3.1.8 Set Maximum Connection Limits (MAX_CONNECTIONS and MAX_COORDAGENTS)

Information

The MAX_CONNECTIONS parameter indicates the maximum number of client connections allowed per member. It is recommended that this parameter be set without the AUTOMATIC setting. The AUTOMATIC setting means for the value to grow unconstrained, and a value of -1 means to use the same value as MAX_COORDAGENTS.

The MAX_COORDAGENTS parameter equals the maximum number of agents needed to perform connections to the database or attachments to the instance. The AUTOMATIC setting means for the value to grow unconstrained.

The MAX_COORDAGENTS parameter should be set to a fixed value without the AUTOMATIC setting. The exact value is highly dependent on business requirements for simultaneous connections. For example, if only a single application with a connection pool of 10 connections will connect to the database server, a much smaller value may be appropriate than a database server that expects to have hundreds of simultaneous connections. These examples will use a value of 200.

Ensure that dependent parameters, such as MAXAPPLS, are set less than or equal to the MAX_CONNECTIONS parameter. As instance parameters, MAX_CONNECTIONS and MAX_COORDAGENTS govern all databases within the instance, and thus the summation of MAXAPPLS value for all databases must be considered.

Rationale:

By default, Db2 allows an unlimited number of users to access the Db2 instance. In addition to giving access to the Db2 instance to authorized users only, it is recommended to set a limit to the number of users allowed to access a Db2 instance. This helps prevent denial of service conditions should an authorized process malfunction and attempt many simultaneous connections.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

The default value for MAX_COORDAGENTS is AUTOMATIC(200). Allowable range is 1 to 64,000. The recommended value is 200, without the AUTOMATIC setting. The value of 200 is used as an example and is dependent on workload as discussed in the Description.
The default value for MAX_CONNECTIONS is set to AUTOMATIC(-1). Allowable range is 1 to 64,000, or -1 for matching the value of MAX_COORDAGENTS. The recommended value is -1 without AUTOMATIC. It is also acceptable to have a value for MAX_CONNECTIONS that is greater than MAX_COORDAGENTS, such as 300, in order to turn on the Concentrator feature.
Generally, both MAX_COORDAGENTS and MAX_CONNECTIONS should be configured within the same statement, otherwise the error SQL6112N may be encountered. The following command will set the MAX_COORDAGENTS to 200, as well as set the MAX_CONNECTIONS to -1.

Attach to the Db2 instance

db2 => attach to <db2instance>

Run the following command:

db2 => update database manager configuration using max_coordagents 200 max_connections -1

See Also

https://workbench.cisecurity.org/benchmarks/10752

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Windows

Control ID: 192286e6d7efb01ecba8157a58317f85e2b14306909fcac5b62120e7ec745cf4