Managing the database server configuration

Use the Database Server Configuration page to configure, reconfigure, or unconfigure the database server for the IBM® Security Verify Governance virtual appliance.

About this task

The following table lists the fields for configuring or reconfiguring a database as the Identity data store. The options depend on the type of database that you configure. Database types are independent of each other. If you unconfigure the database and reconfigure a different database type, the data is retained in the original database. It is not merged with the new database.

Attention:

In a cluster environment, all nodes must use the same database. In that environment, reconfiguring, and unconfiguring can be done from the primary node only.
For Oracle, if you change the version of the LMI security protocol, and consequently also the TLS version on the Oracle database server, you must reconfigure Database Server Configuration before users can log in to Verify Governance again.
An embedded PostgreSQL database environment requires higher resource consumption than the standard external DB2 database, making it critical to increase memory and CPU allocation to ensure a stable operation of the environment. When the database is co-resident in the VA, the CPU and memory resources will be taxed additionally to provide services to the Identity Governance processes, as well as the database management processes. In laboratory tests, the CPU requirements on the VA are 2 to 3 times higher when running with PostgreSQL, versus the combined requirements of a VA and DB running with DB2. The additional memory and CPU requirements are most important in the PostgreSQL cluster scenario when data replication is enabled. Despite additional memory and CPU, the performance of this environment also falls behind that of DB2.
At this time, PostgreSQL is not recommended for mission-critical environments, or deployments where performance requirements are high.

Table 1. Options for configuring the Identity data store
Button	Data store options
Configure	Database type Select the database type from the list. To configure the database server, select one of these options. IBM DB2 Oracle (Standard) Oracle (Custom) PostgreSQL (Internal) If you select PostgreSQL, except for being required to change the number of minimum connections to 0, you need to enter no additional connection information. Host name (FQDN, IPv4, or IPv6) Specify the name of the server that hosts the data store. For example, `igidstore.example.com`. JDBC URL Specify the JDBC URL to connect with the database. For example: `jdbc:oracle:thin:@//<hostname>:<port>:<dbName>` for non-SSL. `jdbc:oracle:thin:@(DESCRIPTION(ADDRESS_LIST= (ADDRESS=(PROTOCOL=TCPS) (HOST=<hostname>)(PORT=<port>))) (CONNECT_DATA=(SERVICE_NAME=<service>)))` for SSL. Note: Specify the JDBC URL for Oracle (Custom). Port Specify the data store service port. For example, `50000`. SSL Flag the check box to configure with the database server in SSL. If you select this option, and you do not have a signer certificate for the database, another window prompts you to accept a default certificate. The window is not displayed if a certificate is already in place in the Verify Governance signer certificate store of the virtual appliance. Database name Specify the Verify Governance database name, such as `igidb`. Database User Password Specify the password for the Identity data store user ID. Note: All the database users must have the same password. If the password does not match for all the database users, a message indicates that the password is not correct for that user. If you select Oracle (Standard) or Oracle (Custom), configure these options. Oracle SID or Service name Specify the Oracle System ID (SID) or the service name to identify the database. For example, `isimdb`. Select or clear the Service name check box to manage the following aspects: If you select the check box, the value is treated as service name. If you do not select the check box, the value is treated as SID. Note: When you select Oracle (Custom) as the database type, you cannot configure these options: Port Database name Oracle SID or service name
Reconfigure	Note: Reconfiguration does not update the database schema. It configures IBM Security Verify Governance with new database details. Host name (FQDN, IPv4, or IPv6) Specify the name of the server that hosts the data store. For example, `igidstore1.example.com`. JDBC URL Specify the JDBC URL to connect with the database. For example: `jdbc:oracle:thin:@//<hostname>:<port>:<dbName>` for non-SSL. `jdbc:oracle:thin:@(DESCRIPTION(ADDRESS_LIST= (ADDRESS=(PROTOCOL=TCPS) (HOST=<hostname>)(PORT=<port>))) (CONNECT_DATA=(SERVICE_NAME=<service>)))` for SSL. Note: Specify the JDBC URL for Oracle (Custom). Port Specify the data store service port. For example, `51000`. SSL Flag the check box to configure with the database server in SSL. If you select this option, and you do not have a signer certificate for the database, another window prompts you to accept a default certificate. The window is not displayed if a certificate is already in place in the Verify Governance signer certificate store of the virtual appliance. Database name Specify the name of the IBM Security Verify Governance database. Example, `igidb`. Database User Password Specify the password for the Identity data store user ID. Note: All the database users must have the same password. If the password does not match for all the database users, a message indicates that the password is not correct for that user. If you select Oracle (Standard) or Oracle (Custom), configure these options. Oracle SID or Service name Specify the Oracle System ID (SID) or the service name to identify the database. For example, `igidb`. Select or clear the Service name check box to manage the following aspects: If you select the check box, the value is treated as service name. If you do not select the check box, the value is treated as SID.

Procedure

From the top-level menu of the Appliance Dashboard, click Configure > Manage External Entities > Database Server Configuration.
The Database Server Configuration page displays the Database Server Configuration table.
Click Configure.
In the Database Server Configuration window, specify the expected variable values.
For more information, see Table 1.
Click Save Configuration to complete this task.
Optional: To reconfigure an existing database server configuration, do these steps:
1. Before you reconfigure, create a snapshot to recover from any configuration failures. See Managing snapshots.
2. From the Database Server Configuration table, select the database configuration record, Identity data store.
3. Click Reconfigure.
4. In the Database Server Configuration window, edit the details.
  For more information, see Table 1.
5. Click Save Configuration.
  
  Note: The database server reconfiguration takes some time. Do not refresh or close the page. Wait for the reconfiguration process to complete.
Optional: To unconfigure an existing identity store, do these steps:
1. From the Database Server Configuration table, select the database configuration record, Identity data store.
2. Click Unconfigure.
3. Click Yes to confirm the deletion.