Friday, January 28th, 2011
Clalbit Systems is the software development arm of Clal Insurance, one of the largest insurance companies in Israel.
Clalbit Systems has been using SCM methodologies to manage application code. All Clalbit Systems’ projects utilize ALM methodologies, including source control and clear segregation between development, integration, internal QA, external QA, and production environments. All systems are deployed over identically configured infrastructure to ensure testing efficiency.
The Problem
One major Clalbit project entailed a complete rewrite of the application that manages pension accounts, to support recent business guidelines and regulations.
The project required data conversion in support of the new application, and suddenly, their lack of a Database Change Management solution was looming large.
While their source development practices were as advanced as possible, Clalbit Systems’ management felt that they needed to achieve similar capabilities managing database artifacts while correlating those changes to code changes. The reasons are simple.
Database structure and lookup table data are an integral part of the system.
During code modification, developers work on a local copy, publishing the change only when the work is complete and the code is returned to the system via the SCM system’s check-in operations.
Conversely, the database is a central resource. Changes to database artifacts become active as soon as a DBA or developer commits the change or runs the associated DDL command.
To protect from the unintended consequences of such action, a policy enforcement that prevents code being overwritten was deemed necessary.
The Solution – dbMaestro TeamWork™
Clalbit Systems decided to use dbMaestro TeamWork™ for database version control, increasing the ability of their development teams to coordinate activities through the check-out / check-in mechanism as well as adding the ability to capture a version at any time during the development cycle and set it as base line for deployment.
dbMaestro TeamWork™ provided the following advantages:
- Reduced merge times for each cycle – from a minimum of four hours to minutes
- Freed-up human resources – before implementing dbMaestro TeamWork™, each merge cycle tied up the project leader for half a day, and stopped the relevant team from working
- Increased ability to accommodate requirements changes during development
- Improved conflict resolution of the database development deployment scripting
- Automatic labeling of sources as associated with specific version
- Automatic script generation from command line
- Increased management control – team supervisors have an accurate status of who is working on what and when
- Extended security control at the object level, enabling effective permission management
Clalbit’s Evaluation of dbMaestro TeamWork™
Jonathan Bar-Sela, Development Manager, Long Term Savings, Clalbit Systems summarized his experience:
“By implementing dbMaestro TeamWork, we finally have full control of our databases. Having our schemas, data, triggers and other database artifacts managed makes a huge difference. By integrating the application with our source control and continuous integration paradigm, we are able to deploy our application in minutes and with fewer errors.
It’s been really great working with the dbMaestro team.
They assisted to build effective processes and provided quick responses to our questions and needs.”
You can read more here.
Posted in Announcements, General | 1 Comment »
Tuesday, January 25th, 2011
There is no question about the importance of Software Configuration Management (SCM). Such systems have been available for over 20 years, and in the last decade they have evolved and improved to the point that it is hard to find a software project that does not use this methodology.
From the smallest startup companies to the largest enterprise organizations, SCM systems have become a necessity. This is all the more true in today’s highly competitive and pressured environments where deadlines are tighter and developers must accomplish much more with fewer resources.
Yet, for all its improvements, SCM solutions still have a major failing. They do not manage database development. Part of the reason is structural. When working in regular code (for example, C#, Java, .Net, and C++), developers work on a section of code in a local copy, and check in their work when it is completed. Until the code is checked in, the changes do not impact other teams or other developers.
By contrast, databases are by nature a centralized resource that developers work on directly, and this presents several unique change management problems. The following are some of the major database change management problems that current SCM solutions simply do not address:
- Code can be overridden when several developers work on the same package, procedure, and function simultaneously. Because database work is performed on the same entity rather than on a local copy, when developers compile the code, the work of other developers can be reverted, since developers are not always aware of changes made by other developers.
- Manual checking-in and checking-out of a database object DDL, without validation that the right DDL is being checked into SCM or applied to the database, means that the wrong DDL can be checked-in and subsequently used when generating the build for the new version.
- Because database objects are not locked, a database object can be changed without a corresponding change in its DDL in the repository. This can lead to a loss of synchronization between the object in the database and the DDL in the repository.
- Accountability is made difficult by lack of logging and auditing.
The solution, of course, is a Database Version Control solution that tightly integrates with the SCM. And the best solution available is dbMaestro TeamWork™ for Oracle.
We predict that in 2011, SCM will attempt to move forward on closing the hole in managing database development. And that dbMaestro TeamWork™ for Oracle will remain the top solution for closing this gap.
Posted in General | 1 Comment »
Monday, January 24th, 2011
We are proud to release a new version of dbMaestro Teamwork™. Some of the exciting new features include:
- TeamWork SideBar will remember its settings (location, size, auto-hide)
- Adding new schema to TeamWork on a new database now requires entering the tablespace for dbMaestro_TeamWork schema.
- Support for managing table content with more than 32 columns.
- Access role supports AD groups
Additional fixes in the new version include:
- Improvements and bug fixes in generating the deployment script.
You are welcome to download a free full version for 14-days on our website.
Posted in Release Updates | 1 Comment »
Thursday, January 20th, 2011
This week, we’ll wrap up our series on the aspects of database administration that need to be closely monitored. In prior posts, we’ve highlighted the need to track and manage changes to database information, use of unapproved channels by privileged users, modification of database schemas, addition or alteration of user accounts, retrieval of data via unauthorized channels, access to live production systems, and unapproved changes to applications that access databases.
In our final entry, we’ll cover out-of-cycle patching of production systems, and why it so important to control such behaviors by database administrators and other users.
According to Gartner, “Most enterprises with robust operational management processes have defined ‘operational windows’ for patches.” For example, policy states that patches can only be applied on certain dates, or at certain times. Patches that are implemented outside these windows, says the analyst firm, can cause serious problems with database storage and availability.
In a previous post, we discussed the importance of closely overseeing and approving each change made in the production environment. Here, we’re talking about how to “force” adherence to that policy. dbMaestro TeamWork™ requires each change to receive prior approval before it is implemented. And, when you combine TeamWork with other change management solutions designed to handle change requests or work items, such as IBM RTC or Microsoft TFS, you can manage the patching of production systems via a well-defined and closed-loop process. Each change will have to be approved by TeamWork, which means it must be correlated with a valid change request. Without being linked to a CR, the change cannot be approved – and therefore, it cannot be deployed.
Additionally, using TeamWork in previous steps in this process, such as integration, testing, and changes made in the pre-production environment, can provide even greater visibility and control over the patching process.
Posted in General | No Comments »
Tuesday, January 18th, 2011
Over the past few weeks, we’ve been discussing some of the many areas of database administration that analyst firm Gartner highlighted in a recent report about tracking and monitoring. Topics we’ve already covered include changes to database information, use of unapproved channels by privileged users, modification of database schemas, addition or alteration of user accounts, retrieval of data via unauthorized channels, and access to live production systems.
In this post, we’ll talk about unapproved changes to databases themselves, or to the applications that access those databases.
Gartner believes that, “IT operations personnel have a strong tendency to want to fix problems as soon as they are recognized, without necessarily planning, testing or evaluating their ‘fixes’ or consulting the appropriate stakeholders. Auditors are continuing to focus on change and configuration management processes, especially within systems containing or processing regulated data.”
When databases are involved, Gartner adds, data security and availability issues can arise. The analyst firm urges that table structures, data types and other key database elements should not be changed unless those modifications are mapped against a change management system of some kind.
A lack of control over these types of changes can also lead to users making modifications directly to the production environment. This can lead to many potential problems, such as application crashes because the code in the application does not match the code in the database, or a “backdoor” which can be inadvertently created, giving easy access to internal or external hackers.
That’s where dbMaestro TeamWork™ comes in. Our cutting-edge database Oracle db change management environment forces the user making the modifications to perform check-out prior to executing the alterations. Through seamless integration with a change request (CR) management tool, TeamWork can also directly link the check-out procedure to a valid change request. If no such CR exists, the user will not be able to perform check out, and therefore, will not be able to make the change in the underlying Oracle database. This will prevent unauthorized alterations from being made, and will preserve the performance of both the application, and the underlying database.
Posted in General | 1 Comment »
Thursday, January 13th, 2011
Users of all types interact with a database, and each kind of user poses different and specific risks. Gartner believes that database developers, system administrators, and system analyst post the greatest threats, because “these technically skilled individuals often have the ability to access or change systems that are in live production, which can result in poor performance, system crashes and, in some cases, security vulnerabilities.”
Companies need to be concerned about access to live production systems, according to Gartner, who recommends that access to these environments be conducted only via standard user accounts. But, the analyst firm claims, many users of this type frequently violate this rule by using two accounts. The risks associated with this include system instability and a higher potential for crashes, as well as ineffective permission control which could result in unauthorized access to sensitive or confidential information.
A comprehensive, next-generation database change management environment, like dbMaestro TeamWork™, is the ideal solution for this potential problem. By incorporating locking functionality directly into the database itself, TeamWork delivers maximum security that cannot be bypassed under any circumstances. No matter what type of connection is used, which program is being utilized to retrieve the information, or who is attempting to update the data, TeamWork can help provide greater control over access to live production systems.
Want to learn about other areas of database administration that need to be carefully tracked? Read our past posts on changes to database information, use of unapproved channels by privileged users, modification of database schemas, addition or alteration of user accounts, and retrieval of data via unauthorized channels.
Posted in General | No Comments »
Wednesday, January 12th, 2011
When it comes to database security, it is not only the actions of DBAs and super-users that must be watched. Companies must also closely monitor how end users leverage the database. This is particularly important when it comes to the retrieval of the data contained within that repository.
Gartner is particularly concerned about end users who access data through inappropriate or unapproved channels. The analyst states that, “This problem is similar to that for privileged users, but the risk is somewhat different. End users sometimes access data directly, without using the approved applications or channels. They sometimes do this simply for convenience. But the result may be undetected changes to data that seriously impacts availability and data integrity.”
What do they recommend? That organizations implement “detective security measures to determine whether end users are trying to bypass proper channels”. For example, are end users attempting to go directly to the database, to either view, add, or alter database information, without going through existing application-level controls?
dbMaestro TeamWork™ can help. As we discussed in prior posts, our powerful database version control solution includes a unique locking capability that it an inherent part of the database itself, so it cannot be overridden or bypassed in any way. Therefore, it can optimize security by capturing details about how data is retrieved or altered, regardless of the connection type, the application, or the client.
Refer to earlier posts in the series, where we highlighted other areas of database administration that need to be closely monitored, including changes to database information, use of unapproved channels by privileged users, modification of database schemas, and addition or alteration of user accounts.
Posted in General | 2 Comments »
Thursday, January 6th, 2011
While the majority of database administrators and other privileged users are good, honest professionals, a company still needs to protect itself. For example, according to Gartner, “a DBA or other privileged user who knows his own activities are audited and logged could create an account in a fictitious name, use a dormant account, or change a valid account to give it higher levels of access. The new or altered account could then be used to access or change data, and then be deleted so that no one knows the inappropriate activity has taken place.”
Techniques like these are no secret to savvy DBAs, who are well aware of the potential security access holes in today’s RDBMS systems. Businesses need to watch closely, and put the appropriate mechanisms in place, to ensure the proactive prevention of breaches, identity theft, and similar problems.
But, in order to perform the proper monitoring, companies need a solution that seamlessly integrates with the database engine, so it cannot be bypassed in any way. This will ensure that all update activities are always captured, regardless of which user account is being utilized to make the changes.
dbMaestro TeamWork™ is a robust, next-generation Oracle database change management solution that provides a powerful locking facility. Because this locking feature is not affected by the level of security permission of the user making the alterations, it can capture any change, made by any user. Therefore, inappropriate or unauthorized actions are always immediately detected, before they create problems with database performance.
Read our previous posts to learn more about other areas of database administration that need to be closely monitored, including changes to database information, use of unapproved channels, and modification of database schemas.
Posted in General | 4 Comments »
Tuesday, January 4th, 2011
In prior posts, we discussed the importance of monitoring how database administrators (DBAs) and other super-users change database information, as well as their use of unapproved channels for database access. This time around, we’ll cover the need to control how those privileged users modify database schemas.
The database schema “is central to its secure and efficient operation and management”, Gartner claims. Therefore, “schemas and metadata must be kept absolutely consistent”, as incorrect or unapproved alterations could be detrimental to the performance of the database. Without proper monitoring, privileged users could also inadvertently bypass monitoring or auditing mechanisms, creating tables or other objects containing mistakes and errors that can hinder – or halt – database operation.
Our powerful database version control solution, dbMaestro TeamWork™, eliminates these risks with a powerful locking mechanism that proactively prevents unauthorized schema modifications. Since the DBA or other privileged user must perform check-out within the TeamWork environment, they will be unable to make changes that have not been audited or approved. As a result, the integrity of database schemas is always protected and preserved.
Because TeamWork’s locking mechanism is tightly integrated into the database engine, it cannot be overridden. Therefore, it will always track and audit schema modifications, regardless of the level of the user making them.
Another key feature of TeamWork is its ability to closely align database schema changes with software code changes. This is particularly important as both schema and code modifications are often required as part of a specific application version. With TeamWork, and its robust locking mechanism, schema modifications that create conflicts or problems with code can be avoided.
Posted in General | No Comments »
|
|
|
|
Loading...