There is quite a lot of excitement in the air - less than a week to the grand opening of the yearly SAP conference in Las Vegas.  It is always exciting to see where SAP steers its gigantic ship - technologically speaking.  Even more - whether old good technologies like ASE are left behind or taken aboard and rehauled.  For me, in particular, 2016 event is fraught with a high load of expectations.  It is for the first time that I will be able to come literally face to face with people that drive the ship forward - both to express my collective concerns and to hear what is there stored for us in the near future.  ASE had its ups and downs.  Yet, I am still reluctant to sign it off as a technology incapable of facing the winds of change.  It's also funny that the blog post like this (Re: SAP ASE future after S/4 HANA?) infiltrate themselves into the ASE for Custom Applications arena.  Hm...

...to be continued

ATM.

TechSelect New York

Join SAP and ISUG-TECH on October 13 at the DoubleTree Metropolitan in New York City to meet the experts for a full-day of sessions focused on SAPData Management products.

We’ll provide in-depth, technical information on SAP Adaptive Server Enterprise, SAP Replication Server, and SAP IQ software, and take a deep dive into the latest product features and capabilities. What’s more, we’ll host an “Ask the Experts” panel discussion to get your questions answered by our product experts, and offer an optional track on Big Data solutions from SAP and its partners.

You will have the opportunity to:

• Get technical overviews of the latest releases and product road maps for the future
• Learn how to leverage new capabilities in SAP Adaptive Server Enterprise, SAP Replication Server, and SAP IQ
• Connect with your peers who are also using these products to discover best practices and troubleshooting tips

The registration fee (before October 13) is $149. Registration the day of the event is $299, so register online today! As an added bonus, registration includes an ISUG-TECH Gold Membership (a $299 value!)

Register now

Today I wanted to share some information about the audit process and specifically what you need to know if you have "suspend audit when device full" set to 1.

First of all let's cover some high level points of auditing.

The sybsecurity database contains the sysaudits_XX tables and these rotate whenever "current audit table",0,"with truncate" is set to the next audit table.  When this happens, the new table is truncated and inserts from audit events begin writing to this new table.

A threshold procedure can be utilized to implement table rotation via "current audit table" into a self-maintaining audit trail archive.  As long as the threshold fires successfully and your audit trail archive database or sybsecurity database doesn't have any space or insert problems this should all happen seamlessly.

Next some words about the internal memory structures of auditing.

All auditable events that have been setup will be queued to a "Auditing Queue Object"  These objects from the configurable "audit queue size" and contain the event data to be inserted to sybsecurity.  The audit event will request an audit queue object and upon success, it will be sent to the audit process for insert to sybsecurity.  If you run out of audit queue objects the spid will sleep until one becomes available and the audit process continues.

If you have a very large amount of auditing options set and high concurrent activity or bursts of activity, the default of 100 events might not be enough to prevent spids from sleeping while waiting for grab an object from the memory pool.  Increasing "audit queue size" may be necessary to handle the load and/or bursts of high concurrent activity.

Putting it all together, here's an example of the flow for an audit of a login.

1. Incoming login request
2. Check for auditing is enabled
3. Grab an audit queue object
4. Queue event to the audit process
   • At this point, the login is successful and proceeds normal processing
5. Audit process inserts the event to sybsecurity
6. Audit queue object is freed after successful insert

Steps 1-4 are done by the spid making the login request.

Steps 5-6 are done by the audit process.

Note the branch after step 4 when the audit event object is successfully grabbed and queued to the audit process.  The login will continue as normal while the audit process picks up the queued event to insert into sybsecurity.  If the audit queue is full at this point and an audit queue object cannot be grabbed, the spid in sp_who show sleeping in MAINTENANCE TOKEN until this queue is drained enough until the audit event object can be grabbed and queued.

Now, let's talk about the option "suspend audit when device full"

The documentation states:

• 0– truncates the next audit table and starts using it as the current audit table whenever the current audit table becomes full. If you set the parameter to 0, the audit process is never suspended; however, older audit records are lost if they have not been archived.
• 1 (the default value) – suspends the audit process and all user processes that cause an auditable event. To resume normal operation, the system security officer must log in and set up an empty table as the current audit table. During this period, the system security officer is exempt from normal auditing. If the system security officer’s actions would generate audit records under normal operation, SAP ASE sends an error message and information about the event to the error log.

Essentially this means if "suspend audit when device full" is 0 and an insert of an audit record to sybsecurity fails, the ASE will automatically set the current audit table to be the next table, truncate it and start using it for inserts.  This prevents the audit process from being suspended at the cost of possibly losing an audit trail if archives had not been triggered from a threshold or from some other archival method.

The sybsecurity database is most likely to fill due to a flaw or error in the threshold procedure.  This can be anything from missing objects in the audit archive database or a change in tables that the threshold procedure is dependent on.

If "suspend audit when device full" is 1, some events will happen that are specific to having this parameter set when sybsecurity fills up. First and foremost the audit process will suspend and be internally marked via status bit as being suspended until manual intervention clears it.

The errorlog will have this message:

AUDIT PROCESS EXCEPTION: Can't allocate space for either syslogs or the current sysaudit table in database 'sybsecurity' because the corresponding segment is full/has no free extents. Please refer to Security Administration Guide for details.

Now that the audit process is suspended, the following can be seen

1. All pending auditable events will remain pending

2. New auditable requests will rapidly consume objects in "audit queue size"

3. Once the auditable requests exhausts the "audit queue size", the auditable requests will sleep waiting for objects to be freed from the pool

4. The audit process will not proceed until a "current audit table",0,"with truncate" has rotated and truncated a new table for inserts while auditing is enabled

Very important piece of #4 above, is this will NOT take effect if "auditing" is set to 0.  Manually clearing or truncating space in sybsecurity is not sufficient to inform audit process it is time to wake up.  The only mechanism for the audit process wake up from suspension after it has been suspended and "suspend audit when device full" is 1 is to issue sp_configure "current audit table",0,"with truncate" to rotate to a new table while auditing is enabled.  This will clear the status bit of being suspended which then wakes up the process to begin the cycle of grabbing events on the audit queue.

The reason for this requirement is that under a normal cycle of space allocation and deallocation, "current audit table",0,"with truncate" is THE method for space management in sybsecurity.  By having "suspend audit when device full" enabled, we've set the expectation to not lose any audit events.  Therefore the only natural course to wake up the suspended audit is to use the same method for archival steps and space management.

If you get caught in this audit space and queue bottleneck, here are some emergency steps to take.

1. sp_configure "suspend audit on device full", 0

2. Cure all space issues (and archive as necessary) in sybsecurity, including consider increasing size.

3. Drastically (and temporarily) increase the "audit queue size" to absorb the load

4. Re-enable auditing via sp_configure "auditing",1 if it was disabled.  If this is not responsive try sp_audit "restart"

5. sp_configure "current audit table", 0, "with truncate"

6. The audit queue should begin to drain

Once things go back to normal, assess if the risk of missing an audit trail vs. sudden and unexpected problem with sybsecurity filling/threshold procedure not working with respect to "suspend audit when device full"

I hope this helps you in your future auditing endeavors to prevent this hanging situation and how to get out of it.

Dan

Yet another TechED is behind us.  Besides the fun of getting reconnected...  Besides ambitious meetings fraught with expectations... Besides funny labels and stickers to pass to your colleagues as memento... What actually is there for us ASE professionals in this 20-years celebratory event?

On the one hand there is this:   it is always a good thing to get reassured that the product you work with is still relevant.  Yes, it is not on the front page with all the buzz that Hana and, now, Vora occupy, but it is still there.  It's being used.  It's being improved.  It's being stuffed with new functionality.  It's being integrated further into Data Management family.  It has its own roadmap spanning next 10-15 years.  Cool.

On the other hand, what is in it for me - or WiiiFM?   If there is one thing I am to take as a give-away from this conference that has practical application for me as ASE professional what would that be?  IMO the most intriguing functionality revealed at this TechED has been integration of HANA into ASE as a reporting engine. It is intriguing not only because now it will be possible to solve instant reporting problem by having this stuff delegated to HANA.  It is intriguing since in political parlance ASE is at last given legitimacy to remain an OLTP front-end, doing what it is known to do best (or better?) while delegating the things it has to struggle with to a sister engine.

SAP has released express editions to make getting a taste of this functionality first hand possible:  ASE Express Edition and HANA Express Edition.  Both have limitations.

ASE Express Edition runs on Linux alone (just as HANA is in general - and probably for this same reason).  There is a conflicting report which features are open on it - I encourage you to install it and report back to make this aspect clear.  But at least it is now armed with 4 engine free license. It is also restricted to 50GB DB size (not sure if this is total data limit for the server of the size limit for each DB it contains - to be clarified as well).   Let's hope Express Edition will be further extended to run on all platforms, otherwise it's popularity will by very limited.

HANA Express Edition is limited to the minimum memory block it can license - 32 GB.  Other than that - it has all its analytical arsenal packed in for free. 

So there you have it.  A4A - or Accelerator for ASE as the option is labelled - is a first sign that HANA retreats from its stance as all-purpose DBMS and leaves the OLTP (or xOLTP) arena to those who played there well already for the long long time.  I hope to see this direction gaining momentum.

Other things I liked to hear:

HADR option is getting more robust, with a possibility to have HADR to HADR replication - topology where both the primary and the replicate nodes are HADRs in themselves.  Even more exiting is that stream replication mechanism which HADR is built on is planned to get released to general public next year.  My only hope is that this will not be a licensed option (like ASO is) so that general public will be able to exploit its faster performance without having to pay more. 

ASE xOLTP functionality remains the same for SP02 with Latch-free B-Trees, Lock-less Buffer Management for Data Caches, NV Cache extension (SSD Based) and Transactional Memory / SNAP (simplified native access plan) on the fitting platforms.  SP03, however, will have more fun stuff inside, as it will add In-Memory Row Store with MVCC support to reduce contention even further.  The idea behind is that hot data will be elevated into an in-memory row store where locking is lifted by versioning.

All in all the event was fun... even for me...

ATM.