Can we add another DB?

  • We recently bought a server for our org. It hosts our SQL server for Billing and payroll.  I was told that our server could not host a small database that would only need to be accessed 20 times a month with only about 5 connections or so each time (at the most 250 connections a month is probably far more than enough).  These connections would only be open long enough to query a small database and save a few changes here and there.  The connection will not be opened in between querying and saving the data. In other words it shouldn't be open for anymore than a few seconds.

    It was explained that the servers were created specifically with the performance needs of the billing and payroll apps in mind. They also claim that confidential information is kept on them and giving me access to the server to create my own small database would be compromising. They said that i will need my own server to host my app.

    I do realize that servers are created with the application's performance needs in mind; however, i don't believe that a brand new server cannot handle an additional small sqlserver database with only a few connections a month.  Also i believe that servers are built scalable enough to meet more than just the minimum requirements.

    (These people are novices and are more interested in controlling the things in their care than they are willing to see things work. Basically i just wonder if they claims sound legitimate.)

    So my questions are

    1) Why can't a small database not be placed on this server when SQLserver2000 is already on it?

    2) If the databases are protected by passwords, why would giving me access to my own tables be a security threat?

    3) Why would it be necessary to purchase a whole new server for such a small project?  The project will have company wide connections but only a few people will access it an any given time. at the most no more than 20. the chances of it be simulateous are very small since only one person per day or any given hour will be using it.

    Thanks!

  • 1) Why can't a small database not be placed on this server when SQLserver2000 is already on it?

    It can, in fact many can.

    2) If the databases are protected by passwords, why would giving me access to my own tables be a security threat?

    I presume that 'they' own the server? However you own the licenses? If their security is good enough - you wont be able to touch anything they have done, or see the contents of the tables. Besides, why would you?

    3) Why would it be necessary to purchase a whole new server for such a small project?  The project will have company wide connections but only a few people will access it an any given time. at the most no more than 20. the chances of it be simulateous are very small since only one person per day or any given hour will be using it.

    Its sounds a bit daft to do that, from a cost perspective, it would not be benficial as you would have to buy the new hardware and additional licenses, which are not cheap. If you are really bored and want to burn some company money, then go for it - otherwise, I would push to have your DB on the server.

    To me, their claims sound like complete tosh.

  • 2) If the databases are protected by passwords, why would giving me access to my own tables be a security threat?

    I presume that 'they' own the server? However you own the licenses? If their security is good enough - you wont be able to touch anything they have done, or see the contents of the tables. Besides, why would you?

    HOWEVER, what permissions would you have? SYSADMIN role? If so, then you would have access to all databases on the instance.

    Some government rules require the physical separation of personal information (HR/Payroll/etc) and all other information. (Some system certification rules require this also). I forget the term for it, but some of our systems are undergoing that certification.

    Does it make sense? Not really, but it is their system and that's their rules.

    So, it's their server - for whatever reason, they said you can't play in their sandbox...so you'll need to get your own or try to convince the higher ups.

    -SQLBill

  • Thanks guys. 

    The server is our company's server.  I'm working for our Performance Improvement Department. However, we fear that the MIS department, being the novices that they are, are either bluffling, don't know what they are doing, or are just against the project.  It is only a matter of IF it CAN be done.

    From what i understand it is not a difficult thing to do.

    However you do raise the question about legal issues.  Do you have any idea how i can go about verifying whether this would legally be an issue or not? This is a healthcare center.

    That may be a good point. I'll look in to our HIPAA laws and see if JCAHO our accreditation company have anything to say about this.

    Thanks!

  • Hi guys, i looked up the information about HIPAA and JCAHO and the server is not a concern of theirs. 

    Thanks. If i have any more questions. I'll come back and ask.

  • Thanks guys! There were no political restrictions whatsoever.

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply