1. CSE 136 Lecture 2
 Database design steps for the enterprise
 Logical Design Overview
 Physical Design
 Logical design in detail
 Conceptual Modeling
 Model to Schema
 Database Security
 Enterprise Database Environment
 Continuous Integration DB – build DB project

2. Database Design Step
ER Model
Using MS SQL 2008

3. Logical Design Overview 1

4. Logical Design Overview 2

5. Logical Design Overview 3

6. Logical Design Overview 4

7. Physical Design

8. Conceptual Modeling - generalization

9. Conceptual Modeling -
relationships connectivity

10. Model to SQL schema
 Data Definition Language
 Why use data definition language?
 Multiple database designers modifying DDL
 Version Control
 Build the database script from scratch (for unit testing)
 Examples
 Create table
 Alter table
 Drop table
 Create/drop view

11. Model to SQL 1

12. Model to SQL 2

13. Enrollment example

14. Enrollment example

15. SQL Security
 Secure Configuration
 Authentication
 login/password
 Authorization
 What you can access
after you login
 Data Encryption
 Protectingsensitive
data from internal
and external hackers

16. SQL Security - Secure Configuration
 Physically secure the server behind firewall
 Enable only the minimum network protocols
required
 Use Windows Update to apply patches
 Surface Area Configuration - turn off default SQL
features
 CLR Integration
 Database mirroring
 Debugging
 Service broker
 E-Mail functions

17. SQL Security - Authentication
 Use simple connection strings containing user names
and passwords during development
 Create SQL user for test-user (shows password in web.config &
app.config)
 Use windows authentication in production with more
security
 SQL 2008 uses encryption of the channel by default
(avoid data sniffing)
 Windows Group Policy
 password complexity
 password history
 password age expiration
 lockout after failed attempts

18. SQL Security - Authorization
 After authentication, what can you access?
 Depends on your roles (owner, admin,
operator, reader, etc)
 Principal
 Anyindividual, group, or process that can request
access to a protected resource
 Securable
 object
that you can secured by granting or
denying of permissions

19. SQL Security - Principal
 Windows-level principals
 Domain, local, group
 SQL Server-level principals
 SQL login
 login mapped to a windows login
 login mapped to a certificate
 login mapped to a asymmetric key
 Database-level principals
 Database user
 user mapped to SQL server login
 user mapped to windows login, certificate, asymmetric key
 Database role
 Application role
 etc...

20. SQL Security - Securables

21. SQL Security – Dynamical SQL
 Execute(@sql)
 @sql is a dynamically generate SQL statement
 @sql = ‘select * from course where name = ‘’‘ + @search + ‘’’’
 Open for SQL injection attack
 @search = ‘cse’’’; delete from users‘
 Use sp_executesql (@sql, @search_text)

22. SQL Security – Encryption
 Built-in SQL encryption methods:
 EncryptByPassPhrase(), DecryptByPassPhrase()
 EncryptByCertificate(), DecryptByCertificate()
 Encryption side-effects:
 Storage(encrypted values are larger size)
 Performance
 Create Index on encrypted data
 Create Index on hash value

23. Review question
 Difference between db logic design and
physical design?
 Difference between deny vs revoke?
 Can you think of a generalization scenario for
your project?
 How many entities will you have in your db
design?
 Can you identify where you would need
indexes in your db?
 What db objects would you want to provide
more security in your db design?

24. Break time

25. Enterprise DB – availability & load
 Availability = (Total Units of Time – Downtime) /
Total Units of Time
 8,760 hours (365 days 24 hours) in a calendar year
 100 hours of downtime during the year
 (8760 – 100) / 8,760 (98.9% uptime)
 Fail-over
 When one db fails, another becomes active
 DB Load Balance
 Distribute data across different servers (multiple
active databases)

26. Enterprise DB - architecture
 Clustering
 Log shipping
 Mirroring
 Snapshot replication
 Merge replication
 Peer-to-peer replication (transactional)
 Combinations
 Cluster & mirror
 Cluster & log-shipping
 Cluster & replication

27. Enterprise DB - clustering

28. Enterprise DB - log shipping

29. Enterprise DB - mirroring

30. Enterprise DB – snapshot replication

31. Enterprise DB – merge replication

32. Enterprise DB – peer-to-peer

33. DB Architecture comparison

34. Enterprise DB – cluster & mirror

35. Enterprise DB – cluster & log-shipping

36. Enterprise DB – cluster & replication

37. DB for Continuous Integration
 Database needs to be built locally
 For individual C# developers coding locally
 For running unit tests locally
 Database code needs to be in the source control
(version control)
 Nightly builds on the server
 Solution:
 Database Solution in VS 2010 (cse 136)
 Database build script (*.sql)
 Command shell (CreateDB.cmd)

38. Review question
 Difference between fail-over and load
balance?
 What are the pros and cons of clustering?
 What scenario would you recommend logging
shipping instead of mirroring?
 What scenario would you recommend
mirroring instead of replication?

39. Demo
 SQL Mixed mode
 Create SQL user
 Show Day 2 tutorial
 Run .cmd to generate db

40. Assignment
 Due Day 4
 Create a database in SQL 2008
 Create a database diagram
 Create SQL Stored Procedures based on your
activity diagram(s) for your entire project’s
features.
 Create a database solution using VS 2010 (see
day 2 tutorial)
 Run the db command script

41. References
 Database Modeling and Design
 Pro SQL Server 2008 Failover Clustering