Preparing for Db2 application protection

Before you start protecting Db2 applications, you must prepare your environment for application data protection. Preparing your environment for Db2 application data protection includes the following tasks:

Task	Instructions
Get familiar with your data protection environment specifics.	Getting familiar with your Db2 data protection environment specifics
Enable R‑Cloud to access applications that you want to protect.	Enabling access to Db2 application data
Configure the Db2 application backup options (configure the Db2 databases for the archive log backup and the point-in-time recovery).	Configuring the Db2 application backup options
Assign a data mover configuration.	Assigning a data mover configuration

Getting familiar with your Db2 data protection environment specifics

When setting up your environment for data protection, you must get familiar with all the prerequisites, limitations, considerations, and/or recommendations that are specific to protecting Db2 applications.

Prerequisites

The passwordless sudo access must be enabled for the OS user.
The OS user must be allowed to run Db2 commands. For instructions on how to set up /etc/sudoers for the OS user to run the commands as a Db2 instance owner or a Db2 user, see sudoers documentation.
The database user must be granted the SYSMAINT, SYSCTRL, or SYSADM instance level authority. If the user is granted the SYSMAINT instance level authority, they must be granted also the following privileges:
- CONNECT privilege on each database
- EXECUTE privilege on the following functions: SYSPROC.ADMIN_LIST_DB_PATHS, SYSPROC.MON_GET_TABLESPACE, SYSPROC.MON_GET_CONTAINER, and SYSPROC.MON_GET_TRANSACTION_LOG

Enabling access to Db2 application data

After you assign credentials to instances as described in Enabling access to data, the process of application discovery starts automatically. When the application discovery task completes, the discovered applications are listed in the Applications panel.

Each discovered application has one of the following statuses:

Discovery status	Description
	R‑Cloud can access discovered applications that you want to protect with instance credentials.
	The instance credentials do not have proper permissions to run database commands as a Db2 user. To enable R‑Cloud to access the applications, select the preferred Db2 user as described in this topic, and then reassign credentials to instances so that they have proper permissions. For instructions, see Assigning credential groups.

Discovery status

Description

R‑Cloud can access discovered applications that you want to protect with instance credentials.

The instance credentials do not have proper permissions to run database commands as a Db2 user.

To enable R‑Cloud to access the applications, select the preferred Db2 user as described in this topic, and then reassign credentials to instances so that they have proper permissions. For instructions, see Assigning credential groups.

Procedure

In the Applications panel, select the applications that you want to protect.
Click Configuration.

On the Credentials tab, depending on what type of user you want to be used to run the required database commands, do one of the following:

Type of user	Instructions
Db2 instance owner	Enable the Run as Db2 instance owner switch.
Db2 user	Disable the Run as Db2 instance owner switch. Enter the name of the Db2 user with access to the applications.

Click Save.

You can later unassign the credentials from an instance or delete the instance credentials that you do not need anymore. For details, see Enabling access to data. Keep in mind that you can do this only if the discovered applications running on the instance do not have assigned policies or available restore points. Therefore, before unassigning or deleting credentials, make sure to unassign policies or mark restore points as expired.

Configuring the Db2 application backup options

Before you start protecting your Db2 applications, you can adjust application protection to the needs of your data protection environment by configuring the backup options. You can configure the backup options for a single Db2 application or for multiple Db2 applications at the same time.

Backup option Description

Backup option	Description
Back up and truncate Db2 archive logs (enabled by default)	Make sure this option is enabled if you want your Db2 archive log files to be backed up and truncated in the Db2 database automatically as part of the R‑Cloud application backup. This allows you to perform the complete recovery and the point-in-time recovery of the Db2 databases. If disabled, R‑Cloud does not back up and truncate the Db2 archive log files.
Path to temporary archive logs	The location of archive log files that should be dedicated only to the R‑Cloud data protection purposes (the point-in-time recovery). The default location is `/opt/hycu/<Db2InstanceName>`.

Back up and truncate Db2 archive logs (enabled by default)

Make sure this option is enabled if you want your Db2 archive log files to be backed up and truncated in the Db2 database automatically as part of the R‑Cloud application backup. This allows you to perform the complete recovery and the point-in-time recovery of the Db2 databases.

If disabled, R‑Cloud does not back up and truncate the Db2 archive log files.

Path to temporary archive logs

The location of archive log files that should be dedicated only to the R‑Cloud data protection purposes (the point-in-time recovery).

The default location is /opt/hycu/<Db2InstanceName>.

Prerequisites

For the point-in-time recovery, R‑Cloud requires a dedicated archive log backup location. Therefore, you must make sure that each Db2 database within a Db2 instance is configured to use the R‑Cloud archive log location that you specify as the path to the temporary archive logs. To do so, you must set the LOGARCHMETH1 or LOGARCHMETH2 database configuration parameter to the specified folder, taking into account the following:
- All the databases within the Db2 instance must use the same archive log folder.
- The specified archive log folder must be owned by the Db2 instance owner that has the 750 permissions (read, write, execute) on the archive log folder.
Only if you want to assign a specific data mover configuration to the instance on which the Db2 application is running. The data mover must have access to the application that you want to protect and to the target that stores the protected data. To ensure this, the data mover must use the appropriate subnet.

 Tip You can check under which networking parameters the application and the target are accessible in your cloud provider management console.

Consideration

By creating and assigning one or more data mover configurations, you define the location (compute and the networking details) for creating data movers during the backup.

Procedure

In the Applications panel, select one or more applications for which you want to configure the backup options.
Click Configuration.
Click the Options tab.
Set the preferred backup options.
Click Save.

Assigning a data mover configuration

If you want to define the location (compute and the networking details) for creating data movers during the application data protection tasks, you must assign a data mover configuration to the instance on which your Db2 application is running.

For instructions, see Assigning a data mover configuration.

Consideration

Only if you plan to assign a data mover configuration to the application. If the application already has a data mover configuration assigned automatically from its source, the manually assigned data mover configuration will be used for creating the data movers.

Recommendation

If you plan to use targets for storing the protected data, you can optimize the egress data costs by making sure that the data mover uses the same region as the target that stores the protected data.