IBM Data and AI Ideas Portal for Clients

Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Post your ideas

If you have not registered on this portal please register at http://ibm.biz/IBM-Data-and-AI-Portal-Register . To complete registration you will need to open the email you will receive from Aha to confirm your identity.

Post ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,

  1. Post an idea

  2. Upvote ideas that matter most to you

  3. Get feedback from the IBM team to refine your idea

Help IBM prioritize your ideas and requests

The IBM team may need your help to refine the ideas so they may ask for more information or feedback. The offering manager team will then decide if they can begin working on your idea. If they can start during the next development cycle, they will put the idea on the priority list. Each team at IBM works on a different schedule, where some ideas can be implemented right away, others may be placed on a different schedule.

Receive notification on the decision

Some ideas can be implemented at IBM, while others may not fit within the development plans for the product. In either case, the team will let you know as soon as possible. In some cases, we may be able to find alternatives for ideas which cannot be implemented in a reasonable time.

Additional Information

To view our roadmaps: http://ibm.biz/Data-and-AI-Roadmaps

Reminder: This is not the place to submit defects or support needs, please use normal support channel for these cases

IBM Employees:

The correct URL for entering your ideas is: https://hybridcloudunit-internal.ideas.aha.io

new accounting trace field to indicate if distributed connection was secure or not

We have recently enabled the SECPORT in all our Db2 subsystem. And now it is possible for a distributed client to use the SECPORT (instead of TCPPORT) and establish a secure SSL/TLS connection to the Db2.

Great.

Ideally, I would like to shut down the unsecure TCPPORT in the future. It would make some auditor or security people happy.

I would imagine that many Db2 shops in the world are beginning to have the requirement for all clients to exclusively use TLS/SSL and the SECPORT. This seems very likely to me. And therefore,, IBM and Db2 should make it easier for us to make this transition!

Of course, I will do my best to give client config updates and instructions to all known client computers of Db2. This is my first step.

But some people will not receive instructions or not follow instructions.

I would like some assistance from Db2 in knowing who is using a secure or regular connection to Db2!

I have learned that some IFCIDS like 180 exist and give the Db2 port (thanks to Norbert Jenninger via IDUG-listserv). But this is an expensive trace to run and a hassle to effectively report.

I think it is reasonable for the Db2 accounting trace to include some new field/indicator to indicate if the distributed/DRDA connection was secure or not.

Or give me some information in the accounting trace that will help me easily identify who is using a secure connection.

With this new accounting information, I should be able to automate a search of my client computers and how they connect. This will help me reach the end-users who do not update their client config and then go encourage them to update their computer.

Of course, after this new information is available in accounting trace … then I want the OMEGAMON XE for DB2 performance database (db2pmfacct_general) to be updated to accept this new information.

The benefit of this idea is that it will help me more quickly identify all clients who do not update their config. Otherwise, there is a risk, when I turn off TCPPORT, that some important client (who ignored me) breaks and we have problem.

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Jan 5 2021
  • Under Review
Who would benefit from this IDEA? This will benefit all customers who are attempting to migrate all their DRDA client computers to use secure communication with Db2.
How should it work?

My requirement is to easily identify the distributed/DRDA clients and who is using a secure connection.

I imagine that updating the accounting trace is the best way to fulfill that requirement. But if you have another idea of how to achieve this goal then go ahead

I don't care what IFCIDs are involved. I just expect the info to show up in my accounting trace and later show in my OMEGAMON performance db (db2pmfacct_general)

I imagine a new accounting trace field of "DRDA_PORT" to indicate the DRDA port number. Or a new "secure communication flag" of y/n. OR "TLS_SSL_version" field with TLS/SSL version number of blank or 1.2.

I don't care about the name of the field.

You might have other idea or options.

Idea Priority Medium
Priority Justification I rank this idea as Medium because it would help me QUICKLY identify and re-config all clients who use the unsecure communication with Db2. Otherwise, there will be stragglers and the switch to turn off TCPPORT has risk of breaking something important.
Client Name Manulife Financial
  • Attach files

IBM's success depends on gathering feedback from customers like yourself. Aha Ideas Portal is the third party tool through which IBM Offering Managers gather feedback from customers such as yourself.
IBM is a global organization with business processes, management structures, technical systems and service provider networks that cross borders. As such, the information collected through Aha Ideas Portal (Customer Name, Customer Email Address) will be stored by them in the United States, and handled only as per IBM's instructions and policies. Your data (Name and Email Address) will NOT be shared with other IBM customers.
In order to safeguard your information in Aha, do not leave your workstation unattended while using this application, log off after using it, and print only if necessary. If you need to make a hardcopy, remember to pick up the print-out immediately, keep it under lock, and destroy it immediately when no longer needed.
NOTICE TO EU RESIDENTS: per EU Data Protection Policy, if you wish to remove your personal information from the IBM ideas portal, please login to the ideas portal using your previously registered information then change your email to "anonymous@euprivacy.out" and first name to "anonymous" and last name to "anonymous". This will ensure that IBM will not send any emails to you about all idea submissions