Installation Phase 3: Configuring and Licensing Guardium
Congratulations! You’ve (hopefully) successfully installed Guardium V9.5. At this point the system is still useless, we now need to perform some configuration of the system. Firstly log in using “cli” and the default password “guardium” (unless you changed this during the installation). You will be immediately required to change this password.
Once the password has been changed and you have successfully logged in as “cli” we can begin configuring Guardium.The “cli” user is the Guardium equivalent of “root”, there is no access to the underlying RHEL OS, however, IBM Technical Support can access this using the unique passkey provided on first login.The commands listed below are what need to be configured – these have accompanying screenshots, but this list will serve as a good reference:The following commands will configure the network interface
Wait for the system to restart and log in again with “cli”The above has configured a single NIC, BRIDGE in this case. Verify the network works:
Optionally we could have added a second NIC – NAT perhaps; the below shows how to add a secondary network interface to Guardium
Lastly we need to set up NTP and the timezone
Here we firstly configure the network interface along with the host and domain name – once these are configured a system restart is required.
Once Guardium is back up, log in and verify that the settings are correct:
If everything looks correct (as above) – perform a ping to a machine on the same network or the gateway.
We can also test a ping to the Guardium appliance from another machine which should also work. Next up we set NTP and the Timezone.
Here I have used a single NTP server (“uk.pool.ntp.org”) with the option of adding multiple NTP servers.
To select an alternative timezone to “Europe/London” use the following command:
store system timezone list
and use “shift + pgup/pgdown” to view available options.
Once the TimeZone service has been restarted – I would recommend restarting Guardium for a final time.
When it has successfully restarted, validate the NTP and TimeZone settings.
At this stage (and technically as soon as the network interface has been configured) you can continue to access the Guardium CLI using SSH.
Now we’re onto the final step in this guide – licensing Guardium. This can be achieved via the CLI or the GUI, we will focus on the GUI in this example.
With Guardium running – open a browser and head to the address https://:8443 – in my example https://192.168.0.101:8443
You will be presented with a certificate error – bypass this and click “Continue to this web page…”
Login with the user “admin” – which is the “GUI ADMIN” user you set the password for during the installation. Once authenticated you will be required to change your password.
Finally you are presented with the default admin user layout. Here we can see that Guardium is not yet licensed.
To license the Guardium Base software via the GUI – select “Administration Console” from the tabs at the top, followed by selecting “System”
Enter the Base Collect V9.5 Key and hit “Apply”, you should see the number of licenses increase from 0. In this example 99999!
That’s it! Guardium (Base) is now installed, configured and licensed.