Flix2You Online Movie Database Upgrade Proposal IST 210 (SP 13), Section 001: ORG DATA (wd) Prepared for: Gary Heberling April 26, 2013 Submitted by: TEAM UNO Nicole Smith, Project Manager Zohreh Fakhraee, Database Administrator Rick Peddicord, Data Analyst Jeff Frye, Programmer Marci Watson, QualityAssurance Table of Contents 1. Executive Summary …………………………………………………………3 A. Services 2. Project Overview…………………..…………………………………………4 A. Scope of Work 3. Project Management…………………………………………………………5 A. Project Plan B. Project Resources and Budgets – Gantt Chart Getting to know DB1 Consulting Team 3.1 Project Resources and Budget 3.2 Costs and Labor 3.3 Component Cost 4. User Analysis…………………………………………………………………9 4.1 Assigning Users 4.2 Access example Chart About Roles 5. Organization of Data………………………………………………………..13 5.1 SQL Statements and Databases tables 5.2 ERD Relational Database Diagram 6. Database Administration..…18 A 6.1 Hardware & Software Required B. 6.2 Processor, Management and Operator System Requirements C. 6.3 Database Backup and Recovery 7. Database Dashboard and Analytics ……………………………………24 Examples of Database Dashboard Module: 7.1 Example of Movie Information Dashboard 7.2 Example of Customer Database Dashboard 7.3 Example of Genre Rented Pie Chart 7.4 Example of Financial Earnings Chart 8. Legal Issues....…… …………………………………………………..… 26 Examples of Terms of Use and Privacy Policy examples 9. List of Reference………………………………………………………… 30 2 1. EXECUTIVE SUMMARY Five graduates of Penn State University founded DB1 CONSULTING COMPANY in 2011. It was developed in our Data Management class and after our strong project experiment; we decided to take it out to the real world. We offer design and database development services to any company wishing to expand their business on the World Wide Web. We provide high-level consulting and software design services providing innovative ideas and website packages for all of your marketing needs. At DB1, our drive is to help our customers meet their goals. Our goal is to attain brilliance in what we do as individuals and as a firm. We will succeed if our concepts are the finest; our implementation of those concepts and our service to customers are second to none. We will thrive if we are dedicated to an open environment that prizes diversity of opinion and encourages every one of us to independent thought and impartiality. We are stronger as a team than as individuals, and we will prosper if we are collective, members of the same team. We are each accountable for the wellbeing of the organization. Our veracity will not be compromised. With the ever-changing Global Marketplace there is no limits to our plans. We are willing to go to the furthest reaches our clients want to go and maybe a little more. Our full service consulting team will find the answer if it is not readily available and suggest every opportunity to not only expand your market but reduce your long term costs. A. Services DB1 Consulting is a full-service Internet solutions provider for all businesses. We focus on Database Management and development, offering the following services: • Initial consultation. Design and Development • Analysis of goals and target market demographics. • Planning. • Provide ideas for data collection, storage and retrieval of information and making it available to your key employees. • Provide Data Management enabling management the ability to evaluate alternative problem solutions and identify the best solutions containing demographic, employment, consumer-habit information, plan delivery and service routes. • EIS Executive Information System support to your MIS and IT departments helping make the easiest access of company information for managers and all executive levels to be able to display a variety of reports, lists, charts, table and graphs. • Implementation of additional media (usually through subcontractors). • Follow-up analysis. Additional third party contracted services available: • Internet access service. • Implementation of additional media (usually through subcontractors). • Local Area Network (LAN) installation. • Intranet setup and installation. 3 2. PROJECT OVERVIEW A. Scope of Work America loves watching television. By the time the average American reaches the age of 30, they have spent five of those years in front of the TV (Norman, 2007). But times have changed, and now Americans are cutting the cord with their local cable companies and looking to Netflix and Hulu for their fix. Netflix has reached over 30 million subscribers, while Hulu just hit the 3 million mark (Rosen, 2013). At the end of 2012 Hulu’s revenue totaled $695 million, which was a 65% growth from the previous year (Kilar CEO, 21012). Netflix closed the year at just over $3.6 billion (Netflix, 2013). Flix2You cannot afford to miss out on this market, due to a stone-age database. DB1 Consulting is here to bring your database and your revenue to the 21st century. As it stands, Flix2You has an enormous amount of untapped data - eight years’ worth - in an ‘off-the-shelf’ database that is not prepared to grow with your company. While the current system may have met the needs of the company before, this recent transition to an all-online environment will leave your biggest asset in the same condition. It is the mission of DB1 Consulting to give Flix2You the ability to analyze this data to make well-informed decisions and become the frontrunner in this market. To do this we will migrate the data into a custom database system that will provide checks and balances that ensures the highest possible standard for your data’s integrity. This system, which will be designed specifically for e-commerce transactions, will be structured to allow easier querying and the ability to create, view, and print reports based on the information that is needed. This information will be displayed in pre-designed tables and charts that will be easily understood by all levels of management and all departments of the company. While money isn’t an issue in terms of creating this new system, money is being lost every day that the current system exists. Time is of the issue. Let us, DB1 Consulting, deliver a system that will give you the ability to analyze your data and grow your customer base. For you to achieve a better business strategy, we will be supplying you with specific products and processes within our new system. One of the major items will be an upgraded database. Currently Flix2You is using Microsoft SQL Server 2008 R2 Standard Edition, and we strongly suggest upgrading this system to the newest 2012 edition. This will be a benefit in more than one way. While staying with the same vendor you will be able to cut costs on additional training for a different database, and subsequently save time, which is an important resource for any company. This upgraded system is by no means subpar; as it has additional features added that would help your company succeed in this market. Another item will consist of some hardware changes to give your company the capacity to handle larger amounts of data and consequently customers. The specifics of the hardware components will be addressed in the Project Management section. In addition, our team is staffed with one of the best programmers in the business, which will be developing a new and improved database model to fit your unique business environment. This design will be open-ended to allow your company to make minimal changes when adding new items as your business decides to grow beyond movies and venture into games and apps. More on this will be discussed within the Organization of 4 Data section. We also have employed on our staff an exceptional Data Analyst that will be working to design a Dashboard for all levels of management to view up-to-the-minute, and easy to understand reports on all aspects of the business. This will be discussed further in the Database Dashboard and Analytics section, along with prototypes of how your data will appear based on business-specific queries that your company would want to understand. Every change that is made to the current system will be weighed based on the potential benefits and risks to your company, and all avenues will be exhausted to achieve a system that supports your needs. This project is no small feat, but the staff at DB1 Consulting is more than ready to complete the job, as well as, meet and exceed your expectations. By the end of this contract we will have provided a system that will allow faster transaction processing, introduce easy-to-understand reporting for better business strategies, and possess strict tables that will uphold the integrity of your data. Most importantly, this upgraded system will be able to stay around for a long time and grow as your company grows. Our plan to accomplish this will be discussed in more detail in the next section. 3. PROJECT MANAGEMENT A. Project Plan Over the years DB1 Consulting has perfected a system for designing and implementing quality databases. While we use the same model for each customer, we custom tailor the project plan to fit their exact needs; you can expect the same brand of quality and dedication in your project management plan. Our plan consists of six phases: Planning, Analysis, Development, Implementation, Maintenance, and Sign Off. Each phase consists of specific deliverables and milestones that will be presented throughout our work so that you know where we are within the project and what you can expect from each milestone. This will also give you the ability to continuously contribute to the process, as well as, give you the peace of mind in knowing that your needs are constantly being met. The Planning phase is meant for us to evaluate your database’s problems. We will work to determine the scope of the problem and find the best solution that fits your budget and your time constraint. After we have identified the problem and the solution, we will draft a proposal that will explain in detail how we plan on going about solving this problem. As you can see, we have already completed this phase, and our deliverable is in the form of this detailed proposal. After you have decided on whether or not you would like to pursue a contract with our consulting group our staff will move on to the Analysis phase. Here we will determine the business rules that make your business tick. We will use these rules to determine what data is important to your business and what constraints surround this data. This will help us determine the best route for laying out the foundation of your new system. In this phase we will also analyze your current database to understand what it is doing well, what it is not 5 doing well, and what is it not doing at all. This will help us to decide what new hardware and software the database system might need. If the database is doing everything exactly how it should then new hardware and software are not necessary. But if that were the case we would not be here. After gathering all the important data, our team will begin to design new data structures for your business that will show how your data relates to each other and specific characteristics that your data possesses. At the end of this phase we will be able to start the procurement of the components needed for the new system and, you will be able to assess a detailed Entity-Relationship diagram that represents your business. In the Development phase, the most important and time consuming, we will begin to create the tables and determine the best methods for populating the tables with your data. From there we will test sample data to ensure that your data’s integrity is held to the highest standard. In this stage we will also begin to formulate triggers and views to enable your company’s user to access the data for business intelligence purposes. Finally we will begin working on the reporting documents with Dundas Solutions. These reports will target sales performances and help you better understand your customers’ needs. Upon the completion of this phase, you will have a full database package, and will be able to view sample reports of a small portion of your data to understand how your data will be used to assist in making well-informed business decisions. During the Implementation Phase we set up your database server and environment. This will be done within a sandbox where it will not upset the current database of its data. We will run the script that was designed in the Development phase to build all tables and views. From there we will open the server and migrate the data over to the new database. Once all the data has been moved we will run queries to assess the database and then refresh and backup the data. While the Implementation phase is usually not a long process in itself, we do provide enough time for your company’s users to train on the new database. This will span a two-week length for this phase starting with upper management and working down to the lower levels of the company. This phase will produce the complete results of the project. While it may seem that our work is done, we do stay with the company for another week to assist in any debugging, and extra coding. In this Maintenance phase we ensure that our work has met your needs and requirements and work to supplement the work as needed. Finally we finish all remaining reports and leave you as a happy customer, but more importantly a happy business. While we do not have exact dates, we can presume that the project should take no longer than 45 days. Below the Gantt chart displays the above project plan in a visual manner. All important milestones and deliverables will be available for your company to assess at the times specified in the chart. 6 (Illustration 3.1) B. Project Resources and Budget Two major resources that will be necessary to complete this project include the new system components to be assembled and the team that will be assembling it. While you have stated that money isn’t an important factor when creating an improved data repository, it is important to address the costs of the project to understand your options. Our team is comprised of five IT professionals, each specializing in a unique are of the ‘IT puzzle’. With their varied skills in computers, you can rest assured that all aspects of your business will be taken into consideration from beginning to end. Project Manager - Nicole Smith Nicole Smith first came to DB1 Consulting through an internship from University of Pennsylvania. Upon graduating with a BS in Operations and Information Management, Nicole joined our firm. Three years later, Nicole is one of our top project managers and consistently delivers desired results on time and on budget. She has managed projects for some of our biggest clients including Chesapeake Energy, Allegheny Technologies, and W.L. Gore & Associates. Nicole will be in charge of managing the team and the phases of the project schedule. It is the goal of the Project Manager to see the project successfully through to the end, and to ensure that the least amount of time, budget, and resources are wasted in this effort. 7 Database Administrator – Zohreh Fakhraee Zohreh Fakhraee has earned her bachelors from Penn State University in Information Science and Technology. She has over ten years of broad experience in database administration and programming. She also has two years of experience in Arc Info programming for GIS Department of Electro Company. As a database administrator, she works with clients to create a database that fulfills the company’s needs. Zohreh is a dedicated, and hardworking member of DB1 Consulting Company. As, Data Administrator, she will be in charge of planning the storage requirements of the system, developing a backup and recovery plan, and supervise the initial data migration to the new system. It is the goal of the Database Administrator to ensure that this new system is in compliance with all vendor license agreements, and safeguards the integrity of your data. Data Analyst – Ricky Peddicord Ricky Peddicord is the newest member to the DB1 Consulting. While he has been with the company the shortest, he is by no means inexperienced. Ricky graduated with top honors from Pennsylvania State University with a B.S. in Computer Engineering and a Minor in Statistical Analysis. We are lucky to have such a hard-working individual on our team. Ricky will be working with the team during the initial phase of collecting the information needed to determine the specific business items that will be important in providing a well-formed system. He will also be involved in creating the reporting applications that will assist in understanding your revenue and your customers. The Data Analyst’s objective is to help Flix2You develop an understanding of your products, your customers, and your future business goals. Quality Assurance – Marcia Watson Marci Watson brings over 20 years of corporate experience to this position as DB1’s Information Security and Risk Officer. Marci is a Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA). Her IT experience includes working in and with the information security community for many years and has held key security management positions for companies such as Pitney Bowes, Prudential Securities and Steris Corporation. Her proven track record of success in strategic and tactical security planning has been established in some of the leading Fortune 1000 companies. She graduated from Pennsylvania State University World Campus in the Information Science and Technology Program with a minor in Business Administration. Her objectives include overseeing information security, risk, and privacy; She will be working closely with the team through all phases of the project and ensure that the final product is bug free. Programmer – Jeffrey Frye After graduating from Penn State University with a Bachelor Degree in Information and Science technologies, Jeff Frye was hired by DB1 Consulting to fill the position of programmer. With over 10 years’ experience with DB1 Consulting, Jeff has proven to be a worthy asset to our database design team. Jeff’s main responsibilities are to write, develop, and test many of the programs used by our firm in the creation of database. As a programmer, he is also in charge of developing new programming methods, consulting with outside parties to determine the best techniques for improving and updating your software, developing sample SQL and reports, and document the procedures that will be used by your employees to access the database. 8 While the system will be the main item in terms of cost, the labor will be largest amount due to the magnitude of the project. Below is a chart detailing the total cost of labor. (Illustration 3.2) Team Member Project Manager Database Administrator Data Analyst Quality Assurance Programmer Hourly Rate $55.67 $35.33 $37.38 $37.38 $34.32 Total: Labor $20,041.20 $12,718.80 $13,456.80 $13,456.80 $12,355.20 $72,028.80 In addition to the team, the new system will have an upgraded server, hardware, and software components. It is in the best interest of the company to continue a contract with the Microsoft SQL Server. With the upgraded system, you will have the ability to use a familiar system server while gaining many advanced feature that are in the 2012 version. Similarly, the operating system will be upgraded to the newest version to ensure you receive the maximum benefits that Microsoft has to offer. Furthermore, your memory will be significantly larger to contain the new system and data, while we suggest that migrating the movies to Microsoft Azure would be a smart decision to rapidly expand based on the influx of the number of movies. Below is a chart detailing the total costs of all components associated with the project. (Illustration 3.3) Component CPU/Motherboard Memory Storage Operating System Database Model HP ProLiant DL560 Gen8 Intel Xeon E54650 4x8GB PC3-12800R DDR3-1600 Windows Azure (5TB Pay-as-you-go Plan) Microsoft Windows 8 Professional - 64 bit Microsoft Windows 2012 Standard Edition, Core-based Total (+ sales tax): Pricing $11,999.00 $756.00 $537.25/mon $199.99 $14,344.00 $30,296.96 Total Cost of Labor and Components: $102,325.76 4. USER ANALYSIS We will work with Management and Human Resources to develop the User Analysis Roles and Permissions for the System: Below are the SQL Predefined database roles: 9 You may need to create your own, but you will have access to several predefined database roles: • • • • • • • • • db_owner: Members have full access. db_accessadmin: Members can manage Windows groups and SQL Server logins. db_datareader: Members can read all data. db_datawriter: Members can add, delete, or modify data in the tables. db_ddladmin: Members can run dynamic-link library (DLL) statements. db_securityadmin: Members can modify role membership and manage permissions. db_bckupoperator: Members can backup the database. db_denydatareader: Members can’t view data within the database. db_denydatawriter: Members can’t change or delete data in tables or views. Fixed roles: The fixed server roles are applied server wide, and there are several predefined server roles that you can use. We will help define them and set them up for your employees. We have put some example titles next to the predefined roles: Database Administrator/ Manager • SysAdmin: Any member can perform any action on the server. Database Administrator • ServerAdmin: Any member can set configuration options on the server. Database Administrator • SetupAdmin: Any member can manage linked servers and SQL Server startup options and tasks. Database Administrator/ Manager • Security Admin: Any member can manage server security. Database Administrator • ProcessAdmin: Any member can kill processes running on SQL Server. Database Administrator • DbCreator: Any member can create, alter, drop, and restore databases. Database Administrator • DiskAdmin: Any member can manage SQL Server disk files. Database Administrator • BulkAdmin: Any member can run the bulk insert command. Assigning roles Let’s use SQL Server Enterprise Manager to add a Windows group to a Pubs database (a sample database that comes with SQL Server 2000) role. The first step is to create a login for the members of the Guests group, so they can access SQL Server. To do so: 1. Launch Enterprise Manager and expand the security folder. 10 Example: Right-click the Logins item, and choose New Login from the resulting submenu to open the New Login dialog box shown in Figure 4.1. Note that in this case, Windows Authentication is already selected. If it isn’t selected on your system, select it. We’ll use Windows Authentication Mode as opposed to SQL Server Mixed Mode. (Mixed Mode comprises Windows Security and SQL Server’s own security model. Windows Authentication is the recommended security model when using SQL Server.) (Illustration 4.1) Name Type Server Access Default Database BUILTIN\Administrat ors Windows Group Permit master HOME\Management Windows User Permit Flix2You HOME\MidLevel Windows Users Permit Flix2You HOME\Hourly Employees Windows Users Permit Flix2You HOME\Guest Windows Users Permit Flix2You Sa Standard Permit master HelpAssistant(Remo teDesktop) Remote Assistant Permit master Public\Guests Windows Users Permit Flix2You\Limited Flix2You Organization now employs 50 employees. DB1 will work with you to assign and approve all employees who utilize the system. • 12 employees are upper level management and administrative support. • 18 are mid-level management • 20 are hourly employees working in warehousing and logistics. (Illustration 4.2) Projects Reference: http://msdn.microsoft.com/en-us/library/ms178534.aspx Read Write Edit Admin • View project • View project 2. Save project 3. Modify project properties • Create announcements • Delete announcements • Edit announcements • Publish project to the portal 11 Calendar • View Calendar • Create events • Notify other • Attach files users about an and discussions event. • Modify event properties • Delete events • Configure Calendar security Tasks • View Tasks • Notify other users about a task or task list. • Create tasks • Claim tasks • Attach files and discussions • Update task status assigned to user • Modify task list and task properties • Create task lists • Assign owners • Copy task lists • Import and export task lists • Delete task lists and tasks • Move task lists • Configure task list security Folders • View folders • Notify other users about changes made to the contents of the folder. • Add files to folders • Upload documents • Create new Microsoft Office documents • Create folders • Modify folder properties • Rename folders • Copy folders • Delete folder • Move folders • Configure folder security Documents • View files • Notify other users about the file. • Check files in and out • Undo checkout • WebEdit • Attach task lists and discussions • Modify file properties • Create shortcuts • Publish to Knowledge Directory • Revert files to previous versions • Copy files • Delete files • Move files • Configure file security • Delete previous versions of the file Discussions • View Discussions • Notify other users about the file. • Post messages • Reply to messages • Attach task lists and files • Modify discussion properties • Create new discussions • Export discussions • Copy discussions • Delete discussions and messages • Move discussions • Configure discussion security • Edit messages • Approve or reject messages Read Write Edit Full Control 12 About Roles Employees are assigned to a role, thereby determining what that user can do within a project. to which a project user is assigned. For step-by-step instructions on how to assign roles, see Assigning Roles. The three project roles are: • Project Leaders: this role has full control Project Leaders have full control for Collaboration objects. This includes Read, Write, and Edit permission for the objects, as well as the ability to set role permissions for the object. of all Collaboration objects. Project leaders can create, modify, and delete objects, and can perform all actions on project objects. This role can also assign access privileges to projects and project objects. • Project Members: by default, this role has Write access to project objects and can participate in the project. This role can create events and tasks, add documents, attach links, and check files in and out. The Project Leader configures the access privileges for this role. • Project Guests: by default, this role has read access to project objects. This role cannot create objects; it is intended for users who simply want to monitor projects but not participate actively. The Project Leader also configures the access privileges for this role. 5. ORGANIZATION OF DATA Flix2You is currently using a generic e-commerce database and while it is working, it could be more efficient. The current database was modified from off-the-shelf software and recreated by the prior company. Therefore we will be upgrading their current database so that it is easy to use, works consistently, and will be able to keep up with ever changing technologies. Inconsistent and illogical data that has been stored causes some performance problems, including slowing down the online system and disrupting the transactions. This poorly designed database has provided flawed information and has negatively affected the profit and growth of the company. Upon investigation, we found that most of these errors occur as a result of the poor design of the database, including unnecessary reoccurring data and anomalies. These anomalies and redundant data increasingly weaken the integrity of the database and also affect its data storage. As a result, our team of database designers has found that the existing database must be efficiently reorganized. This process is known as “normalization”. The normalization process consists of two main objectives; improving the data structure, and creating an appropriate database design. The following are the expected outcomes of the normalization process: All Repetitive data will be removed. The Data will be rearranged into tables that describe only a small piece of database. The database will maintain the data integrity, and access and manipulation of data will be quicker and highly efficient. 13 The amount of data stored in the database will be reduced. There will no longer be an Inability to represent certain information (or loss of information). We will start the organization process by first checking that the tables are in 1NF (First Normal Form). This is done through the following steps; Removing the repeating groups of similar data from the base table. This is accomplished by removing the Nulls. Identify the primary key. This primary key must uniquely identify any attribute value. Identify all of the dependencies. After we are sure that the database is in 1NF, the next step is to modify all of the tables so that they are in 2NF (Second Normal Form). This is done by; Making new tables to eliminate partial dependencies. We will determine which nonkey columns are not dependent upon the table’s primary key and then remove all of those non-key columns to a separate table. Reassign corresponding dependent attributes in each new table. Our final step in organizing Flix2You’s database will be to normalize into 3NF (Third Normal Form). A table is in 3NF if it meets all database requirements for both 1NF and 2NF, and if all transitive dependencies are eliminated (each column must depend directly on the primary key, and all attributes that are not dependent upon the primary key must be eliminated). 3NF meets the following criteria; Each table contains all-atomic data items, no repeating groups, and a designated primary key. Each table has all non-primary key attributes fully functionally dependent on the whole primary key. All transitive dependencies are removed from each table Once this normalization process has been completed, data will be able to be stored without unnecessary redundancy and thereby eliminating data inconsistency so that users can maintain and retrieve data from a database without difficulty. The database will be efficient and effective with no anomalies in updating, inserting, or deleting data. 14 (Illustration 5.1) SQL Statements to Create Tables /* Script to build tables for FLIX2YOU */ /* customer */ CREATE TABLE customer( cus_id int IDENTITY(1,1) NOT NULL, zip_code int NOT NULL, memb_id int NOT NULL, trans_id int NOT NULL cus_rating_code int NOT NULL; /* customer_rating */ CREATE TABLE customer_rating( Cus_rating_code int IDENTITY(1,1) NOT NULL, cus_id int NOT NULL, movie_id int NOT NULL); /* director */ CREATE TABLE director( Dir_id int IDENTITY(1,1) NOT NULL); /* genre */ CREATE TABLE genre( genre_id int IDENTITY(1,1) NOT NULL); /* invoice */ CREATE TABLE invoice( invoice_id int IDENTITY (1,1) NOT NULL, memb_id int NOT NULL(32) NOT NULL; trans_id int NOT NULL(32) NOT NUL; tax_code int NOT NULL(32) NOT NULL); /* membership */ CREATE TABLE membership( memb_id int IDENTITY(1,1) NOT NULL, cus_id int NOT NULL, payment_code int NOT NULL); /* movie */ CREATE TABLE movies( movie_id int IDENTITY(1,1) NOT NULL, dir_id int NOT NULL, genre_id int NOT NULL, star_id int NOT NULL, product_id int NOT NULL); /* payment */ CREATE TABLE payment( payment_code int IDENTITY(1,1) NOT NULL, zip_code int NOT NULL); /* pricing */ CREATE TABLE pricing( 15 price_id int IDENTITY (1,1) NOT NULL); /* product */ CREATE TABLE product( product_id int IDENTITY(1,1) NOT NULL, price_id NOT NULL); /* star */ CREATE TABLE star( star_id int IDENTITY(1,1) NOT NULL); /* state_tax */ CREATE TABLE state_tax( tax_code int IDENTITY(1,1) NOT NULL, zip_code int NOT NULL); /* transactions */ CREATE TABLE transactions( trans_id int IDENTITY(1,1) NOT NULL, product_id int NOT NULL, memb_id int NOT NULL); /* zipcode */ CREATE TABLE zipcode( zip_code int IDENTITY(1,1) NOT NULL); /* create primary keys with ALTER TABLE statement */ ALTER TABLE customers ADD CONSTRAINT pk_cus_id PRIMARY KEY (cus_id); ALTER TABLE customer_rating ADD CONSTRAINT pk_ cus_rating_code PRIMARY KEY (cus_rating_code); ALTER TABLE director ADD CONSTRAINT pk_dir_id PRIMARY KEY (dir_id); ALTER TABLE genre ADD CONSTRAINT pk_genre_id PRIMARY KEY (genre_id); ALTER TABLE invoice ADD CONSTRAINT pk_invoice_id PRIMARY KEY (invoice_id); ALTER TABLE membership ADD CONSTRAINT pk_memb_id PRIMARY KEY (memb_id); ALTER TABLE movies ADD CONSTRAINT pk_movie_id PRIMARY KEY (movie_id); ALTER TABLE payment ADD CONSTRAINT pk_payment_code PRIMARY KEY (payment_code); ALTER TABLE pricing ADD CONSTRAINT pk_price_id PRIMARY KEY (price_id); ALTER TABLE product ADD CONSTRAINT pk_product_id PRIMARY KEY (product_id); ALTER TABLE star ADD CONSTRAINT pk_star_id PRIMARY KEY (star_id); ALTER TABLE state_tax ADD CONSTRAINT pk_tax_code PRIMARY KEY (tax_code); ALTER TABLE transactions ADD CONSTRAINT pk_trans_id PRIMARY KEY (trans_id); ALTER TABLE zipcode ADD CONSTRAINT pk_zip_code PRIMARY KEY (zip_code); /* end of primary key creation */ /* END OF SCRIPT */ 16 (Illustration 5.2) 17 6. DATABASE ADMINISTRATION The entire Database system will be under the supervision of our database administrator. Our DBA will support the whole system to make sure everything is running efficiently and to its highest potential. The DBA will support the system in three levels: Managerial, Technical, and cloud base data services. Managerial o o o o Supporting the users by making sure they have all the requirements Providing all the information needed for working with the system Resolving the upcoming issues Providing the necessary training of the users Defining and enforcing the procedures and standards to the users Setting the necessary policies such as: How to create a password How often to change their password Making sure of data privacy, security, and integrity Planning for the regular backup Planning for the proper recovery Prioritizing the access grants to the proper users Technical o Responsibility of providing the best system and proper hardware for the company o Installing the new system o Implementing the database o Evaluating and testing the new system to make sure everything works well o System support including tuning, backup, and recovery plan o To make sure all the users get the proper training o Maintenance of the system Cloud-base data services Since we recommend Microsoft Azure for the storage of the movies, we will use the Microsoft’s virtual server for the movies, apps, and the games. Microsoft Azure users will be provided the latest updates, and security essentials. The scaling of the database on the server, and all across the workstations will be configured and managed by Microsoft Azure. Microsoft Azure will provide the backup and maintenance of the movies, apps, and games. 18 A. Hardware and Software Requirements The following requirements apply to all SQL Server 2012 installations: ( Requirements are provided by Microsoft) (Illustration 6.1) Component Requirement .NET Framework Since the current Server runs Setup with the Windows Server 2008 R2 SP1 operating system, you must enable .NET Framework 3.5 SP1 before you install SQL Server 2012. Internet Software Internet Explorer 7 or a later version is required Hard Disk SQL Server 2012 requires a minimum of 6 GB of available hard-disk space. The current server exceeds this requirement. Drive A DVD drive, as appropriate, is required for installation from disc. Monitor SQL Server 2012 requires Super-VGA (800x600) or higher resolution monitor. B. Processor, Memory, and Operating System Requirements The following memory and processor requirements apply to all editions of SQL Server 2012 (The requirement is provided by Microsoft) (Illustration 6.2) Component Requirement Memory[1] At least 4 GB and should be increased as database size increases to ensure optimal performance. The current Server exceeds this requirement. CPU/Motherboard l Xeon with Intel EM64T· x64 Processor: AMD Opteron, AMD Athlon 64, Inte 19 Server Core Support: Change of the Server Code is not needed since installing SQL Server 2012 is supported on the Flix2You’s current Server Core mode of Windows Server 2008 R2 SP1 64-bit x64 Standard. C. Database Backup and Recovery o Planning for recovery after a catastrophe is a necessity. In order to recover the database, a backup plan will be provided. Providing two different buildings for storing the backups is recommended. Each location should be fire resistant, earthquake and flood proof. Both places should have security cameras. Disks will be used for the backups, and backup operators are responsible for different backups: o Full backup: This backup is meant for the whole database. In SQL Server 2012, the full backup is smaller than the whole database, and this will lead to shorter amount of time for the full backups. o Differential Backups: This backup is only for the objects that have been changed since last backup. o Incremental Backups: This will be for transaction log operations. o Encryption keys backups: In SQL Server 2012, it is important to have a complete backups of all the keys and certificates, and store them in a safe place to protect against theft, fire, flood, or any kinds of damages. SQL Server 2012 Enterprise Edition supports data compression, which reduces the disk cost by 60-70 percent. Timing of the backup depends on the size of database. Since Flix2You has about 20 Million users, every full backup might take between up to one hour. Differential and incremental backups will take less than 15 minutes. (Illustration 6.3) Day of the Week Weekly Full Backups Monday A full backup Tuesday A differential and incremental backup with all changes since Monday Wednesday A differential and incremental backup with all changes since Tuesday Thursday A differential and incremental backup with all changes since Wednesday Friday A differential and incremental backup with all changes since Thursday Saturday A differential and incremental backup with all changes since Friday Sunday A differential and incremental backup with all changes since Saturday 20 Our suggestion for backup device: Using Disk drive since they are the fastest way to backup and restore the files. Recovery Plan Validating the backups weekly. It means after finishing the backups, we will validate that we have a usable backup, and we can use them for recovery. Practicing restoring the database on a regular bases. This will make everybody to be prepared when the system goes down, and the pressure is high. The estimation for the time of recovery will be determined in each restore practice to make sure we plan according time in needed time. Data Access and Security We make sure that our security approach will secure all: 1. Hardware system Authorized users should use the server and each workstation. Each user based on his/her authorization is going to be assigned with a user ID that gives specific permissions for accessing the database. Each one of the stations will be utilized to the UPS to prevent the system interruption due to the power outage. Having a backup and recovery plan The server and all workstation must have locks. A remote kill switch will be implemented. Using separate building for backup and recovery disks just in case of any natural disasters. 2. Operating system Installing the most recent antivirus and security systems against worm attacks, denial-of-service attacks, Trojan horses, password crackers. Regular backups Only authorized application can be installed by using group policies. Audit log will be created automatically in the SQL Server 2012. 3. Software applications Application programs will be tested extensively to make sure they are free from bugs and buffer flow. To prevent cross-site scripting and unauthorized inputs, all the application codes will be safeguarded. Providing spam filters and antivirus For E-mail attacks. We will be using the open web application security project to make sure using the secure coding techniques. 21 4. Network and all related devices To make sure that our network is secure against IP spoofing and packet sniffers, we install firewalls. Another step will be installing a VPN (Virtual Private Network) IDS also will be used for Intrusion Detection System. Any network activity will be monitored extensively. 5. All users A set of rules will be enforced for creating passwords to make sure users create the least vulnerable passwords. Using screen savers for the moments that the user has left the computer unattended. Security cameras will be installed in the server and workstation areas. The server room will have an automatic door lock. 6. Data: SQL Server 2012 encrypts data by using: The transparent data encryption. Extensible key management (encryption standard AES256) Built-in cryptography hierarchy Access permission will be defined. Data view will be defined by DBA. The SQL Server 2012 allows the DBA to define the scope of data that each user can view. This will make sure that each user can have access to part of the database that is related to their job. There will be a need for data security officer to ensure the company is in compliance with the necessary amount of confidentiality. Data security officer, database administer, and Flix2You management should have an agreement to follow the company’s policies, and also to make sure the data confidentiality rules are agreeable with HIPPA, GLBA, and SOX. Authorization: There will be different levels of access to the database: DB1 Administration: They can do anything throughout the system. Flix2You Administration: They have access to the entire database Member: They are all users with valid account. Guest: They are authenticated user, and they have very limited viewing access of the site. 22 Benefit from the Most Secure Database SQL Server has recorded the fewest number of vulnerabilities. [National Vulnerability Database] Most Up-to-Date Encryption Technologies Built on Trustworthy Computing Initiatives 10 years of applying Security Development Lifecycle in Trustworthy Computing initiatives. Take advantage of a built-in cryptography hierarchy. Encrypt data seamlessly using Transparent Data Encryption. Sign code modules. Employ Extensible Key Management using the latest encryption standard AES256. Privacy statement* There is sensitive information about the customers in the tables. We take the security of the database very seriously. Other than encrypting the data, and providing a firewall, we take further steps to protect the backup disks and the server itself. We have to also protect the keys that will be used for encrypting the data. In SQL server 2012, encryption of data happens by hierarchical encryption, which gives the database a more reliable security by providing asymmetric keys. These asymmetric keys will be stored in outside of SQL server in an EKM module. Implications or Disclaimers Each member should sign an agreement for a disclaimer. A lawyer to protect the Flix2You from future legal complications should provide this disclaimer. Each employee, who has access to the sensitive information, must sign an agreement for being faithful towards the sensitive data assets. Company also is responsible to provide some information about Flix2You privacy policy such as: What types of information Flix2You will collect, and what does company do with the information. How does Flix2You protect customer information? Does your company use cookies? Will be any of the customers’ information shared with the third party? Any future changes in the company’s policy. Any links to other websites. Contact information Sample of Privacy Disclaimer generated by http://www.privacypolicyonline.com/: *Privacy Policy for Flix2You can be found in the General Terms and Conditions of the Legal Issues section of this proposal. (page 28 ) 23 Dataload For migrating from existing database to the new one we use the SQL Server Import and Export wizard. Over all we have twelve tables. For each table, we have to change the mappings between the source and destination columns since we have changed all the tables and their attributes. For installing SQL Server and Integration SSDT (SQL Server Data Tools) and SSIS ( SQL Server Integration Services will be installed first). 7. DATABASE DASHBOARD AND ANALYTICS We have decided to go with the Dundas Dashboard Software as we believe it is the one of the best pieces of dashboard software on the market. It is very easy to use and includes such features as exporting data to Excel, advanced filtering, more than 50 out-ofthe-box formulas, ability to print to .pdf, email notifications, and many other innovative features. Dundas supports many of the most mainstream as well as new data sources for importing data and for the sources they don't support, they will build custom data connectors to the data source for you! Dundas includes a very sleek and powerful HTML5-based Mobile Dashboard Explorer App. It is tile based so it works really well with a touchscreen, it allows you to customize the apps homescreen with various metrics, allows you to easily drill-down by just tapping a tile on the touchscreen, and the data is even in real time! We couldn’t be happier using any other software on the market for our Database Dashboard needs. (Illustration 7.1) Examples of Database Dashboard Module 24 (Illustration 7.2) (Illustration 7.3) (Illustration 7.4) 25 There is a plethora of data-rich information within the Flix2You data. This information can be used to make very informative and advantageous marketing decisions. Such information includes what movies the customers rent, how much they spend at Flix2You per month, what their favorite genre is, and even who their favorite actor or director is. The possibilities are endless. To actually be able to effectively use this data, you will have to run SQL queries to retrieve it. The following SQL query would give you information what movies the customer has rented or purchased: SELECT CUS_FNAME, CUS_LNAME, CUS_PHONE, CUS_EMAIL, MOVIE_ID, MOVIE_TITLE, MOV_SUMMARY, TRANS_ID, TRANS_DATE; FROM CUSTOMER, MOVIE, TRANSACTION; WHERE MOVIE.MOVIE_ID = TRANSACTION.MOVIE_ID; GROUP BY MOVIE_TITLE; ORDER BY CUS_LNAME ASC; This following SQL query would generate a list of actors and what movies that they play in: SELECT STAR_ID, STAR_FNAME, STAR_LNAME, MOVIE_ID, MOVIE_TITLE; FROM STAR, MOVIE; WHERE STAR.STAR_ID = MOVIE.STAR_ID; GROUP BY STAR_FNAME; ORDER BY STAR_FNAME ASC; This last SQL query would generate a customer's rating for a movie: SELECT CUS_RATING_CODE, MOVIE_ID, CUS_ID, MOVIE_TITLE, CUS_FNAME, CUS_LNAME; FROM CUSTOMER_RATING, MOVIE, CUSTOMER; WHERE MOVIE.MOVIE_ID = CUSTOMER_RATING.MOVIE_ID; AND CUSTOMER.CUS_ID = CUSTOMER_RATING.CUS_ID; GROUP BY CUS_FNAME; ORDER BY MOVIE_TITLE DESC; 8. LEGAL ISSUES DB1 Consulting will work closely with your Legal Council in drafting a Terms and Conditions and Privacy Policy for your website. We are also willing to work with your Human Resources department in drafting Employee Policies for the handling of Customer Confidential Information including setting up permissions and roles for accessing Payment records. 26 Below is a sample for your review: Flix2You Web Site Terms and Conditions of Use 1. Terms By accessing this web site, you are agreeing to be bound by the Flix2You web site Terms and Conditions of Use, all applicable laws and regulations, and agree that you are responsible for compliance with any applicable laws. If you do not agree with any of these terms, you are prohibited from using or accessing this site. The materials contained in this web site are protected by applicable copyright and trademark law. 2. Use License Permission is granted to temporarily download one copy of the materials. (information or software) on Flix2You's web site for personal, non-commercial transitory viewing only. This is the grant of a license, not a transfer of title, and under this license you may not: Modify or copy the materials use the materials for any commercial purpose, or for any public display (commercial or non-commercial) attempt to decompile or reverse engineer any software contained on Flix2You's web site remove any copyright or other proprietary notations from the materials; or transfer the materials to another person or "mirror" the materials on any other server. This license shall automatically terminate if you violate any of these restrictions and may be terminated by Flix2You at any time. Upon terminating your viewing of these materials or upon the termination of this license, you must destroy any downloaded materials in your possession whether in electronic or printed format. 3. Disclaimer The materials on Flix2You's web site are provided "as is". Flix2You makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties, including without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights. Further, Flix2You does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on its Internet web site or otherwise relating to such materials or on any sites linked to this site. All trademarks, trade names, service marks, copyrighted work, logos referenced belong to their respective owners/companies. 4. Limitations In no event shall Flix2You or its suppliers be liable for any damages (including, without limitation, 3rd party applications, websites or endorsement of any content listed on the website) arising out of the use or inability to use the materials on Flix2You's Internet site, even if Flix2You or a Flix2You authorized representative has been notified orally or in writing of the possibility of such damage. Because some jurisdictions do not allow 27 limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you. 5. Account Access and Payment Information Your personal information shall be password protected and encrypted by Flix2You administration. It is your responsibility to update and maintain your account information. Personal Payment Method provided upon purchase is only maintained for that single transaction verification and shall not be stored for future use. There are no refunds or credits for merchandise that is received. If there is a problem with a purchase you can contact Billing@Flix2You.com for resolution. 6. Links Flix2You has not reviewed all of the sites linked to its Internet web site and is not responsible for the contents of any such linked site. The inclusion of any link does not imply endorsement by Flix2You of the site. Use of any such linked web site is at the user's own risk. 7. Site Terms of Use Modifications Flix2You may revise these terms of use for its web site at any time without notice. By using this web site you are agreeing to be bound by the then current version of these Terms and Conditions of Use. 8. Governing Law Any claim relating to Flix2You's web site shall be governed by the laws of the State of Pennsylvania without regard to its conflict of law provisions. Privacy Policy Your privacy is very important to us. Accordingly, we have developed this Policy in order for you to understand how we collect, use, communicate and disclose and make use of personal information. The following outlines our privacy policy. We protect your information We protect the confidentiality and security of your personal information by using industryrecognized security safeguards such as firewalls, coupled with carefully developed security procedures to protect your information from loss, misuse or unauthorized alteration. Whenever we ask for sensitive information, such as credit card numbers, we encrypt it as it is transmitted to us. Our employees are trained and required to safeguard your information and, using physical, electronic and procedural safeguards, we restrict access to personal information to those employees and agents for business purposes only. Additionally, we use internal and external resources to review the adequacy of our security procedures. Before or at the time of collecting personal information, we will identify the purposes for which information is being collected. We will collect and use of personal information solely with the objective of fulfilling those purposes specified by us and for other compatible purposes, unless we obtain the consent of the individual concerned or as required by law. 28 Cookies, Web beacons and other Web technologies We use a variety of technologies on our Web site. Among these are cookies, which are pieces of information that our Web sites provide to your browser. Cookies allow us to track overall site usage and determine areas users prefer. Cookies also allow us to customize your visit to our Web site by recognizing you when you return. You can choose to decline cookies while at our Web site, however, this may limit your ability to access certain areas of the Web site. Most browsers accept and maintain cookies by default. Check the "Help" menu of your browser to learn how to change your cookie preference. When we track activity on our Web site, we collect information such as your IP address, browser type and version, and pages you view. We also keep track of how you got to our site and any links you click on to leave our site. Once you leave our site, we do not track you. We use your Web site activity to assist us in offering you a personalized Web experience, assist you with technical support and to tailor our offerings to you. Remember, you control whether you receive Flix2You promotional materials. We may access and set cookies using Web beacons, also known as single-pixel GIFs which are invisible graphical images. These Web beacons tell us useful information regarding our site such as which pages users access. When we send you e-mails, we may include a singlepixel GIF to determine the number of people who open our e-mails. When you click on a link in an email, we record this individual response to allow us to customize our offerings to you. Advertising networks that serve ads on our Website may assign a different cookie to you. The information collected is anonymous and is not linked to your personal information. These cookies may be used to select which ads you see and determine the effectiveness of this advertising. You may choose to decline cookies from third-party ad servers, which Flix2You does not control. We will only retain personal information as long as necessary for the fulfillment of those purposes. We will collect personal information by lawful and fair means and, where appropriate, with the knowledge or consent of the individual concerned. Personal data should be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete, and up-to-date. We will protect personal information by reasonable security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification. We will make readily available to customers information about our policies and practices relating to the management of personal information and are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of personal information is protected and maintained. Online Privacy Policy Only This privacy policy applies only to our online activities and is valid for visitors to our website and regarding information shared and/or collected there. This policy does not apply to any information collected offline or via channels other than this website. 29 9. REFERENCES --- ALL MEMBERS Cherry, D. (2012). Securing SQL Server: Protecting Your Database from Attackers. Syngress Media. Dundas Data Visualization, Inc. (2013). Dashboard customization and interactivity. Retrieved from http://www.dundas.com/dashboard/features/dashboard-customization.aspx Infocaptor. (2013). Business intelligence dashboards. Retrieved from http://www.infocaptor.com/help/infocaptor_enterprise.htm?mw=MzAw&st=MQ==&sct=MA= =&ms=AAAA Kilar CEO, J. (2012, December 17). A Big 2012 [Web log post]. Retrieved from http://blog.hulu.com/2012/12/17/a-big-2012/ Knight, B., Knight, D., Davis, M., & Snyder, W. (2012). Knight's Microsoft SQL Server 2012 Integration Services 24-Hour Trainer. Wrox. Microsoft. (2013). SQL server 2012 standard edition. Retrieved from http://www.microsoft.com/en-us/sqlserver/editions/2012-editions/standard.aspx Nadel, Ben (2013). Blog of Ben Nadel “Private Policy Generator” BenNadel.com http://www.bennadel.com/coldfusion/privacy-policy-generator.htm#primary-navigation Netflix. (2013). Q4 12 Financials Statements. Retrieved from http://ir.netflix.com/results.cfm?Quarter=4&Year=2012 Norman, H. (2007). Television & health. Informally published manuscript, Science Education, California State University, Northridge, CA, Retrieved from http://www.csun.edu/science/health/docs/tv&health.html Oracle Database Online Documentation Library 10g Release 2 (10.2) http://docs.oracle.com/cd/B19306_01/network.102/b14266/policies.htm http://docs.oracle.com/cd/B19306_01/network.102/b14266/admusers.htm#i1007493 Rosen, J. (2013, January 07). 2013 Showdown: Netflix vs. Hulu Plus [Web log post]. Retrieved from http://infospace.ischool.syr.edu/2013/01/07/2013-netflix-vs-hulu-plus/ Rudrasoft LLC. (Designer). (2013). Infocaptor Dashboard Designer [Portable Document]. Retrieved from http://www.infocaptor.com/how_to_build_dashboard_using_excel.pdf Simmons, K., & Carstarphen, S. (2012). Pro SQL Server 2012 Administration. Apress. 30