September 25, 2013 at 2:22 pm
Hi.
Our current infrastructure is set up whereby we have 20 different companies using the service we provide, each having their own server with sql server 2008r2 installed. Each database server has the same main 3 databases installed all with the same table structure across the estate. Some of the servers are being well under utilised so we are looking at consolidating say 2 clients onto 1 server but we need to keep them totally separate for security/data protection.
I am thinking that the best way to do this is by installing multiple instances on each server, so an instance A for company A , and instance B for company B.
Can anybody who has done this before or knows about it, please advise me of the pro's and cons of doing it and any 'gottchas'
We use transactional replication as well if this adds any extra info for your reasoning.
September 26, 2013 at 6:56 am
Oh, dear... Yes, I have been down this road before (old employer). If you are going to have multiple clients on the same box, do absolutely make sure they are on separate instances. Especially if you're dealing in insurance or health services software. HIPAA will bite you big if you get client data mixed up.
Do not, under any circumstances, put them on the same DBs / same instance regardless of what services you are providing. It will be a maintenance nightmare, not to mention a legal one if one client gets ahold of another client's data.
So, Pros... Easier to watch one box than 2 or 3. Physical space in the server room is saved. Utility bills are lower.
Cons... Unless the instances are on Virtual machines (which may or may not work for you), security assignments can get mixed up (again with one client accessing another client's data), a hard drive crash (or any hardware problems) affect all clients on that box, SQL Agent Jobs will multiply because you'll need one for each client / instance on the box, and data theft (or server theft really) is potentially a bigger headache.
Not sure if maintenance is easier or harder in this case. It's sort of half a dozen and 6, if you know what I mean.
Biggest issue, in case I haven't said it enough, is the potential for cross-pollenation of client access / data. You need to take this implementation slowly and be absolutely sure everyone knows which logins and roles and jobs are for which instances and that you absolutely idiot-proof the servers from internal security issues. I've seen more problems caused by a well-meaning dba / developer who ran something on the wrong instance or gave someone the wrong information because they were looking at the wrong client db, etc.
It is crucial that you get things locked down so that only one or two people have access to make changes once things are consolidated. And that the setup is documented to death and everyone knows where the documentation. And that there is plenty of redundancy and high availability for your setup.
Does that help? Or did I just terrify you?
September 26, 2013 at 7:08 am
Brandie Tarvin (9/26/2013)
Do not, under any circumstances, put them on the same DBs / same instance regardless of what services you are providing. It will be a maintenance nightmare, not to mention a legal one if one client gets ahold of another client's data.
With a proper database design and security protocols and policies in place a multi-tenant database is not a problem. In fact it is a more scalable solution for many scenarios. What if you have thousands of customers (imagine dealing with thousands of databases or instances! !#$@?*).
Granted with separate instances your security can be more lax. But with proper application design (separation of data access layer from presentation), encryption and leveraging best security practices it really a non-issue.
The probability of survival is inversely proportional to the angle of arrival.
September 26, 2013 at 7:12 am
Yes you make some valid points re the security of the data and also the possibility of running things against the wrong data set! I think I could do something along the lines of 'clientname-userlogon' to try and mitigate anyone logging onto wrong instance. So for example a login could be called 'healthservice-johndoeDBA' then 'phonecomany-johndoeDBA' for the other client.
I forgot to mention we have our servers in the cloud so, theft, hardware failure is not really a problem for us. In the case of a disc failing we switch automatically to another VM.
Thanks for your reply - interesting.!
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply