When To Run Methods in Unprotected Mode - Analytics Database - Teradata Vantage

SQL Data Definition Language Detailed Topics

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2024-10-04
dita:mapPath
vuk1628111288877.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
jbg1472252759029
lifecycle
latest
Product Category
Teradata Vantage™

You should develop your methods in protected mode, which is the default when you create a new method. Protected and secure modes are states in which each instance of a method runs in a separate process. This is done to protect the system from many common programming errors such as non-valid pointers, corrupted stacks, and illegal computations such as divide-by-zero errors that would otherwise crash the database, produce problems with memory leakage, or cause other potentially damaging results.

The difference between a protected mode server and a secure mode server is that a protected mode server process runs under the predefined OS user tdatuser, while a secure server process runs under the OS user specified by the UDF in its EXTERNAL SECURITY clause. The two processes are otherwise identical.

These problems all cause the database to crash if they occur in unprotected mode. Methods can also cause the database to crash in protected and secure modes if they corrupt the shared data areas between the database and the protected or secure mode method.

Protected and secure modes are designed to be used for the following purposes only.
  • Testing all methods that are in development.
  • Running any methods that cause the OS to consume system resources.

    This includes anything that causes the OS to allocate system context, including open files, pipes, semaphores, tokens, threads (processes), and so on.

If a method does not perform operations that cause the OS to consume system resources, then you should change its protection mode to EXECUTE NOT PROTECTED (see ALTER METHOD) after it has met your qualification standards for production use.

If a method does perform operations that cause the OS to consume system resources, then you should always run it in protected mode, even after it has been thoroughly debugged and meets all your production-level quality standards.

The following table summarizes this information for production-ready methods:

IF a method … THEN you should run it in this mode …
does not cause the OS to consume system resources unprotected.
performs operations that cause the OS to consume system resources
  • protected under the predefined OS user tdatuser.

    or

  • secure under either of the following users:

    tdatuser

    the OS user specified by the EXTERNAL SECURITY clause.

The best practice is to develop and test your methods on a non-production test system. You should run any newly created method several hundred times, both to ensure that it does not crash the system and to determine any performance issues that could be avoided by alternate method design and better coding techniques.

You can use the cufconfig utility (see Teradata Vantage™ - Database Utilities, B035-1102 and Teradata Vantage™ - SQL External Routine Programming, B035-1147) to expand the number of protected or secure mode servers from the default value of 2 per AMP or PE to a maximum of 20 per AMP or PE vproc. The minimum is 0.

Protected mode servers consume disk resources as follows:



In unprotected mode, a method is called directly by Vantage rather than running as a separate process. You should only alter a new method that does not require the OS to allocate system context to run in unprotected mode after you have thoroughly tested and evaluated its robustness and performance impact. Once the newly created CPU-operations-only method has passed your quality measures and is ready to be put into production use, you should alter it to run in unprotected mode.