Recording Informix schema changes

Abstract

Have you ever been asked to refresh a test database instance from production, then been told afterwards that the definitions of some new objects under development have been lost? It’s obviously better to use a tool such as AGS Server Studio Schema Diff beforehand to save SQL to be reapplied. If that hasn’t happened, you need to have a record of the database schema before it was overwritten so you can list differences. You could purchase the AGS Sentinel Change Management Option to record version snapshots at regular intervals, but this article provides a shell script to achieve that, though without any GUI.

[Read More…]
Recording Informix schema changes2024-05-09T16:02:34+01:00

Listing and limiting idle time of Informix sessions

Abstract

Some systems need user sessions terminated regularly – whether human or automated – to prevent eventual excessive memory consumption. This article provides an Informix Dynamic Server “sysmaster” query and script to identify those that are idle, and which therefore are most likely no longer needed and can be terminated.

[Read More…]
Listing and limiting idle time of Informix sessions2022-06-28T14:29:02+01:00

Informix Read-Only Access

Abstract

Informix DBAs are often asked to provide login details for a user account that should only be allowed to view data or run reports. In other database products such as Microsoft SQL Server, a suitable database level privilege is available, but this is not so easy with Informix Dynamic Server (IDS). This article describes how to achieve this, including a script to perform the bulk of the work.

[Read More…]
Informix Read-Only Access2021-11-19T15:38:02+00:00

Cloud Backups with Informix 14.10

Abstract

For many, the choice of cloud backups versus another backup medium has always been a difficult decision. Backing up to tape is reliable, and tapes can easily be transported off-site, but rely on a lot of manual intervention.  Disk is fast and cheap these days, but the backups stay local to the server and at risk until moved elsewhere. Informix 14.10 has cloud backup support built in.  Using the Primary Storage Manager (PSM), cloud storage is presented as if it were just another local device.  This means backups can instantly be encrypted and stored off site with no additional scripts or other complications. Cloud backups are a secure way to store data off site. In this article we will demonstrate how to perform cloud backups with Informix 14.10 and effectively back up Informix archives to Amazon S3.  A working AWS account is required to do this.

[Read More…]
Cloud Backups with Informix 14.102021-04-16T13:48:18+01:00

Informix 14.10 Key Storage

Abstract

Informix 14.10 Key Storage, onkstore, is a new key store utility that ships with Informix 14.10. Informix 12.10 added the ability to encrypt your database server at the storage level with the Encryption At Rest facility (see technical article here).  While this is an extremely useful security feature, it did create a new problem of how and where to store the encryption keys. This new program can generate both local and cloud encryption keys that can be used with EAR and for backup encryption (see technical article here). In this article, we will demonstrate how to create a local key store for EAR.

[Read More…]
Informix 14.10 Key Storage2021-02-15T15:53:36+00:00

Encrypted HDR

Abstract

Encrypted HDR connections keep your data secure. Technologies such as storage encryption and SSL client/server encryption are helping to make our data safer and are becoming standard security requirements; however, encryption between database servers and replication routes often falls between the cracks. You’ve enabled Encryption At Rest, encrypted your backups and client connections; you know your data is safe on disk and between the database and client applications, but data is being transferred between your primary and secondary unencrypted.  Thankfully, since version 11.10, Informix Dynamic Server (IDS) has had the ability to encrypt traffic over HDR and SMX communication channels. In this article, we will demonstrate how to set up a secure, encrypted HDR connection.

[Read More…]
Encrypted HDR2021-02-15T14:41:39+00:00

Informix Storage and Backup Encryption

Updated June 2020

New related features regarding Informix storage and backup encryption are available in IDS 14.10 and described in other Oninit articles.

Abstract

GDPR is causing many companies to revise their policies regarding data privacy, and encrypting data may help meet some of the requirements. Fortunately, storage space (dbspace) encryption (otherwise known as “Encryption at rest” or EAR) is a very easy-to-use feature available in all Informix Dynamic Server (IDS) editions since version 12.10.xC8. No application changes are required. This should be combined with encryption of backups – both archives and logical logs – whether created via “onbar” or “ontape”:
  1. Prior to IDS 10, this had to be performed after backup files had been created.
  2. IDS 10 allowed backup or restore via any pipe with “ontape -t STDIO”, but only for archives.
  3. From IDS 11, configuration parameters exist to pass all backups and restores through specified filter commands, which is ideal for in-line compression and encryption.
This article explains the steps involved in implementing both storage and backup encryption (using method 3 above) on supported IDS versions.

[Read More…]
Informix Storage and Backup Encryption2021-10-29T09:22:02+01:00

What is a Vulnerability Assessment?

Abstract:

IBM Guardium Vulnerability Assessment is a key part of the Guardium Database Security portfolio. It is designed to help harden database infrastructures by scanning targeted systems on a scheduled basis to detect vulnerabilities. This article explains what IBM Guardium Vulnerability Assessment (VA) actually delivers and what the differences are between the various editions. Note that since the introduction of Guardium 10, there are no longer different editions of this product and all of the Advanced Edition features are available with the product.

[Read More…]
What is a Vulnerability Assessment?2020-08-14T13:25:55+01:00

A Fresh Look at Database Security

Abstract

In September 2015, IBM released Guardium 10, the latest version of its flagship enterprise database security suite. IBM Guardium is relevant to any organization wishing to improve its database security management and is becoming the de facto standard for database activity monitoring and database vulnerability assessment for IBM DB2, IBM Informix, Oracle and SQL Server. This article is a quick glance at some of the more obvious operational improvements with Guardium 10, comparing the installation and configuration process and taking a look at the new interface. This article is aimed at those already familiar with Guardium or those who may have evaluated earlier versions and would like to start to explore the capabilities of the new version.

[Read More…]
A Fresh Look at Database Security2021-07-26T15:23:01+01:00

IBM Guardium v9.5 VM Installation

Abstract:

This technical article will guide the reader through an IBM Guardium v9.5 VM installation and focus on some of the more obvious do’s and don’ts. If nothing else, if this is your first time installing Guardium this article will save you hours of head scratching. Note that there are no easily accessible trials for IBM Guardium however the IBM Part Numbers have been referenced to ease location of the required software.

[Read More…]
IBM Guardium v9.5 VM Installation2020-08-14T13:25:01+01:00
Go to Top