Tensions growing between DBAs,
app developers?"> Experts see growing tension between two notoriously territorial groupsDBAs and application developersthat are being required to work more closely together in increasingly complex environments. A reason for additional responsibilities placed on DBAs shoulders can be traced to needed mastery of operating-system-related functionality steadily migrating to the database. Todd Langille, associate director of Administrative Computing for Dartmouth College, in Hanover, N.H., said more DBAs are being assigned "tweaking and tuning" tasks typically associated with programmers.Langille, who oversees an Oracle9i database, said he is investigating a few ways to alleviate DBA time constraints, including contract services, better education of development teams in the area of troubleshooting and system diagnostics, and trouble-ticket interceptions. Over the last year, Dartmouth has changed how it performs source code migration and database object migration into the production environment. The move, made to restrict user access to the production environment, has smoothed some ruffled developer feathers with more detailed audit trails, Langille said. Newer federal laws such as the USA Patriot Act and the Sarbanes-Oxley Act have prompted many enterprises to give DBAs more authority to apply security controls where they deem them necessary and without as much red tape. That has meant a lot to Amy Smith, who supervises 14 DBAs managing IBM DB2 UDB (Universal Database) software at CIT Group Inc. "Its empowering," said Smith, vice president of the Database Service Bureau at CIT, in Livingston, N.J. "Now we can call the shots a lot more because were doing it under the guise of protecting assets of the company; it gives us more flexibility." All the DBMS vendors have been talking up enhancements in upcoming versions of their software. The vendors are trumpeting direct improvements in security and improvements in other database administration tasks that should give DBAs more time to deal with security matters. Microsoft has taken pains to salvage its database security reputation by bolstering the next version of SQL Server, code-named Yukon, with an off-by-default architecture and a variety of new protection features, officials said. For instance, common language run-time is not enabled in Yukon out of the box, meaning users must receive permissions to write stored procedures. In addition, stringent password components have been put in place, such as an uppercase numbers and characters requirement, time expiration, and account lock-out components. Granular permissions in Yukon, due in the second half of this year, have been carefully assembled, said Tom Rizzo, director of product management for SQL Server at Microsoft, in Redmond, Wash. "Today, we have tens of permissions in SQL Server," said Rizzo. "In Yukon, well have hundreds of permissions. Its the principle of least privilege." Other new Yukon security features include the capability to separate execution context for applications or code running in the database, as well as integration with Microsoft Update. To help distinguish between DBAs and developers, Rizzo said Yukon clearly breaks out responsibilities for administering users and database schemata. Oracle, for its part, has augmented security components in its new Oracle 10g database, such as Oracle Internet Directory and Oracle Identity Management, enabling access management and user provisioning, officials said. The upgrade, due this month, comes more than a year and half after Oracle began touting its Oracle9i database in marketing materials as "unbreakable." Some Oracle users said security issues still take up a great deal of their time. "It would be naive to think that there wont be some exploits which can be applied to Oracles unbreakable environment. ... Hopefully, nobody takes that in a 100 percent literal sense," said Jim Raub, director of enterprise and advanced technologies for Paetec Communications Inc., in Fairport, N.Y. However, Oracles promotion of Oracle 10gs support for grid computing is not resonating with some DBAs. Dartmouths Langille said that despite all the hype by Oracle, the enabling of grid computing is not likely to become important to his institution. He cited the fair amount of overhead management and logistics of identifying machines and said that ensuring their security is too significant a hurdle to build and maintain a grid environment. IBM is blurring the DBA and developer lines with the next version of DB2, code-named Stinger, due late this year. The company last fall rolled out tools that will make it easier for application developers using Microsofts Visual Studio to tap into Stinger, officials said. Despite assurances of enhanced security measures and improved self-service functions in forthcoming products by leading DBMS vendors, a number of DBAs cannot shake the harsh lessons learned by being "Slammed." "The biggest change [in the last year] we have made is to schedule monthly downtimes specifically for updating all of our servers with the now-monthly Microsoft security patches," said Brad McGehee, DBA at Dairy Farmers of America Inc., in Kansas City, Mo. "Before, we had only done it on a case-by-case basis, but as bad as Slammer was, we decided to be more proactive." McGehee said the patch installs take place every month, on a Sunday, meaning employees must work weekends more often. The worms sheer magnitude has led McGehees organization to investigate software to help institute better patch management and tools to capture viruses at the firewall. As DBA staffing levels continue to increase and companies investigate how to do more with data management, many experts predict a serious shortage of DBAs starting by the second half of next year, said Charles Garry, an analyst at Meta Group Inc., in Stamford, Conn. "Not only will there be that increased demand, but [DBAs] are going to need to know more and be paid more. Thats like cold water in the face of a lot of companies," Garry said.
"[DBAs] have more exposure and responsibility for middle-tier applications like Web servers and application servers; theres a whole middle layer of software that has come along for the ride with our move toward Web-based applications," said Langille. "Its definitely adding up to another big chunk of work to an already-burdened staff."