I have a client who has SQL admins using WAC to launch backups/restores for their day to day changes, db refresh, devops, pre/post-change backups, etc. outside of the control of backup environment. They developed these procedures without consulting data protection team, storage team, security team. WAC launches scripts from the client server with a generic account, for anyone with access to the client.
In the scheme of things it goes unnoticed when you have ten thousand plus backups running daily. However this causes problems over time with unanticipated storage requirements, retention of nonproduction DBs, failed scheduled backups, etc. Not even going to go into regulatory and audit implications.
I have two camps, one that wants to remove this unapproved use the backup infra for SQL production purposes and another that wants to secure these procedures. Oh the DBAs don’t want any change.
Any thoughts out there in CV land? I wish to remain impartial, but the security aspect is worrisome.
Looking for methods, thoughts, arguments, positions and pros/cons.
Best answer by yanView original
Either way, from a logistics perspective (and an audit/compliance perspective as you wisely mentioned), this doesn’t sound like a wise idea in the long run.
You need to be able to predict and plan out storage needs based on continuous cycles/schedules. Kicking off 10 full DB backups on your own will potentially require more space than you have at the moment (and will that impact non-DB backups from running?).
In addition, there are so many features beyond backup and restores that may not be taken full advantage of if these backups are run outside of CV.
If they ARE, then this will inhibit you, the backup admin, from being able to handle your domain responsibly and reliably (and isn’t that really what you want? Reliable restoration of important data?).
I’m very interested in other member’s feedback and thoughts, though I can’t see how the benefits (which only seem to be “DBAs handle their own backups”) can outweigh the cons (you, the backup admin, are not in control of that which you are accountable).
Digging in has paid off. They use ControlM > WAC > CS. The worst outcome is an adhoc backup blocking the scheduled backup and then both failing. RTO cannot be respected.
Well this process does not pass security sniff test and will be removed.
Thanks for the input.
@yan . It didn’t pass the sniff test!