S 4.70 Monitoring a database

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: Administrators

Databases should be monitored regularly to ensure the availability, integrity and confidentiality of their data. The essential items which need to be observed in this respect are described briefly in the following.

The database should be checked for fragmentation at regular intervals in order to permit a timely planning and implementation of any required measures such as reorganisation of the database.

As a rule, database systems manage the memory available to them in the form of blocks having a fixed size. If data records are inserted into an empty table, new blocks are reserved for this table and filled with the data records. These newly created blocks can be utilised almost fully (with the exception of the last block).

If data records are deleted during subsequent operation, the memory blocks which were occupied by them are released. In principle, this memory space can be used by other data records. However, as the data records have different lengths, 100% utilisation of the free memory space is usually not possible. Consequently, modifications to data in the course of time result in an increasing number of gaps in the database blocks, most of which can no longer be utilised. Such gaps are created not only by DELETE- and INSERT operations but also by UPDATEs, as a data record can no longer be stored at the same location once its length has been changed.

The presence of such gaps not only increases memory requirements but also retards the operation of the database, as more disk space needs to be covered in search of data records and free memory.

The degree of fragmentation in the blocks of a table can be ascertained by comparing the quantity of data in the data records of the table with the memory space occupied by the blocks of the table. In the case of certain database management systems, an analysis of the degree of fragmentation is also supported by the accompanying administration software or add-ons.

If a database becomes excessively fragmented due to the scenario mentioned above, a reorganisation needs to be performed. This can be done manually, for example, by exporting all the data out of the database, re-computing and re-creating all the tables, and then importing the data back into the new database. Auxiliary programs for de-fragmenting tables are also available for some database management systems.

Similarly, the available space of the database files should be checked regularly in order to permit a timely planning and implementation of any required measures such as the extension of the memory capacity. Some database management systems allow administrators to prevent excessively rapid fragmentation by already defining certain parameters during the creation of the tables. For instance, it is possible to reserve a particular number of consecutive blocks for a table in advance, to save free memory for any changes required during later operation.

Example:

In an Oracle database, every table is assigned a fixed number of extents. In Oracle terminology, Extent designates a logical unit of magnitude. The data of a table are stored in at least one extent. Once the capacity of an extent has been exhausted, the database management system automatically creates another extent. The following values can be defined during the creation of a table:

• Size of the first extent in bytes

• Size of the second extent in bytes

• Percentage growth of all additional extents, relative to the size of the second extent

• Maximum number of extents which can be created for a table

• The PCTFREE parameter is used to reserve any required percentage of the new blocks for later modifications.

Regular checks must also be made as to whether the data volume is actually increasing at the originally assumed rate. If it increases more slowly, memory resources which could be used for other purposes are tied down unnecessarily. If it increases more quickly, bottlenecks in the memory capacity might occur.

Furthermore, the degree of utilisation of the database must be checked regularly, particularly as regards the set upper limits (refer to S 4.73 Specifying upper limits for selectable data records).

The information of relevance to the actual monitoring of a database depends on its mode of operation, i.e. the standard database software in use. Accordingly, individual measures must also be implemented to so modify the database configuration that it meets requirements concerning access speeds, intended transactions etc.

Scripts can be used to automate monitoring of the database. However, a prerequisite here is that the database software supplies the information in a form which can be analysed automatically.

Additional controls:

• Are database files, important tables and the utilisation of the database checked regularly?

• Have appropriate monitoring intervals been defined?