IBM Data Management Community Connect with Db2, Informix, Netezza, open source, and other data experts to gain value from your data, share insights, and solve problems. Join / Log in
I'm seting up encryption and came up with a doubt/question
It was a very long time since I lastly worked with Informix, but if I remember it correctly, there is a setting in the $ONCONFIG, DISK_ENCRYPTION .. something to cover encryptions in the database.
Backup / Restore has a flag ontape -r -encrypt
If you want to store this directly on a on-premise storage, sharing same storage with other servers, than Spictera Unified Storage can be a great help.
One can send the backup to a VTL on the Spictera Unified Storage, or to a object-storage/bucket/s3, or mount the storage as a file-system mount point.
The storage is immutable, once the backup is written, it can't be changed/removed. A changed backup is equally to a new version of the same file/object.
This storage works for Any Device, Anywhere using Any Media. Possible to choose media according to defined policies whether it is Disk, CD, Tape, Cloud, NAS...
# mount -t spfs /backup
I'd assume the duration of your step 3 is due to chunk clearing, i.e. chunks would be zeroed out over their full size - for obvious security reasons (after all encryption is all about security.)
For testing purposes, or if you think there's nothing worth of being wiped out in those chunks before they become part of your Informix instance, this clearing can be suppressed. There used to be a separate onconfig parameter CLEAR_CHK_B4_ENCRYPT for this, but this recently (also in your 12.10.FC15) got bunched together with a set of other parameters, into new KERNEL_CTRL bitfield parameter (s. "onstat -g cfg full KERNEL_CTRL").To turn on this suppression, or rather to turn of that clearing, you'd have to turn off the respective bit (0x00010) in this parameter's value, i.e. you take the current value (typically the default value, e.g. 0x30b5) remove the 0x10 (turning it to 0x30a5) and use this new value in your onconfig before starting your test.
To your questions:
Thanks @Tomas.Thanks @Andreas. What you said, making sense to me. In my next attempt, I'll try that and update here for future references.
Thanks again @Andreas.Confirming that your trick worked.2 points to share if anyone reached here :)1 - KERNEL_CTRL is an undocumented feature ( onstat -g cfg full KERNEL_CTRL)2 - If you are combining encryption, redirect restore and STDIO, the order of the parameters in the 12.10 manual is not working. # nohup ontape -p -rename -f <filename> -encrypt -t STDIO < backupfile &