Hi Eric.
I did some work with Guardium a few years ago and I have a blurred idea about it with raw devices.
I think it was supported and somehow documented, but it was quirky to setup and I was left with the idea that it should be avoided.
If it seems simple go ahead, but if it's complex why do it? Please consider that the encryption doesn't happen magically.... At the time it would require downtime and one option was to create a different dbspace configured for Guardium and then move the data with Informix (in some cases this could be done mostly online if you can define criteria for data that is not changing.
If this approach is feasible, then you can create new dbspaces under control of Guardium, on cooked files.
Currently I don't really see the need for RAW devices....
And in most cases customers don't want to encrypt the whole instance... only specific sensitive tables...
Please note that the version I worked with is now "old" (2.x I think) and some things may have changed.
You didn't mention the platform... if it's Linux.... RAW devices are not supported by the OS or are clearly deprecated.... in any case they're trickier to use (volume manager etc.).
Time to move to XXI century?... DIRECT_IO etc? :)
Abraço!
------------------------------
FERNANDO NUNES
------------------------------
Original Message:
Sent: Wed August 21, 2019 02:41 AM
From: Eric Vercelletto
Subject: Informix 11.70 / Raw devices and Guardium
Thanks a lot SangGyu. I will apply all of this when I am on site with the customer.
Have a great day!
Eric
------------------------------
[eric] [Verceletto] []
[Founder]
[kandooerp.org]
[Pont l'Abbé] [France]
[+33 626 52 50 68]
Original Message:
Sent: Wed August 21, 2019 02:19 AM
From: SangGyu Jeong
Subject: Informix 11.70 / Raw devices and Guardium
Hello, Eric.
The customer I supported used to encrypt the Informix server's raw device with vormetric data security.
I know vormetric data security and guardium data encrytion are the same solution. So you can use gde to encrypt raw devices.
I don't know how to configure encryption using vormetric because other engineers did it. The link below will show you how to configure encryption.
https://www-01.ibm.com/support/docview.wss?uid=swg22008925
https://www-01.ibm.com/support/docview.wss?uid=swg22008925&aid=6
https://www-01.ibm.com/support/docview.wss?uid=swg22008925&aid=2
Note that the agent process that encrypts the disk volume must be started first when the system is restarted (whether it is a system failure or maintenance work).
I hope this helps a bit.
------------------------------
SangGyu Jeong
Software Engineer
Infrasoft
Seoul
Original Message:
Sent: Tue August 20, 2019 09:43 AM
From: Eric Vercelletto
Subject: Informix 11.70 / Raw devices and Guardium
Hi community
I have a customer running 11.70FC8 in production , that would like to encrypt his data with IBM Guardium.
his dbspaces are sitting on raw devices, and according to first feeback, this does not seem to work.
Although I don't have yet further details on troubleshooting, first question is: is data encryption on Informix raw devices supported for this version, in a production system ?
If yes, is their any special care/recommandations/tricks to apply for such a case?
Yes I know about "encryption at rest" functionality starting on 12.10 FC9 and above, but this is not applicable at this customer's for the moment.
I am waiting for more details about the issue, but remain open to any suggestion
Thanks
Eric
------------------------------
[eric] [Verceletto] []
[Founder]
[kandooerp.org]
[Pont l'Abbé] [France]
[+33 626 52 50 68]
------------------------------
#Informix