Adding encryption software script packages

Using the console, upload your encryption product installation and configuration files to create new encryption software script packages that you can add to classic virtual system patterns. When you deploy your pattern, the encryption product is installed and configured to encrypt the data stored on disk for your classic virtual system patterns.

Before you begin

To complete this task, you must either have the Create new catalog content role and be granted all access to the script package, or have the Workload resources administration role with Full permission.

Before creating a new script package, verify if any previously created script packages in the catalog already meet your needs. You might also be able to clone an existing script package and modify it for your needs before creating a new one.

You should already have obtained an encryption software package from IBM Fix Central, approved for use in the Cloud Pak System environment. You might be required to purchase a license if you have not done so already.

This encryption software package should include a pair of compressed files in .zip or .tgz (.tar.gz) format:
  • An installation package, that includes binary files, scripts, and other artifacts needed to install and configure the encryption software product to run in your virtual machine environment.
  • A configuration package, that includes scripts and other artifacts needed to configure the parameters for encrypting the classic virtual system pattern data stored on disk.

These compressed files are uploaded into Cloud Pak System and used as input to create a pair of encryption software script packages.

About this task

You will create a pair of script packages, one that contains the main executable file and associated artifacts for installing the encryption software product, and the other for configuring encryption parameters (such as paths to include for, or exclude from, encryption) to be applied in your deployed environment. You can configure and customize various parameters as needed, and then add your new script packages to the catalog, where they will be available for later inclusion in your classic virtual system patterns.
Note: Some encryption products might offer the option to use an encryption policy instead of script packages. This encryption policy option is not supported for encrypting classic virtual system patterns in Cloud Pak System.

However, if you promote a classic virtual system pattern that has been configured for encryption by using the script package option to a virtual system pattern, you must modify the newly promoted virtual system pattern to replace the encryption script packages with the encryption policy option before you can deploy the new pattern.

Procedure

  1. Click Catalog > Script Packages.
  2. Click Create New.
    The Import Script Package dialog is displayed.
  3. Browse to the installation package that includes binary files, scripts, and other artifacts needed to install and configure the encryption software product to run in your virtual machine environment, and select it.
  4. Click Import.
    The script package is created and added to the catalog.
  5. Configure the script package by providing information as needed in the fields on the Script Packages pane.

    See the related links for details about how to configure the fields on this page.

    If your compressed file includes a cbscript.json object file, many of these configuration fields are automatically completed when you upload the compressed file. You can modify these fields after completing the upload as needed. For more information about configuring script packages by using the cbscript.json object file, see the related links.

    The compressed file that you upload might also include one or more license agreements that become part of the script package. You must accept all license agreements in the script package before you can deploy a classic virtual system pattern with the script package. For more information about accepting license agreements, see the related links.

    In the Executes field, be sure to select at virtual system instance creation to have the encryption software installation script execute when the virtual system has finished starting during the initial creation.

  6. When you complete the configuration for the script package, the script package is saved in the catalog.
    Continue with this same process to create the second script package for configuring your encryption settings in your classic virtual system environment.
  7. Click Create New.
    The Import Script Package dialog is displayed.
  8. Browse to the configuration package that includes scripts and other artifacts needed to configure the parameters for encrypting the classic virtual system pattern data stored on disk, and select it.
  9. Click Import.
    The script package is created and added to the catalog.
  10. Configure the script package by providing information as needed in the fields on the Script Packages pane.

    Again, many of the fields are automatically completed with parameter information in the cbscript.json object file. Modify these fields after completing the upload as needed. Be sure to accept any license agreements that might be required.

    In the Executes field, be sure to select at virtual system creation and when I initiate it to have the encryption software configuration script execute when the virtual system has finished starting during the initial creation, and also to be available to be started manually in the virtual machine. This ensures that when you want to change your encryption configuration settings, the script is available to run as many times as needed.

    If you intend to make changes in your encryption configuration settings after deployment, such as changing the file system paths that are being protected by encryption, you should also set the Save parameters after execution option to Yes.

What to do next

You can now associate these encryption software script packages with a classic virtual system pattern. For more information about associating encryption script packages with classic virtual system patterns, see the related links.