T3.2: Connects to InterSystems IRIS

Knowledge Review - InterSystems IRIS Development Professional

1. Configures secure JDBC connections

Key Points

  • Connection URL format: jdbc:IRIS://host:port/namespace with optional security parameters
  • IRISDataSource method: Preferred approach using com.intersystems.jdbc.IRISDataSource
  • Connection security levels: 0=Password, 1=Kerberos, 2=Kerberos+Integrity, 3=Kerberos+Encryption, 10=TLS
  • TLS configuration: Set ssl=true in URL or connectionSecurityLevel=10 in DataSource
  • Authentication options: Username/password, Kerberos, or OAuth access tokens

Detailed Notes

Overview

InterSystems IRIS provides robust JDBC connectivity through the InterSystems JDBC driver, which supports both standard and secure connection methods. The basic JDBC connection URL follows the format jdbc:IRIS://host:port/namespace, where host is the IP address or FQDN, port is the SuperServer port (default 1972), and namespace is the target IRIS namespace.

IRISDataSource Method (Preferred)

  • Class: com.intersystems.jdbc.IRISDataSource provides comprehensive control over connection parameters
  • Key Methods: setServerName(), setPortNumber(), setDatabaseName(), setUser(), setPassword()
  • Security Level: setConnectionSecurityLevel() accepts values from 0 to 10

Connection Security Levels

  • Level 0: Basic password authentication
  • Levels 1-3: Kerberos authentication modes (authentication only, with packet integrity, or with encryption)
  • Level 10: TLS/SSL encryption for the entire connection

TLS Configuration

  • URL Parameter: Include ssl=true in the connection URL
  • DataSource Method: Call setConnectionSecurityLevel(10)
  • Certificate Requirements: Client application must have access to appropriate certificate files and trust stores
  • Java Keystores: The JDBC driver supports standard Java keystore and truststore configurations through system properties or connection parameters
  • Validation Control: Use sslServerName property to control certificate validation behavior

Alternative Connection Methods

  • DriverManager: Use with a Properties object containing connection parameters
  • URL Format: jdbc:IRIS://host:port/namespace/logfile:eventclass:nodelay:ssl for specifying security options directly

Best Practices

  • Credentials: Never hardcode credentials
  • Connection Pooling: Use IRISConnectionPoolDataSource for pooled connections
  • Statement Pooling: Enable for performance
  • Exception Handling: Implement proper handling for connection failures
  • Security Level: Always use the highest appropriate security level
  • Certificate Validation: Validate server certificates in production
  • Credential Rotation: Implement rotation policies

Documentation References

2. Configures secure ODBC connections

Key Points

  • DSN configuration: Use ODBC Data Source Administrator (Windows) or odbc.ini files (UNIX)
  • Connection methods: Registry DSN, File DSN, or DSN-less connection strings
  • Security levels: Password, Password with SSL/TLS, or Kerberos authentication
  • TLS setup: Requires Authentication Method=2, Security Level=10, and SSL configuration file
  • Platform differences: Windows uses Registry, UNIX uses initialization files and odbcinst utility

Detailed Notes

Overview

InterSystems IRIS ODBC connectivity supports ODBC 3.5 standards and provides flexible configuration options for both Windows and UNIX platforms. ODBC connections require configuring a Data Source Name (DSN) that contains connection details including the server location, port, namespace, and authentication credentials.

Platform-Specific Configuration

  • Windows: DSNs stored in Windows Registry under HKLM\SOFTWARE\ODBC, created using ODBC Data Source Administrator utility
  • UNIX: DSNs defined in initialization files (commonly odbc.ini), registered using odbcinst command-line utility
  • Driver Managers: InterSystems supports both iODBC and unixODBC on UNIX platforms

ODBC Connection Architecture

  • Client Application: Makes ODBC API calls
  • ODBC Driver Manager: Routes calls to the appropriate driver
  • InterSystems ODBC Client Driver: Communicates with the IRIS server
  • IRIS Database: Processes the requests

Connection Methods

  • Standard DSN: Stored in registry or initialization file
  • File DSN: Stored as text file with .dsn extension
  • DSN-less: Connection string embedding all parameters directly in SQLDriverConnect calls

Authentication Options

  • Password: Basic username/password authentication
  • Password with SSL/TLS: Encrypted connection
  • Kerberos: Authentication only, packet integrity, or full encryption options

TLS Configuration Requirements

For TLS-enabled connections, three critical parameters must be configured:

  • Authentication Method: Must be set to 2
  • Security Level: Must be set to 10
  • SSL Server Name: Must reference a named configuration in the TLS configuration file

UNIX TLS Configuration Files

  • odbc.ini: DSN entry specifying TLS parameters
  • odbcssl.ini: Defines actual TLS configuration (path specified in ISC_SSLconfigurations environment variable)

Key TLS Settings

  • CAFile: Certificate authority certificates for server verification
  • CertFile: Client certificate
  • KeyFile: Client private key
  • Protocols: Supported TLS versions
  • VerifyPeer: Enable/disable certificate verification

Security Considerations

  • Password Storage: Never store passwords in plaintext in DSN configurations
  • Certificate Validation: Use appropriate certificate validation
  • Kerberos: Implement when domain authentication is available
  • TLS Versions: Ensure protocol versions meet organizational security policies
  • OAuth Alternative: Connection strings can include ACCESSTOKEN parameter instead of username/password

Documentation References

Exam Preparation Summary

Critical Concepts to Master:

  1. JDBC Connection URL Structure: Understand the format jdbc:IRIS://host:port/namespace and optional parameters
  2. IRISDataSource vs DriverManager: Know when to use IRISDataSource (preferred) versus DriverManager
  3. Connection Security Levels: Memorize the numeric values (0=Password, 1-3=Kerberos variants, 10=TLS)
  4. ODBC DSN Types: Distinguish between Registry DSN, File DSN, and DSN-less connections
  5. TLS Configuration Requirements: Understand the three required settings (Authentication Method=2, Security Level=10, SSL Server Name)
  6. Platform Differences: Know Windows uses Registry/Administrator GUI, UNIX uses odbc.ini/odbcinst
  7. Security Best Practices: Never store passwords in plaintext, use appropriate certificate validation

Common Exam Scenarios:

  • Configuring a secure JDBC connection using IRISDataSource with TLS
  • Creating an ODBC DSN on Windows using the Data Source Administrator
  • Setting up TLS-enabled ODBC connections on UNIX with odbcssl.ini configuration
  • Troubleshooting connection failures related to security level misconfigurations
  • Converting between DSN and DSN-less ODBC connection approaches
  • Implementing Kerberos authentication for enterprise environments
  • Using OAuth access tokens in ODBC connection strings

Hands-On Practice Recommendations:

  • Create JDBC connections using both IRISDataSource and DriverManager methods
  • Configure ODBC DSNs on both Windows and UNIX platforms
  • Set up TLS-enabled connections for both JDBC and ODBC
  • Practice writing connection strings for DSN-less ODBC connections
  • Test different connection security levels and observe authentication behavior
  • Configure Kerberos authentication with Service Principal Names
  • Implement connection pooling with IRISConnectionPoolDataSource
  • Review certificate files and TLS configuration parameters
  • Use Test Connection buttons in ODBC Administrator to validate configurations
  • Practice reading JDBC and ODBC connection error messages for troubleshooting

Key Differences Between JDBC and ODBC:

  • Configuration: JDBC uses programmatic configuration or URL parameters; ODBC uses DSN files/registry
  • Security Setup: JDBC sets connectionSecurityLevel property; ODBC uses Authentication Method + Security Level fields
  • Platform Tools: JDBC is Java-specific with consistent tools; ODBC has platform-specific tools (Administrator vs odbcinst)
  • TLS Files: JDBC uses Java keystores; ODBC uses odbcssl.ini configuration with separate certificate files
  • Connection Pooling: JDBC uses IRISConnectionPoolDataSource; ODBC connection pooling managed by driver manager

Connection Security Level Quick Reference:

Essential Connection Parameters:

  • host/ServerName: IP address or FQDN
  • port/PortNumber: SuperServer port (default 1972)
  • namespace/DatabaseName: Target namespace
  • user/User: Username (default _SYSTEM)
  • password/Password: User password
  • connectionSecurityLevel: Security mode (0-10)
  • Host IP Address: Server location
  • Host Port Number: SuperServer port
  • Namespace: Target namespace
  • User Name: Username
  • Password: User password
  • Authentication Method: Security type
  • Security Level: Encryption level
  • SSL Server Name: TLS configuration reference (for TLS mode)

Report an Issue