by Alex Polishchuk
Remote database administration (DBA) is one of hottest trends in the market these days. Numerous companies in various industries rely more and more on external database administrators to support their production, development and QA systems. These companies range from small size companies with less than a hundred employees to large size enterprises that are spread across the globe.
Administered database systems in these companies range from really small ones with just a few users and several gigabytes worth of data to large systems that hold hundreds of gigabytes of data and process tens of thousands of transactions per day and utilize technologies like Oracle Real Application Cluster (RAC).
Interviews with our respondents have shown that there are many aspects to utilizing remote DBA services. Some companies like it, while the others would not even consider it. The issues involved range from security to face-to-face interaction. This paper will cover our interviews and well look at various aspects of remote DBA services. The goal of this article is to help you determine if remote DBA service is for you and how to get started on selecting one.
What is remote DBA?
Remote DBA is a service provided by a third-party company that monitors the designated database server installation and administers it within the established guidelines. Typical tasks performed by the DBA are monitoring database space usage, memory and CPU utilization, dealing with error log alerts, verifying backups.
Remote DBA monitoring can be done a few ways. One administration scenario is to do it interactively on a per connection basis. This means that a DBA will connect remotely to a database system and review its operation. In the other case, a script can be created and executed to collect the system performance and health data that is then sent back to the database administrator for review. In the case of using a script, if a problem is found in the returning data, the administrator will then connect to solve the problem.
Quite often, remote database administrators are located in a different city, time zone, or even a country. This has its own pros and cons. If both are in the same city then the database administrator can be on-site if required. If the service is in another time zone, because it was outsourced to another country, then monitoring the system at nighttime may be easier, but requires a reliable network connection, which is not available in all countries.
This service requires a high-speed VPN connection to the customer site, so that a remote connection can be established to administer the system. A dial-up connection is not very practical but can be used as a backup option in case of primary connection failure.
Security considerations should be taken into account with both types of monitoring. User names and passwords should be transmitted over a secure encrypted connection. In some cases, such as financial institutions or medical facilities, all the network traffic may have to be encrypted due to the high data sensitivity.
The guidelines for the system administration usually include the monitoring of the system and making sure that it operates within the established parameters. Some performance optimization and tuning will be required to keep the system running in accordance with the established guidelines. For instance, memory reallocation and index management are some of the items in this category.
Remote database administration may include performing some operating system level changes to make the system run according to the established guidelines. These actions may include permission adjustment, disk space allocation, and more.
Another aspect is the system backup and recovery. The database system has to be configured in such a way that it requires the minimal manual intervention to recover in case of a failure. Imagine a 24 / 7 production system that fails in the middle of the night. It will take much longer to bring the system back online, regardless, if the manual recovery is performed by the local or remote DBA. On the other hand, it will be much faster if the mechanisms are in place for automatic recovery.
In general, everything possible should be done to set things up for lights out operations, so that the system can recover itself as much as possible in the event of a failure. This will prevent the DBA from having to go onsite and allow for truly remote operation. A good remote DBA service will have established procedures and tools to help set up all that is needed and the customer can leverage best practices from their experience.
To use or not to use
Have you considered using remote DBA support? That was the main question asked of our interviewees. Most of them responded positively to the general idea with some specifics.
A respondent that used to work at a Fortune 100 company replied that 50% of their DBA team was remote. There was never an issue with support as their work can be done 100% remotely. The only caveat is response time, and face-to-face interaction for problem solving meetings. This respondent went on to say, "The model which I felt worked best is when the DBA is here at work, but has an option of working remotely 50% of the time."
Jeremy Lowell, who is a data architect at Firmus Consulting, LLC says, I believe that there is a significant market for remote DBA and that it will only continue to grow as time goes on. That said, it will begin to morph a bit and become much more specific--meaning that there will be firms that specialize in individual areas within each RDBMS.
According to Pat Phelan, a forum administrator of DBForums, It is generally a good idea to allow some remote access, although you also need some face-to-face time too. There is a great deal that developers and users can gain from actually seeing and working with a DBA from time to time, although that is not always necessary.
Armando Torres Jr., who is a database manager replied, Our Company does not wish this type of support and there are security concerns being a bank. I see the benefit in this type of support especially when staffing is at a minimal.
The demand for remote DBA services is there, as you can see from these responses. The company that considers using this type of service needs to define the responsibilities and the areas that will be outsourced very clearly. In addition, the means of communications and interaction have to be defined as well. Narrowing down the points of contact from both companies will help with the above issues.
There are number of gains that a company can realize by using remote DBA services. The first one is cost. It costs much less to have an external DBA service, than to have a fulltime DBA on staff. This is especially true if the service is provided by an off-shore company, but commutation and cultural differences may easily negate all the savings.
Pat Phelan added that unless your company is willing to pay for DBA support 24 by 7 (or whatever your needs might be), some remote access is necessary. It generally doesn't make sense to have a DBA on premises all of the hours that you might possibly need to have one available, but it makes even less sense not to have one available when you really need them.
Another gain is that the local staff DBA can do more things that are important for the company, than just those everyday administrative functions.
Jeremy Lowell said that it allows the DBAs on staff to potentially impact the business in a more material and tangible way, such as, doing diligence on existing data / standards instead of monitoring backups.
According to Armando Torres Jr. the benefit I see is that these remote DBAs could be used to off load some of the everyday tasks so that the onsite DBAs can support projects.
The respondents were asked to rate the importance of each of the following to their organization for using remote DBA support:
- cost savings
- need for occasional extra help
- after hours support
- don't want to hire a full time DBA
- need specific expertise not in-house
- want to free in-house staff for more important work
It turned out that the cost savings was the most important factor closely followed by the need to free in-house staff for more important work. Next in importance was the need for specific expertise not in-house. Following those was a tie between the need for occasional help and after hours support. The least important was that a company does not want to hire a full time DBA.
The biggest concern that all respondents have cited was security. This comes as no surprise at all. Companies are very concerned about security of their data. Unauthorized use and manipulation of the data have brought down huge companies like Enron and WorldCom. Allowing remote access to the data may cause a potential security breach and in some cases may not be an acceptable solution, like in the case of a bank as one of the interviewees had mentioned.
Jeremy Lowell said the consideration of PCI compliance would be required for many organizations. PCI compliance is beginning to have much more of a burden on organizations than it has in the past. Over the next several months, that burden is only going to increase. That said, I believe that there would be a huge market for a remote DBA role if that company could prove, via an audit, that it was PCI compliant.
Access to the internal systems should be restricted to the administered systems only and the network traffic itself should be encrypted to prevent accidental exposure of sensitive data, such as financial and medical data. This reduces the risk for the company, as well as for the service provider by minimizing the exposure level. For instance, companies that deal with financial data are required to comply with various regulations, such as Gramm-Leach-Bliley Act (GLBA), while medical ones have to follow HIPPA rules. Publicly traded companies have to comply with Sarbanes-Oxley Act (SOX). All these regulations deal with how the sensitive information is stored, transported, and who can have access to it.
There are tools and solutions on the market that help to address all these issues regardless of the remote or local access to the system. Please see my previous article on this subject called The Role of the DBA Related to Insider Threats and Regulatory Compliance. It is available on our company web site Advanced Computer Consulting, as well as on Database Journal or DbaSupport.com.
The Remote DBA service offering is gaining more and more momentum. Lots of companies are using it more widely and deeply, than before. The company that considers using such services should have clear goals and an understanding as to how the service will be used and what guidelines it wants to be followed.
About the author
Alex Polishchuk is the founder and president of Advanced
Computer Consulting (www.advcomputerconsulting.com)
that specializes in database consulting services, including remote DBA services. Alex has over fifteen years of
professional experience designing, developing, and implementing database
applications in various industries and companies ranging from small to Fortune
50 corporations. Alexs primary areas of expertise are in database security and
performance optimization and tuning. He can be contacted at