Assessing / selecting databases  : MariaDB & MongoDB

sunhux
sunhux used Ask the Experts™
on
Does MariaDB & MongoDB (I mean the Enterprise Edition) have
commercial support (just like RedHat Linux has while CentOS
is user-community support only)?

Concern is if there are security vulnerabilities (which may result
in data leaks) or DB corruption/integrity.  I've heard of banks
using MariaDB but I'm not sure if they house critical data but
I certainly would not want to house critical data on databases
that are non-commercially supported or even if it's commercially
supported by vendors with low track record (I deem Oracle &
MS as good-track record DB vendors).

I think MongoDB is a non-relational (ie network) DB.

Concern is if a database is hosting critical data, user-community
support is not non-committal & patches are not released as
regularly as commercially-supported softwares, though it's
noted MS release patches monthly, much more than any other
commercial vendors
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Prabhin MPDevOps Engineer
Distinguished Expert 2018
Commented:
Hi,
Mongo and MariaDB have enterprise versions as well. Support is not like other community editions.
Both of them support 24/7 and response time is 30mins. Hope this will be much more enough

As you said it's correct, MongoDB is a non-relational database, MongoDB is a document-oriented database. Instead of storing your data in tables made out of individual rows, as a relational database does, it stores your data in collections made out of individual documents. In MongoDB, a document is a big JSON blob with no particular format or schema.
MariaDB Quarterly patch schedules with all Bug Fixes availability
But in general, you can expect a new 5.5 and a new 10.0 release every two months. And a new 10.1 release every month. Note, though, that this is a guideline, not a promise.

MongoDB details of patches can be found here.

For more info please refer the below link.
https://mariadb.com/pricing
https://www.mongodb.com/products/mongodb-enterprise-advanced
PortletPaulEE Topic Advisor
Most Valuable Expert 2014
Awarded 2013

Commented:
MariaDB is a fork of MySQL

So if looking at MariaDB then perhaps also investigate MySQL (now owned by Oracle) and Percona

MySQL has an enterprise edition, and there are 24/7 support options
https://blogs.oracle.com/mysql/get-the-facts%3a-mysql-licensing-and-pricing
Version 8 of MySQL recently went GA and includes common table expressions and window functions

Percona have built their reputation on performance and support
https://en.wikipedia.org/wiki/Percona
Software Developer / Linux System Administrator / Managing Director
Commented:
Firstly, the answer to your direct questions is "yes, there is paid support available".

I am not a lawyer, but I see no difference in using a community supported or commercially supported database when it comes to the issues you raise, that is likelihood of a data breach or resolution in the case of a data breach. The chances of a data breach are not necessarily related to whether a product is commercially supported or not. It is how the database is configured, managed and isolated from inappropriate access. It also depends on the infrastructure in place and the people who develop the software that relies upon the database.

The same goes for data corruption. There are so many possible situations that can cause it and many are outside the control of the database vendor. With this in mind, it is unlikely that they will accept any liability unless you can demonstrate that it is a fault in their software (which is exceedingly hard - i.e. expensive - to prove).

It is highly likely that license agreements for commercial software will specifically exclude situations that you are concerned about. Most have limitations of liability that you accept when you accept the license agreement. I cannot see any commercial support provider accepting liability for a data breach, since there are so many variables concerned and it is more likely that the company using the database is responsible than the database vendor.

The primary difference between community supported and commercially supported is with respect to one thing - support. Naturally, a vendor offering support will be able to advise you on best security practices but this is likely to be limited to their product. This information will be available in the public domain as well, but may take more time to collate. When paying for commercial advice, you are relying upon the expertise of the support team to offer good advice, and since you have paid, you have a right to expect it.

You mention both open source and closed source databases in your question. There is wide disagreement as to whether open source or closed source software is more "secure". Generally the argument goes that closed source software is "secure by obscurity", in that because you cannot see the source, you have less knowledge of how to attack the system. The constant stream of security patches for closed source software, due to faults found by third parties would tend to argue against this. I suggest that neither is more or less secure. Ultimately it depends on the implementation and the nature of the code reviews.

The most important consideration is that you need to separate service from the software itself. Open source software tends to do this quite clearly. You obtain the software, often for zero cost, and then you pay for service should you need it. Most vendors like Red Hat do very well with this model. Once you separate software from service, it becomes easier to see that you choose the software based upon the quality and features and you then, optionally, select the support and service to ensure that your system operates within parameters that you set. This may mean that your internal team can provide support, or that you require paid support with guarantees of service levels.

You should see support as a kind of insurance. Read the terms carefully and make sure that you are going to receive the service you expect for the money that you pay. Often people take out support, don't read the small print, and end up worse off than they would have been had they not taken out support (that is, they have paid for support but still receive no resolution). I am most certainly not saying that paying for support is a bad thing. It can be a business saver. What I am saying is think about your question a little differently and avoid over simplifying things by saying software with support is better than software without it. For your situation, this may well be true but it is not necessarily so.

When it comes to fixing security issues in software, I have found nothing that indicates that paid support customers necessarily receive updates more slowly. In fact, it can often be the case that patches are released to the community first, issues are discussed and resolved and then commercial customers benefit from more tried and tested updates. So, by paying for support and using the commercial version of a piece of software, you may receive more tried and tested solutions but that will depend on the specific software.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial