Major database errors remain a prominent problem for enterprises, across all industries. In a recent study conducted by DBmaestro, nearly 50% of respondents reported experiencing a major database error or crash in the past 3 months. As more and more organizations move toward Agile processes and more frequent deployments, how can DevOps best practices be adopted in the database safely and effectively?
In this webinar, we'll cover:
How enterprises are adopting DevOps for the database and what they’re struggling with
Actionable tips for increasing the frequency of database deployments while reducing risk and preventing errors
Security analyses of famous database horror stories, and how they could have been avoided
How DBmaestro's database release automation platform can help you get database risk under control
3. “Enterprise DevOps adoption isn’t mandatory— but neither is
survival.”
– Gene Kim, The Wall Street Journal, CIO Journal, May 22nd, 2014
DevOps…or die.
4. DBmaestro 2018 Database DevOps Survey
DevOps Adoption Within Organizations
All the cool kids are doing it… but…
5. The database side - then vs. now
DEV team responsibilities
− Creating logical changes to the app/DB
DBA responsibilities
− DB changes code reviews (especially in high
risk areas)
− Handling rollout and rollout risks
− Health and continuous operation of the DB
Problem:
Slow process
Small focus
• Every 2-3-4 weeks?
• Continuously?
• CI /CD
Small/atomic changes
• Quick feedback loops (unit tests,
automated tests, etc)
• Small changes quickly pushed all the
way to (pre) production
Problem:
Rollout risk responsibility?
Blamestorming is inevitable
Waterfall Agile
6. High frequency → getting higher
Frequency of Application Deployments by DevOps
DBmaestro 2018 Database DevOps Survey
14%
29%
37%
8%
10%
3%
24%
38%
23%
6% 6%
4%
More than once a
day
More than
once/week
A couple of
times/month
Once/month A few
times/quarter
A few times/year
2017 2018
7. More releases → more errors
Frequency of Database Changes vs. Last Database Crash
DBmaestro 2018 Database DevOps Survey
8. Integration (or lack thereof) of DBAs with other teams
The Role of the DBA
DBmaestro 2018 Database DevOps Survey
How Database Changes
are Performed
9. What happens if the database is not part of the DevOps strategy?
11. “I worked with a major bank. They were trying to switch to Agile and update their
database processes.
A DBA added an index to the 180m-record table in PROD to accelerate its
performance.
It was never documented.
A developer released an update to the bank’s app based on a compare-and-sync
method, overriding the DB schema…and… deleting the index.
The app was down for 36 hours while they tried to find the cause of the
error and fix it.”
12. Horror Story #1 – Post-mortem
▪ Documentation: DBA made undocumented changes
▪ Misuse of tools: Use of tools that are suited for manual, not automatic
operations
▪ Roles and access: That developer was not supposed to have had access
to push changes to PROD
▪ Documentation, strike 2: The developer didn’t document his changes
either, making it difficult to retrace steps and rebuild the index.
16. Horror Story #2 – Post-mortem
▪ Documentation (a different kind): Production database credentials were
openly shared
▪ No policy enforcement: If the company had enforced policy on
database scripts, truncating tables or things like daytime modifications
to production, the disaster also could have been prevented
▪ Roles and access: A junior developer should not have had access to
push changes to PROD
▪ No backup: Production database not properly backed up, nor were
backups tested
17. DevOps adoption and new global security measures
• Agility
• Quicker time-to-market
• CI/CD
New security requirements
New processes
Separation of duties
• Increase in breaches and hacks
• More data held online, in cloud
• Internet accessibility growth
DevSecOps
18. DBmaestro: Getting database risk under control
Automating database release processes, staying on top of security.
DevOps:
• 10x faster time-to-market
• CI/CD automation
• Drift management and prevention
Security:
• Meeting compliance requirements
• Roles and permissions
• Policy management
• Audit trails
21. Roles and permissions
Control who can do what and
where
● Project segmentation
● Separation of duties
● Roles
● Rights of processing
○ DEV…
○ QA
○ Pre-PROD?
○ PROD!?!
23. Audit trails of all structural changes
▪ Keep a complete history of
all changes made and
attempted
● Who?
● What?
● When?
● Where?
GDPR, HIPAA, SOX…
24. Horror Story #3 - PREVENTED!
I KNOW WHAT YOU DID LAST DEPLOYMENT
25. “In the middle of a live webinar, with 150 people
watching, I was demonstrating the product’s release automation
capabilities. I made a manual change to rectify a simulated
drift in ‘production’, incorrectly, and DBmaestro prevented me
from pushing an update due to the
configuration drift in production. Confused and
stressed, I didn’t read the error message, tried 2-3 more times,
kept getting rejected till I moved to the next example.”
26. (Almost) Horror Story #3 – Post-mortem
▪ Drift prevention: No matter how hard I tried, the system wouldn’t allow me to
push an update, conflicting with a configuration drift at production, without
acknowledging the drift and signing an approval (create or replace statement…)
▪ Stress: The conditions I was operating under (live webinar, people
watching…), very effectively simulated real-life situations (production update,
people waiting) that can lead to manual database errors and overlooking
available information.
Enterprises with digital aspirations now realize it’s DevOps or die. The increase in agility gained from short, automated deployment cycles is staggering, and it’s a matter of when, not if, software engineering teams make the switch. The problem is that, although enterprises spend a lot of time and effort on a DevOps transformation, they often leave database development processes outside of the DevOps and DevSecOps loops.
The majority of survey respondents (83%) are already using DevOps in at least 20% of their projects, with 42% using DevOps in more than half of their projects.
Only 17% of the companies have yet to adopt DevOps for their projects.
Source: DBmaestro 2018 Database DevOps Survey
Background on survey (deleted slide);
Respondent Demographics
DBmaestro’s annual Database DevOps Report reviews the challenges and best practices of companies using or looking to implement DevOps for databases. The results are based on responses from 244 IT professionals from around the world, collected through an online survey conducted in October 2017.
Over half of the respondents (55%) are from companies of 1,000 or more employees.
Financial Services, IT and Banking account for over half (57%) of the respondents.
Over half the respondents (53%) are responsible for the database in their organizations.
Half of the respondents are managers, directors, VPs and C-level executives
On one hand - DevOps
Adoption of practices like agility and CI/CD, leading to faster and more frequent deployments. Development and operations teams are redesigned, responsibilities are allocated differently.
The result is that applications and versions are updated often and responsibilities have shifter
On the other hand - Security
The world is increasingly more connected, accessibility of internet connections has sky-rocketed over the last decade. More data is held online, in the cloud, and more data than ever is collected about users. In the last year alone there have been numerous database breaches that have left hundreds of millions of people’s sensitive data exposed to hackers with villainous intent
The result -
Advances in the tech world - both in DevOps and in connectivity and technology - have birthed a new level of security requirements. New processes are required, roles and duties need to be separated and governed...leading to the birth of DevSecOps.