Thursday, December 12, 2019

asd765 cloud 87ohhlj db2 askh security xbas chatbot

If you came here and wondered about the blog title, then read on. I plan to write about a couple of mixed, seemingly random topics. Why not express that in today's blog title...? :) It is almost end of the year and here is some news I wanted to share with you before the holidays.

Friday, November 29, 2019

New Db2 Fix Packs and Mod Packs available

A quick update: Over the past few days, new fix packs and mod packs for Db2 became available. The page "Download DB2 Fix Packs by Version" lists Db2 11.1.4.5 as the most recent fix pack. The related Mod Pack and Fix Pack Updates page in the Db2 Knowledge Center for version 11.1 has details.

Although the overview page lists Db2 11.5 GA as most recent, the page Mod Pack and Fix Pack Updates for 11.5 reveals new container-only Db2 Mod Pack releases.

Tuesday, November 26, 2019

ETL in the cloud using SQL Query and Db2

From COS to Db2 using SQL
The SQL Query service on IBM Cloud allows to process data stored on Cloud Object Storage (COS) by writing SQL queries. So far, results were either shown in the console and / or written back to files on COS. Thus, I was happy to notice a new feature: Query results can now be written back to Db2 tables (on cloud). From my tests both Db2 on Cloud and Db2 Warehouse on Cloud are supported.

Thursday, November 7, 2019

Control your database encryption keys for Db2 on Cloud

Db2 master key managed by IBM Cloud Key Protect
Since Db2 10.5 I have blogged a couple of times about the native database encryption built into Db2. Today, I want to show you how easy it is to take control of the database encryption keys for Db2 on Cloud. All Db2 database on IBM Cloud are encrypted by default, but with a system encryption key. You can increase data security even further by using your own encryption key (BYOK - bring your own key). Want to know how? Read on...

Friday, October 18, 2019

My passwordless app on IBM Cloud thanks to FIDO2

Passwordless login for cloud app
In my recent post I discussed how I could use a FIDO2 dongle as second factor for an app on IBM Cloud. Today, I want to give you an update because I managed to go passwordless. With the latest October update Cloud Identity started to offer passwordless login with either FIDO2 or QR code (using the IBM Verify app). I put that to a quick test for my secure file storage app. Here is what I did to go passwordless.

Monday, October 7, 2019

Quick notes on using FIDO2 security keys on Linux

Using FIDO2 keys for 2FA
Most of you know that I am using a Linux laptop. Thus, experimenting with FIDO2 hardware security keys as discussed in the earlier blog post requires some extra setup. But fortunately, most steps are documented somewhere and can be easily found. Here is my writeup for my own benefit...

Using your FIDO2 key for 2FA on IBM Cloud apps

Architecture: End-to-end security
Last week I read the blog on how to protect cloud apps with App ID by using the IBM Cloud Identity user directory. That blog discusses how to configure IBM Cloud Identity as SAML-based identity source for IBM Cloud App ID. Because Cloud Identity supports FIDO2 devices for second factor authentication (2FA) as beta feature, I wanted to test how easy it is to use my USB FIDO2 devices for securing my web apps. For that purpose I picked the app from the solution tutorial discussing end-to-end security for an application on IBM Cloud. App ID is part of the solution architecture (see the diagram).

Friday, October 4, 2019

New tutorial discuss how to enhance cloud app security

Recently, I wrote a new tutorial as part of the IBM Cloud solution tutorials. Have you already developed and deployed an application on IBM Cloud? Then, may be, you followed the introductory tutorial on how to apply end-to-end security to an application. Following "security by design," you are now starting to look into the design of a new application, or perhaps you need to adapt an older application to new security requirements. If that is the case, the new tutorial on how to enhance the security of your deployed application is exactly right for you.

An existing solution is extended for enhanced security

Isolate resources

One of the fundamental principles of cloud computing is the sharing of resources. This could be the sharing of a machine—applications from many users running on the same computer—or just sharing the data center and parts of the infrastructure.
In the new tutorial, you'll learn how you can isolate runtime environments, network traffic, and stored data to increase application security. Some options include the use of dedicated resources or virtual private clouds.

Hyper-protect your data

Almost all services on IBM Cloud that store data use encryption to protect the data against unauthorized access. When using database services or object storage, by default, the encryption key is system-generated. You can increase data protection by controlling the encryption keys. IBM Key Protect and Hyper Protect Crypto Services help you provision encrypted keys for storage services as well as apps.

In the new tutorial, you learn how to control and even bring your own encryption keys. You also find out about the LinuxONE-based Hyper Protect services on IBM Cloud. They provide an extra layer of protection and the highest level of isolation.

Evaluate and monitor app security

Events related to IBM Cloud account activities—such as logging in or provisioning a service—are logged to Activity Tracker with LogDNA. In the tutorial, you learn how to enhance your app to send security or audit messages and integrate them across the stack. Use security advisors and set up notifications to stay ahead and informed.

Get started with the tutorial

The tutorial on how to enhance security of your deployed application is part of the IBM Cloud solution tutorials. It helps you learn about enhanced data encryption options, isolate your application runtime for extended security, and use activity logs and security advisors to evaluate app security.

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.

Wednesday, October 2, 2019

Trip report: Sustainability management and reporting


UN Sustainable Development Goals

Last Friday, I attended the annual conference of the Bodensee Innovation Cluster for digital change (changes due to digitalization). The conference had several interesting talks and included workshops. Let me give you a quick overview of the innovation cluster, then delve into the sustainability topic which was part of the conference.

Friday, August 30, 2019

Updated: Cloud App Security - an introduction

IBM Cloud offers security services
Two years back, I had created two blog articles providing an introduction to cloud app security with an overview of topics, then discussing details on how to implement those security requirements with (then) Bluemix services. Recently, I had some time to update look into cloud app security again, adapt my previous write-up to the current state of (now) IBM Cloud. You can read it on the IBM Cloud blog as "Cloud App Security: What Makes a Secure App?".

Happy reading! If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.

Monday, August 19, 2019

Track API key usage by combining IBM Cloud IAM and LogDNA search

Which key is still in use...?
Recently, I blogged about tracking account activity from the command line. I showed you how to search IBM Cloud Activity Tracker with LogDNA records using a Python script. Today, I discuss how to combine the IAM Identity Services API with the LogDNA search to track usage of API keys. The goal is to find out whether API keys for a user or service ID were recently used. If they were not used for long, they might be up for deletion.

Offboarding on IBM Cloud: Considerations when removing a user

Only authorized persons have access
Over my past blog posts I have looked into how to rotate credentials in different compute environments. I looked at Cloud Foundry on IBM Cloud, Cloud Functions and Kubernetes. The background is that I wanted to understand what it takes to maintain security during the regular DevSecOps cycles and when someone in the team leaves. The latter often is called offboarding.

Monday, August 12, 2019

Get some REST with Db2

Db2 has a REST API
Many of the IBM Cloud services have a REST API, an overview of REST APIs is here in the IBM Cloud docs. Recently, I realized that I had not yet tried the Db2 on Cloud API and the API for Db2 Warehouse on Cloud. Thus, last Friday I took some time to test out some code using one of my Db2 instances on IBM Cloud. Here is what you need to get started....

Wednesday, August 7, 2019

Track it from the command line: Search audit events in LogDNA using Python

Take a look at security logs
Earlier this year, IBM and LogDNA announced an integrated offering Activity Tracker with LogDNA. It allows to manage and search activity events in LogDNA instances on IBM Cloud. There are IAM, account management and all kinds of service instance events that can be tracked. Viewing the events is typically done in the LogDNA UI. I, however, want to perform searches on the command line and integrate it with Cloud Functions. In this article, I discuss the small tool that I wrote the search the activity logs and export them.

Thursday, August 1, 2019

Use a Delivery Pipeline to rotate credentials

Job in Delivery Pipeline to rotate keys
In my recent posts I touched on updating credentials for solutions deployed on IBM Cloud Functions or using Cloud Foundry on IBM Cloud. Today, I am showing you how to rotate API keys and passwords for a containerized solution on IBM Kubernetes Service that makes use of a delivery pipeline (devops). I am going to use the app discussed in the tutorial on how to apply end to end security to a cloud application.

Thursday, July 18, 2019

Rotate service credentials for Cloud Foundry apps on IBM Cloud

Keep your cloud environment secure
A popular PaaS (Platform as a service) technology is Cloud Foundry. On IBM Cloud, it is available both as public Cloud Foundry instances in multiple regions as well as Cloud Foundry Enterprise Environment (CFEE). Using Cloud Foundry for app development and production has many benefits. Personally, I like the ease of use and how services can be integrated with apps. When you search for my older Bluemix-related blog entries, you will notice that I had (and still have) fun using Cloud Foundry, including my attempts to catch a chocolate thief or testing the hybrid world early on. Similar to my recent blog on rotating credentials when working with IBM Cloud Functions, today, I want to discuss how to bind services and rotate their credentials in a Cloud Foundry environment.

Wednesday, July 17, 2019

Rotating service credentials for IBM Cloud Functions

Keep your service keys secret
If you have followed some of my work, you know that I use IBM Cloud Functions, i.e., a serverless approach, for many projects. The tutorials with a database-driven (Db2-backed) Slackbot and the GitHub traffic analytics are such examples. In this blog post, I want to detail some of the security-related aspects. This includes how to share service credentials (think of a database username and password) with a cloud function and how to rotate the credentials.

Friday, June 28, 2019

New! Db2 11.5 is available

Db2 11.5 is available
A quick post to inform you that Db2 11.5 has been released. Check out the What's New for Db2 Version 11.5 GA section in the Db2 Knowledge Center. You can download the GA version from the regular Download Db2 Fix Packs by Version site.


With a new release I typically go over the What's changed documentation to look for changes to registry variables, system views and deprecated functionality.


So much for the quick update. If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.

Wednesday, June 12, 2019

After IDUG is before IDUG: Back from Db2 conference in Charlotte, NC

Last week the IDUG NA 2019 was held in Charlotte, NC. It featured 8 parallel tracks dedicated to Db2 for z/OS and Db2 for LUW and emerging technologies. In addition, two tracks for hands-on labs and workshops were offered. Personally, I delivered three presentations, moderated and attended sessions, and was active on Twitter. So what was on? Continue after the snap of Twitter photos from last week.
Twitter photo feed from IDUG NA 2019

Tuesday, May 7, 2019

Cloud-based FIPS 140-2 Level 4 crypto service

Locks, keys, and data security
Yesterday, I got my hands on a FIPS 140-2 Level 4 cloud-based crypto service. If you are asking "what's that and what can I do with it?" you should continue to read. It is a dedicated HSM (Hardware Security Module) to manage encryption keys and offered as IBM Hyper Protect Crypto Services on IBM Cloud (HPCS). Here is what I learned while using the service.

Friday, May 3, 2019

Your chatbot with Watson Discovery News

Some months back I introduced you to a barebone news chatbot. Today, with the updated tutorial to build a database-driven chatbot in place, I want to show you how to easily combine Watson Assistant with Watson Discovery. Watson Assistant already provides steps to deploy an integrated search skill which is based on Watson Discovery. My approach is similar to the database integration: Deploy a cloud function and invoke it from the dialog.

Saturday, April 27, 2019

Db2: SQL-based explain and printed acccess plan

Vote for this Db2 idea
This Friday in Munich, I gave a talk about the new native JSON functions in Db2 at the German Db2 user group (DeDUG) meeting. To speed up queries and to enforce uniqueness or some structural rules, Db2 functional indexes can be used with the new JSON_VALUE. As usual for some prototyping, I utilized a Jupyter Notebook for my presentation. Now, how to demonstrate that indexes are really used? Show the access plan! But how in a notebook?

Wednesday, April 24, 2019

Updated tutorial: Database-driven chatbot

If you want to build a chatbot that gets its content from a database, there is a good news. The existing tutorial “Build a database-driven Slackbot” was just updated to adapt to latest features of IBM Watson Assistant. First, define a skill that reaches out to a database service like Db2. Thereafter, use the built-in integrations to easily tie in the assistant with Slack, Facebook Messenger, embed the chatbot into your own application or use the WordPress plugin.

Architecture of database-driven chatbot

Monday, March 25, 2019

Running Db2 Developer-C as Docker container

Container: Db2 the easy way
Last week I wanted to start testing some new Db2 features without going through the steps of installing that Db2 version. I turned to my local Docker installation, issued a single command and had Db2 up and running. Quite interesting, that command downloaded Db2, installed it, created a sample database. Here are the details.

Db2 Developer-C Edition as Docker Image

IBM provides a free Db2 edition, Db2 Developer-C Edition. It can be installed and used as Docker container, see here the Db2 Developer-C Edition in the Docker store. Once you have added it to your basket and checked out, you can download it and get information about how to configure it. Basically, only few values need to be set in an environment file (see db2_env_list below).

After adapting the environment file, I invoke the script (with a single command) to run Db2 on docker. If not downloaded yet, it obtains the container image, starts it, sets it up:

docker run -h db2server_ --name db2server --detach \
--privileged=true \
-p 50000:50000 -p 55000:55000 \
--env-file db2_env_list \
-v /home/hloeser/progs/db2:/database \
store/ibmcorp/db2_developer_c:11.1.4.4-x86_64


Thereafter, I can connect to Db2 using the usual tools and SDKs.

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.

Monday, February 25, 2019

Digital ethics, trusted AI and IBM

Last week I gave a talk followed by a discussion at a university. The presentation was about the current state of Artificial Intelligence (AI) and AI research topics. A good chunk of the discussion was dedicated to fairness, trust and digital ethics. In the following, I am sharing some of the related links.

IBM Research has a site dedicated to  AI. On that, a section provides insight into topics on what they call Trusted AI. On the main IBM site is also a portal Trusted AI for Business, providing an introduction and overview for the non-research crowd. If you are interested and want to try out and learn about few problems hands-on, I recommend these links:

IBM experts are part of many public panels, workgroups and commissions. In Germany, there is the Enquete-Kommission "K√ľnstliche Intelligenz - Gesellschaftliche Verantwortung und wirtschafliche, soziale und √∂kologische Potenziale". On the European level, it is the EU High-Level Expert Group on Artificial Intelligence.

Finally, as a showcase of current AI capabilities, I recommend this video of IBM Project Debater and the live debate at Think 2019. A short video explains how Project Debater works:


If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.

Friday, February 8, 2019

Startup lessons from a Fuckup Night

Last Wednesday, I attended the Fuckup Night Friedrichshafen Vol. II. If you don't know, Fuckup Nights is a global movement and event series dedicated to professional failures. That is, usually founders of failed startups tell their stories. Typically, it is a mix of funny adventures into the world of business, some sad parts and most importantly some lessons learned. So what were the lessons I took away? Read on...

Thursday, January 31, 2019

Enterprise digitalization and cybersecurity: How companies struggle

Cybersecurity Workshop at Zeppelin University
Last Friday, 25.01.2019, I attended the Cybersecurity workshop of the "Bodensee Innovationscluster Digitaler Wandel" (digitalization). The innovation cluster is organized by the Zeppelin University in Friedrichshafen. It tries to bring together companies from the wider Lake Constance region that are impacted by digitalization. The researchers have identified four topics that will be addressed:

Monday, January 21, 2019

Hello again, Davos, AI ethics, cybersecurity, Db2 events and IBM Cloud

Hello, here I am again after a while. I hope you had a good start into 2019. I enjoyed being offline for a while, then got busy with not much time to blog. So, here is a roundup of things going on.