Informix Experts

In IDS releases prior to 10.00.TC5, the Informix Dynamic Server(IDS) Windows Service was allowed to log on only as user informix. Launching the IDS installation program setup.exe with the -system command line argument (only) will install IDS and create a new instance running as the Windows Local System user, bypassing screens which prompt for informix user password(informix user does not get created when this option is used).

Starting with version 11.50, you can install IDS on Windows as the local system user account by selecting the Local System User option right on the IDS Server configuration Setup panel. This option is available only in custom mode of installation.

Typically this option provides the same privileges as the informix user account; however, it uses an internal account representing a pseudo-user that does not require a password. The local system account is used by the operating system and services running under Windows during the installation of Dynamic Server. The informix user is still created by default.

However user can choose not to create an informix user account at all, but we have to note that Enterprise Replication between Dynamic Server on UNIX and IDS on Windows Operating System will not work if informix user and Informix-Admin group is not present.Along with the “Start database server as Local System User” checkbox another checkbox “Do not create user informix account” is also provided on the same panel which is greyed out unless the user picks the System User option.

Some of the benefits of why people would want to do this:
• if the machine has a password expiry policy and it is not convenient to change the password of the IDS service this will save having to do it
• some security policies require that the informix user not be a member of the Administrators group. If the IDS service logs on as local system user the informix user no longer has to be an administrator.

Snigdha Sahu[Read More]

Suppose you have an application which depends on IDS. Your business requirement is application must starts after a successful IDS memory initialization. Previously there was no way you can validate the return code of oninit process to make a decision whether or not IDS initialize successfully. So, if you have a script that automatically starts IDS and the application respectively, it possible the application may start even though IDS failed to initialize.

A new oninit option has introduced to IDS 11.50 that generate a return code. Based on the return code you can customize the script and automate startup process.

The 'oninit -w' command generates following return codes:

• 0 - when success
• 1 - when initialization fails or exceed the timeout value

The 'oninit -w' command forces IDS to wait until it successfully initializes before returning to a shell prompt. You can also provide an addition argument for timeout value with '-w' option. Without any timeout value with '-w' option, IDS will use the default value e.g. 10 minutes. If IDS cannot initialize within the timeout period, oninit generates return code 1 and writes following error message to the online.log file:

Warning: wait time expired

The syntax of new command as follows:

• oninit -w
• oninit -w

You can use the '-w' option with combination of any other oninit initialization options.

Couple of points to remember:

• In a high-availability environment, you can only use the 'oninit -w' command on primary server; it is not valid on secondary servers.
• The oninit command returns success when sysmaster, sysutils, sysuser and sysadmin are successfully created.

Sanjit Chakraborty[Read More]

DB_LOCALE and CLIENT_LOCALE are compatible if ...

• the code set for both the locales are identical,

OR




• code set conversion is possible between CLIENT_LOCALE's and DB_LOCALE's code set,

AND
a locale consisting of the language_terriorty from CLIENT_LOCALE and the code set from DB_LOCALE exist

Note: For any code set name, its corresponding code set number and hex value, can be found in following file.

$INFOMRIXDIR/gls/cm3/registry.

Example 1:

DB_LOCALE = en_us.850 (code set 850, its hex value 0352)
CLIENT_LOCALE = de_de.850



Here, both the locales are using same code set, 850 which is supported by both en_us and de_de, that is, US English and Germany German.
Hence, they are compatible.

Example 2:

CLIENT_LOCALE = fr_ca.850 (code set 850, its hex value 0352)
DB_LOCALE = de_de.cp1252 (code set 1252, its hex value 04e4)

Here, for both the locales to be compatible, there are 2 requirements:


i) Canadian French (fr_ca) must support code set 1252 encoding.




In other words, this locale file must exit.

$INFORMIXDIR/gls/lc11/fr_ca/04e4.lco



ii) Conversion between CLIENT_LOCALE's code set, 850 and
DB_LOCALE's code set, cp1252 must be supported.




In other words, these files must exist.

$INFORMIXDIR/gls/cv9/035204e4.cvo
$INFORMIXDIR/gls/cv9/04e40352.cvo
If you have locales fr_ca and de_de, for code set 850 and cp1252, installed on the machine, you

should see the above listed files exists.
Hence, they are compatible locale.

Example 3:

CLIENT_LOCALE = fr_ca.850 (code set 850, its hex value 0352)
DB_LOCALE = cs_cz.8859-2 (code set 8859-2, its hex value 0390)

Here, the locales are not compatible because ...
• Canadian French (fr_ca) does not support 8859-2 encoding, and
• conversion between code set 850 and 8859-2 is not supported.

Example 4:

CLIENT_LOCALE = iw_il.8859-8 (code set 8859-8, its hex value 0394)
DB_LOCALE = en_us.utf8 (code set utf8, its hex value e01c)

Here, even though code conversion is posible between code set 8859-8 and utf8, these locales

are not compatible because Israelian hebrew (iw_il) does not support utf8 encoding.

That is, there is no such locale file to support utf8 encoding by Israelian hebrew.

$INFORMIXDIR/gls/lc11/iw_il/e01c.lco

Note: If a locale file is not available in your INFORMIXDIR, check the Informix International

Language Suppliment (ILS) to see if that the locale is supported.

Seema Kumari


[Read More]

The value of locale variable, CLIENT_LOCALE or DB_LOCALE can be broken into 4 parts.

     1          2                   3                      4    
<language>_<territory>.<Code set name/Code set number>[@modifier]
       --------   --------    -----------------------------   --------

Conventional, I represent this as ll_tt.xxxx@xyz, where ...

ll ............ represents the Language


tt ........... represents the Territory, or cultural convention.


xxxx ....... represents the Code set Name or the Code set Number supported by the locale and


xyz ......... represents the Modifier. This is the only optional part in a locale value.



The modifier, sometimes refered as variant, modifies the cultural-convention settings that the language and territory settings imply. It usually indicates a special localized collating order that the locale supports.

Let us look at an example.

Example:

CLIENT_LOCALE = de_at.cp1252@euro, and
CLIENT_LOCALE = de_at.1252@euro


• Here, both CLIENT_LOCALE values represent the same locale.




• 1252 is the Code set number for Code set name, cp1252. We can specify either Code set name or the Code set number in a locale value.

where,

- de ........... represents the German language
- at ............ the territory, Austria
- cp1252 ... the code set used for the encoding and
- euro ....... the modifier used for the locale



So, this is German language locale, for Austria, using cp1252 encoding and euro modifier.

Now, to check if this locale file exists, where to lookup ?

All locale files reside under directory $INFORMIXDIR/gls/lc11

To lookup for locale files for language (ll) and territory (tt), we check under $INFORMIXDIR/gls/lc11/ll_tt directory.




In our example, to lookup for locale files for German language (de), for territory Austria (at), we will lookup $INFORMIXDIR/gls/lc11/de_at directory

Next, under the specified locale directory, look for files with name represented by hex value of the code set name/ code set number, along with modifier name if modifier is specified, with an extension .lco



In our example, hex value for Code set cp1252 is 04e4 and modifier euro is used. So, we will look for file 04e4euro.loc under directory $INFORMIXDIR/gls/lc11/de_at.

How and where to find the hex value for a Code set name ?

For any Code set name, its Code set number and hex value can be looked-up in file $INFORMIXDIR/gls/cm3/registry.

Example:

Let us find the hex value for Code set name Latin-3.

We can find the information in file

$INFORMIXDIR/gls/cm3/registry



  In the registry file ...

- first coulmn represents the code set name,
- second column is code set number
- third column is the hex value of the code set number, and
- fourth column, is either blank or has comment about the code set.



Let us lookup for code set, Latin-3 in registry file and see what we find.
We get the following value.





   Latin-3          57346              0xe002  					
  ---------      ------------	      -----------     --------------------------------
 code set name   code set number     hex value      in this case, there is no comment 

NOTE:

• Locale values are case in-sensitive.




Example:

DB_LOCALE = de_de.cp1252, DB_LOCALE = de_de.CP1252.
Here, both locale values are valid, representing the same code set.




• You can specify either code set name or code set number in a locale value, but you cannot use the hex value of the code set number.


Example:

DB_LOCALE = fr_ca.57372 or fr_ca.utf8, ........ both values are valid and they represent the same code set.


DB_LOCALE = de_de.cp1252 or de_de.1252 .... both values are valid and they represent the same code set


DB_LOCALE = de_de.04e4 ............... this in invalid. Code set's hex value cannot be used in a locale value.




• If modifier is not specified in the locale variable, like say ...

CLIENT_LOCALE = de_at.cp1252


- to locate the locale file, look for .loc under the language_territory directory. In this case, we look for following file ...

$INFORMIXDIR/gls/lc11/de_at/04e4.lco




• If modifier is specified in the locale variable, like ...

CLIENT_LOCALE = de_at.cp1252@euro




- to locate the locale file, look for .lco file under language_territory directory. In this case, we look for following file ...

$INFORMIXDIR/gls/lc11/04e4euro.lco




• Code set name, its corresponding Code set number and hex value is specified in file
  $INFORMIXDIR/gls/cm3/registry.
  
  
• Locale Territory/ Country code and Language code can be looked up in file
  $ILS_INSTALL_DIR/release/GLS_INFO
  
  
  
  
• Conventionally, for LOCALE variable having value ll_tt.xxxx[@xyz], following locale file should exist.
$INFORMIXDIR/gls/lc11/ll_tt/<hex value of xxxx>[xyz].lco




Seema Kumari
[Read More]

IDS 11.50 introduced a new installation wizard (installer), which makes life easier than in past releases to set up an instance to use a variety of database clients. In this section we will discuss how to set DRDA connection during installation process.

The installation wizard is extremely user friendly and easy to navigate. Options are available with installation wizard to configure a database server alias (DBSERVERALIASES) and a port for clients that use the DRDA protocol. You can easily setup this DRDA connection via a checkbox when creating the demonstration database server instance during installation. We will see some screenshots latter in this section to get a better understanding on DRDA configuration.

There are little differences between UNIX and Windows installation wizard.

UNIX

• Select option use the default configuration file to able to install database server with DRDA.
• Do not select the option to customize the default configuration file, as this option does not allow setting DRDA.

  
  
  

Windows

• By default the server installation includes DRDA setup.
• You must select custom installation to exclude DRDA setup.

On UNIX platform you need to answer 'Yes' for question Do you want to create an IDS demonstration database server instance. Similarly, you need to choose option 2 - Use the default configuration file under demonstration database instance configuration. You may use default server name and server alias values or change those as per your requirement.

Following is a DRDA configuration screenshot on UNIX platform:

On Windows platform the typical installation process (default) automatically include the DRDA configuration. It will set the configuration parameter DBSERVERALIASE as "svc_drda". Custom installation process is required if you want to disable DRDA setup in demonstration server instance.

Following are some DRDA configuration screenshot on Windows platform:

The custom installation process provides controls on initialize the demonstration server. You can exclude the DRDA configuration, if you wish. By default DRDA is selected.

Things to notice if you enable a custom configuration file on windows platform, DRDA support is removed.

By default IDS will configure TCP/IP port 9089 and drtlitcp or drsoctcp connection protocol for DRDA configuration.

Sanjit Chakraborty

[Read More]

IDS 11.50 made a significant improvement in installation process. Started with IDS 11.50 informix introduced a new versatile installation wizard (installer), which can automatically creates a customized database server configuration file (ONCONFIG) suitable for your system environment and create a demonstration database server during installation process.

Part of the installation process installer captures inputs from user. Then evaluates the input values to ensure settings are valid, and it calculates several values for other configuration parameters based on hardware settings and database instance needs. You can use the Instance Configuration Wizard in GUI or console installation modes to use this new feature. However, make sure you choose the option “Creating Demonstration Database Server Instance” during installation process to automatically create the customized configuration file.

There are little differences between UNIX and Windows installation wizard.

UNIX

• Checked 'Yes' for Use create an IDS demonstration database server instance
• Choose option for Customize the default configuration file

  
  
  

Windows

• On Windows platform the Instance Configuration Wizard is only available with custom setup in GUI mode.
• You must checked 'Demos' under select the feature you want to install
• The 'Enable a custom configuration file' must checked also

Following are some restrictions that you need to remember during installation:

• Installation directory must be empty
• The root chunk file must be empty or not exists. Installer will create the file.
• Parameters affected by the Instance Configuration Wizard are not available for silent installation.

During installation, Instance Configuration Wizard captured following input from user:

• Installation Directory
• Database Server Name
• Database Server Number
• Rootpath
• Rootsize
• No. of central processing units (CPUs)
• Memory: System RAM dedicated to the IDS server (in MB)
• No. of online transaction clients
• No. of decision support clients

Based on the above information installer will set following configuration parameters:
ROOTPATH, ROOTSIZE, MSGPATH, DBSERVERNAME, DBSERVERALIASES, SERVERNUM, DRLOSTFOUND BAR_ACT_LOG, BAR_DEBUG_LOG, DUMPDIR, JVPJAVAHOME, JVPHOME, JVPPROPFILE, JVPLOGFILE, ALARMPROGRAM, SYSALARMPROGRAM, JVPCLASSPATH, BUFFERPOOL, VPCLASS

If the Instance Configuration Wizard encounters a problem while validating or calculating configuration parameters for customize configuration file, the configuration file is created with default, workable configuration parameters and an appropriate message displayed.

The customized configuration file will save as 'onconfig.<DBSERVERNAME>' in etc directory under <INFORMIXDIR>.

The "Creating Demonstration Database Server Instance" option with installation process will create a demo database instance. Once the installation process complete, installer generate two script files called profile_settings (korn shell) and profile_settings.csh (C shell) for setting environment variable for demo server instance in $INFORMIXDIR/demo/server (%INFORMIXDIR%\demo\server for Windows) directory.

Following is a screenshot of instance configuration wizard on UNIX platform (console installation mode):



You must choose '1 - Yes' for create an IDS demonstration database server instance and '3- Customize the default configuration file to suit your needs and hardware' in console installation mode.

Following are some screenshot of instance configuration wizard on Windows platform (GUI installation mode):

You must select 'Custom' in GUI mode

Make sure to checked 'Demos' for create an IDS demonstration database instance

Make sure 'enable a custom configuration file to suit your needs and hardware' also checked

An example of server configuration setup. You need to insert values for customize the database server.

Sanjit Chakraborty





[Read More]

Upgrading Informix Dynamic Server Version 10.00 to Versions 11.10 or 11.50:

When installing IDS 11.10 or 11.50, if you choose the option "Upgrade from the previous version", all the server binaries will be upgraded to the newer version(s) automatically.

Upgrading Informix Dynamic Server from Version 11.10 to 11.50:

When installing IDS 11.50 on Windows, direct upgrade from IDS 11.10 is not supported. If “Upgrade from the previous version” is selected the following message pops up. Installer stops beyond this point.

Since the support to install both 11.10 and 11.50 on the same machine exists, it is recommended to choose the option “Install into a default/different directory” (shown in the panel below) to install IDS 11.50. Note: This will not upgrade IDS 11.10 to IDS 11.50.

As part of providing a folder name to install the product, a completely new path must be supplied. If the folder selected already contains binaries from IDS 11.10, then the following message pops up.

User can respond to the question “Do you want to select another folder? “. Clicking “yes”, the installer returns to the destination panel where they can provide a different folder. Clicking No, the installer goes to finish panel

The recommended approach to upgrade to 11.50 is

1. Uninstall IDS 11.10 using "Retain database, but remove server binaries option"
2. Save all the Registry Keys in HKEY_LOCAL_MACHINE\SOFTWARE\Informix\OnLine\
3. Install the later version (IDS 11.50) to the same path.
4. Make sure that you do not initialize the server when installing.
5. Copy the ONCONFIG file to the target and set parameters that are new for the current release.
6. Bring the server up using Control Panel->Services or any other method without initializing.

 

Snigdha Sahu[Read More]

Introduction:IDS 11.50 makes use of IBM Global Security Kit (GSKit) for data encryption and SSL communication. GSKit is deployed as part of IDS installation.

Issue/Solution

Due to the manner in which GSKit is deployed by the IDS installer, you may get a Windows installer error during IDS installation stating:

Error 1706. No valid source could be found for product IBM Informix Dynamic Server. The Windows installer cannot continue.

If GSKit 7 is not present on the machine, it will not be deployed during IDS installation. Furthermore, this error impacts the invisibility of IDS being deployed using silent mode of installation. If present on the machine, GSKit is deployed in [PROGRAM_FOLDER]\IBM\gsk7

After IDS installation, INFORMIXDIR (IDS installation directory) will contain the GSKit-related msi file "IBM Informix Dynamic Server.msi". Prior to any subsequent installation of IDS, clean entries related to the GSKit-related msi from the Microsoft installer database by running the following command:

msiexec.exe /x "IBM Informix Dynamic Server.msi" /qn

Note:The command above will not uninstall IDS. "IBM Informix Dynamic Server.msi" does contain the IDS application files or IDS-related information. Therefore, uninstalling IDS is not an alternate workaround.

Below is are the repro steps for the problem:

On clean machine, install IDS, OR

On a machine with no IDS installation present, run the Windows installer clean up utility and clean up all reference to IBM Informix Dynamic Server.

After installation, uninstall IDS and clean up all the remnants of INFORMIXDIR

Install IDS in a separate directory from the previous installation.

The problem will be fixed in IDS 11.50.xC3 release.

Tosin Ajayi

[Read More]

Most of us fairly familiar with errno -28 (No space left on device) during Assertion Failure (AF), while Informix Dynamic Server (IDS) generates diagnostics data (AF file and shared memory dump). Diagnostics data are very critical to determine the root cause of failure. AF files are generally not too big, where as shared memory dumps often huge in size, almost same as the total memory size used by the IDS instance. The lack of disk space can cause partially dump of shared memory file, which add very little or no value to diagnose the failure.

In large IDS systems, the amount of space required to dump the shared memory is excessive because of gigantic sizes of the resident segment. Most of it contains is BUFFERPOOL information. Large size of the shared memory dump file not only create space issue, it difficult also for technical support to extract useful information in a timely manner.

The IDS version 11.50 provides some flexibility to control how much memory is written to a dump file. We can exclude the buffer pool information from resident segment to significantly reduce the shared memory dump file size. Configuration parameter DUMPSHMEM and onstat both provide some new options to control the shared memory dump size.

Use the DUMPSHMEM configuration parameter to automatically create a dump file during AF. Set DUMPSHMEM to 2 to create a shared memory dump that excludes the buffer pool. You can dynamically change the value of DUMPSHMEM with onmode -wm and onmode -wf. The DUMPSHMEM can take following values:

        0 -  Do not dump shared memory during AF        1 -  Dump full shared memory (default)        2 -  Dump shared memory without bufferpool (new option)

The 'onstat -o' command also allows to dump shared memory file on-demand. Use the new ‘nobuffs’ options with 'onstat -o' to generate shared memory dump without bufferpool. If you use 'onstat -o' without 'nobuffs' option, the DUMPSHMEM configuration parameter controls the content of shared memory file. The 0 or 1 configuration value will generate full shared memory dump file and 2 exclude buffer pool information.

All oncheck options works on the shared memory dump file without buffer pool, except options that access buffer information e.g. -b, -B, -P.

Typically onstat shows segments as “FACADE” while working with full shared memory, where as shared memory without buffer pool shows as "FAÇADE NOBUFFERS".

Sanjit Chakraborty[Read More]

Introduction:

This article describes a customer’s experience with their poll thread configuration while upgrading from IDS 7.31.FD9 to IDS 10.00.FC6. This particular upgrade was related to their busiest IDS server running on an HP Superdome. Typically, one could observe upwards of at least 3000 short-lived soctcp connections on this system.

Original IDS 7.31 Configuration:

Key configuration settings that were active in the IDS 7.31 environment were initially used after upgrading to IDS 10.00:

• 23 CPU VPs
• 20 poll threads running on NET VPs
• multiple server aliases

Optimal IDS 10.00 Configuration:

An optimal configuration was ultimately determined and incorporated the following configuration settings in the IDS 10.00 server:

• 23 CPU VPs
• a handful (3-5) of poll threads running on NET VPs
• enable new IDS 10.00 ONCONFIG parameter, FASTPOLL
multiple server aliases

Relevant Testing:

Stress testing supportive of this optimal configuration was conducted on a 16-processor/32-core HP server using the latest IDS 7.31 and IDS 10.00 64 bit products. The testing involved a multi-threaded ESQL/C application that would spawn 3000 threads over 3 server aliases. Each thread would connect to the server, complete a small amount of read-only work and disconnect from the server 30 times. These 90,000 total connections mimicked the customer’s workload and considered poll threads running both on CPU VPs (inline) and on NET VPs against servers configured with 23 CPU VPs. The following chart shows results from the stress testing that were considered for the optimal customer configuration:

Jeff Laube[Read More]

History:

Through online forums and technical support cases, Informix users have requested the ability to limit the number of connections to IDS servers.

Introduction:

Available now in 11.50 IDS, the ONCONFIG parameter, LIMITNUMSESSIONS, can be used to define the maximum number of sessions that you want connected to IDS.

This ONCONFIG parameter uses the following syntax:

LIMITNUMSESSIONS maximum_number_of_sessions, print_warning

The maximum_number_of_sessions option defines the limit for the maximum number of sessions and can be set to a value in the range of 0 to 2,097,152. The value of 0 is the default and indicates that this feature is turned off.

The print_warnings option can be set to 1 or 0. When this value is set to 1, a warning message is written to the online.log when the number of sessions approaches the limit. These warning messages are not reported when the value is set to 0. The default is 0.

The limit imposed by LIMITNUMSESSIONS takes effect when the database server is shut down and restarted. It can also be started, modified or stopped dynamically by using onmode –wf or onmode –wm.

When the number of connections reaches this limit, new connection requests are rejected with the error -25571 Cannot create a user thread, until the number of connections fall below this limit. A message is reported to the online.log when this limit has been reached.

Database Server Administrators (DBSAs) are the exception to this limit. When the limit has been reached, a DBSA user will still be allowed to connect to IDS.

Example:

The following example specifies that you want a maximum of 100 sessions to connect to the server and that you would like a warning message printed to the online.log when the number of connected sessions approaches 100.

LIMITNUMSESSIONS 100,1

For more information:

http://publib.boulder.ibm.com/infocenter/idshelp/v115/index.jsp?topic=/com.ibm.admin.doc/ids_admin_1221.htm

Disclaimer:

This feature is not intended to enforce terms or conditions of the User License Agreement.

 

Jeff Laube

[Read More]

Introduction:Multiple installation of IBM Informix Dynamic Server is now enabled in IDS 11.50 xC2. With this, users will be able to install multiples copies of IDS on a single machine with the ability to create instance(s) per installation. For example, a user can have 11.50 xC1 and 11.50 xC2 co-existing on the same machine with instances related to each installation running on that machine.

With this new effort, a user that has an installation of IDS 11.50 can invoke setup.exe and will be presented with existing installation of IDS on the machine. The user can then make a choice between installing a new copy of IDS and maintaining an (one of the) existing copy(ies). If there is an existing installation of IDS 11.50 on a machine, a user that launches setup.exe in graphical mode will be presented a panel similar to the one below:

However, with an existing installation of IDS 11.50, launching setup.exe in silent mode will require a maintenance response file. Without a maintenance response file or with an installation response file, the installer will abort. To install a subsequent copy of IDS 11.50 in silent mode, the user should pass the ‘-multiple’ command line option to setup.exe.

In addition to the "-multiple" command line option, there are 2 command line options for maintenance namely "-path" and "-instnum". These 2 new command line options are used to launch maintenance mode for a specified installation. Since they perform the same functionality, they should be used interchangeably and not in conjunction with one another.

Usages of the newly implemented options:

-multiple usage

setup.exe -multiple

This option can be used in conjunction with other installation command line options. E.g.

setup.exe -multiple -s -f1"C:\TEMP\server.ini" -f2"C:\TEMP\server.log"

-path usage

setup.exe -path [installation path]

The user invokes setup.exe with the ‘-path’ option passing the installation path for which maintenance is required. This option can be used in conjunction with other maintenance command line options. E.g.

setup.exe -path [installation path] -s -f1"C:\uninst.ini"

-instnum usage

setup -instnum [installation number]

The user invokes setup.exe with the ‘-instnum’ option passing installation number for which maintenance is required. Note that each installation is tagged with an installation number in shortcut menu (except for the first installation which doesn’t have a tag). This option can be used in conjunction with other maintenance command line options. E.g.

setup.exe -instnum [installation number] -s -f1"C:\uninst.ini"

For more information on installing IDS, visit http://publib.boulder.ibm.com/infocenter/idshelp/v115/index.jsp

Tosin Ajayi

[Read More]

The newest version of OpenAdmin Tool for IDS, Version 2.22, is available now! The latest features center on a Enterprise Replication (ER) monitoring and security.

ER Plug-in Version 1.1: Version 1.1 of OAT’s ER plug-in greatly enhances OAT’s Enterprise Replication monitoring capability.

• The ER Routing Topology page has been transformed to allow monitoring of all nodes in the ER domain from a single page without having to drill-down on each node. Users can set thresholds for key ER statistics and then use the Routing Topology page to monitor alerts and profile data for each node in their domain. (Requires IDS server version 11.50xC2.)









• The ER Node Details pages have been expanded to show errors for the current node or the entire ER domain (Errors tab) and to list current values of the ER configuration parameters (Configuration tab).



• Check out a demo of the newest ER monitoring features here: ER Monitoring with Alerts Demo

Secure SQLToolbox: OAT admins can now choose to turn on an additional level of security for the SQL Toolbox pages. If “Secure SQLToolbox” is turned on, OAT users will have to re-authenticate in order to view schema data or use the SQL Editor. This additional layer of security can be used to ensure that OAT users are not automatically allowed free access to databases or tables as the user informix.

Download OAT Version 2.22 now at https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?lang=en_US&source=swg-informixfpd

For additional information on OpenAdmin Tool for IDS, including feature details, screenshots and demos, go to www.openadmintool.org.

Also check out the new DeveloperWorks article on writing custom plug-ins for OAT: www.ibm.com/developerworks/db2/library/techarticle/dm-0808vonbargen

Erika Von Bargen[Read More]

Introduction

HTTPS protects the OAT webserver from eavesdropping, tampering, and message forgery. It protects the OAT webserver from hackers who are trying to secretly listen or interfere with the OAT network. Enabling HTTPS will encrypt OAT clients’ messages before sending it to the OAT webserver. This prevents hackers from listening over the line and stealing sensitive information. Sometimes hackers will setup a fake OAT webserver and deceive OAT clients as to whom the real OAT host is. Enabling HTTPS also allow OAT clients to authenticate with the OAT host, so that hackers cannot deceive OAT clients with a fake OAT webserver.

Please note that HTTPS only encrypts communication between OAT webserver and OAT client. It does not encrypt communication between IDS server and the OAT webserver.

IBM® Informix® Dynamic Server, Version 9.4 and later, enables encryption of data between IDS server and OAT webserver using an encryption communication support module. You can find more information in the following link:

http://www.ibm.com/developerworks/db2/library/techarticle/dm-0401dandekar/index.html

Enabling HTTPS in OAT will involve the following steps:

• 1. Replacing OAT’s Apache webserver with another mod_ssl enabled Apache webserver.
• 2. Creating an encryption key and a certificate for your new OAT webserver, so that OAT clients can authenticate your webserver based on your certificate.
• 3. Configure httpd.conf (the Apache configuration file) to enable HTTPS

Replacing OAT’s Apache Webserver with another mod_ssl enabled Apache Webserver

In order to use OAT with https, you will need to have an apache webserver, PHP with some extensions and the apache mod_ssl module. HTTPS functionality is provided by the apache mod_ssl module. Using the OAT automated installer will install an apache webserver and PHP with all the required PHP extensions, however apache webserver bundled with installer is NOT shipped with the mod_ssl module.

Therefore you have to install another apache webserver compiled with the mod_ssl module to replace OAT’s apache webserver. Then dynamically load OAT’s PHP apache handler (a file named libphp5.so, or php5apache2_2.dll on windows, which is the apache and php ‘glue’) to your new apache webserver.

Dynamically loading the mod_ssl module to OAT’s original apache webserver is not possible because the version of OAT’s original apache webserver is 2.2.4. Mod_ssl dynamic module only supports the older apache 1.3.x, It does not support OAT’s apache webserver.

On Linux and Mac OS X,

In order to compile Apache with mod_ssl support, you need to have OpenSSL installed. OpenSSL might have been installed on your Linux distribution already and you only need to find out the installation directory. Note that the OpenSSL binaries have to be 32-bit, because the binaries from the OAT automated installer are 32-bit. We suggest doing this only on a 32-bit machine so that there will be no architectural mismatch among the binaries.

If OpenSSL has not been installed already, you can download the latest source code release from here:

http://www.openssl.org/source/

Then you have to compile the OpenSSL source code. Note that you have to compile 32-bit OpenSSL binaries because the binaries from the OAT automated installer are 32-bit. This can be done by setting CFLAGS to be –m32. Use the following commands:

cd /path/to/openssl/source/code
export CFLAGS=-m32
./config --prefix=/openssl/installation/directory/ --openssldir=/openssl/installation/directory/
make
make install

Stop OAT’s apache webserver by running the /oat/installation/directory/StopApache script. Rename OAT’s Apache_2.2.4 directory to Apache_2.2.4_noSSL. This is a will serve as a backup copy of the apache binaries. You will also need to use some configuration files from this backup Apache directory in later steps. Do make a copy.

Then you have to compile the latest Apache with mod_ssl support. Download the latest Apache source code and compile with the following commands. Note that you have to compile 32-bit Apache binaries because the binaries from the OAT automated installer are 32-bit. This can be done by setting CFLAGS to be –m32. The compilation prefix should match the old OAT apache’s directory (/oat/installation/directory/Apache_2.2.4/)

cd /path/to/apache/source/code
export CFLAGS=-m32
./configure --prefix= /oat/installation/directory/Apache_2.2.4/ --enable-so --enable-ssl --with-ssl= /openssl/installation/directory/
make
make install

Right now Apache should be installed with mod_ssl support. Use the following commands to check if mod_ssl is enabled in Apache.

cd /oat/installation/directory/Apache_2.2.4/bin/
./httpd –M
(Here you will see a list of Apache modules. See if the SSL module is on the list)

Then you have to change the Apache configurations file to load OAT’s PHP Apache handler (The PHP and Apache ‘glue’). Edit the Apache configuration file (/oat/installation/directory/Apache_2.2.4/conf/httpd.conf). Add the following lines. Uncomment if these lines exist but are commented out.

LoadModule php5_module /oat/installation/directory/PHP_5.2.4/libphp5.so
AddType application/x-httpd-php .php
PhpIniDir ‘/oat/installation/directory/PHP_5.2.4/lib’
Setenv INFORMIXDIR ‘/oat/installation/directory/Connect_3.50/’

Search for the line “Listen 80” in the httpd.conf file. This indicates the port number that the OAT webserver should run on. You should use the same port number as OAT’s original Apache webserver that comes with OAT installer.

Search for the line “ServerName www.example.com:80” in the httpd.conf file. This indicates the name and the port that the server uses to identify itself. You should use the same ServerName as the original non-SSL Apache webserver that comes with OAT installer.

Search for the line “DirectoryIndex index.html” in the httpd.conf file. This sets the files that Apache will serve if a directory is requested. Change this line to “DirectoryIndex index.html index.php”

Copy the file /oat/installation/directory/Apache_2.2.4_noSSL/bin/envvars to /oat/installation/directory/Apache_2.2.4/bin/envvars. Apache will read this file to setup the Apache environment variables for OAT to run.

Copy the entire directory /oat/installation/directory/Apache_2.2.4_noSSL/htdocs/openadmin/ to /oat/installation/directory/Apache_2.2.4/htdocs/openadmin/. All the OAT source code resides in this directory.

Run the following commands to make sure that the PHP Apache handler is properly loaded.

cd /oat/installation/directory/Apache_2.2.4/bin/
./httpd –M
(Here you will see a list of Apache modules. See if the php5 module is on the list)

Right now your new webserver should be properly setup for OAT. You may start your webserver by running /oat/installation/directory/StartApache and visit OAT using your web browser.

Note that this server has mod_ssl enabled but HTTPS is not switched on yet. A few more steps are needed to enable HTTPS in the following sections.

On Windows,

First we have to download and install Openssl from the following website:

http://www.openssl.org/related/binaries.html

Then we need to setup Apache with mod_ssl support. Download the latest Win32 Binary including OpenSSL 0.9.8g (MSI Installer). This should be available here:

http://httpd.apache.org/download.cgi

Stop the OAT Apache webserver. There should be a OpenAdmin shortcut in the start menu. You should be able to stop the OAT Apache webserver from there. Make sure that the Apache Monitor is not running on your system tray.

Rename OAT’s Apache_2.2.4 directory to Apache_2.2.4_noSSL. This is a will serve as a backup copy of the apache binaries. You will also need to use some configuration files from this Apache directory in later steps. Do make a copy.

Run the Apache MSI installer. Do a typical install and choose the installation directory to be /oat/installation/directory/Apache_2.2.4

Edit the Apache configuration file (/oat/installation/directory/Apache_2.2.4/conf/httpd.conf). Add or uncomment the following lines in the httpd.conf file:

LoadModule php5_module "c:\oat\installation\dir\PHP_5.2.4\php5apache2_2.dll"
LoadModule ssl_module modules/mod_ssl.so
AddType application/x-httpd-php .php
PhpIniDir 'c:\oat\installation\dir\PHP_5.2.4'

Search for the line “Listen 80” (or “Listen 8080”) in the httpd.conf file. This indicates the port number that the OAT webserver should run on. You should use the same port number as OAT’s original Apache webserver that comes with OAT installer.

Search for the line “ServerName www.example.com:80” in the httpd.conf file. This indicates the name and the port that the server uses to identify itself. You should use the same ServerName as OAT’s original Apache webserver that comes with OAT installer.

Search for the line “DirectoryIndex index.html” in the httpd.conf file. This sets the files that Apache will serve if a directory is requested. Change this line to “DirectoryIndex index.html index.php”

Search for the line “setenv INFORMIXDIR” in the OAT’s original Apache’s configuration file (c:\oat\installation\dir\Apache_2.2.4_noSSL\conf\httpd.conf). This line sets the INFORMIXDIR variable in the Apache environment for OAT. This has NOT been set in your new Apache webserver yet. Copy this line to your new Apache webserver’s httpd.conf file. You can put this at the end of the httpd.conf file.

Copy the entire directory c:\oat\installation\dir\Apache_2.2.4_noSSL\htdocs\openadmin\ to c:\oat\installation\dir\Apache_2.2.4\htdocs\openadmin\. All the OAT source code resides in this directory.

Run the following commands in a command prompt to make sure that the PHP Apache handler and the mod_ssl modules are properly loaded.

cd c:\oat\installation\dir\Apache_2.2.4\bin\
httpd.exe –M
(Here you will see a list of Apache modules. See if the php5 module and the ssl_module are on the list)

Right now your new webserver should be properly setup for OAT. You may now click on ‘Start Apache Service for OpenAdmin’ in OpenAdmin Menu under the Start Menu. You should be able to access OAT using your web browser.

Note that this server has mod_ssl enabled but HTTPS is not switched on yet. A few more steps are needed to enable HTTPS in the following sections.

Creating an Encryption Key and a Certificate for your OAT Webserver

Keys are used in encryption and decryption. They usually come in pairs, the public key and private key. Public keys are used to encrypt messages and private keys are used to decrypt messages. The message encrypted by a public key can only be decrypted by its associated private key.

A HTTPS enabled webserver will have its own pair of public and private key. The webserver will make its public key available to all clients. But nobody else except the webserver will know its private key. Thus all clients will be able to encrypt messages, but only the webserver can decrypt the message. If a client wants to send encrypted messages to the webserver, he will encrypt the message with the public key provided by the webserver and then send out the message. The webserver will use its secret private key to decrypt the client’s message. Hackers who are trying to listen over the network and steal the client’s message will not be able to decrypt the client’s message, because the hacker does not have the private key.

A certificate is a document authenticating a person to be whom he claims to be. A HTTPS enabled webserver will have its certificate, signed by a trusted certificate authority, to authenticate itself to be the real webserver that the clients are talking to. Before a client talks to the webserver, he will be prompted to view and accept the webserver’s certificate. To the client can make sure that the webserver’s certificate is signed by a trusted certificate authority before proceeding with the communication. This prevents hackers from setting up fake webservers to deceive clients.

Once a webserver is HTTPS enabled, clients get to choose whether they want to do a normal connection to the webserver or a secure connection to the webserver. If clients want to do a normal connection, they will type “http://webserver_url” in their web browser. If clients want to do a secure connection, they will type “https://webserver_url”. In a secure connection, the webserver will send the client its certificate and its public key. The client will be prompted to view and accept the webserver’s certificate before the webpage is loaded, so that the client can be sure that the webserver is not a fake webserver created by hackers to deceive you. Once the client accepts the certificate, the client’s web browser will use the public key that it received from the webserver to encrypt communication. Only the webserver has the associated private key, thus only the webserver can decrypt the client’s encrypted communication. Hackers cannot secretly listen and decrypt the communication.

To generate private/public key pairs and the certificate, we use the openssl executable. You should be able to find it under the bin directory of your openssl installation.

To generate a private key, use the following command:

openssl genrsa -des3 -out privkey.pem 2048

The private key will be stored in the privkey.pem file. Store this file in a secure location because this is the webserver’s secret decryption key. This file will be used to generate the associated public key. When we generate the certificate, it will look for this file, it will generate its associated public key and include the public key in the certificate.

To generate a certificate, we create need to create a certificate signing request, and send the certificate signing request to a trusted certificate authority (Such as VeriSign). The authority will then issue you a certificate. Use the following command to generate a certificate request. For more information about the process of signing certificate requests, contact your certificate authority.

openssl req -new -key privkey.pem -out cert.csr

If you don’t want to deal with another certificate authority and you just want to create a certificate for yourself, you can create a self-signed certificate. Note that this is not the recommended way of creating a certificate.

openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095

Openssl will prompt you to enter your personal information. After that the certificate will be stored in the cacert.pem file. This file will be displayed to web clients to verify your identity. It will also include the public key for web clients, thus they can start encrypting communication.

Openssl will also prompt you to enter a pass phrase. This is an extra layer of security. You will need to enter your pass phrase when you start your webserver.

For more information about encryption keys, please consult the OpenSSL documentations:

http://www.openssl.org/docs/HOWTO/keys.txt

For more information about certificates, please consult the OpenSSL documentations:

http://www.openssl.org/docs/HOWTO/certificates.txt

Configure httpd.conf (the Apache configuration file) to enable HTTPS

Edit the apache configuration file.The file should be /oat/installation/directory/Apache_2.2.4/conf/httpd.conf

Search for the following line:

#Include conf/extra/httpd-ssl.conf

This line is commented out by default. Uncomment it so that httpd.conf will include the apache ssl configuration file.

Then edit the apache ssl configuration file.The file should be /oat/installation/directory/Apache_2.2.4/conf/extra/httpd-ssl.conf

HTTPS will require one more ssl port. By default, the ssl port number is set to be 443. Make sure this port is available. If you wish to change this port, edit the Listen directive and the Virtual Host section of the httpd-ssl.conf file.


Search for the ‘SSLCertificateKeyFile’ directive and the ‘SSLCertificateFile’ directive in the httpd-ssl.conf file. These two directives indicate the location of your private key file and the certificate file. Make sure that they point to the privkey.pem and the cacert.pem created in the previous section.


Search for the ‘SSLCipherSuite’ directive. This directive indicates the ciphers for your HTTPS webserver. By default the HTTPS webserver will accept all encryption ciphers. If you wish to accept only the seven strongest ciphers, edit the directive as follow, or else you can keep the default configuration:

SSLProtocol all
SSLCipherSuite HIGH:MEDIUM

For more information about HTTPS configurations, please refer to the following website:
http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html

Final Testing

Your OAT webserver should be secured with HTTPS right now. Restart your webserver and launch OAT with your web browser. Instead of using http://hostname:portnumber/openadmin, try using https://hostname:ssl_portnumber/openadmin. You will be prompted to view and accept OAT webserver’s certificate before the OAT login page is launched.


Note:
On Linux, you can restart your webserver by running the StopApache script and then the StartApache script in the OAT installation directory. You will be prompt to enter the pass phrase before you can start you webserver.


On Windows, you have to restart your webserver with the command prompt. Starting the webserver with Apachemonitor.exe or with the start menu shortcuts doesn’t work because they do not support pass phrases. Use the following command to restart your webserver.

httpd –k restart

If you wish to use Apachemonitor.exe or with the start menu shortcuts to control your webserver, you have to disable pass phrases. Note that this reduces the level of security.

Run the following command:

cd c:/openssl/installation/directory/bin/
openssl rsa -in privkey.pem -out privkey_nopassphrase.pem

Now an unencrypted copy of your private key will be stored in the privkey_nopassphrase.pem file. Edit your httpd-ssl.conf file SSLCertificateKeyFile directive to use the privkey_nopassphrase.pem file instead of the privkey.pem file. Then you will not be prompted to enter a pass phrase when starting your webserver. Apachemonitor.exe and the start menu shortcuts should work now.

Leo Chan

[Read More]

OAT 2.21 has incorporated IDS Enterprise Replication monitoring, a plugin manager to allow customization of OAT functionality and an automated installer on Mac OS X. OpenAdmin Tool for IDS (OAT) is a PHP-based Web browser administration tool for IDS 11 and IDS 11.5 that provides the ability to administer multiple database server instances from a single location. OAT makes administration easy by allowing you to drill down on resource usage and events, view query performance statistics, and much more. And since the tool is written in PHP and available as open source, you can customize it with your own business logic and installation requirements.

New feature highlights of OpenAdmin Tool for IDS version 2.21 include:

• Mac OS X Automated Installer: Automatically setup Apache, PHP, I-Connect and OAT on Mac OS X. For users who want to use or install their own Apache/PHP configurations, OAT is also released as a stand-alone package.



• IDS Enterprise Replication Monitoring: Monitors Spool Disk usage, Send and Receive queues, Receiving/Apply statistics, Routing Topology, node details and much more. OAT Enterprise Replication is provided as a separate plugin. The latest automated installer will install the ER plugin for you, you can also manually place the ER plugin zip file under the OAT plugin_install directory and install it with the plugin manager (requires php zip extension).



• Plugin manager: A simple way to customize OAT functionality. You can download customized OAT plugins and install it with the plugin manager. Sample plugin code is also provided and you can follow the sample in creating your own plugins. Note that the plugin manager requires the php zip extension. The latest OAT2.21 automated installer includes the php zip extension, but OAT2.20 installer does not.

Download OAT version 2.21 now at https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?lang=en_US&source=swg-informixfpd .

Click here to see OAT Enterprise Replication at work!

Leo Chan[Read More]

In some cases it can be useful to have different copies ofsame versions of CSDK installed in the same machine, though this is not anofficially recommended approach by IBM technical support. This documentidentifies the most common problems when using different copies of same versionsof CSDK on the same machine and how to solve them. The first problem you willencounter if you try to install another copy of the same version of CSDK iswith the Windows Installer. By design, the Windows Installer detects if youhave a pre-existing installation of CSDK and it gives you the options ofModify, Repair or Remove.

Windows keeps a database of products installed on themachine. Every time you install a product using the Windows Installer a new keyis added to the registry with specific information about the product, installmedia location and options used for the install.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

This is the database used when you run the “Add or RemovePrograms” applet from the “Control Panel”

When you launch the install process for a product, WindowsInstaller checks if there is already an entry in the Uninstall registry keywith the same id, if so it assumes that the product is already installed andlaunches the installer in Maintenance mode (with options Modify, Repair andRemove).

Different major versions of CSDK have unique productid’s, this means you can easily install CSDK 2.90.TC1 and CSDK 3.00.TC1, but ifyou try to install two releases of the same minor version (e.g.:3.00.TC1 and 3.00.TC3) the installer would not allow it. Currently the Windowsinstaller does support single installation of various CSDK versions indifferent locations on the same host.

To overcome this design restriction, you can use a Microsofttool like Windows Installer CleanUp to remove theRegistry entry corresponding to the version. Note that this will not uninstallthe binaries; it would only remove the entry from the Uninstall database. Thismay allow us to reinstall the product.

Due to these shortcomings sometimes there can be a need tobypass the Informix Client SDK or I-Connect installation process and copy theInformix library and API files directly to a machine. Though the officiallyrecommended and supported approach is to use the supplied CSDK/I-Connectinstaller, these instructions are provided as an alternative approach involvingcopying files for scenarios where using the installer is not possible.

CSDK 3.x is a bundle containing the followingapplication-programming interfaces:



IBM Informix Object Interface for C++
IBM Informix ESQL/C
IBM Informix ODBC Driver
IBM Informix OLE DB Provider
IBM Informix .NET Provider
LIBMI Client API

While some of these components can easily be used andredistributed without the complete CSDK bundle, there are some other componentswhich are more challenging to redistribute due to the way they interact withthe Windows operating system. APIs such as the ODBC driver and the OLE DBprovider depend on additional CSDK libraries to work. These libraries must beaccessible to your application.

In most cases, Windows searches in the directories includedin the PATH variable to load these libraries. One of the main problems whensupporting multiple versions of CSDK is mixing libraries between versions(e.g.: .NET provider from a newer version loading the ODBC library from an oldversion). In the same way as Windows uses the PATH variable to search for DLLs,Informix components use the INFORMIXDIR directory to load additional resourcessuch as GLS conversion files or message files.

The primary rule when using multiple versions is to have theINFORMIXDIR and PATH environment variables pointed to the directory containingthe version you want to use. You can accomplish this creating a batch file(e.g.: .BAT or .CMD file) to start your application or running the applicationas a user which has different environment settings.

Here is an example:



- - test.cmd - - - -
set INFORMIXDIR=D:\infx\CSDK300TC1
set PATH=D:\infx\CSDK300TC1\bin;%PATH%
test.exe
- - - test.cmd- - - -

Interface for C++, ESQL/C and LIBMI

If you want to use the Object Interface for C++, ESQL/C orLIBMI you can follow the steps in following IDS Experts article: Redistributing IBM Informix Client products.

You will need to ensure that both the PATH and INFORMIXDIRvariables are pointing to the version of the CSDK installation folder you wantto use.

ODBC Driver

Using different versions of the IBM Informix ODBC driver canbe more complex. Any ODBC driver on a Windows machine must have a unique name.In the case of CSDK 3.50 and 3.00 the name for the ODBC driver is “IBM INFORMIXODBC DRIVER”. Windows keeps the list of installed drivers in the ODBCINST.INIregistry key.

HKEY_LOCAL_MACHINE\Software\ODBC\ODBCINST.INI

Note that in previous versions of the CSDK package the namefor the ODBC driver was different (e.g.: IBM INFORMIX 3.82 32 BIT).

When you create a DSN using the ODBC Data SourceAdministrator tool (odbcad32.exe)

An entry is created in the registry with all the values usedin your DSN and the full path of the ODBC library used to create the DSN.

Windows uses the directory in the “Driver” registry key toload the ODBC library. You can use different versions of the ODBC driver bymanually changing the directory in the “Driver” key.

Even if you can update this key from the console or a shellscript before your application starts, the best approach is having a differentDSN depending on the driver you want to use, or use a relative path (e.g.:“.\iclit09b.dll”) and only rely on the Windows DLL loader mechanism.

The ODBC Data Source Administrator tool always loads theODBC library specified in the “ODBCINST.INI\%DRIVERNAME%\Setup” key, even if the DSN entry you are modifying has a differentpath in the “Driver” key.

For other APIs, the values for the variables PATH andINFORMIXDIR need to be changed depending of which DSN you want to use.

OLE DB Provider

The OLE DB provider library is called Ifxoledbc.dll. Windowsuniquely identifies an OLE DB provider based on the Class id (CLSID) and theprovider name (e.g.: Ifxoledbc). In the CSDK install process the OLE DBprovider is automatically registered in the Windows registry. At any point youcan manually register a different version of the provider using theREGSVR32.EXE Microsoft tool.

This tool creates the needed keys in the Windows registry soyou can load the OLE DB provider using the “Ifxolebdc” name.

There are two places where the full path of the OLE DBlibrary is stored, one for the “Ifxoledbc” provider and a second for the “IfxoledbcErrorLookup”.

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\

{A6D00422-FD6C-11D0-8043-00A0C90F1C59} Ifxoledbc

{A6D00423-FD6C-11D0-8043-00A0C90F1C59} IfxoledbcErrorLookup

Note:the CLSID could change with different versions

The registry key that contains the path for the OLE DBlibrary is “InProcServer32”.

The best approach to use different versions of theIfxoledbc.dll library is to use a relative path rather than the full path…

Remember to update both keys with the desired value (Ifxoledbcand IfxoledbErrorLookup). When an application wants to load the “Ifxoledbc”provider, it would follow Windows operating system rules to search for thelibrary. You should point your PATH and INFORMIXDIR to the version you want touse.

Further information related to the DLL Search Order could befound in the following link.

Dynamic-Link Library Search Order

NET Provider

Windows has a central place for .NET assemblies called theGlobal Assembly Cache or GAC. During the CSDK install process the IBM Informix.NET Provider is installed in the GAC with the unique name (strong name) “IBM.Data.Informix”.

You can have multiple versions of the .NET Provider if theassembly version is different.

The assembly version for CSDK 2.81 and CSDK 2.90 is2.81.0.0, and for CSDK 3.00 and CSDK 3.50 the version is 3.0.0.2. (Note that9.0.0.1 and 9.0.0.2 correspond to the IBM Data Server Provider.)

The assembly version for the .NET provider in minor releases(e.g.: 3.00.TC1, 3.00.TC3, etc) is the same, which means that only one versionof the library could be registered in the global cache.

To be able to use more than one .NET provider, first youneed to uninstall the IBM.Data.Informix assembly from the GAC. To do this youcan use the “gacutil.exe” with the “/u” flag for uninstall, or use the Explorercontext menu…

When a .NET assembly is not in the global cache the .NETruntime would try to load the class from the same directory as the executable.(You can find more information about the assembly loading in the followinglink: How the Runtime Locates Assemblies.)

Copy the .NET Provider (IBM.Data.Informix.dll) to thedirectory where your application would start; this would allow you to usedifferent versions of the .NET provider.

Alternatively you can specify the location of the assemblyat runtime using the Assembly.LoadFile method and the AssemblyResolveevent. Further information on this topic can be found in the following MSDNlinks: Assembly.LoadFrom and AppDomain.AssemblyResolve

Before contacting IBM technical support

The officially recommended approach is to uninstall theprevious version of CSDK before installing the new one. If you need to rundifferent versions of any of the CSDK components on the same machine, youshould be aware of the potential issues.

Always check that the versions of the libraries loaded byyour application belong to the same CSDK versions. (You can use a tool likeTLIST.EXE from Microsoft to find which libraries your process is using) - Debugging Tools for Windows

 

Javier Sagrera

Snigdha Sahu

[Read More]

Depending on your existing Database Server setup, you might be able to upgrade directly to the
current version by basically installing the product in a new directory, copying a few configuration
files, and starting the new server to convert your database data. You can upgrade directly from any
of the following products: Dynamic Server Version 11.10, 10.00, 9.40, 9.30, 9.21, or 7.31.

Upgrading is an in-place migration method that uses your existing test and production hardware. The
operating system on those machines must be supported by Dynamic Server Version 11.50. Also, you must
have enough space for the system database data conversion.

Upgrading consists of these steps:

1. Prepare your system. That includes removing outstanding in-place alters, closing all transactions,
verifying the integrity of the data with oncheck, and performing a level-0 backup. If you are
using Enterprise Replication or High Availability Data Replication, stop replication.

2. Install the new product on the machine.
Important: Do not install it over the existing product.

3. Copy the ONCONFIG file to the target and set parameters that are new for the current release.

4. Start the Dynamic Server Version 11.50 instance. The database data is automatically converted.

5. Run UPDATE STATISTICS MEDIUM for non-leading index columns, then run UPDATE STATISTICS FOR PROCEDURE.

This type of migration minimizes the risk of introducing errors. You can always revert from the new
server to the old one. In the event of a problem during reversion, you can restore the level-0 backup.

This method works perfectly on Windows thought it is not documented well.

1. When installing IDS 11.50 on Windows, choose the option "Install to a default/different directory".










2. Make sure that you do not initialize the server when installing.










3. Copy the ONCONFIG file to the target and set parameters that are new for the current release.

4. Bring the server up using Control Panel->Services or any other method without initializing.

5. Monitor the online.log for the Conversion Successful message.

Once the upgrade has completed successfully, you can remove the old instance. When you run the
uninstaller make sure that you select "Retains all databases, but removes server binaries".

If for some reason, you like to go revert to the previous instance, restore it from the level 0 backup.

The only time this will not work on Windows is if you are upgrading from a 11.10.UC1 version to
another 11.10 version say 11.10.UC2.

Suma Vinod[Read More]

OpenAdmin Tool for IDS has been greatly enhanced in version 2.20 with a completely redesigned user interface, a new automated installer, and lots of new IDS admin functionality. OpenAdmin Tool for IDS (OAT) is a PHP-based Web browser administration tool for IDS 11 and IDS 11.5 that provides the ability to administer multiple database server instances from a single location. OAT makes administration easy by allowing you to drill down on resource usage and events, view query performance statistics, and much more. And since the tool is written in PHP and available as open source, you can customize it with your own business logic and installation requirements.

New feature highlights of OpenAdmin Tool for IDS version 2.20 include:

• Automated Installer: For users who want an easy, hassle-free install, there is a new automated GUI installer that will install and configure Apache, PHP, I-Connect, and OAT. For users who want to use or install their own Apache/PHP configurations, OAT is also released as a stand-alone package.



• All-New Look: OAT version 2.20 has a completely new and improved UI



• Automated Update Statistics: Configure rules and define a schedule to have IDS automatically maintain your database server's statistics



• Onconfig Recommendations: Get recommendations for your onconfig settings that are tuned to your specific database server instance; modify dynamic onconfig parameters directly through OAT



• Enhanced Mach11 Support: Including a Connection Manager interface, an SDS Setup Wizard, and the ability to start and stop Mach11 servers remotely



• Historical Performance Graphs: View and monitor historical trends of key performance measurements



• Task Scheduler Wizard: Use OAT’s new wizard to define new tasks in the scheduler



• Read-Only Access: Define groups in OAT that can monitor IDS database servers but not perform administrative tasks



• And the list goes on…. Virtual Processor Administration, System Integrity Checks, a Privileges Manager, environment variable support on OAT connections, the ability to kill database sessions remotely through OAT, and more!

Download OAT version 2.20 now at https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?lang=en_US&source=swg-informixfpd, or at www.iiug.org in the Members Area.

Erika Von Bargen[Read More]

Scope: This article covers redistributing ESQL/C based demos and application. The steps required to redistribute other Informix client applications by copying files are being investigated.

Depending on how you deploy your Informix applications there is sometimes a need to bypass the Informix Client SDK or I-Connect installation process and copy the Informix library and API files directly to a target computer. Though the officially recommended and supported approach is to use the supplied CSDK/I-Connect installer, these instructions are provided as an alternative approach involving copying files for scenarios where using the installer is not possible. This article demonstrates how and where to copy all the required CSDK files and Microsoft Windows DLLs to a target computer in order to deploy applications.

Note that while this is not an officially recommended approach, these instructions have been tested by IBM and demonstrated to work. If you encounter problems with this method and need to talk to IBM technical support you may be asked to try installing via the installer to rule out other problems with your configuration.

Steps:

1. Install Client SDK 3.50 or I-Connect on your Windows development computer. After successful installation, verify that all the shortcuts in the programs groups are created and registry keys are updated.
2. Make a copy of the entire CSDK installation folder (INFORMIXDIR) and transfer those to the target computer (For example by zipping the files and unzipping on the target computer). Choose any location on target computer for copying files for example c:\informix.
3. Copy the required Microsoft Windows runtime DLLs.
   Since the Informix product is not being installed via the regular installer the required runtime DLLs may not be present on the target computer. As a result applications such as setnet32.exe, ilogin.exe and finderr may not run correctly.

If a manifest is present in your application but a required Visual C++ library is not installed in the WinSxS folder, you may get one of the following error messages depending on the version of Windows on which you try to run your application:

• The application failed to initialize properly (0xc0000135).
• This application has failed to start because the application configuration is incorrect. Reinstalling application may fix this problem.
• The system cannot execute the specified program.

Recommended approach: The Visual C++ Redistributable Package (VCRedist_x86.exe, VCRedist_x64.exe,VCRedist_ia64.exe) has to be executed on the target system as a prerequisite to deployment of the application. The Microsoft Visual C++ 2005 SP1 Redistributable Package (x86) (http://www.microsoft.com/downloads/details.aspx?familyid=32bc1bee-a3f9-4c13-9c99-220b62a191ee&displaylang=en) installs runtime components of Visual C++ Libraries required to run applications developed with Visual C++ on a computer that does not have Visual C++ 2005 installed.

Alternative approach: If your deployment requirements prevent you from installing the Visual C++ Redistributable Package directly, from the development computer, copy the %WINDIR%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700 directory to same location on the target computer. (Create the same directory structure on the target computer as the development computer if it does not exist.)

Also copy the policy files from the development computer %WINDIR%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773 to the same location on target computer. (Again, create the same directory structure on target computer as the development computer if it doesn’t exist.)

Note: This workaround is only applicable to Microsoft Visual C++ 2005 SP1 runtime components. If later versions of the Client SDK are built with a later version of Visual Studio then the corresponding version of the runtime components would be required. Check your release notes to see which version of Visual Studio is required.

 

Running ESQL/C demos:

If you do not have the required Visual C++ libraries installed in the WinSxS folder then while running the demo1 program the following error pops up.

 

Once you install Visual C++ libraries or copy the runtime DLLs and policy files in C:\WINDOWS\WinSxS folder you should see the ESQL/C demos successfully as shown below.

Snigdha Sahu[Read More]