IDUG 2023 Highlights
28 July 2023
Dean Compher
I got to attend the International Db2 User Group conference in May and learned a lot of good information about Db2. There was a great mix of beginner, intermediate and advanced Db2 sessions. In case you weren’t able to attend, I’ll share a few of the highlights here. If this the sort of information you would like to learn too, then I suggest you attend the IBM TechXchange Conference in September and the next IDUG conference.
Db2 Security
Since data security is on everyone’s mind there were sessions with lots of useful information on this topic.
· The Center for Internet Security publishes security configuration guidelines for many products including Db2. Greg Stager who leads Db2 security development recommends implementing these guidelines as they make sense for your organization. CIS Db2 Benchmark.
· When encrypting Db2 it is best to create a single or small number of master keys yourself that you can easily keep track of instead of having Db2 create a new one for each database.
· Starting with Db2 11.5.8, TLS 1.3 security is available to encrypt traffic between Db2 clients and the database server. TLS has largely replaced SSL. Before updating to this level of TLS verify that all of your clients and drivers are a new level that supports this version of TLS.
· Starting with Db2 11.5.6, hostname validation is available when using TLS. Using hostname validation, Db2 clients have an added layer of security when negotiating secure connections to Db2 servers during a TLS handshake.
· Greg Stager gave an interesting presentation describing the use JSON Web Tokens to authenticate to Db2 instead of user id’s and passwords. This is already available in Db2 11.5 newer mod paks.
· You can make the Db2 Audit Facility much faster by configuring audit buffers in the database configuration. By default, audit buffers will not be used. You instantiate them by setting the audit_buf_sz to a non-zero value.
· Christopher Theisen from Rocket Software gave a great presentation about how Db2 uses TLS to encrypt traffic between client and database server and described the main components including certificates, public keys, private keys and shared keys.
Db2 and Cloud
Db2 Warehouse and Db2 Warehouse on Cloud Gen 3 will allow you to store data in low cost cloud object storage in two different ways:
1. By creating tablespaces that use cloud object storage, primarily s3 storage, instead of expensive block storage. Db2 still formats data in a proprietary format in pages and extents when using this sort of cloud object storage, and only Db2 can read those files. Block storage has typically been used by Db2 and other databases for best performance. However, with the new caching facility of Db2 Warehouse on Cloud Gen 3, queries on tables in these tablespaces can be nearly as fast as tables in block storage and at a fraction of the storage cost.
2. By accessing tables in the open table format of watsonx.data as described in my Db2, Lakehouse and watsonx.data article. There were some really good sessions for this and there will be some great ones at the TechXchange conference in September. Files written through this method are in an open format like Parquet and can be read by any application.
Please note that you will still be able to use external tables to query data in cloud object storage by Db2 Warehouse and all other Db2 implementations that has been available for some time now. Please see my earlier External Tables with Cloud Files article for more information.
Db2 11.5.9 – Likely new features
Features being developed were highlighted, but not all of them are guaranteed to be in the next mod pak.
· Scheduled for release by the end of 2023 but could be delayed.
· Write Db2 Audit records directly to cloud object storage.
· New built-in functions for data masking supporting redaction, substitution and obfuscation.
As you probably know by now, Mod Paks are released at some interval that contain new features for a particular version of Db2. For example, 11.5.7 and 11.5.8 are two Mod Paks for version 11.5. In between mod paks, fix paks may be released that include bundles of fixes. Development is going to start producing Continuous Special Builds (CSB) instead, probably after 11.5.9. These will be released much more frequently than Fix Paks were so that you can always get the very lates fixes.
Db2 12 – Likely new features arriving sometime in 2024
Features being developed were highlighted, but not all of them are guaranteed to be in the next version
· New TENANT construct that allows you to group schemas within a database.
· The machine learning feature in the optimizer will be turned on for production use.
· Many performance and availability improvements.
The Db2 optimizer’s use of machine learning models is currently in tech preview mode which means you can try it out, but you shouldn’t use it in production. This feature will be improved and be fully supported in the next release of Db2. The machine learning models will be used to predict cardinality of various steps in the query plan that the optimizer more frequently doesn’t estimate well in its current configuration. Development has found that incorrect cardinality estimates are the leading cause of poor performance in complex queries that involve a lot of rows. When running, Db2 will create a machine learning model for a set of tables and these models will be used by the optimizer when creating query access plans.
I attended a good session where Markus Fraune at ITGAIN where he described how to use open sources tools like Grafana, Prometheus and others to gather the db2diag.log files and display their information graphically.
***
I like conferences like this because I get refreshers and learn new aspects of Db2 on things like the internals of Db2 and details about getting the best compression of BLU tables. I highly encourage you to attend IDUG next year or the TechXchange Conference in September this year.