Design criteria exist at the levels of the technical, system integration aspects of the database to other systems through XML. This integration is critically important to ensure that the applications created can be effectively used over time and not have any scalability issues. There is also the need for designing the databases at the presentation layer to provide for scalability and flexibility of being able to create applications relatively quickly at the portal level. This is especially important from a Business Process Management (BPM) standpoint as databases must be able to support the various process workflows as defined as part of business process re-engineering efforts over time. There is also the need from a design standpoint to have a continued development initiative going to capture user needs over time and include them into the next generation of database updates. The use of councils to create update plans and define the future direction of applications is critically important from a design perspective.
There are common measure of SPEC Marks is often used for benchmarking the performance of databases being offered by software vendors. The use of internally defined key performance indicators (KPIs) and metrics of performance that show the relative loads on a database application is critical for DBAs to understand the scalability factors of databases over time (Guynes, Pelley, 1993). This focus on performance needs to be evolutionary as well, seeking continual improvement over time (Zdonik, 2008). For the role of the DBA, the ability to quickly define KPIs, test them for their relevancy, and then include them in a broader set of metrics as part of a dashboard is essential to measuring the scalability of systems as well. The aspects of database performance also must be tied to the integration testing of applications, hardware platforms and the performance of APIs over time in terms of connection to databases with each other and continually testing their performance. The scalability of integration is also critically important, and the DBA, as the hand-built connectors and adapters must be tested to ensure they can manage the traffic generated from inter-database and intra-data transactions over time (Winkler, Seip, 2006).
Database Data Integrity and Availability
The use of approaches and methodologies to ensure a high level of data integrity and availability are based on both hardware and software-based technologies. From a hardware standpoint, the combining of Redundant Array of Inexpensive Disks (RAID) technologies, combining with software partitioning and the use of fall-back and redundancy algorithms to back up databases by the record, file or entire structure (Son, Choe, 1988). Data integrity is preserved through the use of Cyclic Redundancy Checking (CRC) and Error Correction (ECC), in addition to the concept of ACID compliance, which is explained in detail later in this paper. These approaches and methodologies also matter from a data availability perspective as well, as the logical structure of databases across multiple physical locations ensures data redundancy. For the DBA the choice of which approach to choose is critically important. The selection of a fail-safe RAID-based approach is costly yet preserves data entirely and can be configured to do selective backups over time. The combining of these systems with CRC and ECC based approaches to data integrity and availability is the essence of how databases systems at the enterprise level are made fault-tolerant.
When many IT professionals consider the concept of database security, the overall perception is more about passwords usage and complexity than about the architectural elements so critical to keep any database secure. Beyond authentication processes and logic workflows at the presentation layer of database hierarchical models, the development of an architectural layer of security at the process management and integration layer of a database is critical (Jajodia, 1996). This translates into the ability to define role-based and information asset-based security through XML-based messaging protocols secured to 256 bits or higher (Iwaihara, Hayashi, Chatvichienchai, Anutariya, Wuwongse, 2007). Central to these process-based and asset-specific security controls is the ability to define more stringent Authentication and Access Control processes and systems. In conjunction with this approach to security there is also increasing focus, especially in DBMS systems from Microsoft, IBM and Oracle in the concept of each specific transaction within a database being ACID compliant. Additional areas of coverage in this analysis include database connection and security, the use of encryption and server security approaches and strategies.
Contrary to the common perception of authentication, there is much more to the securing of access to any database than the use of passwords or even biometrics. Databases need to take into account the concepts of cross-system and intersystem security to be as effective as possible and authentication cannot be relegated just to one single system (Bertino, Sandhu, 2005). Instead there needs to be more of a focus how at the interprocess integration and system integration levels, in some early adopters this would include SOA integration to the transaction level, can validate a given request from a given system to another in real-time. While all database management systems have Kerberos security, beginning with Microsoft, the lack of consistency of cross-system security beyond just using the ticket or alert-based authentication is critical to the stability of any network-based database (Ma, Orgun, 2008). What has been most significant about this aspect of database security is its rapid maturation from role-based authentication predominately only for military purposes first (Pangalos, 1994) top its uses throughout SOA platforms and architectures as well (Bertino, Sandhu, 2005).
Another aspect of enterprise-wide databases that has become increasingly prevalent is the requirement of having ACID compliance (Dolgicer, 1993) to the transaction level of a database. At its most fundamental, ACID compliance at it's most fundamental focuses on how to take each identifiable data element and isolate them, audit the activity performed on them, and be able to define an audit trial the values that have been written to the field, record, and table level. Global governments and militaries including ministries of defense use ACID compliance is to measure how often data has been accessed on specific supplies of munitions and armament for example.
DBAs are increasingly focused on how to ensure cross-platform and cross-database integration security, to the transaction level as well. The HTTP protocols that serve as the primary means of connecting to servers for queries, in conjunction with XML are considered essential skill sets for any DBA in the workforce today or just entering it. Skill with HTTP and XML is critically important to secure enterprise-wide networks of databases, in addition to assisting with the development and continued testing of applications as well. Many DBAs are expected to be able to create secured XML gateways by which in-house developed applications can be tested and evaluated prior to being used. In this context a DBA actually fulfills the role of a member of the development team. DBAs are also finding that this skill set is invaluable in troubleshooting Virtual Private Network (VPN) connection time-outs, errors and safeguarding VPN connections directly over the Web. The combination of HTTP and XML is critically important to creating roles-based and process-based authentication and validation processes as well, which are critical for installing and using distributed applications including analytics. DBAs are finding that with the rapid sophistication of analytics applications that often rely on highly sensitive financial data that understanding the use of secured HTTP protocols and XML is critically important for being able to get users the data they need to complete the analyses required.
Much as been written about the concept of server-based security from the context of roles-based authentication (Bertino, Sandhu, 2005) yet for this to be effective an organization must concentrate on the broader business objectives and seek to align their security strategies to the broader SOA directions, plans and strategic initiatives (Erickson, Siau, 2008). This process-based orientation to managing security from an SOA standpoint is vitally important to consider as the future growth of enterprises will certainly have more Web Services and SOA-based platforms as well.
From the use of streaming tape and drum-based magnetic mass storage of previous generations of computing to the use of CR-R drives that can in seconds store over 600MB of data on them, database backup technologies have over time been augmented by exceptional gains in the performance of software for storage and recovery as well. Database backup is an essential task of any DBA and in previous generations the use of tapes and removable disks were commonplace. Today however there is a definite focus on how to use the Web for backups through sites including mozy.com, iDrive, and a service run by EMC Corporation to back up data in the MB range within minutes. For the DBA then the question of which backup technology best fits with the strategic direction of the company, including support for accessibility vs. archivability. The need for creating backups of entire systems and databases can now be automated with these tools, and is often used by DBAs to manage the task.