Downloading the Podman container

Edit online

To deploy a Guardium® External S-TAP® (Software TAP) monitor, you first need to download the IBM® Guardium External S-TAP container from the IBM Cloud Container Registry (icr.io). Deploy the container onto the machine (real, virtual, or cloud) that serves as the External S-TAP host.

Before you begin

  1. Make sure that a Linux® environment is available for External S-TAP host. For the External S-TAP, Podman must be installed and running under Linux.
  2. For SSL-enabled database, make sure that you install External S-TAP with the appropriate security certificates as described in SSL certificates for External S-TAP. If your environment is not SSL-enabled, you can skip this step.

Procedure

  1. If your site does not provide Podman, install Podman on the External S-TAP host. For more information, see Get Podman.
  2. Use skopeo to list the available docker tags for Guardium External S-TAP in the IBM Cloud Container Registry (icr.io).
    The following example shows the command to list the available docker tags:
    skopeo list-tags docker://icr.io/guardium-insights/guardium_external_s-tap
    The skopeo command returns a list of all available tags for External S-TAP as shown in the following example:
    myname:~$ skopeo list-tags docker://icr.io/guardium-insights/guardium_external_s-tap 
{ "Repository": "icr.io/guardium-insights/guardium_external_s-tap", 
"Tags": [ 
    "cpd-3.5-deploy-11.2.1-34", 
     . . .
    "v11.2.0-deploy-3.5-16", 
    . . .
    "v11.4.0", 
    "v11.4.1", 
    . . .
    "v11.5.0", 
    "v11.5.1"
   "v11.5" 
   ] 
} 
myname:~$
  3. Find and copy the appropriate podman pull command.
    Tip: The container for the latest version of each Guardium release is available from the vx.x tag for that release. For example, for Guardium 12.1, copy podman pull from the v12.1 tag.
  4. Use the podman pull command to download the Podman container into your environment.
    For example, to pull the latest External S-TAP image, use the following command:
    podman pull icr.io/guardium-insights/guardium_external_s-tap:v11.5

    For more information about using the skopeo command and accessing icr.io, see https://www.ibm.com/support/pages/node/6618197.

    To deploy to an internal repository: If your Podman host machine does not have access to the internet, create an internal repository on which to store the Podman containers. One method to create an internal repository is to use multiple steps, for example:
    1. Configure a host to run a local (private) Podman registry. For more information, see Deploy a registry server.
    2. For the host to contact both the local Podman registry and icr.io, on that host, pull the External S-TAP Podman image from icr.io. Then, push the External S-TAP Podman image to the local Podman registry.
    3. After the image is in the local registry, you can deploy the External S-TAP containers on a host that has access to that registry.

What to do next

After you download the External S-TAP Podman container, you can do one of the following tasks:
  • Deploy the container onto the Podman host machine.
  • Create the security certificates to help ensure that your system remains secure.

For more information, see External S-TAP deployment scripts or SSL certificates for External S-TAP.