Featured Article(s)
Tips for using SQL Server 2005 Database Console Commands (Part 2)
In this article, Alexander Chigrik shows how you can optimize SQL Server 2005 performance by using database console commands.
Due Diligence in a Smaller IT Shop
Some great feedback on the "Trust, But Verify" discussion from yesterday. Please send in your thoughts here.
Stephen: "This is an excellent example of a company that had no security program. First, I want to say I agree with you in that this is probably a minority issue and not a widespread phenomena among DBAs or any group of professionals, trade persons, etc. Nonetheless, there are bad seeds among all groups and the potential to be bad is within us all. Having said that then there is the need for management to take ‘due diligence’ in all aspects of company operation.
In my organization I wear two hats, Data Services Manager (DBA manager for all intents and purposes) and Information System Security Officer (two tiers down from the Air Force CISO, Chief Information Security Officer), however, I am responsible for all aspects of IT security in my organization to include awareness and training. Incidentally, I spend more time doing the security aspect than the DBA management aspect but I have found if I implement the security principles correctly then the DBA management job actually becomes simpler.
So, what does the example you cited mean as related to the rambling I have done above: I firmly believe every organization with an IT program and assets needs to implement a security program that covers the basic IT common criteria (http://www.niap-ccevs.org/cc-scheme/). In short, the failure you describe in your example is directly related to an executive management team not exercising ‘due diligence’ – maybe, they thought it ‘cost’ too much."
Wess: "I believe this is why companies have Systems Administrators. They are the last technical point between the DBAs, Network Administrators, Domain Admins, etc. and "management." The Sys. Admin. doesn’t need to know everything about everything, but enough about everything that if someone were to toss that ‘virtual grenade’ into the DC, they could minimize the damages. They would be the ones to do the ‘verify’, while the management can simply ‘trust.’"
John writes with some things particularly helpful to smaller organizations: "I think that, as a manager, it’s important to maintain passwords and accesses to servers and data systems, in general. I also think that it’s critical for a manager to ensure that they insist on and verify that AD is being used, whenever possible, to manage System Administration of database servers. That allows one to re-activate a DBA’s credentials and log in impersonating the DBA.
With regard to backups, there is nothing wrong with running independently verified backup and recovery validation using a third party. This should provide positive feedback for the DBA’s.
In addressing the suggestion that one might insult a well-meaning DBA by verifying what they do. I will say this. If you any employee is insulted by having their work verified, then I challenge that employee’s own confidence in his or her abilities. If you do something, you should be proud of it and more than willing to have someone inspect your work. If nothing else, it will build trust between the DBA and his or her employer.
I guarantee that after a few successful audits, the periodicity and intensity will decrease and, in many cases, go away entirely.
Also, there are managed DBA services that provide remote administration for a cost point that, in my opinion, is significantly below what it would cost for just one qualified DBA. If a company finds itself in the unenviable position of having only enough financial resources to afford one DBA for its critical systems, then I would suggest utilizing one of these services.
For less than the price of one full time DBA, you can hire a company that will provide 24x7x365 support and monitoring as well as help desk response and performance monitoring and tuning. For only a little more, many will give you 1 to 2 days per week of dedicated resource for no additional cost to use for design, architecture, development, whatever you need. This, of course, is an excellent trust-builder. These companies have no reason to harm your systems. In fact, it would be to their own detriment to ever do something harmful.
I’m sure what I’ve written is obvious, but I thought it worth a mention, especially the last part. I think that too many people today feel that they have to rely on their own staff to do everything and strategic partnerships are how really successful business get things done. If one person can’t do everything, then it stands to reason that one company should not be expected to do everything either. We all have our core competencies."
I think this is particularly challenging for smaller organizations – budget, people and other resources are slimmer and, by definition, you have single points of failure that you probably wouldn’t have in a larger organization. More tips and feedback tomorrow – use the link above the notes to send in your thoughts.
Lastly, if you’re a database best practices "audit" or verification service, please drop me a note and let me know how you approach these types of smaller shops. I’d love to hear your approach and experiences if you’d like to share.
Featured White Paper(s)
TECHNIQUES FOR IDENTIFYING AND OPTIMIZING RESOURCE-INTENSIVE SQL SERVER QUERIES
Analysts are often provided with vague descriptions of database system performance like its sluggish or this report takes for… (read more)