IBM Db2 connection

To access your data in an IBM Db2 database, create a connection asset for it.

IBM Db2 is a database that contains relational data.

Supported versions

IBM Db2 10.1 and 11.5.

Prerequisites for Kerberos authentication

If you plan to use Kerberos SSO authentication, complete these requirements:

Configure the data source for Kerberos authentication. Optional: This connection supports Kerberos SSO with user impersonation, which requires additional configuration.
Confirm that the service that you plan to use the connection supports Kerberos. For more information, see Kerberos authentication in Cloud Pak for Data.
An administrator must complete one set of the following setup steps:
- Kerberos without SSO: Enabling platform connections to use Kerberos authentication
- Kerberos SSO: Configuration for Kerberos SSO

Create a connection to Db2

To create the connection asset, you need the following connection details:

Database
Hostname or IP address
Username and password. For more information, see Credentials.
Port
Application name (optional): The name of the application that is currently using the connection. For information, see Client info properties support by the IBM Data Server Driver for JDBC and SQLJ.
Client accounting information (optional): The value of the accounting string from the client information that is specified for the connection. For information, see Client info properties support by the IBM Data Server Driver for JDBC and SQLJ.
Client hostname (optional): The hostname of the machine on which the application that is using the connection is running. For information, see Client info properties support by the IBM Data Server Driver for JDBC and SQLJ.
Client user (optional): The name of the user on whose behalf the application that is using the connection is running. For information, see Client info properties support by the IBM Data Server Driver for JDBC and SQLJ.
SSL certificate (if required by your database server)
- For SSL, the Db2 connection does not support chained certificates. Only the certificate returned from the Db2 server, which is the first certificate, will work.
- To configure Db2 with TLS and SSL, see Setting up a Db2 connection that uses TLS and SSL.

Connecting to a Db2 instance on Cloud Pak for Data

If you are connecting to a Db2 instance that is in the same instance in Cloud Pak for Data, you can run this command to obtain the hostname and port number:

oc get svc | grep db2

The hostname is the Db2 service name. The service name always starts with c-db2oltp, for example c-db2oltp-1605022957148004-db2u-engn-svc.

The port number is 50000 for a non-SSL connection or 50001 for an SSL connection.

Credentials

The credentials setting determines the available authentication methods.
If you select Shared (default), you can use either username and password authentication or Kerberos authentication (without SSO). For more information, see Prerequisites for Kerberos authentication. For Kerberos, you need the following connection details:

Service principal name (SPN) that is configured for the database in the data source
User principal name to connect to the Kerberized data source
The password for the user principal name that is used to authenticate to the Key Distribution Center (KDC)

If you select Personal, you can enter your username and password for the server manually, use secrets from a vault, or use Kerberos authentication. For more information, see Prerequisites for Kerberos authentication. You have two choices for Kerberos:

Kerberos (without SSO). For Kerberos without SSO, you need the following connection details:
- Service principal name (SPN) that is configured for the data source
- User principal name to connect to the Kerberized data source
- The password for the user principal name that is used to authenticate to the Key Distribution Center (KDC)
Kerberos SSO. Select Kerberos SSO and enter the Service principal name (SPN) that is configured for the data source.

For Credentials and Certificates, you can use secrets if a vault is configured for the platform and the service supports vaults. For information, see Using secrets from vaults in connections.

Choose the method for creating a connection based on where you are in the platform

In a project: Click Assets > New asset > Prepare data > Connect to a data source. See Adding a connection to a project.
In a catalog: Click Add to catalog > Connection. See Adding a connection asset to a catalog.
In a deployment space: Click Import assets > Data access > Connection. See Adding data assets to a deployment space.
In the Platform assets catalog: Click New connection. See Adding platform connections.

Next step: Add data assets from the connection

Federal Information Processing Standards (FIPS) compliance

This connection can be used on a FIPS-enabled cluster (FIPS tolerant); however, it is not FIPS-compliant.

Running SQL statements

To ensure that your SQL statements run correctly, refer to the Structured Query Language (SQL) topic in the IBM Db2 product documentation for the correct syntax.

Cloud Pak for Data credentials setup (Optional)

To use Cloud Pak for Data credentials, you must set up JWT token authentication on the Db2 server. For instructions, see Token configuration file.

Configuring lineage metadata import for IBM Db2

When you create a metadata import for the Db2 connection, you can set options specific to this data source, and define the scope of data for which lineage is generated. For details about metadata import, see Designing metadata imports.

To import lineage metadata for Db2, complete these steps:

Create a data source definition. Select IBM Db2 as the data source type.
Create a connection to the data source in a project.
Create a metadata import. Learn more about options that are specific to Db2 data source:
- When you define a scope, you can analyze the entire data source or use the include and exclude options to define the exact schemas that you want to be analyzed. See Include and exclude lists.
- Optionally, you can provide external input in the form of a .zip file. You add this file in the Add inputs from file field. The file must have a supported structure. See External inputs.
- Optionally, specify advanced import options.

Include and exclude lists

You can include or exclude assets up to the schema level. Each value is evaluated as a regular expression. Assets which are added later in the data source will also be included or excluded if they match the conditions specified in the lists. Example values:

mySchema: mySchema schema.
mySchema[1-5]: any schema with a name that starts with mySchema and ends with a digit between 1 and 5.

External inputs

If you use external Db2 PL/SQL scripts, you can add them in a .zip file as an external input. You can organize the structure of a .zip file as subfolders that represent schemas. After the scripts are scanned, they are added under respective schemas in the selected catalog or project. The .zip file can have the following structure:

<schema_name>
   <script_name.sql>
<script_name.sql>
replace.csv

The replace.csv file contains placeholder replacements for the scripts that are added in the .zip file. For more information about the format, see Placeholder replacements.

Advanced import options

Extract extended attributes: You can extract extended attributes like primary key, unique and referential integrity constraints of columns. By default these attributes are not extracted.

Learn more

IBM Db2 product documentation

Parent topic: Supported connections