How to not put company in to a risk (from DBA perspective)
Let me start this post with following quotation "People are definitely a company's greatest asset. A company is only as good as the people it keeps".
I fully agree with these sentences because regarding current topic it's definitely true and appropriate.
Internet is a great thing, it's a perfect source of information. Back to 1998 in times when I started with my first steps with Oracle Database there wasn't so many public knowledge sources about it. Software had been shipped on CDs and it had been very rare to see online documentation. Not many books in the book store, no Blogs and of course no Oracle ACE program as well :-). Those days are just memories now and by the time Internet became great source of information or software like Oracle Database XE thus place where one can get great portion of knowledge or even lessons learnt from other people thus it's very easy to leverage the experience. The side effects of this transformation of Internet is that many times people take information found there as a single point of truth, many people have slow down their skills development, because many solutions for potential problems can be easily found there moreover less experienced people don't study things closely they found or they are not so careful. The potential result could be at least unpleasant.
1. Your company may become under-licensed
I hear very often that "Oracle is too expensive" or "We pay a lot of money for it". Honestly I agree, it is expensive but also has lot to offer for that price. But most of the time when I hear such complains, I always ask questions like "Does it need to be?", "Do you really need all stuff (options, packs or other features) you pay for?". But there is another potential problem I'd like to point out in this paragraph. Every company has (should have) department or specific group of people responsible for Software Asset Management (or precisely Software Licenses Management). They maintain the evidence of license contracts, current price holds and usually they should have software repository which holds all information about used software and purchased licenses. What does it with IT staff like DBAs? What does it have with Oracle as technology itself? A quite lot.
In old times DBA's world and scope was everything what was stored or has happened within a database. Experienced DBA knew that not just DB configuration and application code have influenced database performance, so they felt that it has been necessary to see things in full picture thus to have solid understanding of full stack from the bottom to the top which means to understand things around storage layer, OS layer, network layer, DB layer (of course) and application layer as well (SQL and PL/SQL). This knowledge is and always has been influential to the fast identification and resolution of issues. In fact exactly this approach came later known as DBA 2.0 - The Next Generation DBA initiative back in 2008 (perhaps too late but at least...).
Database area has moved further since 2008 (now probably it's time for DBA 3.0) and in these days modern DBA should be familiar with current trends, e.g. Cloud technologies, automation and also probably the most underestimated thing in DBA's world - Licensing.
As I stated in the beginning of this article amount of information on Internet growth over years dramatically and it is possible to find many Cookbooks, HOWTOs or even scripts.
Consider this example taken from known web page found on Internet listed in top 3 results of search engine) according to page rank it's obvious that this page might have huge number of visitors:
---------------------------------
If you need to create a snapshot manually, because you don’t like the one-hour interval, or if you disabled taking snapshots at all:
EXEC DBMS_WORKLOAD_REPOSITORY.create_snapshot;
Create a report:
@$ORACLE_HOME/rdbms/admin/awrrpt.sql
This script will ask you for the format of the report (html or plain text), the snapshot ID for start and end of the report (an overview of the last n day’s snapshots is given) and for a report name, that’s used for the report file name (.html or .lst).
Stay happy with your databases,
---------------------------------
Now what's the catch here? Let me ask you couple of questions:
- Did you know that AWR feature is part of Diagnostic pack which is separately licensed pack?
- Does have your Oracle Database Diagnostic pack licensed?
- Does your instance control usage of Diagnostic pack?
If your answer was 3x "No" (or "No" to last two questions) your database might be under-licensed at this moment. In this particular case the absence of this knowledge and using the default configuration settings resulted to under-licensed environment. Answer for the second question should be given by department or team responsible for Software Asset Management (mentioned at the top of this article).
Each new version of the database comes with new and interesting features, not just for administrators but also for developers. It's almost impossible to expect from developer that he/she would know how the features are licensed but this is the point which DBA should be aware of, moreover only DBA is able to control usage of extra paid features.
Well perhaps, in this case the script is free of charge but database software and especially feature which is being used is not free at all.
Let's say that your DB environment has (just) 4xCPU (Intel) cores while list price (CPU metric) for Diagnostic pack is approx. 5000 USD (check your price hold), that means approx. 10000 USD (CapEx) and (approx.) 2200+ USD (OpEx every year) "damage" for your company. The web page states "Stay happy with your databases", unfortunately in this perspective it sounds more like sarcasm. Although Diagnostic pack is very useful pack but this is not definitely the best way how to tell to the management "We need it!".
I checked several Blogs listed in top 20 results given by my favourite search engine. Almost of them were from well known people in Oracle community (most of them had been written by members of the Oracle ACE program, thus more less trusted persons in the Oracle community) but only one of them contained disclaimer or warning about usage of extra paid option/pack. But also this particular page provides scripts where the disclaimer/warning is missing among other remarks in top of the script.
Knowledge is key here and study of new features shouldn't be limited to features only but I believe that study of licensing implications should be part of your standard practice. This is probably bad message for a Google/Stackoverflow DBAs, which are (very often) lazy and refusing continuous self-education, relying on the knowledge of the other's instead on their own. Unfortunately during my consultancies I often see that database environments are not licensed correctly, let's say 7 of 10 environments and that's really bad ratio.
Note that Licensing is really complex topic (don't hesitate to hire some consultant well experienced in this area) but to understand the basics could protect you from potential (non-technical) problems and your company as well.
2. Your system may become accidentaly unstable, unaccessible or even compromized
This paragraph is about different type of hidden danger while the source (Internet of course) remains the same. I'm not going to talk about it's generally bad idea to have accessible listener/dispatcher port accessible from Internet, about using of default passwords or other basic things. Let me explain the issue by example. I have created simple demo which is using the same command as in previous paragraph, you can find it on this link: http://ivan.kartik.sk/demos/pjdemo.html
Have you ever heard about "PasteJacking"? So, this is it. Now consider less skilled DBA with lack of knowledge, with bad (or not so good) stress factor in stressful situation such as performance degradation, outage of mission or business critical database. He finds a "quick-win solution", a script published in some article on the Internet. What he will do in this situation?
Now consider the script which may contain DROP commands or other sophisticated evil code...
Know the source and even if source is page of well known person in the community or industry doesn't necessarily mean that his pages weren't compromised thanks to bug in publishing system he is using.
You should always be careful and check and fully understand what you are going to "paste" to the SQLPlus, shell, etc.
Another story is using "solution" which is not appropriate for the problem. Some time ago some guys were facing to some issue where the flushing of buffer cache was a workaround that helped. Of course they found this workaround on Internet. You may guess what happened during another completely different issue although with similar symptoms, but unfortunately not the same. Yes, flushing of buffer cache was the first thing that guys tried in order to "fix" the problem. It didn't work for that particular issue moreover it has created another one and outstanding issue suddenly became even worse.
Well, glucose is commonly used in medicine but don't try give it to a patient with diabetes when he fainted due to lack of insulin.
Rock solid knowledge and adopting a good practices or habits is the key how to not put your database in to problems or even danger. With rock solid knowledge you will understand Blogs and articles published on Internet as a additional information sources and not as a easy problem solvers. Knowledge is the asset for thus skilled people make company's greatest asset.
Let me finish this post with a funny quote: "Don't believe everything you read on or copying from the Internet. Abraham Lincoln"