SAP Sybase ASE 16.0 major features

by Jason L Froebe on March 25, 2014, no comments

Sybase .. er… SAP will be releasing Adaptive Server Enterprise 16 within in the next few months (currently expected in Q2 2014). SAP has made the ASE 16.0 manuals available.

Kevin Sherlock sums up the major new features quite well:

  • create or replace functionality
  • multiple triggers
  • monitoring threshold based events
  • configuration tracking history
  • partition level locking
  • log space usage tracking
  • CIS to HANA

While the number of major features may be a bit lacking on first glance to justify being a major release, Jeff Tallman of SAP provides a bit of reasoning on what was really changed:

Hidden under the covers of ASE 16 is a lot of rewrites to spinlock areas of code – so, while you are seeing what looks to be a scattering of features, the main work was done in scaling and eliminating contention – both on high core counts as well as lower core counts – the later especially with proc cache and ELC configuration – as well as log semaphore contention and eliminating the problem of buffer unpinning. Some of these changes required linking in machine code – which means only supporting current releases of certain platforms/OS’s – which by itself often dictates a new platform number. However, there are a number of new features – if you read the NFG, you can see a laundry list – one of which may or may not be mentioned there is HADR mode – which more tightly integrates ASE & SRS – not only is there a synchronous RepAgent (requires an new SRS SP to be launched later), standby ASE is readonly for normal users (ASE actually detects it is standby – and unless you are a privileged user such as RS maint or sa_role, writes are blocked), but ASE also now supports client failover from primary to standby ASE without OpenSwitch – in short term, available for Business Suite – later this year (perhaps) custom apps.

However, with regard to Full Database Encryption…..from a data security standpoint, you can think of it as filling a gap between column level encryption and standard MAC/DAC controls – especially with predicated permissions in the mix. Remember, in column level encryption, we decrypted data at the materialization stage (and encrypted it in normalization) which meant that the data was encrypted both in memory as well as on disk. This was important, because, when you have database users with different access requirements – and especially if you want to keep DBA’s from seeing the data, you need to encrypt the data in memory as well as on disk – and with different users/different requirements, you also need to be able to encrypt different columns with different keys. As a result of encryption, some common database performance techniques – such as leaf/range scans on encrypted cols – were penalized as the index was sorted by the encrypted value (otherwise, it would be security hole) – and no real secure encryption techniques exist that would preserve the lexigraphical sequence. As a result, often times a different index was used for the query or if that index was selected, it was a full leaf scan followed by decryption & sorting – quite a bit of overhead compared to the unencrypted leaf scan. Of course, Encrypted Columns took a bit of effort to set up as someone had to go through and identify every column of sensitive data, determine which Column Encryption Key to use and who should have access – some planning.

Encrypted Columns = data at rest and in memory fully encrypted – and only select designated users could see the data – others saw a default literal value.

Full Database Encryption is intended to solve the problem of ensuring the data at rest is encrypted, but sort of assumes that all legitimate users of the database have the same access rights to the data. Since all users have the same access rights, there is no need to encrypt in memory, use different keys for different columns, etc. As a result, the encryption happens just prior to being written to disk – or just after being read from disk – and on a page basis vs. individual column basis. As a result, index key values, etc. are in their normal sorted order – meaning there is no penalty for leaf scans/range scans any more. Yes, the PIOs may take a slight bit longer but I would be willing to wager we could encrypt the data far faster than traditional disk-based storage can either write it to disk or read it from disk. The time aspect may be very very slightly noticeable on large physical read driven queries. Of course, encryption does use CPU – that might be more noticeable – depending on how much physical IO you are doing. However, since most apps operate on 95%+ cache hit rates, it might not be that noticeable. Remember as well, for write intensive apps, it is often not your SPID doing the writes – it is the HK Wash, checkpoint, someone else pushing your page through wash marker, etc. Keep in mind that one of the drivers for this was SAP ERP applications – where performance is extremely critical due to the way the applications tend to operate (a lot of client side joins to avoid temp tables due to vendor incompatibilities with respect to tempdb). As a result, performance was a key consideration. Level of effort for implemenation is minimal – set up your keys and encrypt the database. Voila!

Full Database Encryption = data at rest fully encrypted – all legitimate users have access.

Hopefully, this not only addresses the speed question, but also the differences. — Jeff Tallman in response to ASE 16: When and what major features?

SAP has overhauled ASE bringing it up to modern performance and scalability. It’s far too early to determine whether the rebuilt engine will live up to the our expectations.

Share Button

IBM Tivoli Storage Manager (TSM) – How to determine management class and retention using dsmc

by Jason L Froebe on March 24, 2014, no comments

If your company uses IBM’s Tivoli Storage Manager, you may one day be asked to determine what the management class or retention is for the backups you’re performing. Unless you are using the Windows GUI front end, you may be at a loss to obtain this information. Never fear, as long as you have access to the dsmc command line, this is easy to get.

tsm> query mgmtclass -detail

In the output, we can see that the default management class being used in “DFLT_MC”. Unless your backup job explicitly sets the management class, you will use “DFLT_MC”. The retention is 45 days.

Domain Name               : EXAMPLE
Activated Policy Set Name : EXAMPLE_POL
Activation date/time      : 01/19/2008 15:22:23
Default Mgmt Class Name   : DFLT_MC
Grace Period Backup Retn. : 45 day(s)
Grace Period Archive Retn.: 45 day(s)

MgmtClass Name                  : 90DAY_STOR
Description                     :
Space Management Technique      : None
Auto Migrate on Non-Usage       : 0
Backup Required Before Migration: YES
Destination for Migrated Files  : TAPEPOOL
Copy Group
        Copy Group Name........: STANDARD
        Copy Type..............: Archive
        Copy Frequency.........: Cmd
        Retain Version.........: 90 day(s)
        Copy Serialization.....: Shared Static
        Copy Mode..............: Absolute
        Retain Initiation......: Create
        Retain Minimum.........: 65534 day(s)
        Copy Destination.......: TAPEPOOL
        Lan Free Destination...: NO
        Deduplicate Data.......: NO

MgmtClass Name                  : DFLT_MC
Description                     :
Space Management Technique      : None
Auto Migrate on Non-Usage       : 0
Backup Required Before Migration: YES
Destination for Migrated Files  : BACKUPPOOL
Copy Group
        Copy Group Name........: STANDARD
        Copy Type..............: Backup
        Copy Frequency.........: 0 day(s)
        Versions Data Exists...: 6 version(s)
        Versions Data Deleted..: 45 version(s)
        Retain Extra Versions..: 45 day(s)
        Retain Only Version....: 70 day(s)
        Copy Serialization.....: Shared Static
        Copy Mode..............: Modified
        Copy Destination.......: BACKUPPOOL
        Lan Free Destination...: NO
        Deduplicate Data.......: NO

        Copy Group Name........: STANDARD
        Copy Type..............: Archive
        Copy Frequency.........: Cmd
        Retain Version.........: 45 day(s)
        Copy Serialization.....: Shared Static
        Copy Mode..............: Absolute
        Retain Initiation......: Create
        Retain Minimum.........: 65534 day(s)
        Copy Destination.......: TAPEPOOL
        Lan Free Destination...: NO
        Deduplicate Data.......: NO
Share Button

FW: A Faster Perl Runtime in Tiny Steps by Steffen Müller

by Jason L Froebe on March 18, 2014, no comments

Booking.com perluses the Perl programming language heavily across its entire technical infrastructure. At the size of our infrastructure, even small performance improvements can translate into hefty savings, not to mention the exciting new features that we will implement with those spare CPU cycles. For this reason, we are very happy to announce that we are now funding Dave Mitchell, prominently known for his many years of high-quality contributions to the Perl language implementation, to improve the Perl runtime’s performance one small step at a time.

Read more at A Faster Perl Runtime in Tiny Steps by Steffen Müller

Share Button

FW: ASE 15.7: Create a Remote Server to SAP IQ 16.0

by Jason L Froebe on March 18, 2014, no comments

ASE 15.7: Create a Remote Server to SAP IQ 16.0
March 12, 2014

Create the remote server entry in the interfaces file; sql.ini (Windows) or interfaces (UNIX).

[myIQServer]
master=TCP,myIQHost,4091
query=TCP,myIQHost,4091

Read more at ARBIME
syLogo

Share Button

SAP Sybase ASE: Unable to start ASE when getting “No unlocked logins with permission ‘…’ were found”? SOLVED

by Jason L Froebe on March 14, 2014, no comments

Have you received SAP Sybasethe error “No unlocked logins with permission ‘…’ were found” when attempting to start ASE?

00:0002:00000:00001:2014/03/14 08:51:04.87 server  Database 'master' is now online.
server  The transaction log in the database 'master' will use I/O size of 2 Kb.
server  No unlocked logins with permission '200' were found.
kernel  ueshutdown: exiting
kernel  Main thread performing final shutdown.
kernel  Network and device connection limit is 65519.
kernel  Encryption provider initialization succeeded on engine 1.
kernel  Thread 3 (LWP 41877545) of Threadpool syb_default_pool online as engine 1
kernel  Blocking call queue shutdown.
08:51:05.03 kernel  SySAM: Checked in license for 2 ASE_CORE

This message is the result of specifying the “-n” in the RUN server file for ASE.

-n system_privilege, –permission-logins – specifies the system privilege name so that a list of login accounts with this system privilege is printed into log file. – From Logging in to a locked-out Adaptive Server

When the “-n” is specified, it acts very similar to “-p” in the sense that ASE will make the change and shutdown. In this case, it would print the logins that have the system privilege of “200″ then shutdown.

Share Button
Facebook login by WP-FB-AutoConnect