Data protection, RDB recovery - Databases

Data Protection, RDB Recovery

This is about protecting data in the database and applications that request data.

For protection, the administrator of the RDB assigns passes [11] to all users registered in the RDB and gives them permission to perform specific operations with specific data. The easiest way to do this is as in the Oracle RDBMS, using the SQL language.

In this case, as in the centralized database, the prohibition and resolution modes are distinguished. The prohibitions include the password, the user ID. They allow you to access the RDB as a whole.

Individual parts of the RDB may have their own protection. To do this, the ARDB defines the authority (GRANT): a list of operations that the user can perform with the corresponding data items.

Permissions can refer to objects or the system as a whole. The permissions for individual objects ( table inside ) provide a specific table for specific users to perform operations (INSERT, UPDATE, DELETE). System permissions concern the entire database: creating, changing the structure, deleting any table area, polling any table (CREATE, ALTER, DROP, SELECT).

As in a centralized database, the listed authorities can be canceled (REVOKE).

For security purposes, the ARCH can create (use) passwords.

In the case of increased data protection requirements, computer security mechanisms should be used to ensure confidentiality, data integrity and protection against failures. The three main protection mechanisms are data encryption, control over the boot procedure and the use of cryptographic checksums.

If the RDB provides consistent, consistent data, talk about its correct state (correctness).

Recovery (recovery management) is associated with bringing the system to the correct state after (hardware) failure. Any particular recovery method reacts to a specific failure of the RDB.

In the RDB, there may be failures of nodes or a communication network. Since over the noise immunity of networks work for a long time and successfully, most often at reasoning the network is considered reliable. Let's use this assumption, considering nodes unreliable.

The recovery system solves two groups of tasks:

1) with a minor malfunction - a rollback in the execution of the current transaction;

2) with significant failures - minimization of the work to restore the RDB.

The most common for recovery purposes is the system log. When applying a two-phase transaction, the fixation point, is entered when a decision is made to commit the transaction. To perform a commit or rollback, the log information (locks, undo and redo) is used.

Copying changes is possible after the database is closed. However, for RDBs with intensive updates, copying (archiving) should be done while the RDB is in operation.

A log can contain one or more groups of log files and group members for physically storing changes to the RDB. Any group includes one or more files that can be stored on different disks, as is done in an Oracle database.

The recovery procedure is as follows:

1. Hardware failure is resolved.

2. Recovered data files are recovered by copying archival copies and transaction logs.

3. The restore process starts:

a) using transactions (applying corrupted transaction log data to archived copies);

b) with the cancellation of pending transactions that have been recovered after the transaction is restored.

It is easy to see that the recovery process is closely related to the simultaneous access (parallel execution) procedure, which is most often organized using a two-phase transaction. The RDB operating conditions and the transaction storage system determine the system for restoring the failed (failed nodes) transactions and their subsequent execution.

Let's study the process of failure in detail.

It is possible to distinguish the following basic conditions of the node: serviceable, faulty (locked, unmanaged), recoverable.

The stalled node after a while begins to correct and perform the recovery procedure. The contents of the main volatile memory can be lost, and recovery is due to non-volatile stable memory.

An unmanaged node behaves unpredictably and can produce strange messages, but after a while it will also start to recover.

Let's discuss two possible cases of nodes functioning in a reliable network: without duplication and with duplication of data.

With no duplication , unmanaged nodes (nodes with loss of control) are not considered.

Typically, one transaction with a remote call (see Figure 12.4) is divided into a series of subtransactions. When one of them is rolled back, the transaction is rolled back as a whole: in fact, the system returns to the commit point. At the same time, unfulfilled transactions or subtransactions are performed again after the hardware failure is eliminated. Note that in this case, before the elimination of the above-mentioned failure, it is practically impossible to restore the operation of the RDB.

It's worth noting that the rollback of the entire transaction is not always necessary. Another way is possible: to interrupt only a dropped subtransaction, which takes a fixed number of attempts at a new execution. Only if they fail, the entire transaction is rolled back. True, it is possible to restart the executed transactions (cascade return). To eliminate it, obviously, you need (see 12.4) the information exchange (repeated messages) between transactions, that is, the procedure is complicated

Simultaneous access while simplifying the recovery process.

With duplication of data (different copies are stored in different nodes), with a locked up node, it becomes possible to work transactions even when some nodes are in an inoperative state.

There may be partial and complete (in each node there is a complete copy of the RDB) duplication.

With partial duplication , it is possible, as with parallel access, to use the primary copy method if there is no or if there are active nodes. The first method is similar to the considered method of the main node. One node becomes the main one, it is easy to restore the work of auxiliary nodes. Transactions can be numbered. Upon recovery, the auxiliary node must send the last registered transaction number (before its failure) to the main node and then request information about changes made to this time by transactions with large numbers.

Advantages of the main copy method are the only sequence of database correction and decrease the probability of the deadlock.

In case of reading all accessible nodes and using active nodes, a list of U entries for active nodes is created and entered, and the main node is used for recovery. Basic the update transaction should request an environment for recording and updating data in all nodes of the U list, including the main one. You can avoid some conflicts (read-write, write-write). If there are failures and restores, the U list changes with the main node and a complication can occur.

Example 12.1. Let the transaction T form a read lock request in node 1, and then this node denies. When the primary node removes node 1 from U, the remaining transactions lose the ability to request a write lock for node 1 and the conflict T and subsequent transactions may not be allocated.

Example 12.2. Let Node 2 recover. It requests information about the missed transactions. The main node transfers the transaction data T1, ..., Tn and adds node 2 to the U list. However, the transaction Tn + 1 in the commit state has an old list and will not write to node 2.

Thus, we must carefully think over the procedure, preferably using time charts.

Recovery scheme with loss of control>

Fig. 12.7. Recovery scheme for loss of control:

t1 - failure; t2 - failure detection; t, - the beginning of recovery; t4 - end of recovery

Other methods are possible:

1) selecting a new primary node if the former fails, while the previous node must be recoverable, and the new node should be "see" the situation that developed in the previous node. Access is simplified, but recovery is complicated;

2) voting on the majority: if all the nodes of the fragment are denied, it is necessary to wait for the restoration of the majority group.

The scheme for restoring one of the nodes is shown in Fig. 12.7.

At node t1, let node 2 fail and its database crash. If node 2 is not corrected before time t5, then failing nodes 1 or 2 will cause a serious failure. Node 2 detects its failure at time t, and begins to recover using the snapshots other nodes. In the interval t3 - t4, the good nodes should continue to execute the transactions that node 2 has to memorize (and process after t4). From the moment t4, node 2 joins the others and the system can withstand a second failure.

thematic pictures

Also We Can Offer!

Other services that we offer

If you don’t see the necessary subject, paper type, or topic in our list of available services and examples, don’t worry! We have a number of other academic disciplines to suit the needs of anyone who visits this website looking for help.

How to ...

We made your life easier with putting together a big number of articles and guidelines on how to plan and write different types of assignments (Essay, Research Paper, Dissertation etc)