Insight and perspectives

Db2 supports the use of Secured Socket Layer (SSL) to enable authentication through digital certificates, and to provide private communication between the client and the server via encryption to encrypt data in-transit. The SSL support is provided through the IBM Global Security Kit (GSKit) libraries that are installed on the Db2 server. Implement SSL using the following steps: Create a key database: gsk8capicmd_64 -keydb -create -db "KeyDB.kdb" -pw "Passw0rd" -stash The -stash option creates a stash file with an extension of.sth. This stash file will be used by the GSKit to obtain the password during the instance restart  Configure digital certificates. Add a digital certificate for your server to the key database. The server sends this certificate to clients during the SSL handshake to provide authentication for the server. gsk8capicmd_64 -cert -create -db "KeyDB.kdb" -pw "Passw0rd"  -label "MyKeyDBLabel" -dn "CN=my...

  The Db2 audit facility provides information to detect any unknown or unanticipated access to data by generating and maintaining an audit trail for a series of predefined database events. The information generated from this facility is kept in an audit log file and analysis of these audit log files can reveal usage patterns that could identify system misuse. Once an unknown or unanticipated access has been identified, actions can be taken to reduce or eliminate such access. The audit facility provides the ability to audit at both instance and database levels, independently recording all instance- and database-level activities with separate logs for each. Users with SYSADM authority can use the db2audit tool to configure the audit at instance level as well as to control audit information. You can also use the db2audit tool to archive or extract both instance and database audit logs to and from archive locations. Db2 provides a set of stored procedures to archive audit logs, loc...

  Db2 provides two distinct types of privileges to perform certain actions on specific database objects, and these are:  Database Privileges: These privileges apply to a database as a whole and are classified into eight different database privileges: CONNECT: Allows a user to connect to the database QUIESCE_CONNECT: Allows a user to connect to the database while it is in QUIESCE (access restricted state) IMPLICIT_SCHEMA: Allows a user to create a new schema in the database implicitly by creating a fully qualified object CREATETAB: Allows a user to create new tables in the database BINDADD: Allows a user to create packages in the database CREATE_EXTERNAL_ROUTINE: Allows a user to create user-defined functions and procedures CREATE_NOT_FENCED_ROUTINE: Allows a user to create unfenced user-defined functions and procedures LOAD: Allows a user to bulk-load data into one or more existing tables in the database

  High availability and disaster recovery (HADR) is a Db2 database replication feature that provides a high availability solution for both partial and complete site failures. HADR protects against data loss by replicating data changes from a source database, called the primary database, to one or more target databases, called the multiple standby databases. In an HADR environment, one database instance acts as the current primary database that is used by the applications. Synchronization with the standby databases occurs by rolling forward transaction log data generated on the primary database which is then shipped to the standby databases. With HADR, you can choose different levels of protection for potential data loss by specifying one of the following four synchronization modes: SYNC: This mode (synchronous) provides the greatest protection against transaction loss. This option, however, results in the longest transaction response time among the four modes. In this mode, log wri...

 Backup and recovery Following, there are four utilities supported within Db2 to facilitate backing up and restoring a database: The backup utility The restore utility The roll-forward utility The recover utility   The backup utility: The backup utility is used to create images outside the database that can be used to recover the entire database or a portion of it. If the database is an archive logging enabled database, the backup utility can be executed online with multiple concurrent applications connected to the database. The backup utility uses the utility heap to copy the data from the table spaces to the backup image. The utility heap can be controlled via the database configuration parameter UTIL_HEAP_SZ. The backup utility can write the backup image to storage devices on the database server, to a tape device, or can copy the data directly to the TSM storage devices or another vendor-supplied routine. Execute the BACKUP command to start the backup process. The basic syn...