Configuring hostname validation for connections to alternate groups

The alternategroup Data Server Driver configuration parameter specifies alternate groups that a Db2® client can use as an additional failover mechanism for the initial connection and existing connections.

If any alternate servers are cached for a given group in the srvrlst.xml file, they are added as alternate servers to this group. Each alternate group’s representative host is always added as an alternate server to the respective group, to ensure there is always at least one alternate server for a given alternate group.

When connecting to one of the alternate servers in an alternate group, hostname validation is successful if the server certificate matches one of the following:
  • The hostname representing the alternate group as specified in alternategroup parameter
  • The hostname of the alternate server as specified in the server list returned by the server

For example, in the following db2dsdriver.cfg, we have an alternate group represented by abc.db2.example.com. Let us say that a client connects to it because the primary group host, xyz.db2.example.com, is down. For this example, let us assume that abc.db2.example.com returns a server list (abc.db2.example.com and pqr.db2.example.com) that is associated with the alternate group.

When the client reroutes to pqr.db2.example.com because the configured alternate group host, abc.db2.example.com, is down, hostname validation succeeds only if the hostname in the server’s returned certificate matches either the alternate group hostname configured at the client, abc.db2.example.com, or the hostname in the server list that is returned to the client (pqr.db2.example.com)
<configuration>
  <dsncollection>
    <dsn alias="test" name="testdb" host="xyz.db2.example.com" port="1234"/>
  </dsncollection>
<databases>

  <database name="testdb" host="xyz.db2.example.com" port="1234">
   <wlb>
    <parameter name="enableWLB" value="true" />
   </wlb>
     <acr>

     <alternategroup>
       <parameter name="enableAlternateGroupSeamlessACR" value="true"/>
       <database name="testdb" host="abc.db2.example.com" port="1234">
       </database>
     </alternategroup>

       <parameter name="acrRetryInterval" value="1" />
       <parameter name="enableACR" value="true" />
       <parameter name="enableseamlessACR" value="true" />
       <parameter name="maxAcrRetries" value="3" />
     </acr>

     <parameter name="TcpipConnectTimeout" value="1" />
     <parameter name="keepAliveTimeout" value="10" />
  </database>
</databases>
</configuration>