IBM Guardium 9.5 VM Installation – Avoiding the Pitfalls

Abstract:

This technical article will guide the reader through a basic installation of Guardium V9.5 and focus on some of the more obvious do’s and don’ts. If nothing else, if this is your first time installing Guardium this article will save you hours of head scratching. Note that there are no easily accessible trials for IBM Guardium however the IBM Part Numbers have been referenced to ease location of the required software.

Content:

In this guide, IBM Guardium will be installed on a VMWare Virtual Machine. Guardium has some fairly high memory requirements, looking for a minimum of 16GB - however, it can be run in this demonstration environment with less.

Installation Phase 1: Preparing the Environment

Minimum System Requirements:

VMware Hardware:

  • 4 vCPU's
  • 16GB RAM
  • 48GB Disk

Software and Licenses:

  • VMWare Workstation/Player here
  • IBM InfoSphere Guardium - 64Bit Product v9.5 Multilingual Multiplatform (CN45JML)
  • IBM InfoSphere Guardium V9.5 - Collector Base Product Key Multiplatform Multilingual (CN45NML)


Before starting the software installation, we must prepare a suitable installation environment. Firstly, we must define a "blank canvas" virtualized environment and specifically choose to install the operating system later. Failure to choose this option will cause installation failure.


The collection of screen shots below shows this process and definition of the hardware specification:

Substitution: Image 1

Substitution: Image 2

Substitution: Image 3

Substitution: Image 4

Substitution: Image 5

Substitution: Image 6

Substitution: Image 7

Substitution: Image 8

Substitution: Image 9

Substitution: Image 10

Substitution: Image 11

Substitution: Image 12

Installation Phase 2: IBM Software Installer

Once the VM has been defined, we are ready to power on, which will boot from the CD and load the ISO (Guardium image) we have chosen and begin the installation.


The next collection of screens shows the various stages of the Guardium installation, this process will take 15-20mins depending on the configuration of the VM.

Substitution: Image 13

Substitution: Image 14

Substitution: Image 15

Substitution: Image 16

Substitution: Image 17

Substitution: Image 18

Substitution: Image 19

Substitution: Image 20

Substitution: Image 21

Installation Phase 3: Configuring and Licensing Guardium

Congratulations! You've (hopefully) successfully installed Guardium V9.5. At this point the system is still useless, we now need to perform some configuration of the system. Firstly log in using "cli" and the default password "guardium" (unless you changed this during the installation). You will be immediately required to change this password.

Substitution: Image 22

Once the password has been changed and you have successfully logged in as "cli" we can begin configuring Guardium.


The "cli" user is the Guardium equivalent of "root", there is no access to the underlying RHEL OS, however, IBM Technical Support can access this using the unique passkey provided on first login.


The commands listed below are what need to be configured - these have accompanying screenshots, but this list will serve as a good reference:


The following commands will configure the network interface

1.	"store network interface ip 192.168.0.101" (store network interface ip  )
2.	"store network interface mask 255.255.255.0" (store network interface mask  )
3.	"store network routes def 192.168.0.1" (store network routes def  )
4.	"store network resolver 1 192.168.0.1" (store network resolver   )
5.	"store system hostname guard95-PoC" (store system hostname  )
6.	"store system domain oninitgroup.com" (store system domain  )
7.	"restart system"

Wait for the system to restart and log in again with "cli"

The above has configured a single NIC, BRIDGE in this case. Verify the network works:

1.	"show network verify"
2.	If all looks OK, try and ping the Guardium Appliance (ping 192.168.0.101)

Optionally we could have added a second NIC - NAT perhaps; the below shows how to add a secondary network interface to Guardium

1.	"store network interface secondary on eth1 192.168.242.101 255.255.255.0 192.168.242.2" (store network interface secondary on )
2.	"restart network"
3.	Confirm all is working again using "show network verify" and ping

Lastly we need to set up NTP and the timezone

1.	"store system ntp server" - this will prompt for up to 3 ntp servers. (uk.pool.ntp.org)
2.	"store system ntp state on"
3.	"store system clock timezone Europe/London" (store system clock timezone list|) - use shift + pgup/pgdown to view the available options

Here we firstly configure the network interface along with the host and domain name - once these are configured a system restart is required.

Substitution: Image 23

Once Guardium is back up, log in and verify that the settings are correct:

Substitution: Image 24

If everything looks correct (as above) - perform a ping to a machine on the same network or the gateway.

Substitution: Image 25

We can also test a ping to the Guardium appliance from another machine which should also work. Next up we set NTP and the Timezone.

Here I have used a single NTP server ("uk.pool.ntp.org") with the option of adding multiple NTP servers.

Substitution: Image 26

To select an alternative timezone to "Europe/London" use the following command:

store system timezone list and use “shift + pgup/pgdown" to view available options.

Substitution: Image 27

Substitution: Image 28

Once the TimeZone service has been restarted - I would recommend restarting Guardium for a final time.

When it has successfully restarted, validate the NTP and TimeZone settings.

Substitution: Image 29

At this stage (and technically as soon as the network interface has been configured) you can continue to access the Guardium CLI using SSH.

Substitution: Image 30

Now we're onto the final step in this guide - licensing Guardium. This can be achieved via the CLI or the GUI, we will focus on the GUI in this example.


With Guardium running - open a browser and head to the address https://:8443 - in my example https://192.168.0.101:8443.

You will be presented with a certificate error - bypass this and click "Continue to this web page..."


Substitution: Image 31

Login with the user "admin" - which is the "GUI ADMIN" user you set the password for during the installation. Once authenticated you will be required to change your password.

Substitution: Image 33

Substitution: Image 34

Substitution: Image 35

Finally you are presented with the default admin user layout. Here we can see that Guardium is not yet licensed.

Substitution: Image 36

To license the Guardium Base software via the GUI - select "Administration Console" from the tabs at the top, followed by selecting "System"

Substitution: Image 37

Enter the Base Collect V9.5 Key and hit "Apply", you should see the number of licenses increase from 0. In this example 99999!

Substitution: Image 38

Substitution: Image 39

That's it! Guardium (Base) is now installed, configured and licensed.

Conclusion:

This article has guided the reader through a base installation of Guardium V9.5 as a "Collector", it has detailed the steps required to configure and license the software to a point where additional features can be installed.

Disclaimer:

The above is provided "as is" without warranty of any kind, either express or implied, including without limitation any implied warranties of condition, uninterrupted use, merchantability, fitness for a particular purpose, or non-infringement.