Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

merging different clients data onto same box Expand / Collapse
Author
Message
Posted Wednesday, September 25, 2013 2:22 PM


SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: 2 days ago @ 4:49 AM
Points: 242, Visits: 961
Hi.
Our current infrastructure is set up whereby we have 20 different companies using the service we provide, each having their own server with sql server 2008r2 installed. Each database server has the same main 3 databases installed all with the same table structure across the estate. Some of the servers are being well under utilised so we are looking at consolidating say 2 clients onto 1 server but we need to keep them totally separate for security/data protection.
I am thinking that the best way to do this is by installing multiple instances on each server, so an instance A for company A , and instance B for company B.
Can anybody who has done this before or knows about it, please advise me of the pro's and cons of doing it and any 'gottchas'
We use transactional replication as well if this adds any extra info for your reasoning.
Post #1498586
Posted Thursday, September 26, 2013 6:56 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Yesterday @ 10:45 AM
Points: 7,214, Visits: 6,356
Oh, dear... Yes, I have been down this road before (old employer). If you are going to have multiple clients on the same box, do absolutely make sure they are on separate instances. Especially if you're dealing in insurance or health services software. HIPAA will bite you big if you get client data mixed up.

Do not, under any circumstances, put them on the same DBs / same instance regardless of what services you are providing. It will be a maintenance nightmare, not to mention a legal one if one client gets ahold of another client's data.

So, Pros... Easier to watch one box than 2 or 3. Physical space in the server room is saved. Utility bills are lower.

Cons... Unless the instances are on Virtual machines (which may or may not work for you), security assignments can get mixed up (again with one client accessing another client's data), a hard drive crash (or any hardware problems) affect all clients on that box, SQL Agent Jobs will multiply because you'll need one for each client / instance on the box, and data theft (or server theft really) is potentially a bigger headache.

Not sure if maintenance is easier or harder in this case. It's sort of half a dozen and 6, if you know what I mean.

Biggest issue, in case I haven't said it enough, is the potential for cross-pollenation of client access / data. You need to take this implementation slowly and be absolutely sure everyone knows which logins and roles and jobs are for which instances and that you absolutely idiot-proof the servers from internal security issues. I've seen more problems caused by a well-meaning dba / developer who ran something on the wrong instance or gave someone the wrong information because they were looking at the wrong client db, etc.

It is crucial that you get things locked down so that only one or two people have access to make changes once things are consolidated. And that the setup is documented to death and everyone knows where the documentation. And that there is plenty of redundancy and high availability for your setup.

Does that help? Or did I just terrify you?


Brandie Tarvin, MCITP Database Administrator

Webpage: http://www.BrandieTarvin.net
LiveJournal Blog: http://brandietarvin.livejournal.com/
On LinkedIn!, Google+, and Twitter.

Freelance Writer: Shadowrun
Latchkeys: Nevermore, Latchkeys: The Bootleg War, and Latchkeys: Roscoes in the Night are now available on Nook and Kindle.
Post #1498804
Posted Thursday, September 26, 2013 7:08 AM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Thursday, August 21, 2014 1:54 PM
Points: 1,432, Visits: 3,229
Brandie Tarvin (9/26/2013)

Do not, under any circumstances, put them on the same DBs / same instance regardless of what services you are providing. It will be a maintenance nightmare, not to mention a legal one if one client gets ahold of another client's data.


With a proper database design and security protocols and policies in place a multi-tenant database is not a problem. In fact it is a more scalable solution for many scenarios. What if you have thousands of customers (imagine dealing with thousands of databases or instances! !#$@?*).

Granted with separate instances your security can be more lax. But with proper application design (separation of data access layer from presentation), encryption and leveraging best security practices it really a non-issue.





The probability of survival is inversely proportional to the angle of arrival.
Post #1498816
Posted Thursday, September 26, 2013 7:12 AM


SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: 2 days ago @ 4:49 AM
Points: 242, Visits: 961
Yes you make some valid points re the security of the data and also the possibility of running things against the wrong data set! I think I could do something along the lines of 'clientname-userlogon' to try and mitigate anyone logging onto wrong instance. So for example a login could be called 'healthservice-johndoeDBA' then 'phonecomany-johndoeDBA' for the other client.
I forgot to mention we have our servers in the cloud so, theft, hardware failure is not really a problem for us. In the case of a disc failing we switch automatically to another VM.
Thanks for your reply - interesting.!
Post #1498818
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse