encryption

Informix Storage and Backup Encryption

Abstract

GDPR is causing many companies to revise their policies regarding data privacy, and encrypting data may help meet some of the requirements. Fortunately, storage space (dbspace) encryption (otherwise known as "Encryption at rest" or EAR) is a very easy-to-use feature available in all Informix Dynamic Server (IDS) editions since version 12.10.xC8. No application changes are required.

This should be combined with encryption of backups – both archives and logical logs – whether created via "onbar" or "ontape":

  1. Prior to IDS 10, this had to be performed after backup files had been created.
  2. IDS 10 allowed backup or restore via any pipe with "ontape -t STDIO", but only for archives.
  3. From IDS 11, configuration parameters exist to pass all backups and restores through specified filter commands, which is ideal for in-line compression and encryption.

This article explains the steps involved in implementing both storage and backup encryption (using method 3 above) on supported IDS versions.