Connectivity options in Watson Query

Watson Query offers multiple secure connectivity options that depend on your application connection requirements.

Connecting to a public endpoint (default option)

You can connect your application by using a public hostname that you receive when your service is provisioned. Access to your data is protected by strong authentication, Db2® authorization options and access controls, encryption over the wire and at rest, and IBM® security and compliance practices for development and operations.

You can connect to your data by using the public hostname that was provided in your welcome letter. You can also obtain your hostname and credentials in the following ways.

From the console

Log in to Watson Query and click your service instance.
Click Manage.
Click Open Console, then click Administration.
Select Connections.
The public and private endpoints are displayed under Connection Configuration Resources.

From service credentials

Log in to Watson Query and click your service instance.
Click Service credentials.
Click New credential, then click Add.
After the credentials are created, click the down arrow for a credential name to view the credentials.
In the JSON document, note the contents of the hostname, port, password, and username fields. You use these four components to make the public endpoint connection:

Current plans connection string breakdown

Watson Query

The Watson Query section contains information that is suited to applications that make connections to Watson Query.

Note: 0... indicates one or more of these entries in an array.

Table 1. Db2 on Cloud URI connection information
Field Name	Index	Description
`Type`		Type of connection. For example, `URI`.
`Scheme`		Scheme for a URI. For example, `db2`.
`Path`		Path for a URI database name. The default is `bludb`.
`Authentication`	`Username`	The username that you use to connect.
`Authentication`	`Password`	A password for the user.
`Authentication`	`Method`	How authentication takes place. For example, direct authentication is handled by the driver.
`Hosts`	`0...`	A hostname and port to connect to.
`Composed`	`0...`	A URI that combines `Scheme`, `Authentication`, `Host`, and `Path`.
`Certificate`	`Name`	The allocated name for the self-signed certificate for database deployment.
`Certificate`	Base64	A base64 encoded version of the certificate.

CLI section

The CLI section contains information that you can use to connect with Watson Query.

Note: 0... indicates one or more of these entries in an array.

Table 2. PostgreSQL or CLI connection information
Field Name	Index	Description
`Bin`		The recommended binary to create a connection; in this case it is Watson Query.
`Composed`		A formatted command to establish a connection to your deployment. The command combines the `Bin` variable, `Environment` variable settings, and uses `Arguments` as command-line parameters.
`Environment`		A list of keys or values that you set as environment variables.
`Arguments`	`0...`	The information that is passed as arguments to the command shown in the `Bin` field.
`Certificate`	Base64	A self-signed certificate that is used to confirm that an application is connecting to the appropriate server. It is base64 encoded.
`Certificate`	Name	The allocated name for the self-signed certificate.
`Type`		The type of package that uses this connection information; in this case `cli`.

Example Service Credential JSON

The following VCAP Services JSON file can be used to make connections to your Enterprise plan database instances:

{
  "apikey": "<apikey>",
  "connection": {
    "cli": {
      "arguments": [
        [
          "-u",
          "ipa8emxc",
          "-p",
          "e2haTt1FJ7m3UQXY",
          "--ssl",
          "--sslCAFile",
          "2ac5a4d3-1307-40f5-99a4-043e278fb084",
          "--authenticationDatabase",
          "admin",
          "--host",
          "a1d53ce7-166c-42d1-af26-7809dexxxxxx.yyyyyy.databases.appdomain.cloud:32447"
        ]
      ],
      "bin": "db2",
      "certificate": {
        "certificate_base64": "<certificate_code>",
        "name": "2ac5a4d3-1307-40f5-99a4-043e278fb084"
      },
      "composed": [
        "db2 -u ipa8emxc -p e2haTt1FJ7m3UQXY --ssl --sslCAFile 2ac5a4d3-1307-40f5-99a4-043e278fb084 --authenticationDatabase admin --host a1d53ce7-166c-42d1-af26-7809dexxxxxx.yyyyyy.databases.appdomain.cloud:32447"
      ],
      "environment": {},
      "type": "cli"
    },
    "db2": {
      "authentication": {
        "method": "direct",
        "password": "<password>",
        "username": "<user_name>"
      },
      "certificate": {
        "certificate_base64": "<certificate_code>",
        "name": "2ac5a4d3-1307-40f5-99a4-043e278fb084"
      },
      "composed": [
        "db2://ipa8emxc:e2haTt1FJ7m3UQXY@a1d53ce7-166c-42d1-af26-7809dexxxxxx.yyyyyy.databases.appdomain.cloud:32447/bludb?authSource=admin&replicaSet=replset"
      ],
      "database": "bludb",
      "host_ros": [
        "a1d53ce7-166c-42d1-af26-7809dexxxxxx.yyyyyy.databases.appdomain.cloud:31196"
      ],
      "hosts": [
        {
          "hostname": "a1d53ce7-166c-42d1-af26-7809dexxxxxx.yyyyyy.databases.appdomain.cloud",
          "port": 32447
        }
      ],
      "jdbc_url": [
        "jdbc:db2://a1d53ce7-166c-42d1-af26-7809dexxxxxx.yyyyyy.databases.appdomain.cloud:32447/bludb:user=<userid>;password=<your_password>;sslConnection=true;"
      ],
      "path": "/bludb",
      "query_options": {
        "authSource": "admin",
        "replicaSet": "replset"
      },
      "replica_set": "replset",
      "scheme": "db2",
      "type": "uri"
    }
  },
}

Connecting to a private endpoint: IBM Cloud service endpoint

Watson Query supports private connectivity through an IBM Cloud service endpoint. IBM Cloud service endpoints securely route network traffic between different IBM Cloud services through the IBM Cloud private backplane network. When you configure your Watson Query instance with IBM Cloud service endpoint connectivity, traffic between your cloud database and applications that are deployed on your IBM Cloud account do not traverse any public networks.