2.2.32 Operands related to security

Organization of this subsection
(1) Operands related to the security audit facility
(2) Operands related to strengthening security

(1) Operands related to the security audit facility

For details about how to use the security audit facility, see the HiRDB Version 9 System Operation Guide.

142) pd_audit = Y | N
Specifies whether to begin collecting an audit trail when HiRDB (a unit for a HiRDB parallel server configuration) is started.
Y: Begins collecting an audit trail when HiRDB is started.
N: Does not begin collecting an audit trail when HiRDB is started.
Even if Y is specified for this operand, you can still collect an audit trail by executing the pdaudbegin command.
Conditions
All of the following conditions must be satisfied. If Y is specified when all of these conditions are not satisfied, HiRDB (a unit for a HiRDB parallel server configuration) cannot be started.
  • A HiRDB file system area has been created for an audit trail file.
  • The name of the HiRDB file system for the audit trail file is specified for the pd_aud_file_name operand.
143) pd_aud_file_name = HiRDB-file-system-area-name-for-audit-trail-file
~<path name>((maximum of 150 characters))
This operand is required if you use the security audit facility. If you do not specify this operand, you cannot use the security audit facility.
Specify an absolute path name for the name of the HiRDB file system area for an audit trail file.
When you use the security audit facility in a HiRDB parallel server configuration, we recommend that you acquire an audit trail for the entire system. To do so, specify one of the following.
  • pd_aud_file_name operand in the system common definition
  • pd_aud_file_name operands in all of the unit control information definitions
However, in system configurations that run multiple units on a single server machine, the pd_aud_file_name operands must be specified in all unit control information definitions.
Notes
  • When this operand is specified, HiRDB (a unit for a HiRDB parallel server configuration) cannot be started if an error occurs during the access to the HiRDB file system area for audit trail files.
  • If the same audit trail file is specified in the pd_aud_file_name operands in the system common definition for multiple units on the same server machine, the correct audit trail cannot be acquired.
144) pd_aud_max_generation_size = 1audit-trail-file-maximum-size
~<unsigned integer>((1-5240))<<100>> (megabytes)
Specifies, in megabytes, the maximum size of audit trail files.
Specification guidelines
  • Because HiRDB needs 20 MB for management, determine the value for this operand so that the following condition is satisfied:
    pd_aud_max_generation_size-value[Figure] pd_aud_max_generation_num-value < size-of-HiRDB-file-system-area-for-audit-trail-files (value of the -n option of the pdfmkfs command) - 20 MB
  • When the specified value is smaller than the capacity of one audit trail record or no value is specified for this operand, and the size of one audit trail record is larger than the default, it will not be possible for HiRDB to start.
    To start such a HiRDB unit, set the operand value so that the following condition is satisfied:
    value of pd_aud_max_generation_size[Figure][Figure]maximum-audit-trail-record-size[Figure] 1,024[Figure][Figure] 1,024 + 2,048 (bytes)
    Use the following formula to calculate the audit trail record size:
    maximum-audit-trail-record-size = 1,067 + [Figure]value of pd_aud_sql_source_size[Figure] 4[Figure][Figure] 4 + [Figure]value of pd_aud_sql_data_size[Figure] 4[Figure][Figure] 4 (bytes)
  • If data is being output to the audit trails asynchronously, see Output to audit trail file (asynchronous output) in the HiRDB Version 9 System Operation Guide.
145) pd_aud_max_generation_num = maximum-audit-trail-file-count
~<unsigned integer>((2-200))<<50>>
Specifies the maximum number of (number of generations of) audit trail files to be created inside the HiRDB file system area for audit trail files.
Specification guidelines
  • We recommend that you not specify the maximum value (200) in case errors occur in all audit trail files. For details about how to handle errors in audit trail files, see the HiRDB Version 9 System Operation Guide.
  • Because HiRDB needs 20 MB for management, determine the value for this operand so that the following condition is satisfied:
pd_aud_max_generation_size-value[Figure] pd_aud_max_generation_num-value < size-of-HiRDB-file-system-area-for-audit-trail-files (value of the -n option of the pdfmkfs command) - 20 MB
Notes
During startup of HiRDB (a unit for a HiRDB parallel server configuration), if there is a file with a generation number that is greater than the value specified for this operand, the specified value becomes invalid. In this case, the largest generation number is assumed as the maximum number of audit trail files to be created inside the HiRDB file system area.
146) pd_aud_no_standby_file_opr = down | forcewrite
Specifies the processing to be performed by HiRDB when no swappable audit trail file is available or when all sectors of the asynchronous output buffer are awaiting a flush.
down:
If the number of remaining swappable audit trail files reaches one, HiRDB (or a unit for a HiRDB parallel server configuration) is forcibly terminated. If the audit trail file becomes full or an error occurs in the current file, the down setting takes effect and swapping occurs. For details about how to proceed in the event HiRDB is terminated forcibly due to this operand specification, see When HiRDB is terminated forcibly because there are no swappable target in the HiRDB Version 9 System Operation Guide.
When all sectors of the asynchronous output buffer are awaiting a flush, HiRDB (or, for a HiRDB parallel server configuration, the unit) is terminated forcibly. For the corrective action to take thereafter, see When all sectors of the asynchronous output buffer are placed in flush-wait status in the HiRDB Version 9 System Operation Guide.
forcewrite:
If no swappable audit trail file is available, an audit trail file waiting for data loading (except for files that are shut down) is forcibly made into a swapping target, and audit trail outputting is continued. For this process, the audit trail file waiting for data loading that has the oldest update date is made into the swapping target.
If the pdaudswap command is executed to swap files or all files are shut down, the output of audit trails is stopped.
When all sectors of the asynchronous output buffer are awaiting a flush, audit trail output resumes by forcibly overwriting the asynchronous output buffer that initially began awaiting a flush and reusing it. The audit trail in the asynchronous output buffer that was overwritten is destroyed.
147) pd_aud_async_buff_size = size-of-buffer-used-for-asynchronous-output-of-audit-trail-file
~<unsigned integer>((0, 4096-6553600))<<401408>> (bytes)
Specifies the size (bytes) of the buffer to be used for asynchronously outputting the audit trail. If 0 is specified, the audit trail is synchronously output. When the specified value is smaller than the maximum audit trail record size or no value is specified for this operand, and the maximum audit trail record size is larger than the default, it will not be possible for the HiRDB unit to start.
For details about the maximum audit trail record size, see the description of the pd_aud_max_generation_size operand.
The following table describes the advantages and disadvantages of each output method.
pd_aud_async_buff_size valueAudit trail output methodAdvantagesDisadvantages
0Synchronous outputAudit trail can be reliably output to an audit trail file.Because file input/out occurs on the extension of SQL processing, the impact on performance is large.
4096-6553600​Asynchronous outputCan reduce the impact on SQL processing performance.If HiRDB (a unit for a HiRDB parallel server configuration) is abnormally terminated after the audit trail is output to the buffer and before it is output to an audit trail file, the audit trail might be lost.
Specification guidelines
To output an audit trail asynchronously, we recommend that you set this buffer size on the large side. There is only one of these buffers per unit, so performance might be degraded if contention occurs among environments that have many transactions that create high processing loads.
Operand rule
For this operand, specify an integer multiple of 4,096. If a value that is not an integer multiple of 4,096 is specified, it is rounded up to an integer multiple of 4,096 and set as the value for this operand. For example, if 5000 is specified, 8192 is set for the operand.
Notes
  • Starting HiRDB (or, for a HiRDB parallel server configuration, the unit) requires shared memory for the unit controllers equal in size to value of pd_aud_async_buff_size[Figure] value of pd_aud_async_buff_count (bytes). Make sure that the value from this equation does not exceed the upper limit for shared memory for unit controllers as a whole. For details about calculating the shared memory size used by unit controllers, see the HiRDB Version 9 Installation and Design Guide.
  • When the values specified in the pd_aud_async_buff_size and pd_aud_async_buff_count operands are small, all sectors of the asynchronous output buffer might wait for flushing, transaction execution times might lengthen, or, depending on the specification of the pd_aud_no_standby_file_opr operand, HiRDB (or, for a HiRDB parallel server configuration, the unit) might be forcibly terminated.
    Determine the settings for the pd_aud_async_buff_size and pd_aud_async_buff_count operands taking into consideration the number of audit trail outputs per unit of time. For details, see Output to audit trail file (asynchronous output) in the HiRDB Version 9 System Operation Guide.
Effects on individual estimation formulas
If the value of the pd_aud_async_buff_size operand is changed, the following estimation formulas are affected:
HiRDB Version 9 Installation and Design Guide:
  • Formulas for shared memory used by a unit controller under Estimating the memory size required for a HiRDB single server configuration
  • Formulas for shared memory used by a unit controller under Estimating the memory size required for a HiRDB parallel server configuration
148) pd_aud_async_buff_count = number-of-buffer-sectors-used-for-asynchronous-output-of-audit-trail-file
~<unsigned integer>((1-6500))<<max(1, number of HiRDB servers in unit[Figure] 10)>>
Specifies the number of buffer sectors to be used for asynchronously outputting an audit trail.
Specification guidelines
We recommend that the number of buffer sectors be set on the high side. If the value is too small, writing to buffers might take longer due to writing into audit trail files, which can degrade performance.
Notes
  • Starting HiRDB (or, for a HiRDB parallel server configuration, the unit) requires shared memory for the unit controllers equal in size to value of pd_aud_async_buff_size[Figure] value of pd_aud_async_buff_count (bytes). Make sure that the value from this equation does not exceed the upper limit for shared memory for unit controllers as a whole. For details about calculating the shared memory size used by unit controllers, see the HiRDB Version 9 Installation and Design Guide.
  • When the values specified in the pd_aud_async_buff_size and pd_aud_async_buff_count operands are small, all sectors of the asynchronous output buffer might wait for flushing, transaction execution times might lengthen, or, depending on the specification of the pd_aud_no_standby_file_opr operand, HiRDB (or, for a HiRDB parallel server configuration, the unit) might be forcibly terminated.
    Determine the settings for the pd_aud_async_buff_size and pd_aud_async_buff_count operands taking into consideration the number of audit trail outputs per unit of time. For details, see Output to audit trail file (asynchronous output) in the HiRDB Version 9 System Operation Guide.
Effects on individual estimation formulas
If the value of the pd_aud_async_buff_count operand is changed, the following estimation formulas are affected:
HiRDB Version 9 Installation and Design Guide:
  • Formulas for shared memory used by a unit controller under Estimating the memory size required for a HiRDB single server configuration
  • Formulas for shared memory used by a unit controller under Estimating the memory size required for a HiRDB parallel server configuration
149) pd_aud_async_buff_retry_intvl = retry-interval-for-allocation-of-a-buffer-to-be-used-for-asynchronous-output-of-audit-trail-file
~<unsigned integer>((1-1000))<<50>> (milliseconds)
Specifies the retry interval for monitoring for a buffer to be used for asynchronous output of the audit trail so that the audit trail can be acquired when all buffers are in use.
Specification guidelines
Normally, there is no need to specify this operand.
When the security audit facility is used and a UAP requires an extended amount of time to execute, specifying a small value in this operand might reduce the UAP execution time.
150) pd_aud_sql_source_size = size-of-sql-statement-output-to-audit-trail
~<unsigned integer>((0-2000000))<<0>> (bytes)
Specifies the size in bytes of the SQL statements output to the audit trail when using the security audit facility. When 0 is specified, no SQL statements are output to the audit trail. For SQL statements larger than the specified value, the portion in excess of the specified value is not output to the audit trail.
Relationship to other operands
If you specify this operand, re-estimate the specifications for the pd_aud_max_generation_size and pd_aud_async_buff_size operands.
Effects on individual estimation formulas
If the value of the pd_aud_sql_source_size operand is changed, the following estimation formula is affected:
HiRDB Version 9 Installation and Design Guide:
  • Determining audit trail file capacity
151) pd_aud_sql_data_size = size-of-sql-data-output-to-audit-trail
~<unsigned integer>((0-1000000))<<0>> (bytes)
Specifies the size in bytes of the SQL data output to the audit trail when using the security audit facility. When 0 is specified, no SQL data is output to the audit trail. For SQL data larger than the specified value, the portion in excess of the specified value is not output to the audit trail.
Relationship to other operands
If you specify this operand, re-estimate the specifications for the pd_aud_max_generation_size and pd_aud_async_buff_size operands.
Effects on individual estimation formulas
If the value of the pd_aud_sql_data_size operand is changed, the following estimation formula is affected:
HiRDB Version 9 Installation and Design Guide:
  • Determining audit trail file capacity
152) pd_aud_file_wrn_pnt = warning-message-output-trigger[,trigger-for-resetting-warning-message-output-status]
warning-message-output-trigger: ~<unsigned integer><<0-100>><<0 or 80>> (%)
When the number of unswappable audit trail files reaches or exceeds the warning value, a warning message is issued. For this operand, specify the warning value as a percentage of the maximum audit trail file count specified in the pd_aud_max_generation_num operand. For example, if 100 is specified for the pd_aud_max_generation_num operand, and 90 is specified for the pd_aud_file_wrn_pnt operand, the KFPS05123-W warning message is issued when the number of unswappable audit trail files reaches or exceeds 90.
For a HiRDB parallel server configuration, the number is checked for each unit.
If 0 is specified in this operand, no warning message is issued.
Relationship to other operands
  • If you omit this operand and MANUAL is specified for the pd_watch_resource operand, the value of this operand is assumed to be 0. (No warning message is issued.)
  • If you omit this operand and AUTO or DEFAULT is specified for the pd_watch_resource operand, the value of this operand is assumed to be 80. (A warning message is issued when the usage reaches 80%.)
trigger-for-resetting-warning-message-output-status: ~<unsigned integer><<0-99>) (%)
Specifies the trigger for resetting the warning message output status. When the warning message (KFPS05123-W) is output, HiRDB goes into the warning message output status. Once HiRDB goes into this status, the warning message is not output again, even if the number of unswappable audit trail files exceeds the warning value again. However, when the number of unswappable audit trail files falls below the trigger for resetting the warning message output status specified here, the warning message output status is reset.
For example, if pd_aud_file_wrn_pnt=90,70 is specified, the warning message is output when the number of unswappable audit trail files reaches or exceeds 90% of the maximum number of audit trail files. Afterwards, no warning message is output until the number of unswappable audit trail files falls below 70% of the maximum number of audit trail files. After the percentage falls below 70%, and when it subsequently reaches or exceeds 90% again, the warning message is output.
Notes
  • When this specification is omitted, warning-message-output-trigger -30 is assumed as the default (if the result is a negative number, 0 is used).
  • If a value greater than the warning message output trigger is specified, the warning message output trigger value is used.
153) pd_aud_auto_loading = Y | N
Specifies whether the facility for automatically loading audit trail table data is to be used. For details about the facility for automatically loading audit trail table data, see the HiRDB Version 9 System Operation Guide.
Y:
Uses the facility for automatically loading audit trail table data. When this value is specified, data is loaded into the audit trail table automatically using as the trigger generation swapping of audit trail files (excluding swaps caused by errors).
N:
Does not use the facility for automatically loading audit trail table data. Data will not be loaded automatically into the audit trail table; instead, it must be loaded manually by the auditor.
Specification guidelines
Use of the facility for automatically loading audit trail table data can reduce the auditor's workload. However, data loading begins during online transactions, so there is an increase in the number of I/Os to the CPU and disks, thus increasing the system load. Decide whether to use the facility for automatically loading audit trail table data based on these considerations.
Note
When this operand is set to Y in a HiRDB parallel server configuration, a HiRDB file system area for audit trail files must be created in each unit that has a system manager, and the pd_aud_file_name operand must be specified. If it is not specified in such a case, the facility for automatically loading audit trail table data cannot be used.
Effects on individual estimation formulas
If the value of the pd_aud_auto_loading operand is changed, the following estimation formulas are affected:
HiRDB Version 9 Installation and Design Guide:
  • Processes started by a HiRDB single server configuration
  • Formulas for shared memory used by a unit controller under Estimating the memory size required for a HiRDB single server configuration
  • Processes started by a HiRDB parallel server configuration
  • Formulas for shared memory used by a unit controller under Estimating the memory size required for a HiRDB parallel server configuration
154) pdaudload
[-i index-creation-method]
[-l log-acquisition-mode]
[-n [batch-output-local-buffer-sector-count],,
[random-access-local-buffer-sector-count]]
[-y]
[-X response-monitoring-time-for-server-to-server-communication]
Specifies environment information for the database creation utility (pdload) that is activated when the facility for automatically loading audit trail table data is used.
Condition
Y must be specified in the pd_aud_auto_loading operand.
Specification guidelines
For guidance in determining the operand values, see Applicable conditions under Facility for automatically loading audit trail table data in the HiRDB Version 9 System Operation Guide.
Notes
If this operand is specified more than once, only the values specified in the first instance of the operand are valid, and values specified in subsequent instances are ignored.
-i index-creation-method
~<<c>>
Specifies the method for creating indexes. The following two methods are used to create indexes:
c:
Batch creation mode. While row data is being stored, index creation information is output to an index information file without creating the index. When storage processing for all row data has been completed, the index is created.
s:
Index update mode. The index is updated each time a row of data is stored.
-l log-acquisition-mode
~<<p>>
Specifies the method of acquiring the database update log when pdload is executed:
a:
Log acquisition mode. Database update logs required for rollbacks and rollforwards are acquired.
p:
Pre-update log acquisition mode. Database update log required for rollbacks is acquired, but no database update log required for rollforwards is acquired.
Note
When you use the log-only synchronous method in an environment that uses Real Time SAN Replication, a must be specified in this operand. If you specify p in such a case, access to RDAREAs that have remote site audit trail tables will be blocked.
-n [batch-output-local-buffer-sector-count],,[random-access-local-buffer-sector-count]
Specifies that local buffers are to be used to load data into a table. When this option is specified, the database can be accessed using local buffers, which reduces the number of I/Os because batch output is used.
When this option is omitted, output is in units of pages using global buffers.
When batch-output-local-buffer-sector-count is omitted and only random-access-local-buffer-sector-count is specified, enclose the specification, including the commas, in double quotation marks. For example, to omit batch-output-local-buffer-sector-count and specify 1000 as the random-access-local-buffer-sector-count of 1000, specify as follows.
pdaudload -n ",,1000"
However, you cannot omit both batch-output-local-buffer-sector-count and random-access-local-buffer-sector-count. If both are omitted but the -n option is specified, a definition error will result and the KFPS01895-E message will be issued.
batch-output-local-buffer-sector-count: ~<unsigned integer>((2-4096))
Specifies the number of batch output local buffer sectors. The batch output local buffer is used for the database.
random-access-local-buffer-sector-count: ~<unsigned integer>((4-125000))
Specifies the number of random access local buffer sectors. The random access local buffer is used for index pages.
-y
Specifies that when all unused pages have been used during data loading, data must be stored in unused areas of pages that are being used. When this option is specified, the KFPH26010-I message is issued prior to storing data in unused areas on pages that are being used.
When you specify this option, specify a in the -l option. Specifying p in the -l option or not specifying the -l option will result in a definition error and issuance of the KFPS01895-E message.
-X response-monitoring-time-for-server-to-server-communication
~<unsigned integer>((1-65535))<<300>> (seconds)
Specifies a response monitoring time, in seconds, for dictionary operations. When execution time exceeds the time set in this option during a dictionary operation, pdload determines that an error has occurred in the access to the dictionary and halts processing with a return code of 8. When processing is halted, automatic data load processing of the audit trail table is also stopped.
The purpose of this option is so that pdload can monitor the response time of communications for dictionary operations performed by commands in order to detect errors. This is important, because when an error occurs in communication with the server that executed a command, the command might become unresponsive or the transaction might stop.

(2) Operands related to strengthening security

155) pd_security_host_group = "host-name"[, "host-name"]...
Specifies explicitly the hosts to be used in the HiRDB server configuration and limits HiRDB operations that might affect security (operations from hosts other than those defined by utilities and related program products). Use of this operand is applicable in constructing a system that requires a high level of security protection.
You must specify in this operand all hosts to be used on the network that constitutes the HiRDB server. Specifying this operand can reduce security risks. Specify a host by its IP address or in FQDN format; a loopback address can also be specified.
This operand's specification can be modified at a forced, abnormal, or planned termination.
A host name specification must not exceed 256 characters in length.
Notes
  • When a DNS server is used, you must also register in the DNS server all hosts specified in this operand. If no DNS server is used, register the host names specified here in the hosts file.
  • If a name cannot be resolved, the KFPS04693-E message is issued and HiRDB startup processing terminates.
  • If the same host name, IP address, or FQDN character string is specified more than once, the KFPS04693-E message is issued and HiRDB startup processing terminates. No error results when the IP address is the same but the host names are different.
  • When a loopback address is specified in the -x option of the pdunit operand, also specify a loopback address in this operand.
Comments
Examples of specifying the pd_security_host_group operand are shown below.
pd_security_host_group operand specification example (for a HiRDB single server configuration)
[Figure]
pd_security_host_group operand specification example (for a HiRDB parallel server configuration)
[Figure]