TALKING WITH DB2 Today’s connectivity options DUGI, Milano – Roma 2012
0
CRISTIAN MOLARO Independent Consultant
IBM GOLD Consultant IBM Information Champion
- DISCLAIMER
PLEASE BE AWARE THAT THE ACTUAL PROGRAMMING TECHNIQUES, ALGORITHMS AND ALL NUMERICAL PARAMETERS USED IN EXAMPLES GIVEN IN THIS PRESENTATION ARE SUBJECT TO CHANGE AT SOME FUTURE DATE EITHER BY A NEW VERSION OF DB2, A NEW RELEASE, A SMALL PROGRAMMING ENHANCEMENT (SPE) OR A PROGRAMMING TEMPORARY FIX (PTF). THE INFORMATION CONTAINED IN THIS PRESENTATION HAS NOT BEEN SUBMITTED TO ANY FORMAL REVIEW AND IS DISTRIBUTED ON AN “AS IS” BASIS WITHOUT ANY WARRANTY EITHER EXPRESS OR IMPLIED. THE USE OF THIS INFORMATION OR THE IMPLEMENTATION OF ANY OF THESE TECHNIQUES IS A CUSTOMER RESPONSIBILITY AND DEPENDS ON THE CUSTOMER’S ABILITY TO EVALUATE AND INTEGRATE THEM INTO THE CUSTOMER’S OPERATIONAL ENVIRONMENT. WHILE EACH ITEM MAY HAVE BEEN REVIEWED FOR ACCURACY IN A SPECIFIC SITUATION, THERE IS NO GUARANTEE THAT THE SAME OR SIMILAR RESULTS WILL BE OBTAINED ELSEWHERE. CUSTOMERS ATTEMPTING TO ADAPT THESE TECHNIQUES TO THEIR OWN ENVIRONMENTS DO SO AT THEIR OWN RISK. DB2 IS A TRADEMARK OF INTERNATIONAL BUSINESS MACHINE CORPORATION. THIS PRESENTATION USES MANY TERMS THAT ARE TRADEMARKS. WHEREVER WE ARE AWARE OF TRADEMARKS THE NAME HAS BEEN SPELLED IN CAPITALS.
1 [email protected] ©® 2012
Agenda
! Distributed access to DB2 for z/OS and DRDA – Private Protocol no more
! DRDA connectivity options ! The choice of the right configuration
– DB2 Connect or not DB2 Connect
! Sysplex support ! How to identify a client
– DDF and WLM
! Security considerations
2 [email protected] ©® 2012
Distributed Relational Database Architecture ! DRDA is an open, vendor-independent architecture providing
connectivity between a client and database servers ! It was initially developed by IBM and then adopted by The Open
Group as an industry standard interoperability protocol ! Visit www.opengroup.org for more information:
– DRDA V4, Vol. 1: Distributed Relational Database Architecture – DRDA V4, Vol. 2: Formatted Data Object Content Architecture – DRDA V4, Vol. 3: Distributed Data Management Architecture
! A common protocol independent of the underlying RDBMS ! Allows to access a diverse set of RDBMSs ! Connectivity is independent from
– Hardware and software architecture – Vendors and platforms
3 [email protected] ©® 2012
! DRDA Configuration example
! Infrastructure can be very complex!
- Distributed access to DB2 - DRDA
Application -
Application Server (WAS)
DB2 for z/OS
Gateway DB2 for z/OS Application
Application
Application
4 [email protected] ©® 2012
! Enable inactive thread support – CMSTAT=INACTIVE – Allows DB2 for z/OS pooling:
• Reduction on CPU utilization • Reduction on Memory utilization
! Allow DDF threads to become INACTIVE
– Avoid holding resources • WITH HOLD cursors not closed • DTT not dropped • Application using packages bound using
KEEPDYNAMIC ! Resources held across a COMMIT would prevent the connection
and associated DB2 thread from being pooled
- Use INACTIVE threads
5 [email protected] ©® 2012
-DIS DDF
! DT=I --> DDF configured with INACTIVE threads
! CONDBAT --> MAX REMOTE CONNECTED
! MDBAT --> MAX REMOTE ACTIVE
! ADBAT --> Current # of DBATs, active and disconnected
! QUEDBAT --> Count # times MDBAT was reached, only reset at restart
! INADBAT --> Current # of inactive DBATs, DISPLAY THREAD TYPE(INACTIVE)
! CONQUED --> Current # of queued connections
! DSCDBAT --> Current # of disconnected DBATs= DBAT pool threads
! INACONN --> Current # of inactive connections
DSNL080I -DB2P DSNLTDDF DISPLAY DDF REPORT FOLLOWS: DSNL081I STATUS=STARTD DSNL082I LOCATION LUNAME GENERICLU DSNL083I DB2P DB2P.LU1 -NONE DSNL084I TCPPORT=5136 SECPORT=5137 RESPORT=5138 IPNAME=-NONE DSNL085I IPADDR=::192.168.1.1 DSNL086I SQL DOMAIN=WWW.HELLOWORLD.BE DSNL090I DT=I CONDBAT= 1000 MDBAT= 200 DSNL092I ADBAT= 2 QUEDBAT= 0 INADBAT= 0 CONQUED= 0 DSNL093I DSCDBAT= 0 INACONN= 0 DSNL099I DSNLTDDF DISPLAY DDF REPORT COMPLETE ***
6 [email protected] ©® 2012
! You MUST convert plans and packages from PP to DRDA protocol, if any, before migrating to V10 from V8 or V9
! See APAR PK64045: PREPARATION FOR ELIMINATION OF PRIVATE PROTOCOL IN DB2 10 FOR Z/OS
! It has an impact on existing BIND/REBIND processes ! Creation of ALIASES may be required
- DB2 PP DOES NOT WORK on DB2 10!
7 [email protected] ©® 2012
October 25–29, 2009 • Mandalay Bay • Las Vegas, Nevada
DRDA BIND COPY
DRDA_RESOLVE_ALIAS
- Alias resolution processing
LOC2
LOC1
CREATE ALIAS NL.EMP FOR LOC2.PRD.EMP
SELECT * FROM NL.EMP;
PKG1
PRD.EMP
SELECT * FROM NL.EMP;
PKG1
SELECT * FROM PRD.EMP;
PKG1
DRDA BIND COPY
DEFAULT V8 V9
PRIVATE PROTOCOL
CREATE ALIAS NL.EMP FOR PRD.EMP
APAR PK64045: PREPARATION FOR ELIMINATION OF PRIVATE PROTOCOL IN DB2 10 FOR Z/OS
! It could be good to de-activate PP before migrating to V10 – After all packages and plans are migrated to DRDA, it would be nice
to avoid ANY future introduction of PP – To configure a subsystem to evaluate the effects of private protocol
capabilities being no longer available
! PK92339: NEW PRIVATE_PROTOCOL SUBSYSTEM PARAMETER (V8 & V9)
– PP capabilities can be enabled or disabled in a subsystem
! PRIVATE_PROTOCOL=NO – Reject any inbound private protocol requests – Fail any outbound private protocol request – Fail any BIND or REBIND with DBPROTOCOL(PRIVATE) – AUTOBIND will leave plans or packages invalid if previously bound
with DBPROTOCOL(PRIVATE)
- Controlling the use of PP
9 [email protected] ©® 2012
DRDA Connectivity options
≥ 9.7 Fp3a DB2 10
http://www.ibm.com/support/docview.wss?uid=swg27016878 10 [email protected] ©® 2012
October 25–29, 2009 • Mandalay Bay • Las Vegas, Nevada
DRDA levels
• Communication will be done using the lowest DRDA level supported by the Clients / Server
• Working with down-level clients? – An old client will work but probably with a subset of the DRDA
capabilities of the DB2 server – Clients and servers are supported independently
• BUT: feedback from IBM DDF Level 2 Support area: – Typical problem: distribution protocol errors or errors with certain
DDM code points – Special register settings not taking effect after connection reuse – Many (sometimes undetermined) problems solved after updating
clients
IMPORTANT: Keep clients up to date 11 [email protected] ©® 2012
October 25–29, 2009 • Mandalay Bay • Las Vegas, Nevada
JDBC trace example
• DB2 JDBC/JCC Driver Versions – http://www-01.ibm.com/support/docview.wss?
rs=71&uid=swg21363866
[jcc] BEGIN TRACE_DRIVER_CONFIGURATION [jcc] Driver: IBM DB2 JDBC Universal Driver Architecture 3.57.82 [jcc] Compatible JRE versions: { 1.4, 1.5, 1.6 } ..... [jcc] Using global properties: [jcc] os.name = Windows XP, system [jcc] os.arch = x86, system [jcc] Dumping all system properties: { ....., [jcc] Dumping all file properties: { } [jcc] END TRACE_DRIVER_CONFIGURATION ..... [jcc] BEGIN TRACE_CONNECTS [jcc] Attempting connection to svr1:3322/DB2PLOC [jcc] Using properties: { ..... traceLevel=-1,clientRerouteAlternateServerName=null, ..... } [jcc] END TRACE_CONNECTS [jcc][t4] [time:2010-05-30-09:51:20.146][thread:WebContainer : 4][tracepoint:315]creating a socket to svr1 at 10.50.1.30 [jcc] [t4][time:2010-05-30-09:51:20.146][thread:WebContainer : 4][tracepoint:1][Request.flush] [jcc][t4] SEND BUFFER: EXCSAT (ASCII) (EBCDIC) [jcc][t4] 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF 0123456789ABCDEF [jcc][t4] 0000 0098D04100010092 10410048115E8482 ...A.....A.H.^.. .q}....k.....;db [jcc][t4] 0010 F29183836D819797 93898381A3899695 ....m........... 2jcc_application .....
12 [email protected] ©® 2012
Traces available on distributed components
! It is a good idea to get used to collect and analyze traces in all the distributed components
! See the IBM redbook “DB2 9 for z/OS: distributed functions”
Client / Driver Available traces
What the trace contains?
IBM Data Server Driver for JDBC and SQLJ (type 4)
JCC Trace It contains both JCC driver trace and DRDA trace. JCC trace contains both JCC driver trace and DRDA trace only when TRACE_ALL is specified
IBM Data Server Driver for ODBC and CLI
CLI trace, db2trc, db2drdat
CLI trace contains the driver trace. db2trc contains db2 client side buffers and DRDA buffers. (db2drdat available from 9.5 Fp 4)
All other Data Server Clients, DB2 Connect, DB2 ESE and so forth
CLI trace, db2trc, db2drdat
CLI trace + db2trc + db2drdat. db2drdat contains only DRDA buffers.
13 [email protected] ©® 2012
IBM Data Server Drivers and Clients selection guide
! There is a functional overlap ! Should balance functionality with footprint ! DB2 Connect Server not required for Sysplex Workload Balancing
(≥ 9.5 Fp3)
Smallest footprint
JDBC and SQLJ
ODBC and CLI
OLE DB and .NET
Open source
CLP GUI tools
IBM Data Server Driver for JDBC and SQLJ X X
IBM Data Server Driver for ODBC and CLI
X X
IBM Data Server Driver Package
X
X
X
X
IBM Data Server Runtime Client
X
X
X
X
X
IBM Data Server Client
X
X
X
X
X
X
14 [email protected] ©® 2012
- Table of name equivalences
! This presentation uses V9.7 terminology
V8 V9 V9.5 & V9.7 DB2 Administration Client DB2 Client IBM Data Server Client DB2 Application Development Client DB2 Runtime Client
DB2 Runtime Client IBM Data Server Runtime Client
Java Common Client IBM DB2 Driver for JDBC and SQLJ
IBM Data Server Driver for JDBC and SQLJ
IBM DB2 Driver for ODBC and CLI
IBM Data Server Driver for ODBC and CLI IBM Data Server Driver Package
15 [email protected] ©® 2012
- Choosing the right Client/Driver ! There is a functional overlap ! Should balance functionality with footprint
IBM Data Server Client: Includes Developer and DBA GUI tools
IBM Data Server Runtime Client: Includes CLP
IBM Data Server Driver Package: Includes support for .NET, OLE DB, PHP, Ruby, Perl
IBM Data Server Driver for ODBC and CLI
IBM Data Server Driver for JDBC and SQLJ
16 [email protected] ©® 2012
- Selection guidelines: application view
! Set db2.jcc.sqljUncustomizedWarningorException to 1 or 2
Smallest footprint
Application Performance Sysplex WLB
Seamless failover + ACR (DS)
Type 4 drive X For Java-based dynamic SQL applications
For dynamic SQL only X X
IBM Data Server Driver for JDBC and SQLJ
For Java-based static SQL applications
Supports both static and dynamic SQL
X X
pureQuery using Type 4 driver
Easiest to code. Recommended for new Java based static SQL applications
Supports both static and dynamic SQL
X X
Data Server drivers in ODBC/CLI environments
X For C/C++ applications
For dynamic SQL only
X
X
Data Server drivers in .NET environment
X For C# and VisualBasic applications
For dynamic SQL only
X
X
17 [email protected] ©® 2012
- The choice of the right configuration
! Only Java clients were able to exploit Sysplex Workload Balancing functions via direct connections.
! This functionality has been extended to all clients.
ODBC, CLI, .NET, OpenSource
JDBC,SQLJ, pureQuery
DB2 Connect
ODBC, CLI, .NET, OpenSource
JDBC,SQLJ, pureQuery
18 [email protected] ©® 2012
October 25–29, 2009 • Mandalay Bay • Las Vegas, Nevada
- The choice of the right configuration
• Most configurations currently using DB2 Connect can use one of the IBM Data Server products:
– Significantly reduced footprint – Simplified infrastructure from 3 tiers to 2 tiers – Reduced network traffic and code path – Simplification of single point of failure management – Simplification of problem determination
• But: – More complex software administration for maintenance – No gateway functionality – WLB balancing scope reduced to local applications
19 [email protected] ©® 2012
October 25–29, 2009 • Mandalay Bay • Las Vegas, Nevada
- Some DB2 Connect reserved functionalities
• Remember: there is no mechanism available to DDF or WLM to classify a workload BEFORE connection: critical and low priority workloads compete for DBATS
• DB2 Connect: – Provides gateway, connection concentration and a larger scope
for WLB and Pooling – Simplification of upgrades and maintenance
DB2 DB2
Connect DB2
20 [email protected] ©® 2012
October 25–29, 2009 • Mandalay Bay • Las Vegas, Nevada
- DB2 Connect and Hipersockets • DB2 Connect + zVM + zLinux • Probably the best option for a
DB2 Connect server • Get availability advantages of
System z at IFL price • Hipersockets support • Promotes server
consolidation: reduces Data Center costs
• Even better?
– Application server in zLinux 21 [email protected] ©® 2012
! You still require a DB2 Connect license ! Even if there is NO DB2 Connect Server in your infrastructure
! Keep your installation inline with IBM License agreement ! Potentially improve your DB2 for z Total Cost of Ownership
- DB2 Connect License: still needed
IMPORTANT: REVIEW your current DB2 Connect license model
DISCLAIMER
22 [email protected] ©® 2012
! DB2 Connect Application Server Edition ! DB2 Connect Application Server Advanced Edition
– Web and Application Server based connectivity – Licensing based on PVU on the application server
! DB2 Connect Enterprise Edition – Licensing on packs of 25 users (Authorized or concurrent) or PVU
! DB2 Connect Personal Edition – Single user on one machine – No application servers allowed
! IBM DB2 Connect Unlimited Edition for System z ! IBM DB2 Connect Unlimited Advanced Edition for System z
– Host license and MSU licens
! DB2 Connect Unlimited Edition for System I
! PVU - Processor Value Unit [PVU] www.ibm.com/software/lotus/passportadvantage/pvu_licensing_for_customers.html ! More information: www.ibm.com/software/data/db2/db2connect/
- DB2 Connect licensing
23 [email protected] ©® 2012
- db2licm C:\Program Files\IBM\SQLLIB\BIN>db2licm -l Product name: "DB2 Connect Enterprise Edition" License type: "User" Expiry date: "Permanent" Product identifier: "db2consv" Version information: "9.5" Concurrent connect user policy: "Enabled" Number of licensed connect users: "9" Enforcement policy: "Soft Stop"
Event Type: Error Event Source: DB2 Event Category: None Event ID: 4 Date: 9/03/2012 Time: 15:33:29 User: N/A Computer: DBGW01 Description: 2012-03-09-15.33.29.812000 Instance:DB2 Node:000 PID:2636(db2syscs.exe) TID:2804 Appid:10.30.200.153.60941.12030914333 license manager sqllcConnectUser Probe:5 Database:PDB2 ADM12023E The number of concurrent users of "DB2 Connect Enterprise Edition" product has exceeded the defined entitlement of "9". Concurrent user count is "10". You should purchase additional user based entitlements…
24 [email protected] ©® 2012
- Sysplex support
! The challenge ! A distributed application server requester must be provided with the
best available path to the data ! High availability ! Adequate performance ! Consistent response time
! The solution ! DB2 for z/OS Data Sharing capabilities:
! Fault tolerance ! Distributed Workload Balancing
! State of the art availability for remote applications accessing a DB2 Data Sharing system in a Sysplex environment
25 [email protected] ©® 2012
! Requires configuration of: ! TCP/IP Sysplex Distributor configured with Dynamic Virtual IP
address (DVIPA) and automatic VIPA takeover ! DB2 for z/OS Data Sharing Members ! DB2 Sysplex WLB functions supported by DB2 Connect, Clients and
Drivers
- Sysplex support: all together
1
2
3
26 [email protected] ©® 2012
- Summary: enabling Sysplex support
! Sysplex Workload Balancing provides transaction-level load balancing
– Seamless balance connections across different members of a data sharing group with transaction granularity
! Automatic Client Reroute with seamless failover on transaction boundaries
– Client automatically attempts to reconnect to another member – Application sees no errors; formerly SQL30081N returned
! There is no parameter to set in DB2 for z/OS ! Applies to:
– DB2 Connect – DB2 Clients and Drivers ≥ 9.5 Fp3
27 [email protected] ©® 2012
- Sysplex support ! Sysplex Distributor balances connections ! The WLB connection concentrator capability balances
transactions across the group
! Is there any additional benefit in using Sysplex WLB at the application server or DB2 Connect if using DVIPA and Sysplex Distributor on z/OS?
– YES! Both need to be enabled to ensure highest availability
28 [email protected] ©® 2012
- Can you tell the difference?
29 [email protected] ©® 2012
- WLM: client set info ! DB2 server systems have implemented the concepts of:
– End user IDs – End user workstation names – End user application names – Accounting data
! Much of this information is externalized in various forms: – The DSNV437I message of the DISPLAY THREAD command – THREAD-INFO data in various messages such as DSNT375I – The QWHC trace record correlation header – The QMDA section of DB2 accounting trace records
! The value of the special registers can be changed by: – Program language dependent API – The RRS DSNRLI SIGNON and other functions – The WLM_SET_CLIENT_INFO stored procedure
30 [email protected] ©® 2012
October 25–29, 2009 • Mandalay Bay • Las Vegas, Nevada
- ODBC client example
• Special registers cannot be set through SQL
• Information can be used by WLM classification identifier AI position ≥ 56
• Exposed in RMF report Enclave Classification Data
DSNL027I -PRD1 SERVER DISTRIBUTED AGENT WITH 778 LUWID=C9DE5919.F7D7.C5C2D6F15029=636 THREAD-INFO=CRIS:TotoMac:Toto:TestFromMac:*:*:* RECEIVED ABEND=04E FOR REASON=00D3003B DSNL028I -PRD1 C9DE5919.F7D7.C5C2D6F15029=636 779 ACCESSING DATA FOR LOCATION ::10.50.1.12 IPADDR ::10.50.1.12
31 [email protected] ©® 2012
- WLM_SET_CLIENT_INFO ! Specially useful for DB2 for z/OS to DB2 for z/OS connections
! Available in DB2 V8, V9 and 10
SYNTAX: >>-WLM_SET_CLIENT_INFO--(--+-client_userid-+--,--+-client_wrkstnname-+--,--> '-NULL----------' '-NULL--------------' >--+-client_applname-+--,--+-client_acctstr-+--)--------------->< '-NULL------------' '-NULL-----------'
#!/usr/bin/ksh .... client_userid="cristian" client_wrkstnname="Office Desktop" client_applname="RC01" client_acctstr="RC01” .... db2 +o "Connect to " $MFDB2 " user " $HOSTuser " using " $HOSTpasswd db2 "CALL SYSPROC.WLM_SET_CLIENT_INFO('"$client_uid"','"$report"',
'"$report"’,'"$report"');" db2 -xtof /home/cognos/scripts/queries/RC01 .... # End program
32 [email protected] ©® 2012
- Accounting information and WLM ! WLM Classification rules
– For work type DDF: DDF Accounting information is the value of the DB2 accounting string associated with the DDF server thread
* Subsystem Type DDF - Distributed Workload Classification: Default service class is SCDDFLOW There is no default report class. Qualifier Qualifier Starting Service Report # type name position Class Class - ---------- -------------- --------- -------- -------- 1 SI DA12* SCREPLO RCUNKWN 2 . AI . RC01* 56 SCREPLO RCRC01 2 . AI . RS02* 56 SCREPHI RCRS02 2 . AI . RC03* 56 SCREPLO RCRC03 2 . AI . RS04* 56 SCREPHI RCRS04 2 . AI . RS05* 56 SCREPHI RCRS05 2 . AI . RS06* 56 SCREPHI RCRS06 2 . AI . RI09* 56 SCREPMD RCRI09 2 . AI . RI10* 56 SCREPMD RCRI10
33 [email protected] ©® 2012
! WLM can help to – Protect critical workloads – Provide consistent response times
! Example:
- Protecting the work that matters
34 [email protected] ©® 2012
October 25–29, 2009 • Mandalay Bay • Las Vegas, Nevada
- DDF and Classification Rules
! Classification rules used to assign the incoming work to a – Service Class – Reporting Class (optional)
! If you do not implement classification rules for DDF – All DDF workload is clasified and executed under the
service class…
SYSOTHER ! System provided service class for all work not associated
with a service class ! It is assigned a discretionary goal ! Discretionary work is run using any system resources
not required to meet the goals of other work
35 [email protected] ©® 2012
Security information exposed
36 [email protected] ©® 2012
- Security options ! TCP/IP Already Verified
– Controls whether DB2 accepts TCP/IP connection requests that contain only a user ID
– TCPALVER=NO à strongly recommended – TCPALVER=YES à RACF will not perform password checking
unless the connection request sends the password
• Potential security exposure! – TCPALVER=SERVER_ENCRYPT à only in DB2 10
! Do not send a clear text password through the network ! Consider using one of the following security options:
– RACF PassTicket – Kerberos ticket – DRDA encrypted passwords
37 [email protected] ©® 2012
TIP: db2 catalog db DB9A at node NODE1 authentication SERVER_ENCRYPT
SUMMARY
Agenda
! Distributed access to DB2 for z/OS and DRDA – Private Protocol no more
! DRDA connectivity options ! The choice of the right configuration
– DB2 Connect or not DB2 Connect
! Sysplex support ! How to identify a client
– DDF and WLM
! Security considerations
39 [email protected] ©® 2012
GRAZIE!
Cristian Molaro - [email protected]