Abstract: Alibaba Cloud Data Management DMS Enterprise edition, as a new member of the data management product family, opened public beta in November 2017, officially released the commercial version at the end of January this year. As the industry’s leading enterprise-oriented database DevOps solution, DMS Enterprise edition aims to help enterprises use databases safely and efficiently, improve collaboration efficiency between R&D and DBA operations and maintenance, and provide more secure access control and audit for enterprise core data.

Click here to view the original text:click.aliyun.com/m/41268/

Ali Cloud Data Management DMS Enterprise edition, as a new member of the data management product family, opened the public beta in November 2017, and officially released the commercial version at the end of January this year.

As the industry’s leading enterprise-oriented database DevOps solution, DMS Enterprise edition aims to help enterprises use databases safely and efficiently, improve collaboration efficiency between R&D and DBA operations and maintenance, and provide more secure access control and audit for enterprise core data. It provides multiple functions and services including permission application, field classification, data change, data export, data query, structure design, database table synchronization, SQLReview, access IP whitelist, custom approval process, operation audit, etc.

In the use of traditional database management software, the vast majority of scenarios require users to enter accounts, password information and other login, a common solution is to provide fortress to create some read-only accounts to share within a certain range of personnel. So who did what query on the database? Who made the big query that affected the business database? Who had access to sensitive data? Who gets the data out? It’s hard to pinpoint a specific person, and breaking down each person’s different account creates a lot of work for account managers.

At the same time, account information must be maintained regularly and in real time to avoid security risks caused by job flow or personnel dimission. For enterprise users, data is the lifeblood of the enterprise, and security is the top priority. Therefore, the compromise of some enterprises is to collect the personnel who have access to data. However, since the investigation of problems must find the personnel with authority, this will affect the response efficiency of personnel.

Faced with such a complex problem, many enterprises are looking for systematic solutions to solve this problem completely.

Ali Cloud Data Management DMS enterprise edition is based on this scenario to help enterprises thoroughly solve the problem of data access security. At the same time, on the basis of ensuring the safety of data changes, flexible and customized structural design specifications and RESEARCH and development processes are provided, so that all changes can be approved and executed online to achieve the goal of improving the efficiency of research and development while ensuring the design specifications.

It is understood that the commercial version of DMS officially released this time has obvious business scenarios and advantages, mainly including the following aspects:

First, unified personnel access entrance: achieve unified management of multiple database types, without frequent switching and skipping; Supports MySQL, SQLServer, DRDS, PostgreSQL, MongoDB, ORACLE, and OceanBase. Unified management of multi-database environment, supporting RDS database, ECS self-built database, public network self-built database; Unified management of multiple network types, classic network, VPC network; The r&d and design process is coordinated and unified online, and the change summary management does not require manual maintenance and repeated offline communication.

Second, field-level permission control: library permission has the permission of non-sensitive and non-confidential fields of all tables in the library including newly added tables; Table permissions Permissions for non-sensitive and non-confidential fields in a table; The field permission is sensitive and confidential, and you need to apply for the field permission based on the table permission. The query, export, and change types of permissions are independently controlled by each other. You can apply for only query or combined application as required.

Third, data access security control: cloud account access guarantee, enterprise user access guarantee, enterprise Intranet access guarantee, fine-grained authentication guarantee, four-layer authentication can access data; Number of RETURNED SQL rows in a single SQL execution, number of SQL execution times per day by a user, and upper limit of returned SQL rows by a user each day Are controlled globally to prevent large amounts of data from flowing out. Automatic interruption of a single SQL execution timeout Instance level control, single SQL execution full table scan table size threshold global control, to avoid impact on database performance. Operation audit is more convenient, each operation complete record can be audited at any time.

Fourth, data change security: check and guarantee the submission authority, syntax, change type and number of affected lines of work order; Check the type of script change and the number of affected lines, and go through different approval procedures according to different security rules at different instance levels to flexibly ensure efficiency; Change script execution, can work order level to start the transaction, can support scheduled execution, can support the backup of data affected by the change; Change SQL execution performance guarantee to prevent database jitter by controlling all aspects before, during, and after execution.

Fifth, the research and development efficiency is greatly improved: automatic guarantee of database design specifications, providing more than 30 table structure design specifications optional configuration as required; The database performance is automatically guaranteed, and the increase, deletion, change and check SQL related to the research and development code are audited before going online, to avoid the online SQL without index; Online process, all database related operations can be configured at instance level as required online approval process; Online collaboration, product work order participants can participate in the change promotion at the same time.

Ali Cloud DMS enterprise edition is a self-service database service platform gradually accumulated and iterated by Alibaba Group since 2010. From the initial solution of data security access to a simple query page, to solve the change online submission, meet the established design specifications of the R&D self-service offline table structure design, and then to SQLReview, R&D limited self-service change line, DMS personal version online, As well as rules engine, workflow engine, task scheduling engine, CloudDBA, r&d self-service change… Through continuous improvement and practice in Ali, DMS products become more mature and powerful.

According to Aliyun, the commercialized product will empower enterprise users with better product performance and more favorable price, help improve the efficiency of enterprise research and development, liberate the human operation of traditional DBAs, prevent users from delaying projects due to the bottleneck of centralized control personnel, and escort the data security of enterprises.

More details, welcome to click on the enterprise database enterprise solution: www.aliyun.com/solution/dm…