SQL Server Is Better Than Ever – Blessing or Curse?

SQL Server Is Better Than Ever – Blessing or Curse?

As SQL server became a world-class database system over the past two decades, setting a trap for many organizations. 

Twenty years ago, mission-critical applications were generally only served by enterprise-level database systems (think Oracle and DB2) . SQL Server was reserved for less critical applications because it was not robust enough to handle the throughput, data integrity, security, and disaster recovery requirements of mission-critical systems. 

Over the years, SQL server has indeed become a world-class database management system. Still not quite as robust in some areas as Oracle, but definitely able to handle many if not most mission-critical workloads. 

Fooled by the SQL Server Price Point

Here is the catch,  when mission-critical workloads required expensive, enterprise-level RDMS, customers paid very high license fees for the software, and are therefore expected to make a significant investment in the administration, security, and monitoring of their database environments. It just made sense to protect the large investment in database licensing.

As SQL Server gained parity with Oracle, customers gradually moved mission-critical workloads over to this less expensive platform, and with that, came the expectation of lower administrative costs, and the unwillingness to make the investment in the administration, security, and monitoring of such systems.

As a result, there are now tens of thousands of fragile SQL server databases, created by developers or less experienced DBAs, running mission-critical workloads, that are not backed up properly, not secured properly, and not set up properly for rapid recovery in the event of hardware failure or user error. 

SQL Server: What are we really investing in?

I said earlier that in the past it just made sense to protect the investment that the organization makes in the expensive database system. And I think that is how many organizations think of it. But in reality, the investment in proper administration, security, and monitoring is really an investment in the data that the database holds, not in the database software. It is an investment in the users of the applications that the database supports, it is an investment in the customers that the users of the application serve.. 

These assets, data, users and customers, are of equal value whether you paid $300k in oracle license fees, or 60k in SQL Server license fees. 

Protect What Matters

It is folly to equate the cost and ease of implementation of the database system with the importance of having world-class administration, security, and disaster recovery to protect your critical business assets.

Take needed action today

If you have SQL Server databases in your environment without a professional database administrator looking after them (or think you might), call a professional to assess those environments to ensure that they are backed up and secured properly. (Hint — almost all of the databases that we assess that have not been actively managed by a professional DBA are not backed up the way the customer thinks they are!).

If you would like to talk about your environment, click here to schedule a consultation.

 

 

 

To Understand Risk, Ask Better Questions

The importance of asking the right questions

Readers of my blog know that a common theme has been the importance of asking the right questions. Today I will illustrate this with a true and painful (literally) personal story that really drives the point home.

The story will be about measuring risk vs reward and the importance of asking the right questions to properly assess both parts of that equation, especially the risk part. 

The Diagnosis

After a routine colonoscopy (illustrating the importance of proactive monitoring, but that is a different blog) I was recently diagnosed with stage 3 colon cancer. This means that the cancer made it beyond the colon and into the lymph nodes, but just a little. Fortunately this means that treatment options are available that are expected to be very effective.  After having surgery to remove the tumor, I was advised to undergo a three month course of chemotherapy. The surgery went very well, and after some recovery time, I was ready to begin chemo. Here is where this particular story really begins.

Risk Vs Reward

As we do in business, we are always assessing risk vs reward whenever we make any decision, including in decisions around our health.  When we do this, we must determine what the potential risks are for all available options, what the rewards are for each one, and then we try to choose the option that maximizes reward while minimizing risk.

Choices

When it comes to my particular chemo treatment plan, I need to have four two-hour infusions over the course of 3 months. As a patient, I was given the choice of two methods of infusion. One option was to have a port surgically implanted in my chest that would remain there for the duration of the three months. The other option was to have the infusions done via a standard intravenous method using a vein in my hand or arm.

I was advised by the nurse and doctor that a port is recommended and that most patients do this, but that IV is an option too if I prefer not to have the port.  It was here that I made a big mistake by not asking the right questions. When I asked why the port was recommended, the answer I was given was the following:  It is sometimes difficult to find a vein and the nurse will have to try multiple times, and that if the IV is not placed properly, it can lead to irritation of the arm.  I failed to ask followup questions, more on that later…

Weighing the Options

Option 1, Infusion Port. Risks: Small risk of infection or other complications as with any medical procedure, unsightly and potentially uncomfortable port sticking out of my chest for three months when it is only used four times. Rewards: Reduced (maybe eliminated) chance of irritation caused by the infusion, simpler actual infusion process.

Option 2, IV.  Risks: possible irritation of the arm. This was mitigated in my mind by the fact nurses have always had a very easy time when I give blood. Reward: No unsightly port to potentially get in the way of the gardening and golfing I hoped to continue doing during chemo.

The Mistake

As I have said in the past, almost all problems are caused by poor communication and this was no different. I neglected to ask a very important question. I never asked what the nurse or doctor meant by the word irritation.  When I heard the word irritation, I heard exactly what I wanted to hear (because I didn’t like the idea of a port). I heard short term redness, itchiness, and maybe a little sensitivity. But I never actually asked them what it meant. I never ascertained the actual risk, one of the most important parts of the equation.

The Result

I chose the IV option based on this flawed risk/reward analysis. 

I went at the appointed time to find a very nice infusion nurse ready to connect up to my port. The fact that she was surprised and visibly concerned that I did not have a port should have sent me running, but I stayed. 

She easily found a vein in my hand as I expected she would, and the infusion began. Everything was fine for about an hour and then I started to experience some strange feelings in my arm. I assumed that it was normal and had no pain so I didn’t think much of it. At about 90 minutes my arm started to hurt.  By the time there was about 10 minutes of infusion left, I was in excruciating pain. When it was finally over, the pain of the removal of the bandages was similar, I imagine, to having my skin ripped off. I shook violently for thirty minutes afterward and in retrospect I think I was likely in some kind of shock.

The excruciating pain lasted for about 2 days, the inability to use my arm because of inflammation and skin or nerve damage lasted about 1 week, and very significant sensitivity and less intense pain lasted 9 days.  As I write this, at 10 days, I finally feel the level of irritation that I originally imagined was the worst case scenario.

No Stupid Questions

All of this could have been avoided had I asked better questions, like “what exactly do you mean by irritation?”.  As a wonderful teacher of mine once said:  “the only stupid question is the one that’s never asked”

Needless to say, I am getting a port put in for the remainder of the infusions. Lesson learned the hard way.

Our Cloud Migration Roadmap: Set Yourself Up for Success

Our Cloud Migration Roadmap: Set Yourself Up for Success

67% of businesses have migrated their workloads to the cloud in 2020 alone. Are you considering following this trend? If so, you’ll need a stellar cloud migration strategy. Otherwise, your services will have poor performance, which your customers will also experience. 

Throughout this guide, you’ll first learn the benefits of cloud migration. Afterward, this guide will cover the most efficient cloud migration roadmap and select a good cloud migration provider.

What Are the Benefits of Cloud Migration?

Cloud migration can potentially have a massive impact on your services. First off, you’re letting a company that specializes in cloud computing handle your services. Because of this, you’ll have access to disaster recovery features, massive data centers, and more.

Other benefits of cloud migration include:

Scalability: enables you to control resources based on your businesses needs—whether you want to expand or use fewer resources

Enhanced performance: better computing capabilities lead to enhanced performance

Security: most providers offer robust built-in features that handle challenging security issues

Cost reduction: you don’t need to maintain data centers and only pay for what you use

Your 5 Step Cloud Migration Roadmap

To ensure you transition your services smoothly, you’ll need to craft an optimal cloud migration strategy. Throughout this section, you’ll learn how to create your goals and manifest them while enhancing your product.

1. Determine Your Cloud Migration Goals

Before embarking on any endeavor, you’ll need to figure out the goals for your transition into the cloud. Otherwise, you won’t have any indicators to label your migration as a success. Moreover, you’ll also find yourself confused. Everyone will have different goals, so we can’t create one for you. However, we can help. First, you’ll need to ask yourself a couple of questions.

What are my objectives for this cloud migration? Your answer could involve reducing expenses or supporting your infrastructure for expansion.

What technology principles should your business follow? Answer questions to figure out what technology your business will need to achieve your goals.

Once you’ve assembled your goals, you will need to build a plan with your team to prepare for various scenarios. That way, if you encounter any downtime, bugs, crashes, or other undesirable scenarios, your team is ready to tackle it.

2. Cloud Data Migration Methods

Unfortunately, there isn’t a single data migration strategy to select. There are 6. However, each method has unique characteristics that offer distinct advantages to your business.

These methods include:

  1. Rehosting: the most cost-effective option that redeploys your codebase in a cloud environment
  2. Repurchasing: using a cloud service provider to replace your existing on-premise solution
  3. Replatforming: similar to rehosting, except that it requires changing cloud vendors, which will require more optimization
  4. Refactoring: requires more work; however, refactoring transforms your IT architecture
  5. Retaining: keeps parts of your infrastructure on-premise, which makes this method best for security
  6. Retiring: abandon obsolete applications or parts of your codebase—great for optimizing your system

3. Pick a Good Cloud Service Provider

You’ll need to create criteria when choosing the cloud migration services. Otherwise, you may end up with a service that won’t provide optimal results. The following will show you a checklist on how to pick the best services.

Cost

Various variables determine the price of your cloud migration services. In this scenario, you will need to shop around and inspect each provider’s features, performance, and support. From there, you will want to choose what price will best fit your needs.

Performance

Regarding performance, one of the most critical factors to look for is low latency. Otherwise, your customers will experience lag and sluggish loading times if your setup struggles with high latency. Because of that, you may lose out on customers.

Support

Without responsive customer service, you wouldn’t have support and specialists to help you if you run into any issues. Moreover, you will want to check for additional features. One includes ways you can contact customer service. Others include availability and whether you have to pay a premium price for priority support.

Before purchasing, you could test their customer service responsiveness by contacting the company. If they’re responsive, then they’re a good fit. Otherwise, you may want to keep shopping.

Services

With a wide selection of cloud vendors to select, you’ll notice that some have tens, others over 100, extra services to enhance your product. Some services include machine learning, data monitoring, automation, and more.

However, you will want to keep in mind that the company will charge more for their software with the addition of services.

4. Migrate to the Cloud

Once you have steps 1 through 3 assembled, you will need to relay what’s happening to your employees and customers. That way, they won’t suffer from disruptions throughout the migration process. Afterward, your cloud migration team will transition your code into data services. Meanwhile, you will want the rest of your team preparing for the incoming cloud system.

Ways your other employees can contribute to the company’s migration include crafting data compliance policies and adjusting security measures.

5. Optimize Your Setup

Since you have everything ready, you’ll need to optimize. This step includes fixing, adjusting, and performing other tasks. You’ll need to make these adjustments throughout different parts of your product like:

Tweaking your codebase: that way, you enhance your product’s performance

Testing: ensure everything works

Integrating new technology: feedback pipelines, automated testing, and microservices

Once you finish this step, you’ve completed your cloud migration. From here, you will need to monitor your product and make adjustments when needed.

Unleash Your Data’s True Potential

If you’ve followed this cloud migration roadmap, you’re taking the first step toward transitioning your business into the modern age. Moreover, you’re transforming your services into a data-driven performance powerhouse.

What’s the next step? First, explore various cloud migration tools. Afterward, choose what service best fits your business’ needs.

Schedule a free 15-minute phone call with Buda Consulting to learn how we can help you get more out of your Oracle and SQL Server database investments.

A Step-By-Step Guide to Upgrading Oracle 11g to 12c

A Step-By-Step Guide to Upgrading Oracle 11g to 12c

Is your company’s IT infrastructure an out-of-date eyesore? The 11g support clock has been ticking since 2013, when Oracle released the major version upgrade for 12c. Like in any software cycle, Oracle has been phasing out support for version 11g.

If you are still using version 11g, chances are your database infrastructure is outdated and needs an update. However, you will want to do this carefully in case you compromise your stored data. The most recent upgrade offered by Oracle is their 19c version. If you’re on 11g, you are very behind. Fortunately, we’ve got you covered. Here’s our step-by-step guide on manually updating Oracle 11g to 12c. You can then use that foundation to upgrade oracle 12c to 19c if you want.

Step 1) Check Release and Version

Make sure you are using Linux.

The syntax to check your version is usually:

SELECT * FROM v$version;

You will want to make sure you are using

  • Oracle Database 11gR2 (11.2.0.2.0) (64-bit)
  • Running on Oracle Enterprise SUSE Linux

This tutorial will teach you how to upgrade Oracle 11g to 12c using dbua (a database upgrade assistant).

This is probably the simplest way to upgrade your database version.

Step 2) Check Prerequisites

There are a few prerequisites that you should check before upgrading, or else the process may fail.

Here are some things that you should check.

Gather Dictionary Statistics

You will be able to do this using an SQL prompt.

Input the following:

CONN / AS SYSDBA EXEC

DBMS_STATS.GATHER_DICTIONARY_STATS;

For Container Databases

If your Oracle database uses containers, you will want to use the following command to perform the actions in all containers.

This will gather your dictionary statistics across all your containers.

$ORACLE_HOME/perl/bin/perl $ORACLE_HOME/rdbms/admin/catcon.pl -l /tmp -b gather_dict_stats — –x”EXEC DBMS_STATS.gather_dictionary_stats”

Purge Recycle Bin

You will want to purge your recycle bin as well. This can be done using an SQL prompt.

Input:

CONN / AS SYSDBA

PURGE DBA_RECYCLEBIN

Compile Invalid Objects

Again this can be done by inputting an SQL prompt.

CONN / AS SYSDBA

@?/rdbms/admin/utlrp.sql

Compile for Container Databases

This is the prompt you will want to use to compile invalid objects for container databases. This will execute the action across all your containers.

$ORACLE_HOME/perl/bin/perl $ORACLE_HOME/rdbms/admin/catcon.pl -l /tmp -b comp_invalid_objs — –x”@?/rdbms/admin/utlrp.sql”

Step 3) Stop the Database and Listener

Next, you want to stop the database from running.

Input the following into the command prompt.

oracle&hostname > sys /as sysdba

SQL> shutdown immediate;

oracle& hostanme> lsnrctl

LSNRCTL> stop

This will stop the database as well as the listener.

Step 4) Check Version and Components Again

Use the previous step to check the version of oracle and then refer to this link to check the components in $ORACLE_HOME.       

You will also want to set the new ORACLE_HOME. 

You can do this by typing in: 

hostname> export ORACLE_HOME=oracle/SID/12.1.0

If you have completed Steps 1-4, you should now be ready to run the 12c installer.

Step 5) 12c Installer

Next, you’ll want to go to the 12c media directory and run the following command. 

oracle&hostname> ./runInstaller                                                                                            

This should pull up the installer.

  1. Once you’ve navigated to the installer window, click Next
  2. In the next window, click Next again and select the “Skip software updates” option
  3. Click Next again and select “Upgrade an existing database.”
  4. What this should do is automatically launch the DBUA to help you upgrade your existing database
  5. You will want to select a language (e.g. English) and click Next
  6. You should select the “Enterprise Edition” and click Next
  7. Click Next again at “Specify Installation Location”
  8. Click Next again at “Privileged Operating System groups”
  9. The installer will then ask you to perform prerequisite checks again and click Next
  10. On this final page, all we have to do is hit Install

Once the progress bar is at 100%, Oracle 12c should be downloaded and installed. This is not all there is to it, though. You will still have to upgrade from 11g to 12c.

Step 6) Use DBUA to Upgrade 11g to 12c

The next few steps will guide you through the process of using the installer to upgrade your database. 

The DBUA supports an 11g to 12c upgrade because the direct upgrade is supported according to Oracle’s upgrade matrix. 

You can follow the instructions in the DBUA to interactively install the upgrade or simply follow this guide.

  1. On the first page, “Select Operation,” and click Next
  2. Click Next again at “Select Database”
  3. At “Prerequisite Checks,” ignore and hit Next again
  4. Hit Next again
  5. At “Upgrade Options,” click Next again
  6. At “Management Options,” you will want to select the “Configure Enterprise Management” button and click Next again
  7. At “Move Database Files,” hit Next
  8. At “Network Configuration,” hit Next
  9. At “Recovery Options,” select the option “I have my own backup” and click Next

Lastly, on the summary page, click Finish. This should again show a progress bar. Once this progress bar is at 100%, the database should be updated to version 12c successfully.

Check that the version has been upgraded by inputting:

SQL> select * from v$version;                                                                                                                                                   

This should show that you are on Oracle Database 12c Enterprise Edition Release 12.1.0.1.0 – 64bit Production.

Upgrade Oracle 12c to 19c

From here, you can also upgrade to oracle 19c. We will not cover the steps to do so in this guide, but the process should be similar.

Keep in mind that you want to have an upgrade timeline of 6 months to a year if you are still using Oracle 11g. The latest Oracle release is 21c; not upgrading your IT infrastructure could be costly for your company down the line as older versions of Oracle will become de-supported.

Have Any Questions?

While upgrading databases is complex, your company should aim to do so in a reasonable time frame.

Oracle supports direct upgrades from 11g to 12c, which can be done with their DBUA or database upgrade assistant. From there you can upgrade oracle 12c to 19c.

Hopefully, this guide was helpful in helping you get your IT up-to-date.

Please contact us at Buda Consulting if you have any questions about updating your Oracle product. We are Oracle experts and are here to help you at any time.

What Is CUI Data? | An Expert’s Explanation

What Is CUI Data? | An Expert’s Explanation

Did you know there are 125 categories of controlled unclassified information (CUI)? With so much data that is now under the umbrella of CUI, ensuring your business recognizes which data to protect is essential. But what exactly is CUI data? Read on to learn about this type of data, how to recognize if you use it in your business, and how you can protect it.

What Is CUI Data?

CUI, or controlled unclassified information, is information that needs safeguarding. It is data that needs to be disseminated in a manner that follows the laws and regulations the government has in place, but that does not fit under Executive Order 13526 “Classified National Security Information”.

CUI is part of a government program that strives to standardize this type of data and ensure it is protected. CUI replaces the old For Official Use Only (FOUO) programs and offers more efficient and consistent policies. If a document had a label of “Proprietary” or “For Official Use Only” in the past, now it needs the CUI label.

CUI is a term that encompasses other kinds of data: Covered Defense Information (CDI) and Controlled Technical Information (CTI). They refer to technical information that applies to a military or space context and which has a distribution statement. The data can be labeled as CUI Basic or CUI Specified, which is more restrictive in its uses and the safeguards it needs.

Examples of CUI Data

Within the 125 categories of data that fit into the CUI label, you can find many subsets of information that need to be protected, but are not classified. The CUI Registry has a list of what type of data must be safeguarded following government policies, laws, and regulations. Some examples include:

  • Personally Identifiable Information (PII), which is information that can identify a particular person
  • Sensitive Personally Identifiable Information (SPII), which is information that if disclosed without permission could substantially harm or embarrass the person
  • Unclassified Controlled Technical Information (UCTI), which refers to data that has a military or space application
  • Sensitive But Unclassified (SBU), which is information that does not meet the standards for National Security classification
  • Law Enforcement Sensitive (LES), which is data that if disseminated without permission could cause harm to law enforcement procedures

There are many more forms of CUI, and you can expect everything from health records, intellectual property, technical drawings and blueprints, and much more to fall under the label of CUI data.

Identifying CUI Data

If you are an IT professional or are a government contractor of any kind, you will likely have CUI data to worry about. Most of the time, the Department of Defense will label data as CTI or CDI, as needed, but there are instances when the contractor will be creating this kind of data as they complete a project. How do you identify it, then?

Let us look at some of the things to watch for.

Contracts

Does your site have a US government contract or does it supply a US federal contract? If it does, then you most likely have CUI data you will need to safeguard.

Labeled Information

Some data will have a CUI label on it already or will be easy to identify. If you see “Export Control”, which includes information that needs monitoring, such as Export Administration Regulations (EAR) or International Traffic in Arms Regulations (ITAR), then you can expect CUI data. Labeled information refers to non-classified data that has legacy or agency designations, and that is CUI.

Defense Projects

Many Defense Federal Acquisition Regulations (DFAR) deal with CUI. If projects related to aerospace manufacturing have details that are noncommercial and technical, they are CUI. Technical information can refer to engineering and research data. It can also be engineering drawings and plans, technical orders, process sheets, manuals, datasets, studies, and much more. For defense projects that have technical information related to a military or space application, you need the label of CUI.

Non-Defense Projects

Whether there is CUI data in a non-defense federal project depends on the specifics of the project and of the contract. Federal contract information, which is CUI, is information that the government does not want released to the public, and that has been created for the government or provided by the government during a contract.

Protecting CUI Data

There are government policies and guidelines to help you protect CUI data. You have to physically protect the data using key card access or other similar locks. The data and all its backups need labeling and securing when not in use.

At the network layer, the data also needs protection. Firewalls, switches, and routers all have to protect against unauthorized access. You need OSI layers two through four. You have to have session controls in place, as well. The data has to be protected with authentication and authorization mechanisms, and it all has to take place within the control of the data owner. There are also infrastructure controls that can secure CUI data. They can be virtual machines, storage area networks, physical servers, and backup systems.

You will need to have a risk assessment completed, and there must be network scans done periodically. If there are any configuration changes needed to the system that provides access to the CUI, the process needs a documented review and an approval process. Any logs need a third-party audit on a regular basis.

Keep CUI Secure

If you work with CUI data and need the best security, we can help. At Buda Consulting, we deliver secure and reliable database systems, ensuring even the most sensitive data is safe. Contact us now to speak with an expert!