pajama

안녕하세요. IBM 커뮤니티에서 인포믹스의 통합 백업 암호화(Integrated Backup Encryption) 기능에 대한 질문이 있어서 소개하려고 합니다.

질문의 요지는 암호화된 백업 파일의 압축이 잘 되는가 하는 것인데, PGP로 암호화된 파일은 압축이 잘 안되었던 모양입니다. 그래서 몇가지 상황을 가정하고 백업 암호화 기능의 작동 방식을 테스트 해보았습니다.

인포믹스의 통합 백업 암호화 기능은 14.10 버전부터 제공됩니다.

매뉴얼에서는 통합 백업 암호화 기능을 사용한다면 원격지의 키서버를 통해 백업 암호화 키를 생성할 것을 권장하고 있으나 여기서는 편의상 로컬 암호화 키를 사용하겠습니다. 로컬 암호화 키를 생성하는 방법은 IBM Knowledge Center의 아래 링크를 참고했습니다.

https://www.ibm.com/support/knowledgecenter/SSGU8G_14.1.0/com.ibm.bar.doc/ids_bar_local_encryption_key.htm

-- 1. 통합 백업 암호화 기능을 설정하지 않고 ontape 백업 수행
[informix@db2 backups]$ onstat -c | egrep '^BACKUP_FILTER|^RESTORE_FILTER|^BAR_ENC'
BACKUP_FILTER
RESTORE_FILTER
BAR_ENCRYPTION
[informix@db2 backups]$ ontape -s -L 0
10 percent done.
20 percent done.
30 percent done.
40 percent done.
100 percent done.
File created: /work1/informix/ids1410fc3/backups/db2_0_L0
Please label this tape as number 1 in the arc tape sequence.
This tape contains the following logical logs:
 247
Program over.
[informix@db2 backups]$ ls -la
total 266788
drwxrwxr-x.  3 informix informix        33 Mar 31 09:54 .
drwxr-xr-x. 28 informix informix      4096 Mar 21 22:30 ..
-rw-rw----.  1 informix informix 273186816 Mar 31 09:54 db2_0_L0
drwxrwxr-x.  2 informix informix       182 Mar 31 09:51 tmp
-- 2. 통합 백업 암호화 기능을 설정하고 ontape 백업 수행
[informix@db2 backups]$ openssl rand -base64 24 > /work1/informix/ids1410fc3/etc/l_key192
[informix@db2 backups]$ onstat -c | egrep '^BACKUP_FILTER|^RESTORE_FILTER|^BAR_ENC'
BACKUP_FILTER
RESTORE_FILTER
BAR_ENCRYPTION keyfile=/work1/informix/ids1410fc3/etc/l_key192,cipher=aes192
[informix@db2 backups]$ ontape -s -L 0
The backup volume will be encrypted.
10 percent done.
20 percent done.
30 percent done.
40 percent done.
100 percent done.
File created: /work1/informix/ids1410fc3/backups/db2_0_L0
Please label this tape as number 1 in the arc tape sequence.
This tape contains the following logical logs:
 247
Program over.
[informix@db2 backups]$ ls -la
total 533572
drwxrwxr-x.  3 informix informix        65 Mar 31 09:55 .
drwxr-xr-x. 28 informix informix      4096 Mar 21 22:30 ..
-rw-rw----.  1 informix informix 273186816 Mar 31 09:54 db2_0_20200331_095432_L0
-rw-rw----.  1 informix informix 273186816 Mar 31 09:55 db2_0_L0
drwxrwxr-x.  2 informix informix       182 Mar 31 09:51 tmp
-- 3. 백업 파일 내용 확인
[informix@db2 backups]$ strings db2_0_20200331_095432_L0 | head -30
Archive Backup TapeIBM Informix Dynamic Server Version 14.10.FC3DETue Mar 31 09:54:32 2020informix/dev/pts/0
/work1/informix/ids1410fc3/backups/
rootdbs                                                                                                                         plog                                                                                                                            llog                                                                                                                            datadbs1                                                                                                                        datadbs2                                                                                                                        datadbs3                                                                                                                        data8dbs1                                                                                                                       data8dbs2                                                                                                                       data8dbs3                                                                                                                       sbspace1
IBM Informix Dynamic Server Copyright 2001, 2019  IBM Corporation
14.10.xC2
        F"01-2020
ROOTNAME rootdbs
ROOTPATH /work1/informix/ids1410fc3/storage/rootdbs
ROOTOFFSET 0
ROOTSIZE 157696
MIRROR 0
MIRRORPATH /work1/informix/ids1410fc3/tmp/demo_on.root_mirror
MIRROROFFSET 0
DBSERVERNAME ol_informix1410
SERVERNUM 0
MSGPATH /work1/informix/ids1410fc3/ol_informix1410.log
TAPEDEV /work1/informix/ids1410fc3/backups
TAPESIZE 0
TAPEBLK 32
LTAPEDEV /dev/null
LTAPESIZE 0
LTAPEBLK 32
PHYSFILE 65430
PHYSBUFF 512
LOGFILES 20
LOGSIZE 6144
LOGBUFF 256
DYNAMIC_LOGS 2
LTXHWM 70
LTXEHWM 80
[informix@db2 backups]$ strings db2_0_L0 | head -30
Archive Backup TapeIBM Informix Dynamic Server Version 14.10.FC3DETue Mar 31 09:55:07 2020informix/dev/pts/0
/work1/informix/ids1410fc3/backups/
aes192
DQZQ
QX9p
a5b(
H%*g
wecI
)rO0"
z\$b
#_t;
azXX
aW`g
$9s~f
{Rus
T<.u
(;*&
[!wS
{'dT
g9c%
k#|~
G)9)1
>X2B
CnSq
]SJ~
kmt9
ol!n
>JMsy
b!9~`
[C4R
-- 4. 통합 백업 암호화 기능 및 BACKUP_FILTER, RESTORE_FILTER를 설정하고 ontape 백업 수행
[informix@db2 backups]$ vi $INFORMIXDIR/etc/$ONCONFIG
[informix@db2 backups]$ onstat -c | egrep '^BACKUP_FILTER|^RESTORE_FILTER|^BAR_ENC'
BACKUP_FILTER /bin/gzip
RESTORE_FILTER /bin/gunzip
BAR_ENCRYPTION keyfile=/work1/informix/ids1410fc3/etc/l_key192,cipher=aes192
[informix@db2 backups]$ ontape -s -L 0
The backup volume will be encrypted.
Using the backup and restore filter /bin/gzip.
10 percent done.
20 percent done.
30 percent done.
40 percent done.
100 percent done.
File created: /work1/informix/ids1410fc3/backups/db2_0_L0
Please label this tape as number 1 in the arc tape sequence.
This tape contains the following logical logs:
 247
Program over.
[informix@db2 backups]$ ls -la
total 548100
drwxrwxr-x.  3 informix informix        97 Mar 31 09:56 .
drwxr-xr-x. 28 informix informix      4096 Mar 21 22:30 ..
-rw-rw----.  1 informix informix 273186816 Mar 31 09:54 db2_0_20200331_095432_L0
-rw-rw----.  1 informix informix 273186816 Mar 31 09:55 db2_0_20200331_095507_L0
-rw-rw----.  1 informix informix  14876672 Mar 31 09:56 db2_0_L0
drwxrwxr-x.  2 informix informix       182 Mar 31 09:51 tmp
-- 5. 통합 백업 암호화 기능 및 BACKUP_FILTER, RESTORE_FILTER를 설정하고 ontape 리스토어 수행
[informix@db2 backups]$ onmode -ky
[informix@db2 backups]$ onstat -c | egrep '^BACKUP_FILTER|^RESTORE_FILTER|^BAR_ENC'
BACKUP_FILTER /bin/gzip
RESTORE_FILTER /bin/gunzip
BAR_ENCRYPTION keyfile=/work1/informix/ids1410fc3/etc/l_key192,cipher=aes192
[informix@db2 backups]$ ontape -r
Restore will use level 0 archive file /work1/informix/ids1410fc3/backups/db2_0_L0. Press Return to continue ...
The volume to restore is encrypted.
Using the backup and restore filter /bin/gunzip.
Archive Tape Information
Tape type:      Archive Backup Tape
Online version: IBM Informix Dynamic Server Version 14.10.FC3DE
Archive date:   Tue Mar 31 09:56:06 2020
User id:        informix
Terminal id:    /dev/pts/0
Archive level:  0
Tape device:    /work1/informix/ids1410fc3/backups/
Tape blocksize (in k): 32
Tape size (in k): system defined for directory
Tape number in series: 1
Backup filter:  /bin/gzip
Spaces to restore:1 [rootdbs                                                                                                                         ]
2 [plog                                                                                                                            ]
3 [llog                                                                                                                            ]
4 [datadbs1                                                                                                                        ]
5 [datadbs2                                                                                                                        ]
6 [datadbs3                                                                                                                        ]
7 [data8dbs1                                                                                                                       ]
8 [data8dbs2                                                                                                                       ]
9 [data8dbs3                                                                                                                       ]
10 [sbspace1                                                                                                                        ]
Archive Information
IBM Informix Dynamic Server Copyright 2001, 2019  IBM Corporation
Initialization Time       01/08/2020 22:26:54
System Page Size          2048
Version                   31
Index Page Logging        OFF
Archive CheckPoint Time   03/31/2020 09:56:05
Dbspaces
number   flags    fchunk   nchunks  flags    owner                            name
1        10000001 1        2        N   AE   informix                         rootdbs                                                                                                        
2        11000001 2        1        N P AE   informix                         plog                                                                                                           
3        10000001 3        1        N   AE   informix                         llog                                                                                                           
4        10000001 4        1        N   AE   informix                         datadbs1                                                                                                       
5        10000001 5        1        N   AE   informix                         datadbs2                                                                                                       
6        10000001 6        1        N   AE   informix                         datadbs3                                                                                                       
7        10000001 7        1        N   AE   informix                         data8dbs1                                                                                                      
8        10000001 8        1        N   AE   informix                         data8dbs2                                                                                                      
9        10000001 9        1        N   AE   informix                         data8dbs3                                                                                                      
10       10002001 10       1        N T AE   informix                         tmpdbspace                                                                                                     
11       10008001 11       1        N S AE   informix                         sbspace1                                                                                                       
12       1000a001 12       1        N U AE   informix                         tmpsbspace                                                                                                     
Chunks
chk/dbs offset   size     free     bpages   flags pathname
1   1   0        78848    9236              PO--- /work1/informix/ids1410fc3/storage/rootdbs
2   2   0        32768    0                 PO--E /work1/informix/ids1410fc3/storage/ol_informix1410_2_plog_p_1
3   3   0        70244    4791              PO--E /work1/informix/ids1410fc3/storage/ol_informix1410_2_llog_p_1
4   4   0        32768    21236             PO--E /work1/informix/ids1410fc3/storage/ol_informix1410_2_datadbs1_p_1
5   5   0        32768    32715             PO--E /work1/informix/ids1410fc3/storage/ol_informix1410_2_datadbs2_p_1
6   6   0        32768    32715             PO--E /work1/informix/ids1410fc3/storage/ol_informix1410_2_datadbs3_p_1
7   7   0        32768    32556             PO--E /work1/informix/ids1410fc3/storage/ol_informix1410_2_data8dbs1_p_1
8   8   0        32768    32556             PO--E /work1/informix/ids1410fc3/storage/ol_informix1410_2_data8dbs2_p_1
9   9   0        32768    32556             PO--E /work1/informix/ids1410fc3/storage/ol_informix1410_2_data8dbs3_p_1
10  10  0        429812   429376            PO--E /work1/informix/ids1410fc3/storage/ol_informix1410_2_tmpdbspace_p_1
11  11  0        32768    8466              POS-- /work1/informix/ids1410fc3/storage/ol_informix1410_2_sbspace1_p_1
12  12  0        32768    8466              POS-- /work1/informix/ids1410fc3/storage/ol_informix1410_2_tmpsbspace_p_1
13  1   0        60314    72                PO--E /work1/informix/ids1410fc3/storage/ol_informix1410_rootdbs_p_1
Continue restore? (y/n)y
Do you want to back up the logs? (y/n)n
The volume to restore is encrypted.
Using the backup and restore filter /bin/gunzip.
Warning: Parameter's user-configured value was adjusted. (DS_MAX_SCANS)
Warning: Parameter's user-configured value was adjusted. (ONLIDX_MAXMEM)
Restore a level 1 archive (y/n) n
Do you want to restore log tapes? (y/n)n
/work1/informix/ids1410fc3/bin/onmode -sy
Program over.
[informix@db2 backups]$ onstat -m
IBM Informix Dynamic Server Version 14.10.FC3DE -- Quiescent -- Up 00:00:26 -- 566920 Kbytes
Message Log File: /work1/informix/ids1410fc3/ol_informix1410.log
10:11:58  Physical Recovery Complete: 0 Pages Examined, 0 Pages Restored.
10:11:58  Clearing encrypted primary chunk 10 before initialization...
10:11:58  Clearing encrypted primary chunk 12 before initialization...
10:11:58  Logical Recovery Started.
10:11:58  72 recovery worker threads will be started.
10:12:00  Logical Recovery has reached the transaction cleanup phase.
10:12:00  Logical Recovery Complete.
          0 Committed, 0 Rolled Back, 0 Open, 0 Bad Locks
10:12:01  Bringing system to Quiescent Mode with no Logical Restore.
10:12:02  Quiescent Mode
10:12:02  Checkpoint Completed:  duration was 0 seconds.
10:12:02  Tue Mar 31 - loguniq 247, logpos 0x1ee018, timestamp: 0xeb6d094 Interval: 264
10:12:02  Maximum server connections 0
10:12:02  Checkpoint Statistics - Avg. Txn Block Time 0.000, # Txns blocked 0, Plog used 0, Llog used 1
10:12:04  Defragmenter cleaner thread now running
10:12:04  Defragmenter cleaner thread cleaned:0 partitions

테스트 결과로 보면 암호화된 백업본이라도 압축이 잘 되는 것을 확인할 수 있습니다.

참고 사이트 :

https://www.ibm.com/support/knowledgecenter/SSGU8G_14.1.0/com.ibm.bar.doc/ids_bar_integrated_encryption.htm

안녕하세요. 인포믹스가 14.10 버전이 되면서 새로운 기능이 활발하게 추가되고 있습니다.

이번에 소개드릴 내용은 14.10.xC2 버전부터 적용되는 사항으로 Developer Edition과 Innovator-C Edittion의 시스템 자원 사용의 제한 사항이 완화되었다는 내용을 소개드리려고 합니다.

일반적으로 제품군이라고 하면 Workgroup이나 Enterprise에 익숙하실텐데요.

Developer와 Innovator-C 는 무료 에디션으로 사용목적에 따라 구분될 수 있습니다.

아래는 Carlton Doe씨가 정리한 문서 내용에서 Developer Edition과 Innovator-C Edition을 정의한 것입니다.

http://www.iiug.org/en/2019/10/08/compare-informix/

• IBM Informix Developer Edition — For application development and testing only, this edition packs the full suite of IBM Informix functionality into an attractive price point: free! The Developer Edition includes all the functionality available in the IBM Informix Enterprise Edition however there are scalability constraints including processing, memory, storage, and connection limitations. It is available on a wide range of operating systems. Since the intent of the IBM Informix Developer Edition is for system development and test only, it cannot be used in a production environment, and there is no optional support package. Customers can migrate to or from the Developer Edition directly to / from any other edition simply by re-executing the new Edition Installer to install the appropriate license key.
• IBM Informix Innovator-C Edition — For customers looking for a robust database environment that can support small production workloads, this edition provides the most widely used data processing functionality. Available on all supported platforms, this edition is limited to one core and a total of 2GB of RAM operating from the same install. The IBM Informix Innovator-C Edition can be used for small end-user production workloads without a license fee. Redistribution requires a separate license. Support is community-based though an optional for-charge service and support package is available for the IBM Informix Innovator-C edition. This Elite Software Support package provides full support and product updates for the term of the contract. For more information about this package, see IBM Elite Support for IBM Informix Innovator-C Edition. Community support is available through discussion forums hosted by the International Informix User Group (IIUG). Customers can migrate to or from the Innovator-C Edition directly to / from any other edition simply by re-executing the new Edition Installer to install the appropriate license key.

위의 내용처럼 Developer Edition은 개발 및 테스트 용도로만 제한됩니다. 그러나 Innovator-C Edition은 소규모 운용환경에서도 사용할 수 있다고 합니다. 중요한 것은 라이센스 비용없이 사용할 수 있다는 점입니다.

이런 점에서 구미가 당길만 하지만 무료이다보니 기능 제한이 다소 있습니다.

몇가지 예를 들면 onbar 백업이 되지 않고, table/index partitioning, 컬럼 레벨의 암호화 기능을 사용할 수 없습니다.

그러나 14.10.xC2 버전부터 cpu thread를 2개, shared memory를 8GB 까지 설정할 수 있고 스토리지를 50GB까지 사용할 수 있습니다.

사용자의 입장에서 라이센스 비용이 전혀 들지 않는다는 점은 상당한 장점입니다.

최근에는 CPU 파워가 상당히 좋아졌기 때문에 데이터 사이즈를 관리할 수 있다면 Innovator-C Edition을 사용하는 것도 좋은 선택이 될 것 같습니다.

위에서 설명한 에디션별 비교표는 위의 링크에서 직접 보실 수 있습니다.

꾸준히 업데이트 되고 있으니 참고해보세요.

안녕하세요. 2019년 2월자 IIUG insider에 따르면 인포믹스 14 버전이 2019년 상반기에 출시될 예정이라고 합니다.

작년에 IIUG World 컨퍼런스에서도 소개가 된 내용인데 버전 숫자까지 공개된 것은 처음이네요..

라고 생각했지만 웹에서 검색해보니 이미 작년부터 14.10 버전이야기가 나오고 있었네요.

서양에서는 13이라는 숫자를 확실히 싫어하는 걸까요?

곧 IBM에서 EAP(Early Access Program)도 시작하지 않을까 생각했는데,

이미 CURSOR 등의 회사나 고객사에서 베타테스트를 진행하고 있었던 모양입니다.

https://www.cursor-distribution.de/en/community/community-informix

아래 링크에서 인포믹스 14.10 버전의 새로운 기능을 확인하실 수 있습니다.

http://www.iiug.org/en/2019/02/04/iiug-insider-issue-222-january-2019/

Enhances log replay performance of remote secondary servers and OLTP transactions

• • • Up to 5x improvement in replication enables client applications to sustain near zero latency between primary and secondary servers allowing faster recovery time objective in disaster scenarios.
    • Up to 10% faster than 12.10 for standard OLTP transactions

Provides higher security for encryption keys and integrated backup encryption

• • • By supporting remote storage of encryption at rest keys in Amazon Key Manager, an additional layer of security is applied to Informix server encrypted data. Three ciphers AES128, AES192 and AES256 are supported.
    • By supporting remote key management server to generate encryption keys and reducing DBA effort to encrypt Informix data backups, data security in backup media is enhanced without the risk of losing keys. The encryption key is itself encrypted (called Envelop Encryption).
    • Transport Layer Security (TLS) to 1.2 for a higher level of network transport security.

Enhances usability, streamlines administration, and increases uptime

• • • By supporting additional in-place alter operations on tables and data types, database downtime is avoided

Provides a new centralized and graphical administration tool called InformixHQ

• • • InformixHQ is a modern web console for visualizing, monitoring, and managing your Informix server instances. It is purpose built for ease-of-use, scale-out, and optimizing DevOps needs.
    • It provides critical performance management capabilities, monitoring how key performance metrics are changing overtime and tracking how efficiently Informix is running your workload even when you’ve stepped away from your screen. Its monitoring system feeds directly into a customizable alerting system so you can be immediately alerted via email, Twilio, or PagerDuty whenever an issue occurs on one of your Informix database server instances.
    • It is designed to be scalable to efficiently manage and monitor as many Informix database server instances as you run.
    • It enables collaboration between the DBAs, the app developers, the ops engineers, and management and accessed from any desktop, laptop, or mobile device.
    • InformixHQ is the path forward for graphical monitoring, alerting, and administration of your Informix database servers.

Enhances Unicode support to current V11.0

• • • Ability to support storage and processing for text characters that are new over the last 10 years. The new scripts and characters in Version 11.0 add support for lesser-used languages and unique written requirements worldwide.

Enhances time series granularity and spatial projection

• • • Supporting Sub-second timestamps allow for very high speed event generation
    • Support for more geodetic and projections systems enables you to track packages in a shipping depot using your own coordinate system

Increased hardware limits at the Workgroup Edition level

• • • New limits 24 cores / 32GB RAM enable higher performance and scalability for your critical applications providing even higher return on your Informix investment.

Includes storage optimization at the Enterprise Edition level

• • • All Informix Enterprise edition deployments now benefit from the well proven data compression technology already built in Informix.
    • Data compression reduces primary, secondary, backups and log storage while simultaneously enhancing performance by reducing I/O operations.
    • Customers have reported average 4x reductions in database size while experiencing faster I/O operations and faster backups.

Common table ｅxpression

• • • By implementing the SQL standard CTE, application developers improve readability and maintenance of complex queries, able to re-use CTE result-set multiple times in one query, Pipeline aggregations and write powerful recursive queries.
    • Complex queries can be divided into simple, ad hoc, logical building blocks. These simple blocks can then be used to build more complex, interim CTEs until the final result set is generated.

Setting up Informix instance/or database level replication using Enterprise Replication

• • • Single command that automates setting up of Enterprise Replication and data migration between two Informix server instances located either on-prem or in the cloud. This command automates tasks such as defining Enterprise Replication domain between the two servers, adding key columns for the tables, creating required storage spaces for the databases, copying database schema from source server to target serve, creating replicate definitions and finally synchronizing data between source and target server instances, all in a transactional, flexibly phased manner, with no downtime.

** 출처

http://www.iiug.org/en/2019/02/04/iiug-insider-issue-222-january-2019/

http://www.hamburg-data.de/en/news/136-soon-informix-14-10

https://www.cursor-distribution.de/en/community/community-informix