Follow these instructions to replicate your Db2 for LUW database to your destination using Fivetran.
To connect your Db2 for LUW database to Fivetran, you need:
- Db2 for LUW 11.1 or above
- Your database host’s IP (e.g.,
220.127.116.11) or domain (
- Your database’s port (usually
50000for non-TLS connections or
50001for TLS connections)
Choose a connection methodlink
Decide whether to connect to your destination directly, using an SSH tunnel, or using AWS PrivateLink.
To connect directly, configure your firewall and/or other access control systems to allow incoming connections to your Db2 for LUW database host and port from Fivetran’s IP.
Connect using SSHlink
To connect using an SSH tunnel, follow these instructions.
Connect using AWS PrivateLink BETAlink
IMPORTANT: You must have a Business Critical plan to use AWS PrivateLink.
AWS PrivateLink allows VPCs and AWS-hosted or on-premises services to communicate with one another without exposing traffic to the public internet. Learn more in AWS’ PrivateLink documentation.
Follow our AWS PrivateLink setup guide to configure PrivateLink for your database.
Prepare server certificatelink
If Fivetran connects to your Db2 for LUW database directly, or if you want to connect to Fivetran through an SSH tunnel using TLS, then you must provide the server certificate that you configured with your database. The
server.arm command extracts the server certificate from your Db2 for LUW database, but the actual procedure can vary slightly depending on your installation.
$ gsk8capicmd_64 -cert -extract -db <key-store-database> -pw <key-store-password> -label <cert-label> -target "server.arm" -format ascii -fips
Create an operating system user for Fivetran.
Connect to your database as an admin user.
Execute the following SQL command to grant the Fivetran user permission to connect to your database’s transaction log. Replace
<username>with the name of your Fivetran user.
GRANT DBADM ON DATABASE TO USER <username>;
Grant read-only accesslink
Once you’ve created the Fivetran user, grant it
SELECT permission for each schema and table you would like to sync:
GRANT SELECT ON <schemaA>.<tableA> TO USER <username>; GRANT SELECT ON <schemaA>.<tableB> TO USER <username>; GRANT SELECT ON <schemaB>.<tableC> TO USER <username>;
Enable log archivelink
To keep your data up to date after the initial sync, we use the archived log files in your Db2 for LUW database. To enable log archive, run the following command from your Db2 administrator account:
$ db2 update db cfg for <database-name>> using logarchmeth1 DISK:<path-to-archived-log>
You may clean up the log archive periodically. However, you must retain all archived log files for a minimum of 1 day (Fivetran recommends 7 days).
Enable data capture changelink
Execute the following command to enable data capture change on the tables that you would like to sync:
ALTER TABLE <schemaA>.<tableA> DATA CAPTURE CHANGES; ALTER TABLE <schemaA>.<tableB> DATA CAPTURE CHANGES; ALTER TABLE <schemaB>.<tableC> DATA CAPTURE CHANGES;
- The Connecting to SSH Tunnel Test validates the SSH tunnel details you provided in the setup form. It then checks that we can connect to your database using the SSH tunnel. (We skip this test if you aren’t connecting using an SSH tunnel.)
- The Validating Certificate Test generates a pop-up window where you must choose which certificate you want Fivetran to use. It then validates that certificate and checks that we can connect to your database using TLS. (We skip this test if you aren’t connecting directly.)
- The Connecting to Database Test checks that we can access your database.
- The Validating Tables with Data Capture Change Test checks that at least one table in your database has data capture change enabled.
- The Validate Db2 Log Archive Test verifies that we can access the archived log files in your Db2 for LUW database.