Adding encryption software script packages

Upload your encryption product installation and configuration files to create new encryption software script packages that you can add to virtual system patterns.

Before you begin

When you deploy your pattern, the encryption product is installed and configured to encrypt the data stored on disk for your virtual system pattern.

To complete this task, you must either have the Create new catalog content role and be granted all access to the script package, or have the Workload resources administration role with full permissions.

Before creating a new script package, verify if any previously created script packages in the catalog already meet your needs. You might also be able to clone an existing script package and modify it for your needs before creating a new one.

You should already have obtained an encryption software package from IBM Fix Central, approved for use in the Cloud Pak System Software for Power® environment. You might be required to purchase a license if you have not done so already.

This encryption software package should include a pair of compressed files in .zip or .tgz (.tar.gz) format:
  • An installation package, that includes binary files, scripts, and other artifacts needed to install and configure the encryption software product to run in your virtual machine environment.
  • A configuration package, that includes scripts and other artifacts needed to configure the parameters for encrypting the virtual system pattern data stored on disk.

These compressed files are uploaded into Cloud Pak System Software for Power and used as input to create a pair of encryption software script packages.

About this task

You will create a pair of script packages, one that contains the main executable file and associated artifacts for installing the encryption software product, and the other for configuring encryption parameters (such as paths to include for, or exclude from, encryption) to be applied in your deployed environment. You can configure and customize various parameters as needed, and then add your new script packages to the catalog, where they will be available for later inclusion in your virtual system patterns.

Procedure

  1. Click Catalog > Script Packages.
  2. Click the New icon in the toolbar.
  3. In the Script name field, type a unique name for the new script package that will be used for installing the encryption product.
    This name is used as the identifier for the new script package that you are adding to the catalog.
  4. Click OK.
    The script package is created and initially populated with default values. The name of the script package is displayed in the list of available script packages, and the default information is displayed in the pane.
  5. Optional: In the Description field, add a text description to help identify the purpose of script package.
  6. Configure the script package by providing information as needed in the fields on the Script Packages pane.

    See the related links for details about how to configure the fields on this page.

    Typically, your first action is to upload the compressed file that contains your main executable file and associated artifacts needed to install and configure the encryption software product to run in your virtual machine environment. If your compressed file includes a cbscript.json object file, many of these configuration fields are automatically completed when you upload the compressed file. You can modify these fields after completing the upload as needed. For more information about configuring script packages by using the cbscript.json object file, see the related links.

    The compressed file that you upload might also include one or more license agreements that become part of the script package. You must accept all license agreements in the script package before you can deploy a virtual system pattern with the script package. For more information about accepting license agreements, see the related links.

    In the Executes field, be sure to select at virtual system instance creation to have the encryption software installation script execute when the virtual system has finished starting during the initial creation.

  7. When you complete the configuration for the script package, the script package is saved in the catalog.
    Continue with this same process to create the second script package for configuring your encryption settings in your virtual system environment.
  8. Click the New icon in the toolbar.
  9. In the Script name field, type a unique name for the new script package that will be used for configuring the encryption product to encrypt the data for your virtual system pattern.
  10. Click OK.
    The script package is created and initially populated with default values. The name of the script package is displayed in the list of available script packages, and the default information is displayed in the pane.
  11. Optional: In the Description field, add a text description to help identify the purpose of script package.
  12. Configure the script package by providing information as needed in the fields on the Script Packages pane.

    Upload the compressed file that contains your main executable file and associated artifacts needed to configure the encryption software product to encrypt your virtual system pattern data. Again, many of the fields are automatically completed with parameter information in the cbscript.json object file. Modify these fields after completing the upload as needed. Be sure to accept any license agreements that might be required.

    In the Executes field, be sure to select at virtual system creation and when I initiate it to have the encryption software configuration script execute when the virtual system has finished starting during the initial creation, and also to be available to be started manually in the virtual machine. This ensures that when you want to change your encryption configuration settings, the script is available to run as many times as needed.

    If you intend to make changes in your encryption configuration settings after deployment, such as changing the file system paths that are being protected by encryption, you should also set the Save parameters after execution option to Yes.

What to do next

You can now associate these encryption software script packages with a virtual system pattern. For more information about associating encryption script packages with virtual system patterns, see the related links.