Database Reference
In-Depth Information
Auditing and securing automated processes
Many of the just-described operations require elevated privileges in the database. To facilitate a secure execution
of automated change requests special precaution has to be taken. First, the scope of the change request has to be
set. Many organizations may refrain from the idea of automating database administration tasks in a production
environment. Although user acceptance tests (UAT) and development databases were traditionally attributed with
a lower status than production, their importance for many applications ranks equally with production. It is very
costly to incur downtime with a development database as developers cannot compile/test their code against it! Any
automation should only go ahead after careful testing and an evaluation of the benefits against risks.
If appropriate coding, due diligence, and reviews of the automation process have taken place, logging and
auditing have to be watertight to convince the auditors about the security of the implemented solution. In this
context it is very important to ensure that the audit data is immutable. One way to secure the auditing information is
to direct the information logged by the application and operating system to a trustworthy, central destination. If the
implemented automation solution supports logging to the UNIX Syslog facility it is relatively straightforward to secure
the audit trail. Modern Syslog daemons are capable of sending messages to a remote service.
The importance of standards for support
In addition to consolidation and automation, many companies choose the introduction of consolidated environments
to extend on the use of their operational standards. A globally consistent set of standards is not only essential for a
follow-the-sun support model, but it can also greatly reduce cost. Only a standard way of deploying software allows
for viable automated procedures. If all environments were unique, then it is impossible to cater to all permutations of
the environments and roll out consistent database images.
To give that claim a little more background, consider this: a major problem faced by many newly employed
database administrators in large organizations is the complexity and large number of environments. With the
reduction in head-count of product-aligned database administrators more and more support staff need to take
responsibility of the global database estate. The idea of a follow-the-sun-approach takes shape in many global
companies, and where the regulating body supports such a model, chances are high that it will eventually be adopted.
On paper, a follow-the-sun approach offers many advantages, of which the following are probably most noteworthy:
•
More efficient use of DBA time since all environments are identical.
•
A problem can be worked on longer until it is resolved.
•
Database administrators can hand problems over after a shift and are less exhausted the
next morning.
•
Ultimately there should be better service.
In real life the ideal world as shown in the bulleted list above does not always apply. Cultural differences and
communication problems can often hamper efforts to turn the follow-the-sun approach into a success. More than
anything this is a management challenge that needs to be addressed at the appropriate level.
However it would be too simple to reduce problems of a global support team to the above-described difficulties.
More often than not, systems in different regions, and/or under different product groups were set up and configured
without respect to any consistency. This is a very big inhibitor to the global support model. Where possible, a global
standard should be developed to unify the deployments.
Integrating acquisitions and mergers
Acquisitions form a special kind of challenge to the global support model. Although one can probably compare the IT
estate of a company taken over with a previously independent business unit or a different region, acquired companies
may use an entirely different approach to running Oracle. It is also possible that the newly integrated business uses
Search WWH ::
Custom Search