Data Virtualization offers multiple secure connectivity options that depend on your application connection requirements.
Connecting to a public endpoint (default option)
You can connect your application by using a public hostname that you receive when your service is provisioned. Access to your data is protected by strong authentication, Db2® authorization options and access controls, encryption over the wire and at rest, and IBM® security and compliance practices for development and operations.
- From the console
-
- Log in to Data Virtualization and click your service instance.
- Click Manage.
- Click Open Console, then click Administration.
- Select Connections.
- The public and private endpoints are displayed under Connection Configuration Resources.
- From service credentials
-
- Log in to Data Virtualization and click your service instance.
- Click Service credentials.
- Click New credential, then click Add.
- After the credentials are created, click the down arrow for a credential name to view the credentials.
- In the JSON document, note the contents of the hostname, port, password, and username fields. You use these four components to make the public endpoint connection:
Current plans connection string breakdown
- Data Virtualization
-
The Data Virtualization section contains information that is suited to applications that make connections to Data Virtualization.
Note:0...
indicates one or more of these entries in an array.Table 1. Db2 on Cloud URI connection information Field Name Index Description Type
Type of connection. For example, URI
.Scheme
Scheme for a URI. For example, db2
.Path
Path for a URI database name. The default is bludb
.Authentication
Username
The username that you use to connect. Authentication
Password
A password for the user. Authentication
Method
How authentication takes place. For example, direct authentication is handled by the driver. Hosts
0...
A hostname and port to connect to. Composed
0...
A URI that combines Scheme
,Authentication
,Host
, andPath
.Certificate
Name
The allocated name for the self-signed certificate for database deployment. Certificate
Base64 A base64 encoded version of the certificate. - CLI section
-
The CLI section contains information that you can use to connect with Data Virtualization.
Note:0...
indicates one or more of these entries in an array.Table 2. PostgreSQL or CLI connection information Field Name Index Description Bin
The recommended binary to create a connection; in this case it is Data Virtualization. Composed
A formatted command to establish a connection to your deployment. The command combines the Bin
variable,Environment
variable settings, and usesArguments
as command-line parameters.Environment
A list of keys or values that you set as environment variables. Arguments
0...
The information that is passed as arguments to the command shown in the Bin
field.Certificate
Base64 A self-signed certificate that is used to confirm that an application is connecting to the appropriate server. It is base64 encoded. Certificate
Name The allocated name for the self-signed certificate. Type
The type of package that uses this connection information; in this case cli
. - Example Service Credential JSON
-
The following VCAP Services JSON file can be used to make connections to your Enterprise plan database instances:
{ "apikey": "<apikey>", "connection": { "cli": { "arguments": [ [ "-u", "ipa8emxc", "-p", "e2haTt1FJ7m3UQXY", "--ssl", "--sslCAFile", "2ac5a4d3-1307-40f5-99a4-043e278fb084", "--authenticationDatabase", "admin", "--host", "a1d53ce7-166c-42d1-af26-7809dexxxxxx.yyyyyy.databases.appdomain.cloud:32447" ] ], "bin": "db2", "certificate": { "certificate_base64": "<certificate_code>", "name": "2ac5a4d3-1307-40f5-99a4-043e278fb084" }, "composed": [ "db2 -u ipa8emxc -p e2haTt1FJ7m3UQXY --ssl --sslCAFile 2ac5a4d3-1307-40f5-99a4-043e278fb084 --authenticationDatabase admin --host a1d53ce7-166c-42d1-af26-7809dexxxxxx.yyyyyy.databases.appdomain.cloud:32447" ], "environment": {}, "type": "cli" }, "db2": { "authentication": { "method": "direct", "password": "<password>", "username": "<user_name>" }, "certificate": { "certificate_base64": "<certificate_code>", "name": "2ac5a4d3-1307-40f5-99a4-043e278fb084" }, "composed": [ "db2://ipa8emxc:e2haTt1FJ7m3UQXY@a1d53ce7-166c-42d1-af26-7809dexxxxxx.yyyyyy.databases.appdomain.cloud:32447/bludb?authSource=admin&replicaSet=replset" ], "database": "bludb", "host_ros": [ "a1d53ce7-166c-42d1-af26-7809dexxxxxx.yyyyyy.databases.appdomain.cloud:31196" ], "hosts": [ { "hostname": "a1d53ce7-166c-42d1-af26-7809dexxxxxx.yyyyyy.databases.appdomain.cloud", "port": 32447 } ], "jdbc_url": [ "jdbc:db2://a1d53ce7-166c-42d1-af26-7809dexxxxxx.yyyyyy.databases.appdomain.cloud:32447/bludb:user=<userid>;password=<your_password>;sslConnection=true;" ], "path": "/bludb", "query_options": { "authSource": "admin", "replicaSet": "replset" }, "replica_set": "replset", "scheme": "db2", "type": "uri" } }, }
Connecting to a private endpoint: IBM Cloud service endpoint
Data Virtualization supports private connectivity through an IBM Cloud service endpoint. IBM Cloud service endpoints securely route network traffic between different IBM Cloud services through the IBM Cloud private backplane network. When you configure your Data Virtualization instance with IBM Cloud service endpoint connectivity, traffic between your cloud database and applications that are deployed on your IBM Cloud account do not traverse any public networks.