UKIUG 2008 -- The content!
I was not able to take copious notes at the UKIUG, but I did scribble some things down. PLEASE NOTE: everything in this post is down to my memory, so please don't bet the farm on any of it. Also, please note that any mention of future features is subject to delay or omission, and all the rest of it!
Jerry Keesee's Market Update
Jerry gave a very positive market update. I was already aware of most of it, but even I came away impressed. Informix is doing very well, we had lost some market share, but since Ambuj's decision to "love all his children" kicked in, business has been brisk. We have had continous double-digit year on year growth every quarter for the last 11 quarters and that growth has been a lot higher than 10%!
Internally, IBM software group product managers have been lining up to integrate their products with Informix, and anyone with an IBM history will realize how much of a compliment and achievement that is. (It basically means that they think they can drive growth in their own products by being assosicated with Informix!)
Jonathan Leffler on Security
Jonathan Leffler gave one of his marathon presentations about security. The first point was the fact that there is a massive surge in the amount of legislation affecting security and that it was becoming more difficult to find a place that wasn't being affected in one way or another by security legislation.
He then started talking about ways to help secure your Informix platforms. One of the first steps to take is simply to install your client and server software into separate directories. This allows you to "harden" the server security without affecting client connectivity.
He then discussed insulating the server from changes. This involves things like always installing new copies of IDS into different directories, using symlinks for $INFORMIXDIR and keeping stuff that needed to survive new versions out of $INFORMIXDIR.
Jonathan said that if you only took one thing away from the whole presentation it was to always deny public write access!
He then had a brief discussion on role separation which included the useful information that there was a function known as the Database System Administrator or DBSA. Most people know about the DBSSO and AAO functions, but the DBSA function allows people to run the on* utilities without being logged in as Informix. You can run
chmod u+x $INFORMIXDIR/bin/on*
because the on* utilities check whether you are a DBSA before running. To put give someone access to that function, create a new group, add the person to the group and then change the group on $INFORMIXDIR/etc to belong to that group.
Be aware that creating a Unix group called "bargroup" and adding users to it will allow users in that group to take backups and administer them, so they need to be trusted.
Encrypted communications is becoming more important, and IDS 11.50 now allows SSL communication.
Expect to see the DRDA protocol becoming more prevalent in Informix products, as it is the standard mechanism by which other IBM products will become integrated with Informix.
Jonathan also highlighted the IBM Data Server Security Blueprint as a means whereby you could look at protecting your data in a structured way.
The final part of the presentation focused on directory security and how to check it. Jonathan has made the "linkpath" utility available on the IIUG website to validate whether or not your $INFORMIXDIR is secure. Subject to certain caveats and allowances, it is likely that Informix will enforce this in future, so it's worth checking now.
Jonathan Leffer on OAT
Only a few notes here:
1. OAT is being extended and enhanced on an almost daily basis. It now has its own website where you can get the latest version.
2. There is a new Enterprise Replication plugin.
Jerry Keesee on Futures
Jerry had all the usual disclaimers on this one: some or all of these features might not happen at all, some or all of them might be delayed. Please bear this in mind!
There was a brief diversion over the possible duplication of effort between Data Studio and OAT. My notes say that OAT is a DBA tool for Informix, whereas Data Studio is a Lifecycle Management tool for Data Governance. I think that sums it up quite well.
Some of the futures mentioned were:
- being able to debug stored procedures,
- more "common clients" with DB2 -- we have an API team that is building Information Management-wide APIs
- DRDA is very likely to be the future, and for example, current .NET users will find the common client integration with MS Visual Studio much better than the SQLI-based one,
- DRDA support for extensibility is on the roadmap,
- vNext is due in the second half of 2010,
- preconfigured installs,
- automatic storage provisioning,
- closer integration with SolidDB,
- Google KML integration,
- external table support,
- a performance advisor,
- a change from ASCII to UTF-8,
- improved analytics (data warehousing),
- automatic DataBlade configuration,
- Enhanced XML support
And for all of you who remember 4GL: it now has UTF-8 support and support for consuming or providing SOA Web Services is in the plan!
Jon Ritson on MACH11
No notes on this, but I do remember the line: "OAT is like a big gun with a small trigger, or a very sharp knife: it's very useful and very powerful, but it's easy to do a lot of damage very easily, too!"
Ask the Experts
One of the more interesting questions asked during the "Ask the Experts" session was "do you have any 'secret tips' that people don't know about?" I learned lots of things, but unfortunately I've already forgotten them all!
If you can remember any of them, please post them as comments!