Chapter 12:

Data and Database

Administration
▪ Modern Database Management
▪ 12th Edition
▪ Jeffrey A. Hoffer, V. Ramesh, Heikki Topi

© 2013 Pearson Education, Inc.  Publishing as Prentice Hall

1
 Objectiv
es
Define terms

List functions and roles of data/database administration

Describe role of data dictionaries and information

repositories
Compare optimistic and pessimistic concurrency control

Describe problems and techniques for data security

Understand role of databases in Sarbanes-Oxley
compliance
Describe problems and facilities for data recovery

Describe database tuning issues and list areas where

changes can be done to tune the database

2 Describe importance and measures of data availability

 The Roles of Data
• Traditional Data
and Database
Administration
Administrator
• Traditional Database
Administration
• Trends in Database
Administration
• Data Warehouse
Administration
• Summary of Evolving Data
Administration Role

3
Ineffective data administration  POOR DATA
QUALITY
Multiple data definitions,
causing data integration
problems
Unauthorized access, Missing data elements,
leading to embarrassment causing reduction in data
to organization value

Damaged, Inappropriate data

sabotaged, and sources and timing,
stolen data causing lowered
reliability

Poor response time and
excessive downtime
Inadequate familiarity,
causing ineffective use of
data for planning and
strategy
4
 TRADITIONAL ADMINISTRATION DEFINITIONS
▪ DATA ADMINISTRATION:
▫ A high-level function that is responsible for the overall
management of data resources in an organization,
including maintaining corporate-wide definitions and
standards

▪ DATABASE ADMINISTRATION:
▫ A technical function that is responsible for physical
database design and for dealing with technical issues
such as security enforcement, database performance,
and backup and recovery
5
6
 TRADITIONAL DATA
ADMINISTRATION
FUNCTIONS
Data Data Internal
policies, conflict marketing
procedures, (ownership) of DA
standards resolution concepts

Planning Managing
the
information
repository
7
 Traditional DATABASE Administration
Functions
Analyzing and
designing databases

Data backup and Selecting DBMS

recovery and software tools

Managing data Installing/

security, privacy, upgrading DBMS
and integrity

Improving query Tuning database

processing performance
performance
8
 TREND IN DATABASE
ADMINISTRATION
Increased Increase Cloud
Proliferation of
Use of Use of Computing And
Internet-based
Procedural Smart Database/Data
Applications
Logic Devices Administration
manage data define the parameters that are
address the managing appropriate to the organization’s
applications and synchronization
issues of quality, from hundreds (or needs: documented in a service-level
maintainability, databases that are agreement, include uptime
Internet enabled: possibly
performance, thousands) of requirements, requirements for
and availability include high data backup and recovery, and demand
availability (24/7), such smartphones
while maintaining planning
integration of
ensuring that all legacy data with the data integrity establishing security controls and
such procedural Web-based and data database access policies, planning for
database logic applications, availability growth or change in business needs,
is effectively tracking of Web requirements of and evaluating new technologies
planned, tested, activity, and the enterprise
implemented, performance develop new skills related to the
shared, and engineering for the management of the relationship with
reused Internet the service providers in areas such as
monitoring and managing service
providers, defining service-level
agreements, and negotiating/enforcing
contracts
9
 DATA WAREHOUSE
ADMINISTRATION (DWA)
Emphasizes integration and
coordination of metadata
and data (extraction Specific roles:
agreements, operational • selecting
Similar to DA/DBA data stores, and enterprise technologies,
roles for the data data warehouses) across • communicating with
warehouse and data many data sources users about data
mart databases for the needs,
purpose of supporting • Build and administer an
environment supportive of
• making performance
decision-making decision support applications and capacity
applications decisions,
• Build a stable architecture for
the data warehouse • budgeting and
planning data
• Develop service-level
agreements with suppliers and
warehouse
consumers of data for the data requirements
warehouse
10
 SUMMARY of DA and DBA
ROLES
Organizations have
DBA keep blended together the DBA in big data
DA renewed data administration and analytics
abreast of and database
visibility technologies:
rapidly administration roles:
with
changing new
financial Increased
technologies build a database quickly,
control tune it for maximum specialization, with skills
and is such as Hadoop cluster
regulations performance, and restore
management, Java
involved with it to production quickly
and greater when problems develop programming,
mission- customization of off-the-
interest in
critical shelf packages, and
data quality i.e databases for support for data
applications departmental, warehousing
client/server databases
that are developed Work with multiple
quickly using newer databases,
development communication protocols,
approaches, such as and operating systems
prototyping
11
 The Open Source
Movement and
Database
Management

12
 Open Source DB Management
An alternative to
proprietary packages: MySQL is an Less expensive
eg. Oracle, Microsoft example of an
SQL Server, or than proprietary
Microsoft Access open-source packages
DBMS

Source code Absence of Ambiguous

available, for complete licensing concerns
modification documentation

Not as feature-rich Vendors may not

as proprietary have certification
DBMSs programs

13
Visit www.postgresql.org and www.mysql.com
 Consideration factors in choosing
Open Source DBMS
FEATURES: subqueries, stored
procedures, views, and transaction
integrity controls
SUPPORT: How widely is the DBMS used,
and what alternatives exist for helping you
solve problems? Does the DBMS come with
documentation and ancillary tools?

EASE OF USE: availability of tools

that make any piece of system software, STABILITY: How frequently and how
such as a DBMS, easier to use through seriously does the DBMS malfunction over
things such as a GUI interface time or with high-volume use?

SPEED: How rapid is the response time TRAINING: How easy is it for developers
to queries and transactions with proper and users to learn to use the DBMS?
tuning of the database?

LICENSING What are the terms of the open source

license, and are there commer- cial licenses that would
provide the types of support needed?
14
 Managing Data
Security
 Threats to Data Security
 Establishing Client/Server
Security
 Application Securities Issues in
Three-Tier Client/Server
Environment

15
  Database Security:
 Protection of the data against accidental or
intentional loss, destruction, or misuse
▪ Data administration is often responsible for
developing overall policies and procedures to
protect databases.
▪ Database administration is typically responsible
for administering database security on a daily
basis
16
 THREATS TO DATA
SECURITY
▪ Accidental losses attributable to:
▫ Human error
▫ Software failure
▫ Hardware failure
▪ Theft and fraud
▪ Loss of privacy or confidentiality
▫ Loss of privacy (personal data)
▫ Loss of confidentiality (corporate data)
▪ Loss of data integrity
▪ Loss of availability (e.g., through sabotage)

17
 Figure 11-2 Possible locations of data security threats

• Data security must be

provided within the
context of a total
program for security.
• Two critical areas that
strongly support data
security are:
• client/server
security and
• Web application
security

18 © 2013 Pearson Education, Inc.  Publishing as Prentice Hall

18
 ESTABLISHING CLIENT/SERVER
SECURITY
Database security is only as good
as the security of the whole Server
computing environment.
Security

Physical security, logical security, Network

and change control security must Security
be established across all
components of the client/server
environment, including the servers,
the client workstations, the network
and its related components, and the
users
19
 Establishing Client/Server Security…

Modern DBMSs have database-level

password security that is similar to SERVER SECURITY
system-level password security

Oracle and SQL Server provide database Multiple servers:

administrators with considerable • Each should be located in a secure
capabilities: area,
• provide aid in establishing data security, • accessible only to authorized
• capability to limit each user’s access administrators and supervisors
• activity permissions (e.g., select, update,
insert, or delete) to tables within the
database
Provide layers of protection
against intrusion:
• Logical access controls,
• server and administrator passwords
In a database server, sole reliance on
operating system authentication
should not
20
 Network Security
Securing client/server systems includes SECURING
THE NETWORK between client and server
• Networks are susceptible to breaches of security: eavesdropping,
unauthorized connections, or unauthorized retrieval of packets of
information that are traversing the network
• Authentication of the client workstation; Audit trails of attempted
accesses; Routers configured to restrict access to authorized users, IP
addresses, and so forth
• Network security encryption of data so that attackers cannot read a data
packet that is being transmitted

21
 APPLICATION SECURITIES
ISSUES IN THREE-TIER
CLIENT/SERVER ENVIRONMENT
▪ Database shoud be properly protected because the dynamic creation of a
Web page from a database requires access to the database
▪ Companies are able to collect information about those who access
their Web sites
o If conducting e-commerce activities, selling products over the Web,
companies can collect information about their customers that has value to
other businesses
o Ethical and privacy issues apply if a company sells customer information
without those customers’ knowledge or if a customer believes that may
happen

22
 Figure 12-3 Establishing Internet Security
(typical environment for Web-enabled databases)

includes Web servers

and database servers
supporting Web-based
applications

23
© 2013 Pearson Education, Inc.  Publishing as Prentice Hall 23
 Application Securities Issues in Three-Tier Client/Server Environment…
Static HTML pages/files stored
on a Web Server need protection
DYNAMIC WEB PAGE
STATIC WEB PAGE
If it extracts from a database uses
traditional application development
languages (eg.Visual Basic.NET or
Java)  use standard methods of
database access control
If the HTML files are sensitive 
placed the HTML files in directories
that are protected using operating
system security or make it readable
but not published in the directory
Kept sensitive files on another server
accessible through an organization’s
intranet
24
Dynamic Web pages are stored as a
template into which the appropriate
and current data are inserted from the
database or user input once any queries
associated with the page are run
Need server security: the Web Server
must be able to access the database; the
connection usually requires full access
to the database
The server that owns the database
connection should be physically
secure, and the execution of programs
on the server should be controlled
User input, which could embed SQL
commands, needs to be filtered so
unauthorized scripts are not executed
 Application Securities Issues in Three-Tier Client/Server Environment…
▪ Access to data is controlled through another layer of security:
user-authentication security.
▪ Use of an HTML login form will allow the database Restrict the number of users on
administrator to define each user’s privileges. the Web server as much as
possible. Of those users, give as
▪ Each session may be tracked by storing a piece of data, or few as possible superuser or

WEB SECURITY
cookie, on the client machine. administrator rights
▫ This information can be returned to the server and provide
information about the login session.
▪ Session security must also be established to ensure that private Only those given these privileges
data are not compromised during a session, should also be allowed to load
software or edit or add files
▫ because information is broadcast across a network for
reception by a particular machine and is susceptible to being
intercepted.
▪ TCP/IP is not a very secure protocol, and encryption systems Restrict access to the Web server,
keeping a minimum number of
are essential ports open. Try to open a
▪ A standard encryption method, Secure Sockets Layer (SSL) is minimum number of ports, and
used by many developers to encrypt all data traveling between preferably only http and https
ports
client and server during a session.
▫ URLs that begin with https:// use SSL for transmission.
25
 Data Privacy
Protection of individual privacy when using the Internet has become
an important issue.

E-mail, e-commerce, and marketing, and other online resources have

created new computer-mediated communication paths

Many groups have an interest in people’s Internet behavior,

including employers, governments, and businesses.

Applications that return individualized responses require that information be

collected about the individual, but at the same time proper respect for the
privacy and dignity of employees, citizens, and customers should be observed
26
 Data Privacy…
Information privacy legislation: gives individuals the right to know what
data have been collected about them and to correct any errors in those
data.

Opportunity to state with whom data retained about them may be

shared, and then these wishes must be enforced  access rules are
developed by the DBA staff and handled by the DBMS

Elect to ALLOW OR REJECT COOKIES to be placed on user’s

machines:
• Be aware of cookies: understand what they are, evaluate their own desire to
receive customized information versus their wish to keep their browsing behavior
to themselves, and learn how to set their machine to accept or reject cookies
• Abuses of privacy, such as selling customer information collected in cookies
Information privacy legislation generally gives individuals the right to know what
data have been collected about them and to correct any errors in those data.

27
 Data Privacy…
At work, individuals need to realize that
communication executed through their employer’s
At machines and networks is not private. Courts have
work upheld the rights of employers to monitor all
employee electronic communication

Privacy of communication is not

guaranteed  used software to help
On the
preserve privacy: Encryption products,
Internet
anonymous remailers, and built-in security
mechanisms

Privately That make up a very critical part of

owned and information infrastructure is essential for
operated electronic commerce, banking, health care,
computer
networks and transportation applications over the Web

28
 Data Privacy…

W3Ccreated a standard -
W3C Web Privacy
PLATFORM FOR PRIVACY
PREFERENCES (P3P)
Standard
P3P will communicate a Web site’s • Who collects data
stated privacy policies and compare • What data is collected and for what
that statement with the user’s own
policy preferences
purpose
• Who is data shared with
• Can users control access to their
P3P uses XML code on Web site
servers that can be fetched data
automatically by any browser or • How are disputes resolved
plug-in equipped for P3P. • Policies for retaining data
• Where are policies kept and how
The client browser or plug-in can
then compare the site’s privacy can they be accessed
policy with the user’s privacy
preferences and inform the user of
any discrepancies
29
 Database Software
Data Security
Features
 Views
 Integrity Control
 Authorization Rules
 User-Defined Procedures
 Encryption
 Authentication Schemes
o Password
o Strong Authentication
30
 VIEWS or SUBSCHEMAS, which restrict user views of the
database
DOMAINS, ASSERTIONS, CHECKS, and other integrity controls
defined as database objects, which are enforced by the DBMS during
database querying and updating
AUTHORIZATION RULES, which identify users and restrict the
The most actions they may take against a database
important USER-DEFINED PROCEDURES, which define additional
security constraints or limitations in using a database
features of
data ENCRYPTION PROCEDURES, which encode data in an
management unrecognizable form
software :
AUTHENTICATION SCHEMES, which positively identify persons
attempting to gain access to a database

BACKUP, JOURNALING, and CHECKPOINTING CAPABILITIES,

which facilitate recovery procedures

31
 VIEW
▪ Subset of the database that is presented to one or more users
▪ A view is created by querying one or more of the base tables,
producing a dynamic result table for the user at the time of the
request.
▪ A view is always based on the current data in the base tables
from which it is built
▪ Advantages:
▫ it can be built to present only the data (certain columns and/or
rows) to which the user requires access
▫ User can be given access privilege to view without allowing access
privilege to underlying tables
32
 Eg: Build a view for a Pine Valley employee that provides
information about materials needed to build a Pine Valley
furniture product without providing other information,
such as unit price, that is not relevant to the employee’s
work
 The contents of the view created will be updated
each time the view is accessed

33
 Views promote security by restricting
user access to data

But, unauthorized persons may gain

knowledge of or access to a particular More
view because no adequate security sophisticated
measures
security
measures are
Only a restricted few users may be normally
authorized to update the data
required
But, with high-level query languages, an
unauthorized person may gain access to
data through simple experimentation

34
 INTEGRITY CONTROL
▪ Protect data from unauthorized use
▫ Assertions–enforce database conditions: limit the values a field may
hold and the actions that can be performed on data,
▫ Triggers – prevent inappropriate actions, invoke special handling
procedures, write to log files
▪ Domains–set allowable values
▫ Eg, the following PriceChange domain (defined in SQL) can be used as the data
type of any database field, such as PriceIncrease and PriceDiscount, to limit the
amount standard prices can be augmented in one transaction:

Note: In the definition of pricing transaction

table we have the following 
35
 Assertion
▪ Assertions are checked automatically by the DBMS when transactions
are run involving tables or fields on which assertions exist
▪ If the assertion fails, the DBMS will generate an error message
▫ Eg., assume that an employee table has the fields EmpID, EmpName, SupervisorID,
and SpouseID.
▫ Suppose that a company rule is that no employee may supervise his or her spouse.
▫ The following assertion enforces this rule 

o Eg. Rule that no two salespersons can

be assigned to the same territory at the
same time.
o Suppose a Salesperson table includes
the fields SalespersonID and
TerritoryID.
o This assertion can be written using a
correlated subquery, as follows 
36
 Triggers
▪ Trigger is used for security purposes. ▪ Benefit of a trigger:
▪ A trigger, which includes an event, a ▫ the DBMS enforces these controls
condition, and an action, is potentially for all users and all database
more complex than an assertion. activities
▪ For example, a trigger can do the following: ▫ The control does not have to be
coded into each query or program
Prohibit inappropriate actions (e.g., changing a salary value outside the normal business day)

Cause special handling procedures to be executed (e.g., if a customer invoice payment is

received after some due date, a penalty can be added to the account balance for that customer)

Cause a row to be written to a log file to echo important information about the user and a
transaction being made to sensitive data, so that the log can be reviewed by human or automated
procedures for possible inappropriate behavior (e.g., the log can record which user initiated a
salary change for which employee)

37
 Triggers…

Assertions, triggers, stored It is recommended that a

procedures, and other forms change audit process be
of integrity controls may not used in which all user
stop all malicious or activities are logged and
accidental use or monitored to check that all
modification of data policies and constraints are
enforced

It means that every database query and transaction is logged

to record characteristics of all data use, especially
modifications:
• who accessed the data,
• when it was accessed,
• what program or query was run,
• where in the computer network the request was generated, and
• other parameters that can be used to investigate suspicious activity or
actual breaches of security and integrity

38
 AUTHORIZATION RULES
▪ Controls incorporated in a data management system that restrict access to data
and restrict the actions that people may take when they access data
▪ Data administration is responsible for determining and implementing
authorization rules that are implemented at the database level
▪ Authorization schemes can also be implemented at the operating system level
or the application level
 Fig 12-4: authorization rules in the form of a table (or matrix) that includes subjects, objects,
actions, and constraints
 Each row of the table indicates that a particular subject is authorized to take a certain action on
an object in the database, perhaps subject to some constraint

Fig.12-4
Authorization
Matrix
39
 Simplified versions of Figure 12-5a Authorization table for subjects (salespersons)
implementing
authorization rules:
• authorization tables
for subjects and
• authorization tables
for objects
Figure 12-5b Authorization table for objects (orders)

40
© 2016 Pearson Education, Inc.  Publishing as Prentice Hall 40
 • Privileges can be granted to users at the database level or table level
• INSERT and UPDATE can be granted at the column level
Figure 12-6
Oracle privileges

• Where many users, such as those in a particular job classification, need similar
privileges, roles may be created that contain a set of privileges, and then all the
privileges can be granted to a user simply by granting the role
 To grant the ability to read the product table and update prices to a user with the log in ID of
SMITH, the following SQL command may be given:

41
41
 USER-DEFINED
PROCEDURES
 User exits (or interfaces) that allow system designers to
define their own security procedures in addition to the
authorization rules
 For example, a user procedure might be designed to provide
positive user identification.
 In attempting to log on to the computer, the user might be required to
supply a procedure name in addition to a simple password.
 If valid password and procedure names are supplied, the system then
calls the procedure, which asks the user a series of questions whose
answers should be known only to that password holder (e.g., mother’s
maiden name)

42
 ENCRYPTION
Data encryption can be used to protect
highly sensitive data such as customer
credit card numbers or account balances

Encryption is the coding or scrambling of

Any system that provides data so that humans cannot read them
encryption facilities must • Eg, encryption is commonly used in
also provide electronic funds transfer (EFT) systems
complementary routines for
decoding the data

Some DBMS products include

encryption routines that automatically
Other DBMS products provide encode sensitive data when they are
exits that allow users to code their stored or transmitted over
own encryption routines communication channels

43
 ENCRYPTION…

Two-key methods are

popular in e- A popular implementation of
Two common forms of commerce the two-key method is
encryption exist: ONE applications to SECURE SOCKETS LAYER
KEY and TWO KEY provide secure (SSL), commonly used by most
transmission and major browsers to
database storage of communicate with
payment data, such as Web/application servers
credit card numbers
• ONE-KEY METHOD, also • It provides data encryption, server
called Data Encryption Standard authentication, and other services in a
(DES), both the sender and the TCP/IP connection.
receiver need to know the key that • For example, the U.S. banking
is used to scramble the transmitted industry uses a 128-bit version of SSL
or stored data (the most secure level in current use)
• TWO-KEY METHOD, also to secure online banking transactions
called asymmetric encryption,
employs a private and a public key

44
 Figure 12-7 Basic two-key encryption

Encryption – the coding or

scrambling of data so that
humans cannot read them

Secure Sockets Layer

(SSL) is a popular
encryption scheme for
TCP/IP connections

45
© 2016 Pearson Education, Inc.  Publishing as Prentice Hall 45
 AUTHENTICATI
Password
ON SCHEMES
Goal – obtain a positive
identification of the user
Authentication schemes
are called one-factor, two-
factor, or three-factor
authentication
Authentication becomes
stronger as more factors
are used
46
Strong
Authenticatio
n
A user can prove his or her
identity by supplying one or
more of the following factors:
1. Something the user knows, usually a
password or personal identification
number (PIN)
2. Something the user possesses, such
as a smart card or token
3. Some unique personal characteristic,
such as a fingerprint or retinal scan
 Password Password Deficiencies:
one-factor authentication scheme Devise ways to remember these
passwords Possible
Passwords are written down, could be
Solutions
Valid password can log on to a
database system (A user ID may also copied • TWO FACTOR–
be required, but user IDs are e.g., smart card
typically not secured.) plus PIN
Shared with other users • THREE FACTOR–
e.g., smart card,
A DBA (or a system administrator) is Included in automatic logon scripts biometric, PIN
responsible for managing schemes
for issuing or creating passwords Passwords usually traverse a network
in cleartext, not encrypted
A log should be kept and analyzed of
attempted logons with incorrect Give no indication of who is trying to
passwords gain access

47
 Strong Authentication

SMART CARD PIN BIOMETRIC

Possible
Solutions
• TWO FACTOR–
e.g., smart card
plus PIN Personal A user identity
• THREE FACTOR– A credit card–sized Identification verification
e.g., smart card, plastic card with Number - a process that
biometric, PIN an embedded numeric or alpha- involves
microprocessor numeric password biological input,
chip that can store, used in the process or the scanning
process, and output of authenticating a or analysis of
electronic data in a user accessing a some part of the
secure manner system body

48
 Sarbanes-Oxley
(SOX) and
Databases
• IT Change Management
• Logical Acess to Data
• IT Operations

49
 Sarbanes-Oxley (SOX)
▪ Requires companies to audit the access to
sensitive data
▪ Designed to ensure integrity of public
companies’ financial statements
▪ SOX audit involves:
▫ IT change management
▫ Logical access to data
▫ IT operations
50
 IT Change Management
▪ The process by which changes to
operational systems and databases are
authorized
▪ For database, changes to: schema,
database configuration, updates to DBMS
software
▪ Segregation of duties: development, test,
production
51
 Logical Access to Data
▪ Personnel controls
▫ Hiring practices, employee monitoring,
security training, separation of duties

▪ Physical access controls

 Swipe cards, equipment locking, check-out
procedures, screen placement, laptop
protection

52
 IT Operations
▪ Policies and procedures for day-to-day
management of infrastructure,
applications, and databases in an
organization
▪ For databases:
▫ Backup & recovery
▫ Availability
53
 Database Backup
and Recovery

54
 Database Recovery
 Mechanism for restoring a database quickly and accurately
after loss or damage
 Recovery facilities:
1. Backup Facilities - provide periodic backup (sometimes called
fallback) copies of portions of or the entire database
2. Journalizing Facilities- maintain an audit trail of transactions
and data-base changes
3. Checkpoint Facility - the DBMS periodically suspends all
processing and synchronizes its files and journals to establish a
recovery point
4. Recovery Manager -allows the DBMS to restore the database
to a correct condition and restart processing transactions
55
 Back-up Facilities
DBMS copy utility that
produces backup copy
of the entire database
or subset
Backups stored in
Periodic backup (e.g.
secure, OFF-SITE
nightly, weekly)
LOCATION

Hot backup–selected
Cold backup–
portion is shut down
database is shut
and backed up at a
down during backup
given time
56
 Journalizing Facilities
▪ Audit trail of transactions and database updates
▪ Transaction log–record of essential data for each
transaction processed against the database
▪ Database change log–images of updated data
▫ Before-image–copy before
modification
▫ After-image–copy after modification

57
Produces an audit trail
 Figure 12-8 Database audit trail

From the backup and logs,

databases can be restored
in case of damage or loss

58 © 2016 Pearson Education, Inc.  Publishing as Prentice Hall 58

 Checkpoint Facilities
▪ DBMS periodically refuses to accept new
transactions
▪  system is in a quiet state
▪ Database and transaction logs are
synchronized
This allows recovery manager to
resume processing from short period,
instead of repeating entire day
59
 Recovery and Restart Procedures
Disk Mirroring–switch Restore/Rerun–
between identical copies of reprocess transactions
databases against the backup

Transaction Backward Recovery

Integrity–commit or abort (Rollback)–apply before
all transaction changes images

Forward Recovery
(Roll Forward)–apply
after images (preferable to
restore/rerun)
60
 Transaction ACID Properties
Atomic • Transaction cannot be
subdivided

• Constraints don’t change

Consistent from before transaction to
after transaction
• Database changes not
Isolated revealed to users until after
transaction has completed

Durable • Database changes are

permanent

61
 Figure 12-9 Basic recovery techniques
a) Rollback

62 © 2016 Pearson Education, Inc.  Publishing as Prentice Hall

62
 Figure 12-9 Basic recovery techniques (cont.)
b) Rollforward

63 © 2016 Pearson Education, Inc.  Publishing as Prentice Hall

63
64
 Controling
Concurency Acess

65
 Control concurrent Access
 Problem–in a multi-user environment,
simultaneous access to data can result in
interference and data loss (lost update
problem)
 Solution–Concurrency Control
 The process of managing simultaneous
operations against a database so that data
integrity is maintained and the operations do
not interfere with each other in a multi-user
environment
66
 Figure 11-10 Lost update (no concurrency
control in effect)

Simultaneous access causes updates to cancel each other.

A similar problem is the inconsistent read problem.
67
 Concurrency Control Techniques
• Finish one • The most common way
of achieving serialization
transaction before • Data that is retrieved for
starting another the purpose of updating is
locked for the updater
• No other user can
perform update until
unlocked

Locking
Serializability
Mechanisms

68
 Figure 11-11:
Updates with
locking
(concurrency
control)

This prevents
the lost
update
problem
69
© 2013 Pearson Education, Inc.  Publishing as Prentice Hall 69
 Locking Mechanisms
Locking level:
• Database–used during
database updates
• Table–used for bulk
updates
• Block or page–very
commonly used
• Record–only requested
row; fairly commonly
used
• Field–requires significant
overhead; impractical
70
Types of locks:
• Shared lock–Read but no
update permitted. Used
when just reading to
prevent another user
from placing an exclusive
lock on the record
• Exclusive lock–No
access permitted. Used
when preparing to update
 Deadlock
▪ An impasse that results when two or more transactions have
locked common resources, and each waits for the other to unlock
their resources

John and Marsha will

wait forever for each
other to release their
locked resources!

Figure 11-12
71 The problem of deadlock
 Managing Deadlock
Deadlock Prevention:
• Lock all records required at the beginning of a transaction
• Two-phase locking protocol
• Growing phase
• Shrinking phase
• May be difficult to determine all needed resources in
advance
Deadlock Resolution:
• Allow deadlocks to occur
• Mechanisms for detecting and breaking them
• Resource usage matrix
72
 Versioning
Optimistic approach to concurrency control

Instead of locking

Assumption is that simultaneous updates will be

infrequent
Each transaction can attempt an update as it
wishes
The system will reject an update when it senses a
conflict

Use of rollback and commit for this

73
 Figure 11-14
The use of
versioning

Better
performance
than locking

74
74
 Data Dictionaries
and Repositories

75
 Data Dictionaries and
Repositories
▪ Data dictionary
▫ Documents data elements of a database
▪ System catalog
▫ System-created database that describes all
database objects
▪ Information Repository
▫ Stores metadata describing data and data
processing resources
▪ Information Repository Dictionary System (IRDS)
▫ Software tool managing/controlling access to
information repository
76
 Figure 11-15 Three components of the
repository system architecture
A schema of the
repository information

Software
that
manages the
repository
objects

Where repository objects

Source: based on Bernstein, 1996.
are stored

77
© 2013 Pearson Education, Inc.  Publishing as Prentice Hall 77
 Overview of
Tuning the
Database for
Performance

78
 Database Performance Tuning
Memory
Input/output CPU Usage
DBMS and Storage Application
(I/O) – Monitor
Installation Space tuning
Contention CPU load
Usage

Setting Modification
installation Set cache Use striping of SQL code
parameters levels in
applications
Distribution
Choose
of heavily Use of
background
accessed heartbeat
processes
files queries

Data
archiving
79
 Cost of Downtime

Downtime is expensive
80
 Data Availability

81
 Data Availability
How to ensure availability
• Hardware failures–provide redundancy for fault
tolerance
• Loss of data–database mirroring
• Human error–standard operating procedures,
training, documentation
• Maintenance downtime–automated and non-
disruptive maintenance utilities
• Network problems–careful traffic monitoring,
firewalls, and routers
82
 Selamat Menempuh
Ujian Akhir Semester
83
Copyright © 2013 Pearson Education, Inc.  Publishing as Prentice Hall

84
 THANKS!
Any questions?
You can find me at:
@username
user@mail.me

85
 CREDITS
Special thanks to all the people who made and
released these awesome resources for free:
▪ Presentation template by SlidesCarnival
▪ Photographs by Unsplash

86
 PRESENTATION DESIGN
This presentation uses the following typographies and colors:
▪ Titles: Dosis
▪ Body copy: Titillium Web

You can download the fonts on these pages:

http://www.impallari.com/dosis
http://www.campivisivi.net/titillium/

Pastel green #d3ebd5 · Green #80bfb7 · Teal #0b87a1 · Navy #01597f · Dark navy #003b55

You don’t need to keep this slide in your presentation. It’s only here to serve you as a design guide if you need
to create new slides or download the fonts to edit the presentation in PowerPoint®

87