Prerequisites, installing, and running CAS on a Windows server

Edit online

Learn about the Configuration Auditing System (CAS) prerequisites, and how to install the CAS agent on your Windows™ database server.

Prerequisites for Windows

Before you install CAS, make sure that Microsoft .NET 4.5 or later is installed. After .NET is installed, approximately 2 GB of disk space is required for CAS.
Note: If Microsoft .NET 4.5 or later is not installed, IBM® Guardium® automatically installs it. In this case, .NET requires an additional 5 GB of disk space.
Guardium supports the following Java virtual machine (JVM) versions:
  • IBM Software Developers Kit (SDK), Java Technology Edition, Version 8 or later
  • Oracle OpenJDK 8 or later
  • Oracle Java 8 (formerly Sun Java 8) or later
To run CAS with Federal Information Processing Standard (FIPS) mode enabled:
  • For FIPS 140-2, the CAS server requires TLS 1.2 to be enabled. The CAS client requires IBM SDK, Java Technology Edition, Version 8 service refresh (SR) 7 or later.
  • 12.2 and later For FIPS 140-3, the CAS server requires TLS 1.2 or later to be enabled. The CAS server and CAS client require IBM Semeru Runtime® 17.0.14.0 or later.
Table 1. Port requirements for Windows servers
Port Protocol Guardium connection to ...

16017

TCP

Clear (open the port) CAS

16019

TLS

Encrypted CAS

Installing CAS

Use one of the following methods to install CAS:
  • From the Windows installer wizard. To install CAS directly from Windows, browse to the directory where you download the .zip file, extract the file contents, double-click Setup.exe and follow the instructions.
  • From the command line interface, as described in Installing CAS from the CLI.
  • From the Guardium Installation Manager (GIM) as described in Installing CAS with GIM.

Reconfiguring JAVA_HOME location for CAS

In most cases, the installation program takes care of finding the JAVA_HOME (JVM) value. This value is placed in the CAS configuration file.

If for any reason you need to change the location of JAVA_HOME, use the following procedure. (For example, if you install a new Java version after CAS is installed.)

  1. Locate and open the CAS configuration file for editing. The full path name of the configuration file is <installation directory>/cas/conf/casclient.cfg.
  2. Within the configuration file, locate the [RUNTIMELIB] section, and change the value of the JVM directory (JVM=C:\Java\jre\bin\classic\jvm.dll).
  3. Save the file and restart the CAS service (service name: casclient or display name: IBM Security Guardium Change Audit System).