Installing the GIM client on a Windows server

Learn how to install the GIM client for Windows by using either an interactive installer or a silent installation. Instructions are also provided for uninstalling the GIM client.

About this task

The Windows GIM client installer changed to a .NET based installer in v10.1. The installer for the GIM client is based on your GIM client version. Build numbers start from 10.2.30.5.

Port requirements
  • 8445: GIM client listener, both directions. Any GIM server on either the central manager or the collector can communicate with the GIM client.
  • 8443: (discovery) on the DB server to allow communication from the DB server to the Guardium appliance, and for uploading features.
  • 8446: Used between the GIM client and the GIM server (on the central manager or collector) for authenticated TLS, both directions, custom kernel upload, MustGather loggers upload. If GIM_USE_SSL is enabled (default), then the GIM client attempts to communicate its certificate by using port 8446. If port 8446 is not open, then it defaults to 8444, but no certificate is passed (for example, TLS without verification).
  • 8081: Used between the GIM client and the GIM server (on the central manager or collector) for non-TLS (but with message signing verification), both directions, custom kernel upload, MustGather loggers upload. In this scenario, the parameter GIM_USE_SSL must be disabled (=0).

Installing the GIM client with an interactive installer

A wizard is provided to help you install the GIM client on each database server.

About this task

You can specify a custom key, certificate, and CA file when you install the GIM client in both standard mode and in listener mode. For more information, see Creating and managing custom GIM certificates.

Procedure

  1. Place the GIM client installer on the database server, in any folder.
  2. Run the setup.exe file to start the wizard that installs the GIM client.
    The setup.exe file is located in the GIM-Installer-<version> folder.
  3. Follow and answer the questions in the installation wizard.

What to do next

You can view the results of the installation in the log file at C:\IBM Windows GIM.ctl.

Installing the GIM client with silent installation

If you prefer, you can install the GIM client from the command prompt instead of the wizard.

Procedure

  1. Place the GIM client installer on the database server, in any folder.
  2. Open a command prompt and navigate to the GIM_Installer* folder under the folder where you placed the installer.
  3. Enter the following command, with no line break.
    setup.exe -UNATTENDED -INSTALLPATH "c:\Program Files(x86)\Guardium Installation Manager" -LOCALIP <GIM CLIENT IP> -APPLIANCE <Appliance IP>
    Attention:
    • The UNATTENDED and LOCALIP parameters are required. APPLIANCE is optional and if not supplied, triggers Listener Mode.
    • Do not specify both AUTO_ASSIGN_IP parameter and LOCALIP.
    • Omit the APPLIANCE parameter to install the client in GIM listener mode. Listener mode makes the GIM client available for remote registration from a Guardium system. Example of how to install as listener:
      setup.exe -UNATTENDED -INSTALLPATH "c:\Program Files(x86)\Guardium Installation Manager" -LOCALIP <GIM CLIENT IP>
      For more information, see GIM Remote Activation and Create a GIM Auto-discovery Process.
    • When cloning database servers and establishing large deployments, use auto_assign_ip 1 to allocate a random IP address from one of the valid IP addresses of a database server. Do not specify both auto_assign_ip and localip when you install the GIM client. When you update the GIM_AUTO_SET_CLIENT_IP parameter by using Manage > Module Installation > Set up by Client, you must restart the GIM client service for the new setting to take effect.
    Table 1. Parameters applicable to all .NET installers
    GIM parameter Description
    -UNATTENDED Install silently. A value is not required.
    -UNINSTALL Uninstall. A value is not required.
    -INSTALLPATH The installation directory. The default installation path is "C:\Program Files (x86)\Guardium\Guardium Installation Manager".
    -CUSTOMER Change customer name.
    -COMPANY Change company name.
    -SERVICEUSER Specify a user to run the service under.
    -SERVICEPASSWORD The password for the user.
    Table 2. Parameters specific to GIM .NET installers
    GIM parameter Description
    -APPLIANCE To set the appliance address that GIM connects to. If not specified, GIM installs in Listener Mode.
    -AUTO_ASSIGN_IP When the value is set to 1, a local IP is automatically assigned. In this case, do not specify the local IP with -LOCALIP.

    Default value is 0 (do not auto-assign the IP address).

    -CA_FILE Set the CA file to non-default file.
    -CERT_FILE Set the certificate file to non-default file.
    -INSTALLERLOGPATH Specifies the location for storing the S-TAP installer log files. Use this parameter if you don't want to use the default location (C:).
    -KEY_FILE Set the key file to non-default file.
    -LISTENER_PORT If you do not use the -APPLIANCE parameter, then set the -LISTENER_PORT for registration with appliance. Default value is 8445.
    -LOCALIP The IP of the server where you are installing GIM.
    -NO_SSL Use SSL to encrypt traffic between the GIM client and the Guardium appliance.
    • 0: Do not use SSL.
    • 1: Use SSL to encrypt traffic between the agent and the Guardium system. Using SSL adds ~15% of CPU usage to the GIM client.
    Guardium recommends that you encrypt network traffic between the GIM client and the collector whenever possible. Disable this parameter only when performance is a higher priority than security.
    -SHARED_SECRET Set a shared secret for registration with appliance if not specified by using -APPLIANCE parameter.

What to do next

You can view the results of the installation in the log file at C:\IBM Windows GIM.ctl.

Uninstalling the GIM client

Procedure

  1. Open a command prompt and navigate to the GIM_Installer* folder under the folder where you installed the client.
  2. Enter the following command:
     setup.exe -UNINSTALL