TALKING WITH DB2dugi.molaro.be/wp-content/uploads/2009/10/CMolaro_connectivity_o… · Distributed...

TALKING WITH DB2 Today’s connectivity options DUGI, Milano – Roma 2012

0

CRISTIAN MOLARO Independent Consultant

IBM GOLD Consultant IBM Information Champion

- DISCLAIMER

PLEASE BE AWARE THAT THE ACTUAL PROGRAMMING TECHNIQUES, ALGORITHMS AND ALL NUMERICAL PARAMETERS USED IN EXAMPLES GIVEN IN THIS PRESENTATION ARE SUBJECT TO CHANGE AT SOME FUTURE DATE EITHER BY A NEW VERSION OF DB2, A NEW RELEASE, A SMALL PROGRAMMING ENHANCEMENT (SPE) OR A PROGRAMMING TEMPORARY FIX (PTF). THE INFORMATION CONTAINED IN THIS PRESENTATION HAS NOT BEEN SUBMITTED TO ANY FORMAL REVIEW AND IS DISTRIBUTED ON AN “AS IS” BASIS WITHOUT ANY WARRANTY EITHER EXPRESS OR IMPLIED. THE USE OF THIS INFORMATION OR THE IMPLEMENTATION OF ANY OF THESE TECHNIQUES IS A CUSTOMER RESPONSIBILITY AND DEPENDS ON THE CUSTOMER’S ABILITY TO EVALUATE AND INTEGRATE THEM INTO THE CUSTOMER’S OPERATIONAL ENVIRONMENT. WHILE EACH ITEM MAY HAVE BEEN REVIEWED FOR ACCURACY IN A SPECIFIC SITUATION, THERE IS NO GUARANTEE THAT THE SAME OR SIMILAR RESULTS WILL BE OBTAINED ELSEWHERE. CUSTOMERS ATTEMPTING TO ADAPT THESE TECHNIQUES TO THEIR OWN ENVIRONMENTS DO SO AT THEIR OWN RISK. DB2 IS A TRADEMARK OF INTERNATIONAL BUSINESS MACHINE CORPORATION. THIS PRESENTATION USES MANY TERMS THAT ARE TRADEMARKS. WHEREVER WE ARE AWARE OF TRADEMARKS THE NAME HAS BEEN SPELLED IN CAPITALS.

1 [email protected] ©® 2012

Agenda

! Distributed access to DB2 for z/OS and DRDA –  Private Protocol no more

! DRDA connectivity options ! The choice of the right configuration

–  DB2 Connect or not DB2 Connect

! Sysplex support ! How to identify a client

–  DDF and WLM

! Security considerations


Distributed Relational Database Architecture ! DRDA is an open, vendor-independent architecture providing

connectivity between a client and database servers ! It was initially developed by IBM and then adopted by The Open

Group as an industry standard interoperability protocol ! Visit www.opengroup.org for more information:

–  DRDA V4, Vol. 1: Distributed Relational Database Architecture –  DRDA V4, Vol. 2: Formatted Data Object Content Architecture –  DRDA V4, Vol. 3: Distributed Data Management Architecture

! A common protocol independent of the underlying RDBMS ! Allows to access a diverse set of RDBMSs ! Connectivity is independent from

–  Hardware and software architecture –  Vendors and platforms


! DRDA Configuration example

! Infrastructure can be very complex!

- Distributed access to DB2 - DRDA

Application -

Application Server (WAS)

DB2 for z/OS

Gateway DB2 for z/OS Application

Application

Application


! Enable inactive thread support –  CMSTAT=INACTIVE –  Allows DB2 for z/OS pooling:

•  Reduction on CPU utilization •  Reduction on Memory utilization

! Allow DDF threads to become INACTIVE

–  Avoid holding resources •  WITH HOLD cursors not closed •  DTT not dropped •  Application using packages bound using

KEEPDYNAMIC ! Resources held across a COMMIT would prevent the connection

and associated DB2 thread from being pooled

- Use INACTIVE threads


-DIS DDF

! DT=I --> DDF configured with INACTIVE threads

! CONDBAT --> MAX REMOTE CONNECTED

! MDBAT --> MAX REMOTE ACTIVE

! ADBAT --> Current # of DBATs, active and disconnected

! QUEDBAT --> Count # times MDBAT was reached, only reset at restart

! INADBAT --> Current # of inactive DBATs, DISPLAY THREAD TYPE(INACTIVE)

! CONQUED --> Current # of queued connections

! DSCDBAT --> Current # of disconnected DBATs= DBAT pool threads

! INACONN --> Current # of inactive connections

DSNL080I -DB2P DSNLTDDF DISPLAY DDF REPORT FOLLOWS: DSNL081I STATUS=STARTD DSNL082I LOCATION LUNAME GENERICLU DSNL083I DB2P DB2P.LU1 -NONE DSNL084I TCPPORT=5136 SECPORT=5137 RESPORT=5138 IPNAME=-NONE DSNL085I IPADDR=::192.168.1.1 DSNL086I SQL DOMAIN=WWW.HELLOWORLD.BE DSNL090I DT=I CONDBAT= 1000 MDBAT= 200 DSNL092I ADBAT= 2 QUEDBAT= 0 INADBAT= 0 CONQUED= 0 DSNL093I DSCDBAT= 0 INACONN= 0 DSNL099I DSNLTDDF DISPLAY DDF REPORT COMPLETE ***


! You MUST convert plans and packages from PP to DRDA protocol, if any, before migrating to V10 from V8 or V9

! See APAR PK64045: PREPARATION FOR ELIMINATION OF PRIVATE PROTOCOL IN DB2 10 FOR Z/OS

! It has an impact on existing BIND/REBIND processes ! Creation of ALIASES may be required

- DB2 PP DOES NOT WORK on DB2 10!


October 25–29, 2009 • Mandalay Bay • Las Vegas, Nevada

DRDA BIND COPY

DRDA_RESOLVE_ALIAS

- Alias resolution processing

LOC2

LOC1

CREATE ALIAS NL.EMP FOR LOC2.PRD.EMP

SELECT * FROM NL.EMP;

PKG1

PRD.EMP

SELECT * FROM NL.EMP;

PKG1

SELECT * FROM PRD.EMP;

PKG1

DRDA BIND COPY

DEFAULT V8 V9

PRIVATE PROTOCOL

CREATE ALIAS NL.EMP FOR PRD.EMP

APAR PK64045: PREPARATION FOR ELIMINATION OF PRIVATE PROTOCOL IN DB2 10 FOR Z/OS

! It could be good to de-activate PP before migrating to V10 –  After all packages and plans are migrated to DRDA, it would be nice

to avoid ANY future introduction of PP –  To configure a subsystem to evaluate the effects of private protocol

capabilities being no longer available

! PK92339: NEW PRIVATE_PROTOCOL SUBSYSTEM PARAMETER (V8 & V9)

–  PP capabilities can be enabled or disabled in a subsystem

! PRIVATE_PROTOCOL=NO –  Reject any inbound private protocol requests –  Fail any outbound private protocol request –  Fail any BIND or REBIND with DBPROTOCOL(PRIVATE) –  AUTOBIND will leave plans or packages invalid if previously bound

with DBPROTOCOL(PRIVATE)

- Controlling the use of PP


DRDA Connectivity options

≥ 9.7 Fp3a DB2 10

http://www.ibm.com/support/docview.wss?uid=swg27016878 10 [email protected] ©® 2012


DRDA levels

•  Communication will be done using the lowest DRDA level supported by the Clients / Server

•  Working with down-level clients? –  An old client will work but probably with a subset of the DRDA

capabilities of the DB2 server –  Clients and servers are supported independently

•  BUT: feedback from IBM DDF Level 2 Support area: –  Typical problem: distribution protocol errors or errors with certain

DDM code points –  Special register settings not taking effect after connection reuse –  Many (sometimes undetermined) problems solved after updating

clients

IMPORTANT: Keep clients up to date 11 [email protected] ©® 2012


JDBC trace example

•  DB2 JDBC/JCC Driver Versions –  http://www-01.ibm.com/support/docview.wss?

rs=71&uid=swg21363866

[jcc] BEGIN TRACE_DRIVER_CONFIGURATION [jcc] Driver: IBM DB2 JDBC Universal Driver Architecture 3.57.82 [jcc] Compatible JRE versions: { 1.4, 1.5, 1.6 } ..... [jcc] Using global properties: [jcc] os.name = Windows XP, system [jcc] os.arch = x86, system [jcc] Dumping all system properties: { ....., [jcc] Dumping all file properties: { } [jcc] END TRACE_DRIVER_CONFIGURATION ..... [jcc] BEGIN TRACE_CONNECTS [jcc] Attempting connection to svr1:3322/DB2PLOC [jcc] Using properties: { ..... traceLevel=-1,clientRerouteAlternateServerName=null, ..... } [jcc] END TRACE_CONNECTS [jcc][t4] [time:2010-05-30-09:51:20.146][thread:WebContainer : 4][tracepoint:315]creating a socket to svr1 at 10.50.1.30 [jcc] [t4][time:2010-05-30-09:51:20.146][thread:WebContainer : 4][tracepoint:1][Request.flush] [jcc][t4] SEND BUFFER: EXCSAT (ASCII) (EBCDIC) [jcc][t4] 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF 0123456789ABCDEF [jcc][t4] 0000 0098D04100010092 10410048115E8482 ...A.....A.H.^.. .q}....k.....;db [jcc][t4] 0010 F29183836D819797 93898381A3899695 ....m........... 2jcc_application .....


Traces available on distributed components

! It is a good idea to get used to collect and analyze traces in all the distributed components

! See the IBM redbook “DB2 9 for z/OS: distributed functions”

Client / Driver Available traces

What the trace contains?

IBM Data Server Driver for JDBC and SQLJ (type 4)

JCC Trace It contains both JCC driver trace and DRDA trace. JCC trace contains both JCC driver trace and DRDA trace only when TRACE_ALL is specified

IBM Data Server Driver for ODBC and CLI

CLI trace, db2trc, db2drdat

CLI trace contains the driver trace. db2trc contains db2 client side buffers and DRDA buffers. (db2drdat available from 9.5 Fp 4)

All other Data Server Clients, DB2 Connect, DB2 ESE and so forth

CLI trace, db2trc, db2drdat

CLI trace + db2trc + db2drdat. db2drdat contains only DRDA buffers.


IBM Data Server Drivers and Clients selection guide

! There is a functional overlap ! Should balance functionality with footprint ! DB2 Connect Server not required for Sysplex Workload Balancing

(≥ 9.5 Fp3)

Smallest footprint

JDBC and SQLJ

ODBC and CLI

OLE DB and .NET

Open source

CLP GUI tools

IBM Data Server Driver for JDBC and SQLJ X X


X X

IBM Data Server Driver Package

X

X

X

X

IBM Data Server Runtime Client

X

X

X

X

X

IBM Data Server Client

X

X

X

X

X

X


- Table of name equivalences

! This presentation uses V9.7 terminology

V8 V9 V9.5 & V9.7 DB2 Administration Client DB2 Client IBM Data Server Client DB2 Application Development Client DB2 Runtime Client

DB2 Runtime Client IBM Data Server Runtime Client

Java Common Client IBM DB2 Driver for JDBC and SQLJ

IBM Data Server Driver for JDBC and SQLJ

IBM DB2 Driver for ODBC and CLI

IBM Data Server Driver for ODBC and CLI IBM Data Server Driver Package


- Choosing the right Client/Driver ! There is a functional overlap ! Should balance functionality with footprint

IBM Data Server Client: Includes Developer and DBA GUI tools

IBM Data Server Runtime Client: Includes CLP

IBM Data Server Driver Package: Includes support for .NET, OLE DB, PHP, Ruby, Perl




- Selection guidelines: application view

! Set db2.jcc.sqljUncustomizedWarningorException to 1 or 2

Smallest footprint

Application Performance Sysplex WLB

Seamless failover + ACR (DS)

Type 4 drive X For Java-based dynamic SQL applications

For dynamic SQL only X X


For Java-based static SQL applications

Supports both static and dynamic SQL

X X

pureQuery using Type 4 driver

Easiest to code. Recommended for new Java based static SQL applications

Supports both static and dynamic SQL

X X

Data Server drivers in ODBC/CLI environments

X For C/C++ applications

For dynamic SQL only

X

X

Data Server drivers in .NET environment

X For C# and VisualBasic applications

For dynamic SQL only

X

X


- The choice of the right configuration

! Only Java clients were able to exploit Sysplex Workload Balancing functions via direct connections.

! This functionality has been extended to all clients.

ODBC, CLI, .NET, OpenSource

JDBC,SQLJ, pureQuery

DB2 Connect

ODBC, CLI, .NET, OpenSource

JDBC,SQLJ, pureQuery



- The choice of the right configuration

•  Most configurations currently using DB2 Connect can use one of the IBM Data Server products:

–  Significantly reduced footprint –  Simplified infrastructure from 3 tiers to 2 tiers –  Reduced network traffic and code path –  Simplification of single point of failure management –  Simplification of problem determination

•  But: –  More complex software administration for maintenance –  No gateway functionality –  WLB balancing scope reduced to local applications



- Some DB2 Connect reserved functionalities

•  Remember: there is no mechanism available to DDF or WLM to classify a workload BEFORE connection: critical and low priority workloads compete for DBATS

•  DB2 Connect: –  Provides gateway, connection concentration and a larger scope

for WLB and Pooling –  Simplification of upgrades and maintenance

DB2 DB2

Connect DB2



- DB2 Connect and Hipersockets •  DB2 Connect + zVM + zLinux •  Probably the best option for a

DB2 Connect server •  Get availability advantages of

System z at IFL price •  Hipersockets support •  Promotes server

consolidation: reduces Data Center costs

•  Even better?

–  Application server in zLinux 21 [email protected] ©® 2012

! You still require a DB2 Connect license ! Even if there is NO DB2 Connect Server in your infrastructure

! Keep your installation inline with IBM License agreement ! Potentially improve your DB2 for z Total Cost of Ownership

- DB2 Connect License: still needed

IMPORTANT: REVIEW your current DB2 Connect license model

DISCLAIMER


! DB2 Connect Application Server Edition ! DB2 Connect Application Server Advanced Edition

–  Web and Application Server based connectivity –  Licensing based on PVU on the application server

! DB2 Connect Enterprise Edition –  Licensing on packs of 25 users (Authorized or concurrent) or PVU

! DB2 Connect Personal Edition –  Single user on one machine –  No application servers allowed

! IBM DB2 Connect Unlimited Edition for System z ! IBM DB2 Connect Unlimited Advanced Edition for System z

–  Host license and MSU licens

! DB2 Connect Unlimited Edition for System I

! PVU - Processor Value Unit [PVU] www.ibm.com/software/lotus/passportadvantage/pvu_licensing_for_customers.html ! More information: www.ibm.com/software/data/db2/db2connect/

- DB2 Connect licensing


- db2licm C:\Program Files\IBM\SQLLIB\BIN>db2licm -l Product name: "DB2 Connect Enterprise Edition" License type: "User" Expiry date: "Permanent" Product identifier: "db2consv" Version information: "9.5" Concurrent connect user policy: "Enabled" Number of licensed connect users: "9" Enforcement policy: "Soft Stop"

Event Type: Error Event Source: DB2 Event Category: None Event ID: 4 Date: 9/03/2012 Time: 15:33:29 User: N/A Computer: DBGW01 Description: 2012-03-09-15.33.29.812000 Instance:DB2 Node:000 PID:2636(db2syscs.exe) TID:2804 Appid:10.30.200.153.60941.12030914333 license manager sqllcConnectUser Probe:5 Database:PDB2 ADM12023E The number of concurrent users of "DB2 Connect Enterprise Edition" product has exceeded the defined entitlement of "9". Concurrent user count is "10". You should purchase additional user based entitlements…


- Sysplex support

! The challenge ! A distributed application server requester must be provided with the

best available path to the data ! High availability ! Adequate performance ! Consistent response time

! The solution ! DB2 for z/OS Data Sharing capabilities:

! Fault tolerance ! Distributed Workload Balancing

! State of the art availability for remote applications accessing a DB2 Data Sharing system in a Sysplex environment


! Requires configuration of: ! TCP/IP Sysplex Distributor configured with Dynamic Virtual IP

address (DVIPA) and automatic VIPA takeover ! DB2 for z/OS Data Sharing Members ! DB2 Sysplex WLB functions supported by DB2 Connect, Clients and

Drivers

- Sysplex support: all together

1

2

3


- Summary: enabling Sysplex support

! Sysplex Workload Balancing provides transaction-level load balancing

–  Seamless balance connections across different members of a data sharing group with transaction granularity

! Automatic Client Reroute with seamless failover on transaction boundaries

–  Client automatically attempts to reconnect to another member –  Application sees no errors; formerly SQL30081N returned

! There is no parameter to set in DB2 for z/OS ! Applies to:

–  DB2 Connect –  DB2 Clients and Drivers ≥ 9.5 Fp3


- Sysplex support ! Sysplex Distributor balances connections ! The WLB connection concentrator capability balances

transactions across the group

! Is there any additional benefit in using Sysplex WLB at the application server or DB2 Connect if using DVIPA and Sysplex Distributor on z/OS?

–  YES! Both need to be enabled to ensure highest availability


- Can you tell the difference?


- WLM: client set info ! DB2 server systems have implemented the concepts of:

–  End user IDs –  End user workstation names –  End user application names –  Accounting data

! Much of this information is externalized in various forms: –  The DSNV437I message of the DISPLAY THREAD command –  THREAD-INFO data in various messages such as DSNT375I –  The QWHC trace record correlation header –  The QMDA section of DB2 accounting trace records

! The value of the special registers can be changed by: –  Program language dependent API –  The RRS DSNRLI SIGNON and other functions –  The WLM_SET_CLIENT_INFO stored procedure



- ODBC client example

•  Special registers cannot be set through SQL

•  Information can be used by WLM classification identifier AI position ≥ 56

•  Exposed in RMF report Enclave Classification Data

DSNL027I -PRD1 SERVER DISTRIBUTED AGENT WITH 778 LUWID=C9DE5919.F7D7.C5C2D6F15029=636 THREAD-INFO=CRIS:TotoMac:Toto:TestFromMac:*:*:* RECEIVED ABEND=04E FOR REASON=00D3003B DSNL028I -PRD1 C9DE5919.F7D7.C5C2D6F15029=636 779 ACCESSING DATA FOR LOCATION ::10.50.1.12 IPADDR ::10.50.1.12


- WLM_SET_CLIENT_INFO ! Specially useful for DB2 for z/OS to DB2 for z/OS connections

! Available in DB2 V8, V9 and 10

SYNTAX: >>-WLM_SET_CLIENT_INFO--(--+-client_userid-+--,--+-client_wrkstnname-+--,--> '-NULL----------' '-NULL--------------' >--+-client_applname-+--,--+-client_acctstr-+--)--------------->< '-NULL------------' '-NULL-----------'

#!/usr/bin/ksh .... client_userid="cristian" client_wrkstnname="Office Desktop" client_applname="RC01" client_acctstr="RC01” .... db2 +o "Connect to " $MFDB2 " user " $HOSTuser " using " $HOSTpasswd db2 "CALL SYSPROC.WLM_SET_CLIENT_INFO('"$client_uid"','"$report"',

'"$report"’,'"$report"');" db2 -xtof /home/cognos/scripts/queries/RC01 .... # End program


- Accounting information and WLM ! WLM Classification rules

–  For work type DDF: DDF Accounting information is the value of the DB2 accounting string associated with the DDF server thread

* Subsystem Type DDF - Distributed Workload Classification: Default service class is SCDDFLOW There is no default report class. Qualifier Qualifier Starting Service Report # type name position Class Class - ---------- -------------- --------- -------- -------- 1 SI DA12* SCREPLO RCUNKWN 2 . AI . RC01* 56 SCREPLO RCRC01 2 . AI . RS02* 56 SCREPHI RCRS02 2 . AI . RC03* 56 SCREPLO RCRC03 2 . AI . RS04* 56 SCREPHI RCRS04 2 . AI . RS05* 56 SCREPHI RCRS05 2 . AI . RS06* 56 SCREPHI RCRS06 2 . AI . RI09* 56 SCREPMD RCRI09 2 . AI . RI10* 56 SCREPMD RCRI10


! WLM can help to –  Protect critical workloads –  Provide consistent response times

! Example:

- Protecting the work that matters



- DDF and Classification Rules

! Classification rules used to assign the incoming work to a –  Service Class –  Reporting Class (optional)

! If you do not implement classification rules for DDF –  All DDF workload is clasified and executed under the

service class…

SYSOTHER ! System provided service class for all work not associated

with a service class ! It is assigned a discretionary goal ! Discretionary work is run using any system resources

not required to meet the goals of other work


Security information exposed


- Security options ! TCP/IP Already Verified

–  Controls whether DB2 accepts TCP/IP connection requests that contain only a user ID

–  TCPALVER=NO à strongly recommended –  TCPALVER=YES à RACF will not perform password checking

unless the connection request sends the password

•  Potential security exposure! –  TCPALVER=SERVER_ENCRYPT à only in DB2 10

! Do not send a clear text password through the network ! Consider using one of the following security options:

–  RACF PassTicket –  Kerberos ticket –  DRDA encrypted passwords


TIP: db2 catalog db DB9A at node NODE1 authentication SERVER_ENCRYPT

SUMMARY

Agenda

! Distributed access to DB2 for z/OS and DRDA –  Private Protocol no more

! DRDA connectivity options ! The choice of the right configuration

–  DB2 Connect or not DB2 Connect

! Sysplex support ! How to identify a client

–  DDF and WLM

! Security considerations


GRAZIE!

Cristian Molaro - [email protected]

TALKING WITH DB2dugi.molaro.be/wp-content/uploads/2009/10/CMolaro_connectivity_o… · Distributed...

Documents

Transcript of TALKING WITH DB2dugi.molaro.be/wp-content/uploads/2009/10/CMolaro_connectivity_o… · Distributed...