July 6, 2016 at 9:02 am
100% agreed. Yesterday was the first time I had heard of their 5 9's target. I laughed hysterically inside my head - our company are using VM's as their "HA" option, so there goes that target right there.
As I sit here and contemplate life, I start to wonder if I should go get a job farming mushrooms or something. 😀
July 6, 2016 at 9:22 am
Yes, the CIO finally agreed with me that I could not do my job without sysadmin... although for some strange reason the 3rd Party company might still insist on doing the backups "due to their contractual obligations to maintain the 5 9's". Well, as long as I can do an adhoc backup as required by business reasons, they can fill their boots.
Thanks again for all the great support on this frustrating topic Smile
Are they taking over all your system administration type tasks or just the databases/database servers? Also if you were doing DBA and developer work it's possible your CIO simply assumed you'd be transitioning to more development work and wouldn't need admin access in production anymore. It's fairly common for companies to have a team that handles nothing but the administration without touching development which would make sense if it's a third party.
July 6, 2016 at 9:31 am
This is where it got a bit tricky. I am not a development DBA by any stretch of the imagination. my role is to do the backups, refreshes, performance tuning - basically your admin side of the role. As I am the only DBA in the company, my role stretches across the Test and Production Databases.
Someone, in their infinite wisdom, decided that the 3rd party would do the "production" database admin, and I would do the Test database admin. Unfortunately, they forgot to ask what I spent my time doing (90% of my time is Production, 10% test). And then when I challenged what I would be doing with 36 hours of my working week, they asked me what it was that I do on production - hence my question to the forum.
Basically, I have had to justify my role and itemise everything I do as a DBA on both Production and Test, and assign an estimated time to each task.:w00t:
July 6, 2016 at 10:12 am
tezsb (7/6/2016)
Yes, the CIO finally agreed with me that I could not do my job without sysadmin... although for some strange reason the 3rd Party company might still insist on doing the backups "due to their contractual obligations to maintain the 5 9's". Well, as long as I can do an adhoc backup as required by business reasons, they can fill their boots.Thanks again for all the great support on this frustrating topic 🙂
On that note (and you probably already know this but just making sure)...
1. If you need to do an ad hoc backup, make sure that you used the COPY ONLY option so that the 3rd party can't blame you for messing up any DIF backups they may have taken.
2. Still review their backup plan (which you can do by looking at the actual backups they take. They'll show up in the SQL Backup GUI). Ultimately, it doesn't matter who is responsible for what in the area of backups but you need to protect the company by knowing for sure.
--Jeff Moden
Change is inevitable... Change for the better is not.
July 6, 2016 at 10:17 am
tezsb (7/6/2016)
This is where it got a bit tricky. I am not a development DBA by any stretch of the imagination. my role is to do the backups, refreshes, performance tuning - basically your admin side of the role. As I am the only DBA in the company, my role stretches across the Test and Production Databases.Someone, in their infinite wisdom, decided that the 3rd party would do the "production" database admin, and I would do the Test database admin. Unfortunately, they forgot to ask what I spent my time doing (90% of my time is Production, 10% test). And then when I challenged what I would be doing with 36 hours of my working week, they asked me what it was that I do on production - hence my question to the forum.
Basically, I have had to justify my role and itemise everything I do as a DBA on both Production and Test, and assign an estimated time to each task.:w00t:
Any chance of you sharing the list you made? It might help others.
Also, what is your definition of "performance tuning" if you have no claims to being at least partially a Development/Application DBA?
--Jeff Moden
Change is inevitable... Change for the better is not.
July 6, 2016 at 10:22 am
Jeff Moden (7/6/2016)
tezsb (7/6/2016)
This is where it got a bit tricky. I am not a development DBA by any stretch of the imagination. my role is to do the backups, refreshes, performance tuning - basically your admin side of the role. As I am the only DBA in the company, my role stretches across the Test and Production Databases.Someone, in their infinite wisdom, decided that the 3rd party would do the "production" database admin, and I would do the Test database admin. Unfortunately, they forgot to ask what I spent my time doing (90% of my time is Production, 10% test). And then when I challenged what I would be doing with 36 hours of my working week, they asked me what it was that I do on production - hence my question to the forum.
Basically, I have had to justify my role and itemise everything I do as a DBA on both Production and Test, and assign an estimated time to each task.:w00t:
Any chance of you sharing the list you made? I might help others.
Also, what is your definition of "performance tuning" if you have no claims to being at least partially a Development/Application DBA?
That might make a good article.
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
July 6, 2016 at 10:32 am
Jeff Moden (7/6/2016)
tezsb (7/6/2016)
Yes, the CIO finally agreed with me that I could not do my job without sysadmin... although for some strange reason the 3rd Party company might still insist on doing the backups "due to their contractual obligations to maintain the 5 9's". Well, as long as I can do an adhoc backup as required by business reasons, they can fill their boots.Thanks again for all the great support on this frustrating topic 🙂
On that note (and you probably already know this but just making sure)...
1. If you need to do an ad hoc backup, make sure that you used the COPY ONLY option so that the 3rd party can't blame you for messing up any DIF backups they may have taken.
2. Still review their backup plan (which you can do by looking at the actual backups they take. They'll show up in the SQL Backup GUI). Ultimately, it doesn't matter who is responsible for what in the area of backups but you need to protect the company by knowing for sure.
On the topic of backups, I'd suggest pressing them for information on *HOW* they're going to be doing the backups. We (briefly) were looking at moving our servers (SQL and others) to a "cloud" provider. The provider would handle things like backups of the servers, etc.
How would they "backup" the servers, including SQL?
Snapshots of the servers...
Bear in mind, we host databases from different applications, so with a snapshot-type "backup" if someone hosed up their data, or a database became corrupt, we'd have to roll *everyone* back to the most recent snapshot.
Need a copy of a database restored because you broke a stored procedure or such and just found out?
Either re-create it or roll everyone back.
Sure, the snapshots would work fine for the web servers, but not so much for my servers...
We didn't go with the provider in question for this and other reasons (they're not a public provider, so it wasn't Amazon or Microsoft.)
July 6, 2016 at 6:13 pm
The GOOD part about them taking away all privs from prod is that you could actually justify turning off the phone at night. 😉
--Jeff Moden
Change is inevitable... Change for the better is not.
July 6, 2016 at 9:16 pm
jasona.work (7/6/2016)
On the topic of backups, I'd suggest pressing them for information on *HOW* they're going to be doing the backups. We (briefly) were looking at moving our servers (SQL and others) to a "cloud" provider. The provider would handle things like backups of the servers, etc.How would they "backup" the servers, including SQL?
Exactly why I say to start with looking at MSDB/The Backup GUI. If backups don't show up there, there may be trouble in paradise.
--Jeff Moden
Change is inevitable... Change for the better is not.
July 7, 2016 at 1:12 am
Here is the list I compiled. Its quite rudimentary as I did it in about a day) I probably missed a few things off, feel free to add to it:
Monitoring Dashboard (Redgate). Act on Issues reported by Monitoring:-
HealthCheck Failures (CheckDB etc)
Long running queries, blocked processes
Maintenance job Failures (backups, reindex, update stats etc)
Application Job Failures
Error Messages reported (messages in the error log)
Create
Install SQL Server Instance
Create Database
Users
Database Objects (Indexes, stats, tables, assemblies etc)
Backup DB Jobs
Backup T-Log Jobs
Reindex Jobs
Update Stats jobs
CheckDB jobs
Cleanup Jobs
Application Related SQL Jobs (SSIS etc)
Modify
Patching SQL Instances
SQL Instance Upgrades
Database
Users
Database Objects (Indexes, stats, tables, assemblies etc)
Backup DB Jobs
Backup T-Log Jobs
Reindex Jobs
Update Stats jobs
CheckDB jobs
Cleanup Jobs
Application Related SQL Jobs
SQL configuration Changes
Delete
Uninstall SQL Instance
Database
Users
Database Objects (Indexes, stats, tables, assemblies etc)
Backup DB Jobs
Backup T-Log Jobs
Reindex Jobs
Update Stats jobs
CheckDB jobs
Cleanup Jobs
Application Related SQL Jobs
MISC
Kill User processes (not often, but sometimes a hung process causes all sorts of havoc)
Investigate Performance issues
Refresh Test /Dev from Live/UAT
Deployment of scripts provided by developers into Production
Restart SQL Server
DR
Restore and recovery of databases in DR Scenario
July 7, 2016 at 6:54 am
Jeff Moden (7/6/2016)
jasona.work (7/6/2016)
On the topic of backups, I'd suggest pressing them for information on *HOW* they're going to be doing the backups. We (briefly) were looking at moving our servers (SQL and others) to a "cloud" provider. The provider would handle things like backups of the servers, etc.How would they "backup" the servers, including SQL?
Exactly why I say to start with looking at MSDB/The Backup GUI. If backups don't show up there, there may be trouble in paradise.
Good point, but it sounds like they've not yet taken over, so better to find out *now* rather then after.
July 7, 2016 at 7:56 am
jasona.work (7/7/2016)
Jeff Moden (7/6/2016)
jasona.work (7/6/2016)
On the topic of backups, I'd suggest pressing them for information on *HOW* they're going to be doing the backups. We (briefly) were looking at moving our servers (SQL and others) to a "cloud" provider. The provider would handle things like backups of the servers, etc.How would they "backup" the servers, including SQL?
Exactly why I say to start with looking at MSDB/The Backup GUI. If backups don't show up there, there may be trouble in paradise.
Good point, but it sounds like they've not yet taken over, so better to find out *now* rather then after.
Absolutely! The problem will be if they're using a backup system that doesn't use the "guts" of an SQL Server native backup like so many products actually do. There's no way they'll give privs to the backup files so that you can "trust but verify". 😀
--Jeff Moden
Change is inevitable... Change for the better is not.
July 7, 2016 at 9:57 am
It's actually not that unusual a request... they may simply need to justify *any* access to production, and that includes you. They need to be able to tell an auditor why you have the access that you have. I've been through the same process myself.
The best response to do is create a list of the things you do in production that require access. Be as complete as possible, and try to provide it in such a way that a non-technical person (which many auditors may be) will be able to understand.
Viewing 13 posts - 16 through 27 (of 27 total)
You must be logged in to reply to this topic. Login to reply