Example: Configuring connection management for untrusted networks

This example shows steps that are required to configure connection management for an untrusted network.

For this example, you have a high-availability cluster on an untrusted network. All hosts use UNIX operating systems. The cluster consists of four servers:
  • A primary server (server_1)
  • A shared-disk secondary server (server_2)
  • An HDR secondary server (server_3)
  • An RS secondary server (server_4)

To configure connection management:

  1. Install at least two network interface cards on each host.
  2. Install at least two Connection Managers. Install each Connection Manager onto a different host, and do not install the Connection Managers onto the hosts that database servers are installed on.
  3. On each host Connection Manager host, set the INFORMIXDIR environment to the directory the Connection Manager was installed into. Run the following command:
    setenv INFORMIXDIR path
  4. Create a configuration file in each Connection Manager installation's $INFORMIXDIR/etc directory.
    The first Connection Manager's configuration file is named cm_1.cfg and has the following entries:
    NAME connection_manger_1
    LOG 1
    LOGFILE $INFORMIXDIR/tmp/my_cm1_log.log
    LOCAL_IP 192.0.2.0,192.0.2.1
    
    CLUSTER cluster_1
    {
       INFORMIXSERVER cluster_1
       SLA oltp_1    DBSERVERS=primary
       SLA payroll_1 DBSERVERS=(PRI,HDR) \
                     POLICY=WORKLOAD
       SLA report_1  DBSERVERS=(SDS,HDR,RSS) \
                     POLICY=WORKLOAD
       FOC ORDER=ENABLED \
           PRIORITY=1
       CMALARMPROGRAM $INFORMIXDIR/etc/CMALARMPROGRAM.sh
    }
    The second Connection Manager's configuration file is named cm_2.cfg and has the following entries:
    NAME connection_manger_2
    LOG 1
    LOGFILE $INFORMIXDIR/tmp/my_cm2_log.log
    LOCAL_IP 192.0.2.2,192.0.2.3
    
    CLUSTER cluster_1
    {
       INFORMIXSERVER cluster_1
       SLA oltp_2    DBSERVERS=primary
       SLA payroll_2 DBSERVERS=(PRI,HDR)\
                     POLICY=WORKLOAD
       SLA report_2  DBSERVERS=(SDS,HDR,RSS) \
                     POLICY=WORKLOAD
       FOC ORDER=ENABLED \
           PRIORITY=2
       CMALARMPROGRAM $INFORMIXDIR/etc/CMALARMPROGRAM.sh
    }
  5. Set the onconfig file DRAUTO configuration parameter on all database servers to 3, to specify that Connection Managers control failover arbitration.
    DRAUTO 3
  6. Set the onconfig file HA_FOC_ORDER configuration parameter on server_1 to SDS,HDR,RSS
    HA_FOC_ORDER SDS,HDR,RSS
  7. Optional: Configure the cmalarmprogram script on each Connection Manager host.
  8. Add entries to thesqlhosts files on server_1 and server_2's host, server_3's host, and server_4's host.
    #dbservername   nettype    hostname   servicename   options
     server_1       onsoctcp   host_1     port_1        s=6
     a_server_1     onsoctcp   host_1     port_2
    
     server_2       onsoctcp   host_1     port_3        s=6
     a_server_2     onsoctcp   host_1     port_4
    
     server_3       onsoctcp   host_2     port_5        s=6
     a_server_3     onsoctcp   host_2     port_6
    
     server_4       onsoctcp   host_3     port_7        s=6
     a_server_4     onsoctcp   host_3     port_8
  9. Create a sqlhosts file on each Connection Manager's host.
    #dbservername   nettype    hostname   servicename   options
     cluster_1      group      -          -             c=1,e=a_server_4
     server_1       onsoctcp   host_1     port_1        s=6,g=cluster_1
     a_server_1     onsoctcp   host_1     port_2        g=cluster_1
     server_2       onsoctcp   host_1     port_3        s=6,g=cluster_1
     a_server_2     onsoctcp   host_1     port_4        g=cluster_1
     server_3       onsoctcp   host_2     port_5        s=6,g=cluster_1
     a_server_3     onsoctcp   host_2     port_6        g=cluster_1
     server_4       onsoctcp   host_3     port_7        s=6,g=cluster_1
     a_server_4     onsoctcp   host_3     port_8        g=cluster_1
  10. In each database server's onconfig file, set the DBSERVERALIASES parameter to that database server's alias.
    The onconfig file entry for server_1:
    DBSERVERALIASES a_server_1
    The onconfig file entry for server_2:
    DBSERVERALIASES a_server_2
    The onconfig file entry for server_3:
    DBSERVERALIASES a_server_3
    The onconfig file entry for server_4:
    DBSERVERALIASES a_server_4
  11. On one of the Connection Manager hosts, use a text editor to create an ASCII-text password file that contains security information. Save the file to the $INFORMIXDIR/tmp directory. For example, my_passwords.txt has the following entries:
    cluster_1   a_server_1  user_1  password_1
    cluster_1   a_server_2  user_2  password_2
    cluster_1   a_server_3  user_3  password_3
    cluster_1   a_server_4  user_4  password_4
    
    server_1    a_server_1  user_1  password_1
    server_2    a_server_2  user_2  password_2
    server_3    a_server_3  user_3  password_3
    server_4    a_server_4  user_4  password_4
    
    a_server_1  a_server_1  user_1  password_1
    a_server_2  a_server_2  user_2  password_2
    a_server_3  a_server_3  user_3  password_3
    a_server_4  a_server_4  user_4  password_4
  12. On the host where the password file is saved, run the onpassword utility with a specified encryption key to encrypt the password and create passwd_file in the $INFORMIXDIR/etc directory. For example, run the following command, specifying my_secret_encryption_key_456 as your encryption key:
    onpassword -k my_secret_encryption_key_456 -e my_passwords.txt
  13. Store the original text file and encryption key in a safe place.
  14. Distribute $INFORMIXDIR/etc/passwd_file to all the database servers that Connection Managers connect to, and to all Connection Managers. For systems that use Enterprise Replication, also distribute $INFORMIXDIR/etc/passwd_file to all the database servers that the cdr utility connects to.
  15. Create a sqlhosts file on each client host.
    #dbservername  nettype    hostname   servicename   options
     oltp          group      -          -             c=1,e=oltp_2
     oltp_1        onsoctcp   cm_host_1  cm_port_1     g=oltp
     oltp_2        onsoctcp   cm_host_2  cm_port_2     g=oltp
    
     report        group      -          -             c=1,e=report_2
     report_1      onsoctcp   cm_host_1  cm_port_3     g=report
     report_2      onsoctcp   cm_host_2  cm_port_4     g=report
     
     payroll       group      -          -             c=1,e=payroll_2
     payroll_1     onsoctcp   cm_host_1  cm_port_5     g=payroll
     payroll_2     onsoctcp   cm_host_2  cm_port_6     g=payroll
  16. Set each INFORMIXSQLHOSTS environment variable to the sqlhosts file location by running the setenv command on each Connection Manager and client host.
    setenv INFORMIXSQLHOSTS path_and_file_name
  17. Run the oncmsm utility on each Connection Manager host, to start each Connection Manager.
    On the host of connection_manager_1:
    oncmsm -c cm_1.cfg
    On the host of connection_manager_2:
    oncmsm -c cm_2.cfg
  18. Check each Connection Manager's log file to verify that the Connection Manager started correctly.

Copyright© 2019 HCL Technologies Limited