Firebird Databases as the Back-end to Enterprise Software Systems

Firebird 2

Firebird 2, which features significant enhancements to many of its subsystems, including the SQL optimizer, is currently in its second beta testing cycle. The full release is expected by mid-year 2006.

"Vulcan"

A "fork" was taken from the early Firebird 2 alpha code in December 2003 for the purpose of redesigning the threading architecture of the database engine. The project, implemented by the original developer of InterBase (Jim Starkey) was commissioned for SAS Institute, the world's largest vendor of business and medical statistics application software. SAS had made the decision in 2003 to move many of its business applications over from Oracle to Firebird. The sources, code- named "Vulcan", were formally handed over to the Firebird project in 2005 and continue to be developed in parallel with Firebird 2. The first public beta-testing cycle of Vulcan is due to begin about mid-year 2006.

Firebird 3

Merging Firebird 2 and the Vulcan code has started, with the objective of releasing Firebird 3 early in 2007. Firebird 3 will have full support for fine-grained thread management on multi-core and multiple-CPU hosts, full utilisation of 64-bit system features and a raft of configuration options for customising both server and database-level security.

“ACID Compliance”

Such intrinsic stability in a DBMS is an obvious requirement, regardless of any other factors in the wish-list of the enterprise. A set of interleaved principles has evolved over the years defining four essentials that no database management system should lack if it is to be taken seriously. “ACID” is an acronym for these four principles: Atomicity, Consistency, Isolation, Durability.

Firebird's design and architecture are fully “ACID-compliant”. The ACID concepts are described below, in the section Acid Compliance and Firebird, with comments about how Firebird meets each principle.

Everything in Firebird is done within the context of an ACID transaction. A Firebird transaction may involve many complex, inter-dependent steps of an enterprise task but it will never permit violation of any ACID principle.

Track Record and Support

With the stability of our production environment in mind, we may not always want to choose a brand-new DBMS to be the heart of our enterprise systems. In general, we prefer to begin with a product that has established its capabilities and whose sweet and sour spots are known and well understood. If end-users are to be responsible for dealing with problems that might occur, we want to know whom they should call on for assistance. If an application software vendor is the one who takes the 000 call, does that vendor have adequate support on hand?

The Firebird end-user community is well-served by highly-capable tool and application developers and vendors. Typically, these developers have been close to the developing source code for six years. Much of their expertise extends much further back, to the earliest days of the Borland development tools, which have always shipped with InterBase developer versions in the enterprise packages.

The Firebird developer community is famous for its support forums, where expertise is constantly shared.

End-user support contracts, while offered by several companies, are rarely demanded. Contract support for developers is available in many countries, including Australia. However, it must be said that demand from developers for support, beyond perhaps the installation stage on an unfamiliar hardware platform, is low in most locations.

Future Development

On the other hand, because business demands change and hardware capabilities increase rapidly, we may also want to know whether the DBMS is under active development or is near the end of its development life. We expect regular sub-releases and signs that the next major release is on the way. When we are ready, will it be easy to upgrade? Can our existing databases be migrated painlessly to a new release or will it be a lengthy, do-or-die logistical exercise?

Now in its sixth year, the Firebird Project team continues confidently on its track towards planned releases that will implement architectural enhancements to meet hardware advances and satisfy a demanding community of developers, users and supporters. The openness of the code and the renowned willingness of the community to share what they know ensures a continual supply of up- to-date knowledge about the code modules and the software's capabilities.

The project's independence from commercial owners frees end-users from concerns about continuity and ensures that technical discipline prevails over the drive to get releases “to market”.

Standards Compliance

Firebird is among the most compliant of all the RDBMS offerings in its implementation of the international (ISO) and U.S. (ANSI) standards for the the SQL query language, exceeding even its InterBase cousin. Standards evolve continually and, as they do, the Firebird developers keep the language implementations from release to release aligned to the latest published versions.

Existing implementations of language features that become subject to new standards are retained as “deprecated options” to ensure backward compatibility.

Independence

Firebird is designed for interoperability as a “back-end” in the absolute sense. It is not bound to any “integrated solution” that ties databases to a specific environment. A decision to move Firebird databases from a Windows to a Linux or Unix host, or vice versa, can literally happen overnight. All it takes is a transportable backup at the old host and a restore at the new and you are back in business.

Application vendors who are mindful of the ease of such transitions are careful to write software that is “aware” of the ways Firebird servers can be configured so that software running on any client operating system can access database servers running on any other supported operating system.

Firebird is capable of running in heterogeneous networks. Application software written for one operating system happily connects to databases running on another, without modification. An application can connect to multiple database servers on mixed hosts simultaneously and can run multi-database transactions across mixed hosts.

It is common, for example, for demanding sites to run several Firebird servers, replicating between a high-cost main server and cheaper boxes running a sparsely-configured Linux with fast disk systems for load-balancing and failover.

Firebird servers can also participate in heterogeneous transaction server environments like MTS and Citrix, in pass-through environments and in secure virtual networks.

Connectivity

Firebird has no requirement for suites of special modules to bind it to external applications. All data access layers converse with the server through its two published application programming interfaces (APIs), one for database-level operations and the other for server-level services such as backup and user authentication.

Driver support is available for a large number of programming and standard interface environments, including Java/JDBC, ODBC, .NET, Delphi, Python, PHP and Perl.

“Autonomic Features”

“Autonomic features” include such things as

• file-system independence
• declarative referential integrity
• the ability to implement validation and/or business rules via triggers and CHECK constraints
• stored procedures, to encapsulate business procedures and processes internally, independently of any application language or user interface
• database-resident user access control
• the ability to query external data as “virtual” structures without needing to store that data
• the ability to output programmatically constructed temporary data sets without the need to materialise temporary tables
• retention of deprecated features to ensure backward compatibility

Firebird supports all of these autonomic features.

Complexity of Migration and Upgrade

A further aspect of database autonomy that has become an issue for users of many high-profile DBMS products in recent times is the degree of transparency with which legacy databases can be managed and migrated when the server software is upgraded or databases are ported to a different host hardware or operating system platform. With these issues, the common experience is that they are high-cost in terms of time and logistics.

Transaction Logging

Durability is one of the hardest principles to comply with. Other database management systems that claim ACID support have traditionally dealt with it by storing uncommitted transactions in a transaction log. However, logging never totally guarantees durability, since the log file itself may be logically or physically corrupted by the event that interrupts the transaction.

Some DBMSs that rely on logging to achieve durability try to reduce that risk by using a “write-ahead log” to log requests to disk before attempting to post changes. If the write-ahead log survivesundamaged, it may be possible to retrieve uncommitted work when the system recovers and use it to reconcile database state and restore it as it was before the event. Such systems are characterised by the need for a lengthy “recovery procedure” after network or power failures.

Certain high-profile DBMS products are notorious for log-related breakages resulting from interrupted transactions. The instability of these database engines is such that, even on sites with moderate requirements, it becomes a necessity to employ staff to babysit the server around the clock to keep it out of trouble and fix breakages before problems propagate too deeply to save data integrity.

Firebird's Multi-generational Architecture

Firebird's architecture avoids the need for recovery logging by literally retaining the preceding version of every deleted or changed record, not just for the duration of the transaction but until all transactions that were “interested” in that record, for any reason at all, have ended. The term for this is “multi-generational architecture”, or MGA.

MGA was unique to InterBase for about 10 years until it was imitated by Oracle. Once the Firebird sourcecode was available, PostGreSQL copied it. More recently, Microsoft has introduced MGA in the latest evolution of SQL Server.

Transaction Logging and Firebird

Firebird does not need transaction logging for recovery purposes and it does not include any transaction logging facilities in the engine. However, where enterprises require logging for auditing purposes, some excellent logging service software is available from third party vendors.

Distributel, Telco Services Provider

Location: Canada

Contact: Dalton Calford (CTO)

Distributel is a long-distance telephone services provider with three corporate offices spanning three cities and two provinces. It uses Firebird as the back-end to corporate information systems, servicing an average staffing level of around 500 users. However, in-house information systems is not the area where we use Firebird most heavily.

The real stress test comes from our customer load. We provide a wide variety of services, servicing hundreds of thousands of customers, who process 2 million transactions a day. The whole shebang is handled by one database, effectively.

We have three unmanned network Points of Presence (“PoPs”), each in a different city, plus a development PoP in our testing lab. Each PoP has a dual telco switch system that performs load balancing and acts as failover support in case one fails.

That equipment is very specific to our needs, but we control it all using Firebird. Each switch is connected to two signal control processors (SCPs), which are slimline computers running Firebird. That means that each PoP has four SCPs. Each SCP hosts two independent databases, meaning we have 32 separate databases, all containing identical metadata and data.

If we lose a PoP, the other PoPs can take over the call, according to the “call state”. Of a possible 96 call states, only four are not recoverable. Each city keeps redundant dialogs with the SCPs from other cities and the response dialogs are live-audited in real time.

For an indication of how fast the response has to be, when you pick up the phone, a signal goes back to a telco switch, which then asks a SCP what to do. The general response is 'play dial tone and wait for digits'. Dial tone is not automatic—it is the response of a query into the Firebird database that checks line IDs, customer status, service notices (such as call answer) as well as governmental warrant and privacy needs.

By law, we are only allowed one failure in 99,999 phone calls, the so-called “five nines” that is said to define “enterprise-capable availability”.

Our customer service reps are also involved in updating the databases. Those databases report real-time call information to the reps, as well as to the billing system, a Firebird database. Besides storing and generating our Accounts Receivable, as one would expect, the database is also concurrently queried by our interactive voice response units, the service personnel whom customers call to inquire about their account status and their call history.

Prague Municipal Library

Location: Czech Republic

Contact: Ondrej Cerny, IT department manager

Prague Municipal Library oversees about 3,000,000 publications and has about 120,000 regular (registered) users. The central library has many branches all over the city, of which about 20 are currently connected to the IT center at the central library. Deployment is ongoing, with two or three more branches going on-line each month, each adding about 5-10 new users using 10-50 new attachments.

The library runs about 20 applications over a single Firebird database. Five are considered as core applications used by most users, handling normal library operations, public-access terminals (in libraries) and public Internet access to book collections. These applications are used by 300-350 concurrent users during working hours, using between 400 and 600 connections to the single database, which is currently about 30GB in size. Firebird handles 3-5 million transactions each day. Other applications are specialised or daemon-like watchdog applications (sending out e-mails about requested books etc.).

They run Linux Classic Firebird 1.5.2 on Red Hat 9 with a kernel tailored to handle 400-600 classic instances. Hardware is a 4-CPU Xeon machine with 16Gb RAM and a 120Gb RAID 10 storage array. They also have an 8-CPU Xeon with 20Gb RAM and a 500Gb RAID 10 to handle future needs—recall that this is an ongoing deployment, so scale is rising steadily all the time. The library does not operate 24/7. They have a maintenance window from midnight to 5 a.m. each day, but the system must run without outages the rest of the time. Outages are not life-threatening so they have a failover plan in place to restore operations in less than two hours in case the primary system suffers a fatal failure.

Although they are very satisfied with Firebird, they do have problems with old applications still in use that use the Borland Database Engine (BDE), an obsolete data access layer designed for use with desktop databases such as Access, that never scaled well on networks and is particularly dumb about transaction-driven data management. The biggest problem is blocked garbage collection that forces them to do a backup/restore every night and to throw a lot of hardware into it to compensate for the performance degradation as garbage accumulates throughout the day.

Despite the current not-so-healthy state of the application architecture, the 4x Xeon machine is about 50 per cent utilised. Those old BDE apps are due for replacement this year with a new application set that uses three-tier architecture and connection pooling, using a direct data access interface in the Delphi middleware. They expect that when this is sorted out, they will get a substantial amount of hardware reserve with current equipment, enough to handle all their growing needs for the next five years.

OneDomain, niche business intelligence systems

Location: Birmingham, Al, U.S.A.

Contact: Ed Salgardo Snr

OneDomain is a rapidly growing Birmingham, Alabama-based software company that develops and markets media planning, research, and business intelligence software to television stations across the United States. The primary product, called ClearView, allows broadcast salespeople to analyze TV ratings and target their approaches to selling time slots to advertisers. Following incorporation in October 2001, our first two years were spent in product development. Only 24 months after our first major software release in November 2003, OneDomain earned a 20% market share and it is more like 30% now.

Conceptually, our application architecture is really client/server but we use Citrix [Metaframe Terminal Server] to make it kind of "thin" for the clients by running the application in a chunk of memory at the server and not at the client.

We have a server with the Firebird 1.5.2 database and several (upwards of six) Citrix servers hitting it. We use a thick Win32 client, written in Delphi, that runs on the regular Citrix servers and provides the users with an application that acesses the database hosted in the Citrix server machine, a four-processor machine, using hyperthreading to look like eight processors, and with some 3.5Gb of RAM available.

We started with Firebird running as SuperServer but quickly changed to Classic for several reasons, including the memory usage limitations that seriously downgraded performance when things started getting hot.

With some 800-900 theoretical users, of whom fewer than 300 are likely to be simultaneously logged in, we have been able to handle the load so far. The good thing about this set up is you can scale easily if you need to, just by adding more servers.

Moscow Interbank Currency Exchange Bank

Location: Russia

Contact: Sergey Korotkikh

Despite its name, MICEX is the largest stock, foreign currency and derivatives exchange in Russia. Average daily turnover exceeds $6 billion. As a fully electronic exchange, MICEX has been using InterBase and, latterly, Firebird, databases since 1994 as the main storage for market data, orders and trades.

The MICEX Trading System serves more than 2000 users located throughout the whole territory of Russia in eight time zones. It trades in real time with an average payload of more than a quarter of a million orders per day, with more than 180,000 concluded trades daily.

In addition, more than 300 electronic broker systems connect to the Trading System via a special bridge providing a connectivity API. The Trading System itself is "semi-detached" from the database backend, effectively providing a very fat middleware layer to the database, from and to which it retrieves and maintains all necessary market and trading information.

Apart from its trading functions, the Firebird database is heavily used by our clearing activities and reporting. We generate daily trading and clearing reports for all of our almost 1000 members and send them via e-mail.

Being a key Russian financial exchange, MICEX is obliged to maintain a high level of reliability. According to the results of an audit done by the Gartner Group, we maintain an availability level of 99.999 per cent.

Superserver

Each Firebird Superserver is limited to a practical maximum of, at most, around 150 to 400 concurrent connections. The reason for this is that a Superserver and all of its connections to all databases are wrapped in a single, 32-bit process. A 32-bit process cannot address more than 2 Gb of memory. Each connection to a database causes the database engine to start one or more threads in which to process requests from that connection; the Superserver also runs process threads of its own for background garbage collection and other on-line tasks.

The Superserver also needs RAM for other purposes, of course.

A configurable page cache-—one for each database that has active connections-—is maintained to keep frequently-used database and index pages in memory. On Superserver, this cache is shared by all connections to that database. The size of the page cache defaults to 2048 pages so, for a database having the default page size of 4Kb, 8 Mb of RAM needs to be available for efficient use of the cache. (If the cache needed to be paged out to virtual memory, its purpose would be defeated!).

Typically, databases are created with an 8Kb page size and it is a common source of resource starvation when developers and DBAs over-configure the cache drastically, in the belief that “more is better” (what the author refers to as “the Lambourghini syndrome”: if you drive to work in the CBD at peak-hour in a Lambourghini, you're going to get there faster than I do in my Mazda 121!).

Sometimes this measure is taken to try to speed up response time that becomes degraded by poor transaction management in client code and by careless connection management. It is pointless. Such problems have nothing to do with the size of the cache and everything to do with inattention to resource cleanup. Ramping up the cache simply exacerbates the problem.

Consider the effect on resources when, for example, the cache for a typical 8Kb page size is ramped up to 20,000 pages. That represents 160 Mb that must be preserved in memory to make caching useful. The server maintains its lockfiles in RAM and these will grow dynamically (up to a configurable maximum) as more connections come online. Firebird 1.5 will use RAM for sort operations if it is available. This is great for response time, but many poorly-written applications hold open ordered output sets comprising thousands of rows for long periods.

Database servers love RAM. The more that is available to the server, the faster it goes. However, that 2Gb barrier kills Superserver in an overpopulated environment because each Superserver connection uses about 2Mb of RAM to instantiate its process thread and maintain its resources. So 500 Superserver connections will use a gigabyte, leaving somewhat less than a gigabyte of total addressable RAM available to the database server for processing, sorting, transaction accounting, lock tables, in-memory storage and new connections.

Classic

The Classic “server” is in fact not a database server at all, but a background service (or, on Linux, an xinetd daemon) that listens for connection requests. For each successful connection the service instantiates a single Firebird server process that is owned exclusively by that connection. The result is that each connection uses more resources, but the number of connections becomes a question of the amount of RAM available on the host machine. In addition to the ~2Mb to instantiate its connection, each also maintains its own, non-shared page cache. All connections get the same starting cache and, since the cache does not need to cater for shared use, it can (and should) be smaller. The recommended size is around 2Mb (512 pages for a 4Kb page size) on a 4Gb dedicated machine, but it can be much less. It is important to keep enough RAM available for the lock manager's table to “grow into” for peak connection loads.

64-bit Addressing

A way out of the 32-bit RAM limitations is to build a 64-bit Superserver. A 64-bit Superserver is possible on POSIX platforms where the OS has stable support for 64-bit hardware. An experimental 64-bit Superserver for Firebird 1.5.2 on AMD64/Linux i64 was released more than a year ago but it proved unstable. A 64-bit AMD64/Linux i64 build is included in the Firebird 2.0 beta 2 field test armoury. On Windows, it is not yet possible to build 64-bit capable Superserver because of issues with the current releases of the Microsoft Visual Studio 7 C++ compiler, the release-standard build environment for Firebird 2 on Windows. Private builds of both v.1.5.x and v.2.0 on non-Microsoft compilers are known to be working stably in production environments and the core development team has signalled its intention to keep a 64-bit Windows release in sight for Firebird 2.0.

Connection Pooling

Using middleware to hold and manage pre-allocated resources to keep a finite number of connections ready for incoming connection requests is known as connection pooling. There are several ways to implement connection pooling and compelling reasons to do so when a growing user base must be catered for. It would be unrealistic to set out to build an extensible multi-tier system without it. Connection pooling may be combined with a “queuing” mechanism if resources are inadequate to cope with peak loads.

The middleware developer needs to take special care to monitor attachments and detachments, especially from “stateless” clients like web browsers, to avoid resource leakages. Middleware should guard against recursive threaded workflows that could monopolise the pool and, for architectural reasons, should prevent threading across connections totally.

Competition for RAM

Trying to run a database server on a system that is running competing services, such as a web server, Exchange server, domain server, etc., will risk having those other services steal resources (RAM and CPU time) from the database server, denying Superserver even the 2 Gb that it is capable of using or limiting the number of connections to Classic, and slowing down database response time.

SMP Support

The incompatibility of the Superserver's threading implementation with the Windows implementation of symmetric multiprocessing (SMP) could be regarded as a “scaling limitation”, because of the arbitrary way Windows switches the entire affinity of a process between CPUs, resulting in a “see-saw effect”, whereby performance will continually come to a standstill at busy times, while the system waits for the OS to shift all of the Superserver's active memory resources from one CPU to another when it detects unevenness in CPU utilisation. Superserver is configured by default to be pinned to a single CPU to avoid this.

On Linux, multiprocessor handling does not cause this see-saw effect on 2.6 kernels and higher, although it has been reported on some 2.4 kernels on older SMP hardware. However, SMP does not gain any significant performance benefit for Superserver on Linux, either.

Support for configurable levels of SMP-aware, fine-grained multi-threading has been architected into the Vulcan engine and will become a feature of Firebird 3. It has already demonstrated sufficiently useful effects on memory-bound operations to make it something to look forward to.

At the same time, given the inherent importance of disk I/O to responsive online transaction processing, much of the noise about SMP capability is attributable to the Lambourghini syndrome. In the appropriate environment, Superserver is an efficient uniprocessor system! Classic—being a single process per connection—does not suffer from SMP inhibition, even on Windows. Until Firebird 3, when the distinctions between the two resource models will disappear, to be replaced by configurable resource management, Classic is the better choice for any upscaling plan that is able to accommodate increasing demand by augmenting system resources.

"Windows Networking"

An adequately resourced TCP/IP network using the appropriate Firebird server model is amenable to upscaling. A Linux host with no competing applications (including Xserver!) running on it will deliver the optimum performance at the enterprise end of the scale. As a database server, a Windows host suffers from some inherent overheads that will have a noticeable impact on performance under conditions of high demand.

However, there is another “gotcha” attached to Windows networking. The native Windows Named Pipes transport (“NetBEUI”), which Firebird's network layer supports for largely historical reasons, has an absolute limit that cannot exceed 930 connections to any server. Named Pipes should be avoided for environments other than small workgroup LANs anyway, since it is a “noisy” transport that gets noisier as contention rises.

Incidentally, databases on Windows should always be stored on NTFS partitions which, if properly protected, offer better performance and less risk than FAT32. Older hard disks that have been retained on systems that previously ran NT 4.0 should be also be regarded as risky, since the older NTFS does not reliably support filesystem protection measures added in later implementations.

Garbage Collection

MGA accumulates “garbage”, in the form of old record versions. The engine performs in-line garbage collection. However, it will not permit garbage collection of old record versions that are still “interesting” to some transaction. Transactions that remain interesting for long periods trap record versions pertinent to any transactions that started later, causing garbage to build up to an unmanageable level. It is essential that Firebird developers understand how this could happen and write software that avoids it, keeping the level of garbage low enough for the garbage collection subsystem to cope with.

Commit Retaining and “Autocommit”

Commit Retaining is a “feature” of Firebird that was inherited from the ancestor, InterBase. It was implemented as a means to retain server-side resources and keep them available for developers using Borland's rapid application development tools and the BDE, the generic data access layer that was used to connect Windows graphical applications to databases. Its purpose was to present a level playing field for RAD development, regardless of the database running at the back-end.

Autocommit—-a client-side mechanism that rolls the statement-level Post and the transaction-level Commit phases into a single step-—was provided to enable developers to avoid transactions altogether. In the RAD components, Commit Retaining and Autocommit were bound together. This fitted well with desktop databases like dBase and Paradox (whose engine is, in fact, the BDE!), which do not have transactions.

With Firebird (and InterBase), Commit Retaining causes transactions to remain interesting indefinitely. Garbage collection effectively ceases on the “standard” Borland RAD tools database application and any other applications that make use of Commit Retaining. Such systems are fraught with problems of progressively degrading performance that cannot be resolved except by shutting down the database and allowing these old transactions to die.

Autocommit and Commit Retaining are not restricted to the Borland tools, of course. They are supported by most data access interfaces and Commit Retaining is available in SQL, so it behoves the application developer to understand the effects and to use these features with extreme care and control.

Release Policy

The development team holds fast to the principle of not making a production release until and unless all outstanding issues in QA testing are resolved to the satisfaction of the project's administrators. Releases and sub-releases go through multiple beta and pre-release testing cycles. The downside of such tight discipline is that production release dates are not firm.

Releases represent major enhancements and new features. Sub-releases occur periodically between major releases to implement bug fixes and minor enhancements to existing features and tools, or to complete features that were partly implemented in a previous release or sub-release.

For client applications, the only essential requirement is to upgrade the run-time client library to the version matching the major release. Application vendors may also wish to incorporate new features into their software and synchronise the installation of a new Firebird release with installing new modules or versions of client and application server software.

Open Source Licensing

The Firebird source code is licensed under two derivatives of the Mozilla Public License v.1.1. (MPL). Modules that originated from the InterBase codebase are maintained under the InterBase Public License v.1.0, while the Initial Developer's Public License (IDPL) applies to new modules.

The IPL and the IDPL differ from MPL 1.1 only insofar as they remove some implied proprietary rights that the Netscape Corporation built into the Mozilla licences. The IDPL differs from the IPL in that it excludes “Inprise Corporation” from the severality of the source code copyright.

The MPL-style licences differ from the well-known Gnu Public Licenses (GPL) in that they are not “viral”. “Viral” is a term that describes the GPL restriction of forbidding code under that license from being compiled with other source code modules unless those modules are themselves made open source under the GPL. A non-viral licence permits modules to be compiled with closed, proprietary code, making it more useable for commercial software development.

However, like the GPL and most open source licences, the MPL-style licenses require that all changes to the licensed code itself be made freely available to the public and that the licensed code not be distributed under any other licence.