Thread: Databases and servers

Databases and servers

From
Karl Martin Skoldebrand
Date:

Hi,

 

I just discovered that a client has done this:

 

They have two web applications A1 and A2. They have seperate hostnames/URLs. Both have a production and a test database A1p and A1t/ A2p and A2t.

What they've done is have both A1p and A2p on the same actual databaser server and A1t and A2t on the same server.

 

So, I'm thinking - if a bug in application A1 crashes the application and database badly it will risk bringing down both services A1 and A2. The same risk would be evident on a successful security breach.

 

I would prefer to A1p and A2p on seperate servers, maybe keeping A1t and A2t on the same. (This is what seems to be happening when the database servers are being repladed).

 

What is the general thought on the current setup?

 

/M     ============================================================================================================================ Disclaimer: This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review the policy at http://www.techmahindra.com/Disclaimer.html externally http://tim.techmahindra.com/tim/disclaimer.html internally within TechMahindra. ============================================================================================================================

Re: Databases and servers

From
"Peter J. Holzer"
Date:
On 2019-08-20 10:33:17 +0000, Karl Martin Skoldebrand wrote:
> I just discovered that a client has done this:
>
> They have two web applications A1 and A2. They have seperate hostnames/URLs.
> Both have a production and a test database A1p and A1t/ A2p and A2t.
>
> What they've done is have both A1p and A2p on the same actual databaser server
> and A1t and A2t on the same server.
>
> So, I'm thinking - if a bug in application A1 crashes the application and
> database badly it will risk bringing down both services A1 and A2. The same
> risk would be evident on a successful security breach.
>
> I would prefer to A1p and A2p on seperate servers, maybe keeping A1t and A2t on
> the same. (This is what seems to be happening when the database servers are
> being repladed).

On rereading this I notice that I'm not sure what that means. If you
propose replacing the two servers with three (two production, one test)
or even four (two production and two test), I agree.

If you want to keep two servers, but rearrange them so that one server
has both the production and the test database for each app on the same
server, see below.


> What is the general thought on the current setup?

Without knowing the details I think I would side with your client here:
It seems to me that the risk of accidentally clobbering a production
database which is in the same host as the test database is higher than
the risk of two different production databases interfering with each
other. Also, if you have the test and production database on the same
host, there are some procedures which you can't safely test (e.g. an OS
upgrade).

I would think about putting each database in virtual machine or at least
a container, though.

        hp

--
   _  | Peter J. Holzer    | we build much bigger, better disasters now
|_|_) |                    | because we have much more sophisticated
| |   | hjp@hjp.at         | management tools.
__/   | http://www.hjp.at/ | -- Ross Anderson <https://www.edge.org/>

Attachment

Re: Databases and servers

From
Jeff Janes
Date:
On Tue, Aug 20, 2019 at 6:33 AM Karl Martin Skoldebrand <KS0C77263@techmahindra.com> wrote:

Hi,

I just discovered that a client has done this: 

They have two web applications A1 and A2. They have seperate hostnames/URLs. Both have a production and a test database A1p and A1t/ A2p and A2t.

What they've done is have both A1p and A2p on the same actual databaser server and A1t and A2t on the same server.

Are these two PostgreSQL instances running on the same hardware, or two databases within a single PostgreSQL instance?

So, I'm thinking - if a bug in application A1 crashes the application and database badly it will risk bringing down both services A1 and A2.

Is this a common occurrence?  Of all the occurrences of downtime in recent memory (or better yet, from incidence documentation), what were the causes of them?  Is this near the top of the list?

Also, are the two apps completely independent, or are they used together such that one being down makes the other one not very useful?

The same risk would be evident on a successful security breach.

On the other hand, more servers means more moving parts, means more opportunities for mistakes in configuration or maintenance that let breaches happen.

I would prefer to A1p and A2p on seperate servers, maybe keeping A1t and A2t on the same. (This is what seems to be happening when the database servers are being repladed).

I don't know what that last part means. 

What is the general thought on the current setup?

In my experience, people acting on mere conjectures about what might cause downtime in the future and how to prevent it have caused more downtime than they have prevented.

Cheers,

Jeff

SV: Databases and servers

From
Karl Martin Skoldebrand
Date:

 

On Tue, Aug 20, 2019 at 6:33 AM Karl Martin Skoldebrand <KS0C77263@techmahindra.com> wrote:

Hi,

I just discovered that a client has done this: 

They have two web applications A1 and A2. They have seperate hostnames/URLs. Both have a production and a test database A1p and A1t/ A2p and A2t.

What they've done is have both A1p and A2p on the same actual databaser server and A1t and A2t on the same server.

>Are these two PostgreSQL instances running on the same hardware, or two databases within a single PostgreSQL instance?
 
They are two databases in a Single PostgreSQL instance access by different accounts with different permissions.>
 

So, I'm thinking - if a bug in application A1 crashes the application and database badly it will risk bringing down both services A1 and A2.

>Is this a common occurrence?  Of all the occurrences of downtime in recent memory (or better yet, from incidence documentation), what were the causes of them?  Is this near the top of the list?
 
No it is not common.

>Also, are the two apps completely independent, or are they used together such that one being down makes the other one not very useful?
 
Yes they are independent on the database level. They share the same Windows application server.

The same risk would be evident on a successful security breach.

>On the other hand, more servers means more moving parts, means more opportunities for mistakes in configuration or maintenance that let breaches happen.
 
That is true.

I would prefer to A1p and A2p on seperate servers, maybe keeping A1t and A2t on the same. (This is what seems to be happening when the database servers are being repladed).

>I don't know what that last part means. 
repladed == replaced
 

What is the general thought on the current setup?

In my experience, people acting on mere conjectures about what might cause downtime in the future and how to prevent it have caused more downtime than they have prevented.
/M
Cheers,

Jeff
============================================================================================================================ Disclaimer: This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review the policy at http://www.techmahindra.com/Disclaimer.html externally http://tim.techmahindra.com/tim/disclaimer.html internally within TechMahindra. ============================================================================================================================

SV: Databases and servers

From
Karl Martin Skoldebrand
Date:
________________________________________
Från: Peter J. Holzer <hjp-pgsql@hjp.at>
Skickat: den 20 augusti 2019 22:58
Till: pgsql-general@lists.postgresql.org
Ämne: Re: Databases and servers

On 2019-08-20 10:33:17 +0000, Karl Martin Skoldebrand wrote:
> I just discovered that a client has done this:
>
> They have two web applications A1 and A2. They have seperate hostnames/URLs.
> Both have a production and a test database A1p and A1t/ A2p and A2t.
>
> What they've done is have both A1p and A2p on the same actual databaser server
> and A1t and A2t on the same server.
>
> So, I'm thinking - if a bug in application A1 crashes the application and
> database badly it will risk bringing down both services A1 and A2. The same
> risk would be evident on a successful security breach.
>
> I would prefer to A1p and A2p on seperate servers, maybe keeping A1t and A2t on
> the same. (This is what seems to be happening when the database servers are
> being repladed).

On rereading this I notice that I'm not sure what that means. If you
propose replacing the two servers with three (two production, one test)
or even four (two production and two test), I agree.

===
I was proposing replacing the two servers with three (or four). Running production on two seperate servers and possibly
thetests on one (or possibly two servers). 

/M.

============================================================================================================================
Disclaimer:This message and the information contained herein is proprietary and confidential and subject to the Tech
Mahindrapolicy statement, you may review the policy at http://www.techmahindra.com/Disclaimer.html externally
http://tim.techmahindra.com/tim/disclaimer.htmlinternally within TechMahindra.
============================================================================================================================