .id’)   AS target 

FROM   likes 

WHERE <strong>Json_value</strong>($ from_id, ‘$ .table’) = ‘ForumMembers’ 

      AND <strong>Json_value</strong>($ to_id, ‘$ .table’) = ‘ForumMembers’ 

It’s important to note that the source and target id’s in the edge query need to match with the ids in the node query. There are some additional columns that could be used, but for this example, you’ll only need these.

The final configuration will look similar to the following image:

word image 9 SQL Server 2019 Graph Database and SHORTEST PATH

After you click OK, the next window, Import Report, involves many details but they will not be covered in this article. What’s important here is the number of nodes and edges found, confirming that the queries are correct. However, there is only a single step to be done on this screen:

Select the option Append to existing workspace.

a screenshot of a cell phone description automati 1 SQL Server 2019 Graph Database and SHORTEST PATH

After this first screen, you will see the Workspace1 and Preview tabs and Preview Settings window. It’s time to build the graph.

a screenshot of a social media post description a SQL Server 2019 Graph Database and SHORTEST PATH

Click on the Refresh button inside the Preview Settings pane. This will result in an image similar to the one below. Note that yours may look different, but in the next step, you can verify that the nodes are connected correctly.

a picture containing sky kite water outdoor de SQL Server 2019 Graph Database and SHORTEST PATH

Improve this graph just a bit by making these changes in the Preview Settings tab.

  • Change the Opacity property to 0 under Nodes.
  • Mark the Show Labels property under Node Labels.
  • Change the Outline opacity under Node Labels to 0

After clicking refresh, the graph will change to something like the image below:

a close up of a map description automatically gen SQL Server 2019 Graph Database and SHORTEST PATH

As you may notice, even a simple graph with a small amount of data can be quite complex to identify information such as the shortest path between two nodes in the graph. That’s why you need a tool to calculate this, and SQL Server 2019 can make this kind of calculation.

Calculating the Path

When you think about a function to calculate the shortest path between two points, you may think that it will be a simple function. To make this calculation work, however, you need way more than a simple function. You must establish paths among the graph data. The data has many paths, and each one has many nodes with a beginning and an end. Each path is a group of nodes, in some ways like the group by function.

One similarity, for example, is that you can’t read the column directly from the path. You need to apply aggregation functions to the set of nodes that are part of the path to read the information.

The syntax to build this query resembles the GROUP BY clause, requiring you to use aggregate functions to make calculations on every (shortest) path of nodes, getting grouped results.

To make this simpler, start to build the query over the model piece by piece. First, the From clause

FROM 

    ForumMembers P1, 

    ForumMembers FOR PATH as P2, 

    Likes FOR PATH as IPO

The FOR PATH expression in the edge and node tables indicates these tables will be used to calculate paths, a grouping, in other words. Over the columns of these particular tables you can only apply aggregation functions; you can’t retrieve the columns directly.

You may have noticed the node table appears twice in the query, one using the FOR PATH and another without using the FOR PATH. Since you can’t retrieve columns directly from the FOR PATH tables, you can include the nodes table twice to retrieve individual values of the node columns, usually for the start node of the path.

Now analyse the list of columns and expressions in the SELECT list:

SELECT 

    P1.MemberID, 

    P1.MemberName, 

    <strong>STRING_AGG</strong>(P2.MemberName,

        ‘->’) WITHIN GROUP (GRAPH PATH) AS [MemberName], 

    LAST_VALUE(P2.MemberName) WITHIN GROUP (GRAPH PATH) 

        AS FinalMemberName, 

    COUNT(P2.MemberId) WITHIN GROUP (GRAPH PATH) AS Levels

The first two columns come from the P1 table, which is not marked as FOR PATH. The MemberID and MemberName columns are from the first node of the path. The WHERE clause will also expose this.

The other three expressions use aggregate functions. They use the following functions:

Count: is a well know aggregate function

STRING_AGG: was introduced in a recent version of SQL Server and can be used to concatenate string values

LAST_VALUE: is a windowing function, but it can be used with any kind of aggregation, including a graph path.

Besides each aggregation function, you have the WITHIN GROUP (GRAPH PATH) statement, a special statement created for the grouping generated by the shortest_path function.

Finally, here’s the WHERE clause:

WHERE MATCH(SHORTEST_PATH(P1(-(IPO)->P2)+))

It’s like a regular MATCH clause that you already know about, but using the new function, SHORTEST_PATH. The first table, which is not part of the grouping, is related to the edge and node tables, which is part of the grouping. The edge and second node tables appear between parenthesis. The SHORTEST_PATH function understands this as an instruction to use recursion, creating the groups.

The ‘+‘ symbol indicates that you would like information about the entire path between each member of P1 and P2, without limiting the number of hops

Here’s the final query:

1

2

3

4

5

6

7

8

9

10

11

12

13

SELECT 

    P1.MemberID, 

    P1.MemberName, 

    <strong>STRING_AGG</strong>(P2.MemberName,

       ‘->’) WITHIN GROUP (GRAPH PATH) AS [MemberName], 

    LAST_VALUE(P2.MemberName) WITHIN GROUP (GRAPH PATH) 

       AS FinalMemberName, 

    COUNT(P2.MemberId) WITHIN GROUP (GRAPH PATH) AS Levels 

  FROM 

    ForumMembers P1, 

    ForumMembers FOR PATH as P2, 

    Likes FOR PATH as IPO 

  WHERE MATCH(SHORTEST_PATH(P1(-(IPO)->P2)+));

The image below gives an idea of the result. You have the information about the first member of the path, you have the entire path (not including the first member) created by the function STRING_AGG, you have the last name of the path created by the LAST_VALUE function, and you also have the number of levels in the path, created by the function COUNT

word image 10 SQL Server 2019 Graph Database and SHORTEST PATH

You may be wondering about how Carl connects to Carl. This image shows the path:

word image 11 SQL Server 2019 Graph Database and SHORTEST PATH

Performance

The execution plan is big. There is no doubt that you will need to take care when using it in large environments. The full execution plan doesn’t fit here, but you may notice by the piece below that the plan makes extensive use of tempdb.

You may notice the following details in the execution plan:

  • It starts with the edge table
  • It creates three temporary tables from the edge table. You will see many table operations in the plan, but checking the names, you will notice there are only three

a screenshot of a computer description automatica SQL Server 2019 Graph Database and SHORTEST PATH

  • It joins one of the temporary tables with the edge table, the nodes table and a second temporary table, aggregating the result and inserting in the temporary tables
  • It has a Sequence operator, which then is joined with the node table to get the results

a screenshot of a computer description automatica 1 SQL Server 2019 Graph Database and SHORTEST PATH

Filtering

By adding one more predicate, you can view just the paths starting from one forum member:

1

2

3

4

5

6

7

8

9

10

11

12

13

SELECT

   P1.MemberID,

   P1.MemberName,

   STRING_AGG(P2.MemberName,‘->’) WITHIN GROUP

       (GRAPH PATH) AS [MemberName],

   LAST_VALUE(P2.MemberName) WITHIN GROUP (GRAPH PATH)

        AS FinalMemberName,

   COUNT(P2.MemberId) WITHIN GROUP (GRAPH PATH) AS Levels

FROM ForumMembers P1,

ForumMembers FOR PATH as P2,

Likes FOR PATH as IPO

WHERE MATCH(SHORTEST_PATH(P1(-(IPO)->P2)+))

  AND p1.MemberID=7;

a screenshot of a social media post description a 1 SQL Server 2019 Graph Database and SHORTEST PATH

The execution plan changes. You may notice the following:

  • The sequence is still the middle of the execution plan
  • The plan starts by the node, not the edge
  • After the sequence, the Query Optimizer is able to use an index for one of the nodes

a screenshot of a video game description automati SQL Server 2019 Graph Database and SHORTEST PATH

  • There is a fourth temporary table, called Source
  • The number of paths before the sequence increases

a screenshot of a cell phone description automati 2 SQL Server 2019 Graph Database and SHORTEST PATH

If you would like to see only the path between Jonh and Steve, you may be surprised that you have to separate the query into a CTE or subquery and filter the results. One reason is that a windowing function cannot be directly filtered. The MATCH statement doesn’t offer a solution either, you can’t filter by a P2 field, for example, because it’s marked as FOR PATH.

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

WITH qry AS (

  SELECT

   P1.MemberID,

   P1.MemberName,

   STRING_AGG(P2.MemberName,‘->’) WITHIN GROUP (GRAPH PATH)

     AS [Path],

   LAST_VALUE(P2.MemberName) WITHIN GROUP (GRAPH PATH)

     AS FinalMemberName,

   COUNT(P2.MemberId) WITHIN GROUP (GRAPH PATH) AS Levels

  FROM

   ForumMembers P1,

   ForumMembers FOR PATH as P2,

   Likes FOR PATH as IPO

  WHERE MATCH(SHORTEST_PATH(P1(-(IPO)->P2)+))

   and p1.MemberID=7)

SELECT * FROM qry

WHERE FinalMemberName=‘Steve’;

It’s not difficult to predict: The query plan is bad. You are calculating the path from Jonh to all other members and only after this does the filter kick in to get the path between Jonh and Steve. In the image below you may notice the filter for Steve only after the sequence, after calculating all the paths from Jonh

a screenshot of a cell phone description automati 3 SQL Server 2019 Graph Database and SHORTEST PATH

You may have already noticed the + symbol in the Match clause. It means you allow an unlimited number of hops. However, you can use a slightly different syntax to find all the forum members that are, for example, up to two hops away from others:

1

2

3

4

5

6

7

8

9

10

11

12

13

SELECT

   P1.MemberID,

   P1.MemberName,

   STRING_AGG(P2.MemberName,‘->’) WITHIN GROUP (GRAPH PATH)

      AS [MemberName],

   LAST_VALUE(P2.MemberName) WITHIN GROUP (GRAPH PATH)

      AS FinalMemberName,

   COUNT(P2.MemberId) WITHIN GROUP (GRAPH PATH) AS Levels

FROM

   ForumMembers P1,

   ForumMembers FOR PATH as P2,

   Likes FOR PATH as IPO

WHERE MATCH(SHORTEST_PATH(P1(-(IPO)->P2)<strong>{</strong>1,2<strong>}</strong>));

However, the start needs always to be 1. If you want to see the people that are an exact number of hops from other, once again you will need to filter the result of the query:

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

WITH qry as

(

  SELECT

   P1.MemberID,

   P1.MemberName,

   STRING_AGG(P2.MemberName,‘->’) WITHIN GROUP (GRAPH PATH) AS [path],

   LAST_VALUE(P2.MemberName) WITHIN GROUP (GRAPH PATH) AS FinalMemberName,

   COUNT(P2.MemberId) WITHIN GROUP (GRAPH PATH) AS Levels

  FROM

   ForumMembers P1,

   ForumMembers FOR PATH as P2,

   Likes FOR PATH as IPO

  WHERE MATCH(SHORTEST_PATH(P1(-(IPO)->P2){1,2}))

)

SELECT * FROM qry WHERE levels=2;

The shortest_path function is a great new feature for the SQL Server graph database, but being unable to filter the end node or the exact number of hops without performing the entire calculation and only then filter the result is still a problem for query performance.

Indexing

You can create indexes on the pseudo-columns of the edge and nodes. Considering the execution plans you saw, you can create the following clustered index for the edge:

CREATE CLUSTERED INDEX indLikes ON likes($ from_id,$ to_id);

For the nodes, on the other hand, the index didn’t help so much. If you create a clustered index, it will result in a scan operation. If you create a non-clustered index, you would need to include all the columns involved in the operation. It may sound a bit strange, but one of the columns is the graph_id. There is no pseudo-column for the graph_id in the nodes table. There is one function to retrieve the graph_id, GRAPH_ID_FROM_NODE_ID, but you can’t use this function to create a computed column. This instruction bellow, for example, will fail:

ALTER TABLE forumMembers ADD graph_id

AS (GRAPH_ID_FROM_NODE_ID($ node_id))

PERSISTED;

On the other hand, for the queries where you are filtering for the start member, a non-clustered index on the member id helps:

CREATE NONCLUSTERED INDEX indMembers ON ForumMembers(memberid);

There is not much news about the more complex situations filtering by levels or end node: It’s an additional filter after all the calculations of shortest_path.

Conclusion

The function shortest_path is an excellent addition to the graph database features; however, the two limitations it has may create heavy queries in the environment:

  • You can’t specify an end node.
  • You can’t specify a start number of hops which would allow selecting an exact number of hops with same start and end.

Let’s block ads! (Why?)

SQL – Simple Talk

Read More

Amazon Quantum Ledger Database (QLDB) hits general availability

September 10, 2019   Big Data
Amazon Quantum Ledger Database (QLDB) hits general availability

Months ago, Amazon Managed Blockchain (AMB) hit general availability, and at the time, Amazon was able to pair it with Amazon Quantum Ledger Database (QLDB). Now the latter is widely available as well, in multiple regions of the United States — U.S. East (Ohio and Northern Virginia) and U.S. West (Oregon) — and in Asia Pacific (Tokyo) and the EU (Ireland). Additional regions are coming soon.

Amazon QLDB is designed to pair with AMB. The latter, according to Amazon, is ideal for customers who want rather standard blockchain services like smart contracts and anonymous data sharing, but those require a centrally owned ledger. In the press release, Amazon said, “Customers can use relational databases, or they can use the ledger technology in one of the open source blockchain frameworks. Neither solution is optimal.” The primary case the company is making is that even blockchain-based ledgers can be difficult to set up and manage.

“Amazon QLDB is a new class of database that provides a high-performance, immutable, and cryptographically verifiable ledger that customers can use to build applications that act as a system of record, where multiple parties are transacting with a centralized, trusted entity,” reads the press release in part.

AWS said that it’s been using a version of Amazon QLDB internally for years, and has now added the ability to cryptographically verify data integrity as it rolls out to external customers.

Features and benefits include:

  • “Journal” immutable transactional log tracks all application changes over time
  • Requires transactions to comply with atomicity, consistency isolation, and durability (ACID)
  • Historical changes are cryptographically chained and verifiable for customers comfortable with SQL queries
  • Serverless — customers must only create a ledger and define tables, then Amazon QLDB scales according to app demands
  • Does not require distributed consensus, and therefore promises two or three times the transaction speed of other blockchain frameworks

Pricing is flexible; customers pay only for the reads, writes, and storage they use — and all are billed separately. There are no minimum fees or mandatory service usage requirements.

Let’s block ads! (Why?)

Big Data – VentureBeat

Read More

Introduction to DevOps: DevOps and the Database

August 10, 2019   BI News and Info

The series so far:

  1. Introduction to DevOps: The Evolving World of Application Delivery
  2. Introduction to DevOps: The Application Delivery Pipeline
  3. Introduction to DevOps: DevOps and the Database

DevOps has been gaining steady ground in the world of application development, with ongoing improvements in delivery processes and the tools needed to support them. For the most part, however, DevOps has focused primarily on the application itself, with databases left to their own devices, despite the integral role they play in supporting many of today’s data-driven workloads.

According to the 2018 Accelerate: State of DevOps report, “database changes are often a major source of risk and delay when performing deployments.” But the report then states that integrating databases into the application delivery process could have a positive impact on continuous delivery. The key, according to the report, is good communication and comprehensive configuration management that incorporates databases. In other words, database changes should be managed in the same way as application changes.

Redgate’s 2019 State of Database DevOps report adds to these findings with their own survey results. According to the report, 77% of the respondents claim that their developers work across both databases and applications, and 75% say that developers build the database deployment scripts. However, 63% acknowledge that DBAs are responsible for deploying database changes to production.

The report also states that the two most significant challenges to integrating database deployments into the DevOps process are “synchronizing application and database changes” and “overcoming different approaches to application and database development.” In contrast, the two biggest reasons for integrating databases into DevOps are “to increase speed of delivery of database changes” and “to free up developers’ time for more added value work.” More importantly, 61% believe that such a move would have a positive impact on regulatory and compliance requirements.

Clearly, integrating database deployments into the DevOps process remains a challenge for many organisations, yet there’s a growing recognition that databases need to be brought into the DevOps fold. And in fact, this is beginning to happen, as more organisations incorporate database deployments into their integration and delivery processes. Not only does this promise to help improve application delivery, but it can also benefit database development itself.

The DevOps Promise

When application and database development efforts are more tightly integrated—with teams working in parallel and sharing a common process—they can release builds that are more consistent and stable, while reducing unnecessary risks and delays. The teams use the same infrastructure to develop and deploy application and database code, making it easier to standardise processes and coordinate efforts.

In a more traditional development environment, database changes can hold up application delivery, impacting productivity and costs. By incorporating databases into DevOps, database deployments can benefit from the established processes, while more tightly integrating database and application development.

A DevOps approach to database development also makes the process more agile and adaptable. Teams implement smaller, more frequent changes as part of a coordinated effort while receiving continuous feedback on the delivery processes and application components. In this way, database development and deployment are no longer disconnected from the larger delivery workflow but become integrated into the process throughout the application lifecycle.

The DevOps Challenge

As good as database DevOps might sound, there’s a good reason that organisations have been slow to jump on board. Transitioning from a siloed-database model to a DevOps-database approach is no small effort.

To begin with, databases were never part of the original DevOps vision. Processes and tools were developed for application code and application deployments, not for the peculiarities of database management. It’s only been recently that databases have been incorporated into DevOps processes in a meaningful way.

Database tools and operations are very specific to database development and management and the environment in which those databases reside. In the early days of DevOps, many viewed the database as existing in a separate world, and both sides of the aisle preferred to keep it that way.

One of the significant differences between application and database deployments comes down to data persistence. With applications, it’s much easier to update or replace code because there’s no data to manage along the way. With databases, however, you can’t simply overwrite schemas or copy changes from one environment to another without pulling the data along with you. Careful consideration must be given to how changes impact existing data and how to preserve that data when changes are made. Otherwise, you risk data loss, integrity issues, or privacy and compliance concerns.

Databases also bring with them size and scalability issues that differ from application code. Implementing schema changes on a massive database in a production environment can be a significant undertaking and lead to performance issues and degraded services. Database changes become even more complicated if the database is being accessed by multiple applications, especially if no single application has exclusive ownership.

Perhaps the biggest hurdle to implementing database DevOps has been a siloed mindset that makes it difficult for various players to come together in a way that makes integration possible. According to the Redgate report, only 22% of the respondents said that their developers and DBAs were “great” at working together effectively as a team, and without a team-focused attitude, an effective DevOps strategy is nearly impossible to implement.

Despite these challenges, however, database DevOps has made important inroads in recent years. DevOps tools now better accommodate databases, and database tools better integrate with DevOps systems. Attitudes, too, are beginning to change as more participants come to understand the value that incorporating databases can offer. Although database DevOps is still a challenge, many teams have now demonstrated that application and database delivery can indeed be a unified effort.

Moving Ahead with Database DevOps

To make DevOps work, the database team must adopt the same principles and technologies as those used by the application team when delivering software. Figure 1 provides an overview of what the database DevOps process might look like when integrated into the application delivery pipeline.

word image 41 Introduction to DevOps: DevOps and the Database

Figure 1. Integrating database deployment into the DevOps process

The first step is to store all database code in source control (also referred to as version control). A source control solution provides the foundation on which all other DevOps operations are based.

With source control, every developer works from the one source of truth, resulting in fewer errors and code conflicts. Source control also tracks who made what changes and when those changes were made. In addition, source control maintains a version history of the files, making it possible to roll back changes to previous versions. Source control also makes it easier to repeatedly build and update a database in different environments, including QA and development.

Database teams should store all their database code in source control. This includes the scripts used to build the databases as well as the migration (change) scripts that modify the database or data. For example, source control should be used for scripts that create, alter, or drop database objects—such as tables, views, roles indexes, functions, or stored procedures—as well as any scripts that select, insert, update, or delete data. The teams should also store static data, such as data used to populate lookup tables, as well as configuration data, when appropriate.

Once all the code and data are in source control, the database deployment operations can be incorporated into the same DevOps continuous integration (CI) and continuous delivery processes used for application deployments. When a developer checks in database code, it triggers an automated build operation that runs alongside the application release process, making it easier to coordinate database and application deployments.

When code is checked into the source control repository, the CI service kicks in and runs a series of commands that carry out such tasks as compiling source code and running unit tests. If a database is part of the deployment, the CI service tests and updates the database—or alerts developers to errors. If problems are discovered, developers can fix them and resubmit the code, which relaunches the CI process.

To incorporate databases into CI, a team might turn to a tool such as Redgate’s SQL Change Automation, which can integrate with any CI server that supports PowerShell. Redgate also provides extensions for CI products such as Jenkins, TeamCity, or Azure DevOps for enabling database integration.

When the CI service processes the SQL code, it produces an artifact that includes the deployment script necessary to update the applicable database objects and static data. The artifact also contains details about the deployment process, including a diff report that shows what has changed in the database. The artifact represents a specific, validated version that can be used as a starting point for the database release process.

At this point, the artifact is deployed against a staging database that is ideally an exact copy of the production database. Here DBAs can verify and confirm the changes to ensure the staging database is production-ready. If necessary, they can also make additional changes. Out of this process, a final deployment script is generated, which can then be passed down the pipeline for deployment against the production database.

Not surprisingly, the exact approach to database delivery is much more involved than what I’ve described here, especially when it comes to migration script versioning, and that process can vary significantly depending on the tools being used and how those tools are configured.

What this does demonstrate is that database DevOps is indeed doable, providing database teams with a process that automates repetitive deployment and testing operations. With DevOps, teams can deliver smaller releases that are easier and faster to deploy, while having in place a consistent, steady mechanism for ongoing database deployments that work in conjunction with application delivery.

Testing and Monitoring

One of the most important aspects of the application delivery pipeline is ongoing testing. Changes to the database should undergo rigorous testing before the release reaches the staging environment. In this way, developers learn of problems quickly and early in the development process. When issues are discovered, they’re immediately alerted so they can check fixes into source control and keep the development effort moving forward.

Developers and DBAs should invest the time necessary to write comprehensive tests that provide for as many scenarios as possible. Many of these tests will be based on frameworks specific to database testing. For example, tSQLt is a popular open-source framework for SQL Server that lets you write unit tests in T-SQL. Regardless of the framework, the goal is the same: to identify as many issues as possible before database changes make it to production.

Unit tests offer your first line of defence against problem SQL code. Because they run when the code changes are checked into source control, they provide the fastest response to possible issues. A unit test is a quick verification of specific functionality or data, such as ensuring that a user-defined function returns the expected result. A unit test should be concise and run quickly, producing a single binary value—either pass or fail.

Also important to the application delivery pipeline is ongoing monitoring, which needs to be as comprehensive as the testing processes themselves. Monitoring can be divided into two broad categories: the feedback loop and system monitoring.

A DevOps application delivery pipeline includes a continuous feedback loop that provides participants with ongoing details about the delivery process. For example, when the CI service notifies developers about problems in their code, those alerts can be considered as part of the feedback loop. Development teams (application and database) should have complete visibility across the entire pipeline. Not only does this help identify issues with the application and database earlier in the delivery cycle, but it also helps to monitor the delivery process itself to find ways to improve and streamline operations.

System monitoring is more typical of what you’d expect of database operations. Once the changes have been deployed to production, you must closely monitor all related systems to check for unexpected issues and ensure that systems are running as they should, before users or data are seriously impacted. To this end, DBAs should monitor database systems for performance and compliance, taking into account regional differences and regulatory requirements. Developers and DBAs alike should have a real-time understanding of issues that might need immediate attention or those that should be addressed in the foreseeable future.

Testing and monitoring also play a critical role in ensuring a database’s overall security. Developers, IT administrators and DBAs must take into account security considerations throughout the entire application lifecycle, addressing issues that range from SQL coding to server security in order to ensure that data is protected at every stage of the application delivery process.

Proper testing and ongoing monitoring can go a long way in helping to enforce these protections. By using source control and automating the delivery process, organisations have a process that is more predictable and easier to manage, while providing an audit trail for tracking potential issues. Database teams still need to ensure proper configurations and secure environments, but an effective DevOps pipeline can also play an important role in your security strategy.

The New Era of Database DevOps

Database DevOps offers the promise of quicker, easier and more secure deployments while bringing application and database development efforts in line with one another. But DevOps is not a one-size-fits-all solution to application delivery, nor is it meant to be a developer-first strategy that leaves DBAs and IT administrators behind.

Developers, DBAs, and operation professionals must work together to implement an application delivery strategy that takes into account the needs of all participants, with the goal of delivering the best applications possible as efficiently as possible in the shortest amount of time. Anything less and your database DevOps efforts are destined to fail.

Let’s block ads! (Why?)

SQL – Simple Talk

Read More

TIBCO ComputeDB: The Apache Spark Database for the Enterprise

May 26, 2019   TIBCO Spotfire

There is a growing need in today’s era of digital transformation for the real-time analysis of data, but most data platforms can’t meet this need. Although they store and analyze an unprecedented volume of data, they can often only handle static or batch data analysis. When organizations attempt to stitch together different platforms themselves to accomplish a more instantaneous data analysis, the process can be hard, time-consuming, and expensive.

This is why TIBCO acquired the high-performance in-memory data engine, SnappyData, an open source, a real-time, always-on, operational data platform that fuses streaming analytics and in-memory data management with OLTP and OLAP capabilities into a single scale-out platform.

Going forward, we’ll be calling the enterprise version of SnappyData Inc. TIBCO ComputeDB™ – Enterprise Edition. TIBCO ComputeDB adds valuable enterprise features to the open source project, including robust security, off-heap data storage, approximate query processing, management features, high-performance ODBC driver, specialized CDC stream receivers, and enterprise support. The freely available open source project, which is the foundation of TIBCO ComputeDB, will continue to be known as Project SnappyData – Community Edition.

Increased Real-time Analytics Capabilities

TIBCO ComputeDB combines streaming, interactive analytics, and artificial intelligence in a single, easy-to-manage distributed cluster. With any data from any source using any cloud database, TIBCO ComputeDB allows you to dramatically reduce the complexity for both developers and Ops. This dramatically reduces resource requirements (CPU, memory, network) through the use of statistical techniques to maintain a small fraction of the data and respond to analytic questions at Google-like speeds.

Help your data scientists and data engineers work together more effectively and tackle your biggest data challenges with this new offering. TIBCO ComputeDB, enables “speed-of-thought analytics”, instantaneous analysis on data, that allows for more informed decision making and eliminate database optimization tasks. With TIBCO ComputeDB, digital businesses can propel their analytics and data science initiatives forward with simplified, agile, live analytics on data in motion and at rest.

Get started with the Project SnappyData open source product with code freely available under an Apache license.

Benefiting the TIBCO Connected Intelligence Platform

TIBCO ComputeDB enhances TIBCO’s analytics portfolio by providing a central data store and computes fabric that brings it all together. The unified analytics data fabric provided by TIBCO ComputeDB enhances the analytics, data science, streaming, and data management capabilities of the TIBCO platform to provide faster insights, improved performance, and increased agility for intelligence at scale.

Examples of ways TIBCO ComputeDB enhances TIBCO Connected Intelligence:

  • An interactive, highly scalable, “in-cluster” query engine for TIBCO Spotfire
  • High-Performance data prep and machine learning engine for TIBCO Data Science
  • A historical store for IoT Streams that complements the live streaming capability of TIBCO Spotfire Data Streams for Spotfire X

The combination of other TIBCO products and TIBCO ComputeDB makes the TIBCO Connected Intelligence platform one of the best available solutions today for driving real-time insights for a variety of use cases, including predictive maintenance, anomaly detection, and more.

Stay tuned for more announcements on this exciting acquisition!

Let’s block ads! (Why?)

The TIBCO Blog

Read More
« Older posts

  • Recent Posts

    • Is Your Business Ready for a Digital Twin?
    • Tips to limit the number of steps in #PowerQuery – #PowerBI
    • Top 5 reasons why our 1 Click productivity app Click2Export is Preferred App to Export Dynamics 365 CRM reports!
    • VH1’s Tiffany “New York” Pollard Returns For ‘I Love New York: Reunited’ & Hosted By Vivica A. Fox
    • Another Success Story: Amigos Library Services

  • Categories

  • Archives

    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • March 2020
    • February 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • October 2018
    • September 2018
    • August 2018
    • July 2018
    • June 2018
    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
    • December 2017
    • November 2017
    • October 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
    • January 2017
    • December 2016
    • November 2016
    • October 2016
    • September 2016
    • August 2016
    • July 2016
    • June 2016
    • May 2016
    • April 2016
    • March 2016
    • February 2016
    • January 2016
    • December 2015
    • November 2015
    • October 2015
    • September 2015
    • August 2015
    • July 2015
    • June 2015
    • May 2015
    • April 2015
    • March 2015
    • February 2015
    • January 2015
    • December 2014
    • November 2014
© 2020 Business Intelligence Info
Power BI Training | G Com Solutions Limited