Scripts are often created to refresh test databases – either scheduled overnight or on demand – so that QA or development teams can validate or debug schema and application changes against the latest realistic data. An easy solution is to run a full instance restore using ontape or onbar from the last production archive, but sometimes many copies of the database are required for different projects or testing stages running in parallel, and avoiding the overhead of a separate instance each can be desirable. This means that, before any database can be restored using dbimport or similar, it first needs to be dropped, which is impossible when in use, as an exclusive database lock must be applied.
This article provides a script to achieve that, even if there are continual concurrent connection attempts by applications.
However you back up your Informix Dynamic Server (IDS) instance, a long-standing method exists to restore a single table as at a given point in time. This is described elsewhere, but some awkward coding is required. If someone has accidentally emptied a production table, you would want a very fast way to reinstate it with minimal manual steps.
This article provides a script to help achieve that, together with setup and example usage.
Informix Dynamic Server (IDS) can be configured to save the contents of shared memory (as well as readable evidence in an “assert file” and stack trace) either when a critical error occurs or a trap is in place for specific error numbers. This can help IBM diagnose a problem by running “onstat” commands off-line to examine the state at time of error.
However, if dumps happen repeatedly before the DBA can intervene, the file system nominated to store them may well fill. Saving a memory dump is also slow, intensive, and exclusive, so excessive repeats will further impede the instance, assuming it has stayed running, and if not will hinder any restart attempts until the dump has finished.
Managed Shared memory dumps is the latest configuration parameter settings in IDS 14.10.FC4 that enable limiting the number and/or frequency of such dumps. These enhancements are described in the updated documentation pages for DUMPSHMEM and DUMPCNT in the IBM Knowledge Center, but are missing from What’s New in IDS 14.10 so may not be as well known.
For many, the choice of cloud backups versus another backup medium has always been a difficult decision. Backing up to tape is reliable, and tapes can easily be transported off-site, but rely on a lot of manual intervention. Disk is fast and cheap these days, but the backups stay local to the server and at risk until moved elsewhere.
Informix 14.10 has cloud backup support built in. Using the Primary Storage Manager (PSM), cloud storage is presented as if it were just another local device. This means backups can instantly be encrypted and stored off site with no additional scripts or other complications.
Cloud backups are a secure way to store data off site. In this article we will demonstrate how to perform cloud backups with Informix 14.10 and effectively back up Informix archives to Amazon S3. A working AWS account is required to do this.
We’ve discussed encrypting backups on Informix 11 and 12 using the BACKUP_FILTER and RESTORE_FILTER onconfig parameters in an earlier article. While effective, this involved writing scripts, using external tools and managing encryption keys manually. Using the new onkstore utility (see technical article here), with Informix 14.10 Integrated Backup Encryption, ontape and onbar backups can now be encrypted and decrypted natively.
As before, there is obviously some risk here, as if the keys are lost it can render your backups essentially useless. We therefore strongly recommend only using this with a cloud based key store, as this method uses envelope encryption to ensure your backups can always be restored.
Although we recommend using a cloud key store, for the purpose of this article, a local key will be used. As above, we would not recommend doing so for a production system. Read on to learn more about Informix 14.10 Integrated Backup Encryption:
Informix 14.10 Key Storage, onkstore, is a new key store utility that ships with Informix 14.10.
Informix 12.10 added the ability to encrypt your database server at the storage level with the Encryption At Rest facility (see technical article here). While this is an extremely useful security feature, it did create a new problem of how and where to store the encryption keys.
This new program can generate both local and cloud encryption keys that can be used with EAR and for backup encryption (see technical article here).
In this article, we will demonstrate how to create a local key store for EAR.
Encrypted HDR connections keep your data secure.
Technologies such as storage encryption and SSL client/server encryption are helping to make our data safer and are becoming standard security requirements; however, encryption between database servers and replication routes often falls between the cracks.
You’ve enabled Encryption At Rest, encrypted your backups and client connections; you know your data is safe on disk and between the database and client applications, but data is being transferred between your primary and secondary unencrypted. Thankfully, since version 11.10, Informix Dynamic Server (IDS) has had the ability to encrypt traffic over HDR and SMX communication channels.
In this article, we will demonstrate how to set up a secure, encrypted HDR connection.
New related features regarding Informix storage and backup encryption are available in IDS 14.10 and described in other Oninit articles.
GDPR is causing many companies to revise their policies regarding data privacy, and encrypting data may help meet some of the requirements. Fortunately, storage space (dbspace) encryption (otherwise known as “Encryption at rest” or EAR) is a very easy-to-use feature available in all Informix Dynamic Server (IDS) editions since version 12.10.xC8. No application changes are required.
This should be combined with encryption of backups – both archives and logical logs – whether created via “onbar” or “ontape”:
Prior to IDS 10, this had to be performed after backup files had been created.
IDS 10 allowed backup or restore via any pipe with “ontape -t STDIO”, but only for archives.
From IDS 11, configuration parameters exist to pass all backups and restores through specified filter commands, which is ideal for in-line compression and encryption.
This article explains the steps involved in implementing both storage and backup encryption (using method 3 above) on supported IDS versions.
IBM Informix Dynamic Server (IDS) databases reside in “dbspaces”, each composed of one or more “chunks” (files, logical volumes or whole disk devices). If the storage infrastructure is being upgraded, you might find that moving chunks via backup & restore or external copy would take longer than the outage window allows, particularly if this is between different sites.
This article describes a method of achieving this with only a very short downtime using Informix chunk mirroring. We call it Informix Storage Migration via Mirroring:
In this series of articles we are exploring some of the lesser known, but still useful, commands hidden away in your Informix bin directory. The article explores the onclean utility.
It’s often necessary to run more than one database instance on a single server. While this is a useful feature and quite easy to do with IDS, when things go wrong, it’s not always straightforward to tie each oninit binary back to a particular instance, and killing the wrong binary or shared memory segment can be disastrous.
Since IDS 11, the onclean utility has been bundled with the server; this useful little program can help take some of the pain out of cleaning up an instance that has not shut down properly, killing only the relevant server processes, and dropping any attached shared memory segments.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.