Happy New Year everyone!
Hope you had a great Christmas break too?
To quickly recap I listed the following areas of interest raised by our customers when considering running SAP Sybase ASE systems virtualized:
- Performance Impact. I’ve heard some many different opinions, just what is the real picture?
- Systems Supportability. Just how do I monitor for and manage issues when (say) the ASE is in the cloud? Does running ASE under a VM increase risk of outages etc?
- Systems Consolidation. How does this work out in practice when many ASE/VM systems are sharing a host h/w environment?
- Security – public cloud deployment related largely. What can ASE provide here to help address my security concerns?
- Disaster Recovery and Resilience e.g. backup and recovery approaches. Do I have to rethink/re-invent my DR/resilience strategies running ASE virtualized now?
- Migration Effort. Cost/Effort in migrating ASE systems to VM/cloud. In practice is migrating a productive system to VM any harder than any other migration? What does ASE and the supporting product/tool set provide to help me?
- Operational Cost Savings – In practice do I see the hoped for reduction in my total cost of ownership (TCO)
In my first (introductory) post I covered the potential performance impact of running SAP Sybase ASE in the cloud / a virtualized environment
In this post I will be covering the next topic areas – Systems Supportability, Systems Consolidation and Security.
The answer to the first question posed is tied up in the statement that an ASE running in a cloud/virtual environment is exactly like one running in a physical environment. The differences in the external/supporting O/S environments are “hidden” from the ASE.
As a result all the standard (and third party provided) ASE monitoring (including ASE MDA tables, sp_sysmon etc) and management tools can still be used.
Where care may need to be taken is in the interpretation of some of the metrics provided by monitoring tools particularly where they relate to O/S metrics such as disk i/o & service times, ASE CPU absorption, ASE O/S (“physical”) memory use etc.
As far as the pure ASE management features (e.g users, passwords, databases, general configuration etc) of these tools are concerned, there is no impact to be considered in a cloud/virtualized deployment.
WIth respect to the second question – the risk of outage – the marginally more complex IT architecture could on the face of it appear to increase risk. However in practice, the opposite is generally true as most virtual systems (VMware, Xen etc) often come with sophisticated capabilities (load balancing, VM resource dynamic re-allocation, VM re-deployment etc) able to monitor the state of VMs within them and take action to avoid outages. Indeed it is these “in built” resilience capabilities that often form part of the rationale for going to cloud/virtual deployments. Indirectly ASEs running within these VMs benefit from all of these capabilities of course. In some cases, these capabilities overlap with those provided by other SAP Sybase data management products notably SAP Sybase Replication Server – more on this in later blog posts.
Finally, in terms of ASE support skills required, in my experience there is little if any impact – the traditional ASE DBA skills still apply.
However, the overall systems support “skill set mix” will need to reflect the virtualization environment used of course.
By the way, it would be great to hear from you especially if you have some interesting cloud/virtual environment support stories you can publicly share?
OK, so this is the whole point of virtualization – right? The ability to reduce h/w (other – operational etc) costs through consolidation of IT infrastructure supporting our ASE systems. In practice how does it pan out for our ASE customers who have tried this?
Well I think it is fair to say “the jury is still out” as this approach is really only beginning to gain traction amongst our ASE customer base with a number of significant cloud/virtual/consolidation projects in progress at this time. By the way most are targeting the use of on-premise virtualization.
At the recent UK Tech*Select (the Sybase UK User Group) event held in Nov 2012 the comments were mixed for those that had started. Some found that operationally it was more difficult to determine where route cause lay (and who to call) when issues arose – particularly performance related. Presumably a comment referencing the marginally more complex IT architecture (and its layers – the “hypervisor” etc) deployed for cloud/virtual systems? Others had found (for example my client from the last post) that the “consolidation promise” had been pretty well fulfilled and they had realised operational cost savings etc.
So if you have any experiences with respect to the consolidation of some (all?) of your ASE (other SAP Sybase products – IQ?) you would be happy to publicly share, it would be very interesting to hear from you?
Public clouds and shared virtualization environments are clearly less isolated from a network and OS perspective. As a result, it is even more important to ensure that security in the database is robust and impermeable to security threats.
Fortunately ASE offers a superior suite of security capabilities including advanced disk store encryption, various network related encryption capabilities, authentication capabilities and backup password protection. These features (especially disk store encryption) provide reassurance for customers deploying and accessing “sensitive” data in ASE cloud deployments.
Additionally, ASE has historically had fewer loopholes/bugs in these security features requiring “emergency” fixes when compared to our mainstream competition where relatively frequent s/w installation patches/fixes due to (serious) loopholes in security are “the norm”.
To illustrate – ASE engineering did not have to release any security patches at all in the 24 months (to June 3, 2012).
With respect to disk (database) encryption it is interesting to note that ASE uses its own encryption algorithms and does not rely on proprietary h/w (disk) algorithms providing for a more portable (platform independent) solution which clearly fits well in the cloud / virtual space.
BTW – Just to be complete, it is important to state that ASE supports the selective encryption of table columns on a per column basis rather than a blanket all data in a database type of approach.
For a useful overview of ASE and it’s security features I suggest you start here: http://www.sybase.com/products/databasemanagement/adaptiveserverenterprise/asesecurity
For full technical detail on these security related features please browse the SAP Sybase ASE manuals at: http://infocenter.sybase.com/help/index.jsp
In summary, I think we can wave a little flag for ASE in terms of it’s security capabilities making it particularly well placed for off-premise cloud/virtual deployments.
Next time I will cover ASE Disaster Recovery and Resilience for ASE environments deployed in the cloud/virtualised, but in the meantime here are a few questions that you may have some thoughts on? If you do it would be great to hear from you.
– Would you expect your resilience/DR architecture thinking to be radically different for ASE cloud/virtualized deployments?
– Does cloud/virtualized deployment increase or decrease resilience/DR architecture complexity?
– What features of cloud/virtualization technologies/products can typically help in the systems residence space?