Prepare for installing IBM Guardium Data Security Center

Before you install Guardium® Data Security Center, complete the following steps to prepare your system.

Important: When upgrading to version 3.6.0 or patching to 3.6.1 - or during a fresh installation of either of these two versions - a missing MongoDB image results in upgrade and installation failure. See Missing MongoDB image results in upgrade and installation failure to learn how to work around this problem.

To plan your installation of OpenShift® Container Platform, see https://access.redhat.com/documentation/en-us/openshift_container_platform/4.18 and https://docs.openshift.com/container-platform/4.18/welcome/index.html.

Red Hat® OpenShift Container Platform Version 4.18.x can be downloaded and installed by accessing https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/. Verify that you download Red Hat OpenShift Container Platform Version 4.18.x.

Provide backup and restore information in the Guardium Data Security Center CR (custom resource) file

If you want to backup and restore, create a backup PV and PVC and then update the Guardium Data Security Center CR (custom resource) file to include this setting:

guardiumDataSecurityCenterGlobal:
    backupsupport:
      enabled: "true"
      name: <GI_Backup_PVC>
      storageClassName: <Storage class>
      size: 500Gi

If you do not want to backup and restore, set backupsupport to false in the CR.

guardiumInsightsGlobal:
    backupsupport:
      enabled: "false"

For more information, see External storage allocation for backups.

Obtain your entitlement key

You must have an entitlement key for Guardium Data Security Center. To obtain an entitlement key from the IBM Entitled Registry, complete the following steps.

Log in to the IBM® Container software library by using your IBMid.
Select Get entitlement key in the navigation panel on the left.
Click Copy key in the Access your container software page.
Store the key in a safe location.

Use the entitlement key when you access the Docker registry during installation (in the installation instructions, the entitlement user is denoted as CP_REPO_USER and the entitlement key is denoted as CP_REPO_PASS).

To confirm that your entitlement key is valid for Guardium Data Security Center, select View library in the left navigation panel of the Container software library. This shows you a list of products that you are entitled to. If Guardium Data Security Center is not listed or the View library link is not available, your username does not have entitlement for Guardium Data Security Center. In this case, the entitlement key is not valid for installing the software.

Access the command line tools

Tools for command line administration of the cluster and Guardium Data Security Center can be accessed from the Red Hat OpenShift Container Platform and IBM Cloud Pak® foundational services web consoles. This table details the tools and versions that are required for Guardium Data Security Center.

Table 1. Required tools and versions
Tool	Download	Version
`oc` `oc login <OCP endpoint>` (Workstation must be logged in to the OpenShift cluster)	All v4: https://mirror.openshift.com/pub/openshift-v4/clients/ocp/	4.18.8 or later
`kubectl`	https://mirror.openshift.com/pub/openshift-v4/clients/ocp/	1.16 or later
`cloudctl`	https://github.com/IBM/cloud-pak-cli/releases	3.17.0 or later
`openssl`	https://www.openssl.org/source/	3.3.1
`ibm-pak`	https://github.com/IBM/ibm-pak/releases/latest/download/oc-ibm_pak-linux-amd64.tar.gz To install: `wget https://github.com/IBM/ibm-pak/releases/latest/download/oc-ibm_pak-linux-amd64.tar.gz tar -xf oc-ibm_pak-linux-amd64.tar.gz mv oc-ibm_pak-linux-amd64 /usr/local/bin/oc-ibm_pak oc ibm-pak --help`	1.10.0
`python` with `PyYAML` installed (must have a symbolic link to `python`)	https://www.python.org/downloads	3.x or later
yq	https://github.com/mikefarah/yq/#install
`docker` (or `podman`)	https://hub.docker.com/?overlay=onboarding https://podman.io/docs/installation	`docker`: 17.03 or later `podman`: 4.9.4 or later
`skopeo` (Offline installations only)	https://github.com/containers/skopeo/blob/master/install.md	1.0.0
`ssh-keygen` CLI tool `base64` `cat` `echo` `grep` `awk` `rm` `tr` `cut` `tar`
`htpasswd` (Offline installations only)
Cluster administrator privileges to run the setup scripts
Your login credentials to cp.icr.io CP_REPO_USER="cp" CP_REP_PASS=entitlement key available at https://myibm.ibm.com/products-services/containerlibrary

`SecurityContextConstraints` requirements

The Guardium Data Security Center installation workflow uses an operator that requires SecurityContextConstraints to be bound to the target namespace before the installation. To meet this requirement, cluster-scoped and namespace-scoped pre- and post-actions may need to occur.

The following predefined SecurityContextConstraints that come preinstalled with OpenShift are verified for this operator:

restricted-v2

If your target namespace is bound to these SecurityContextConstraints, you can proceed to install the operator.

Validated storage options

See Validated storage options.

What to do next

Follow the instructions in Downloading the Guardium Data Security Center CASE file and set up your environment for dependencies.