Db2 configuration during installation

The IBM Security Guardium Key Lifecycle Manager installation process installs and configures Db2 Standard Edition.

Review the following scenarios and suggested actions before you configure Db2 during installation:

  • If an existing copy of Db2 Standard Edition is installed as the root user at the correct version for the operating system, you can use the existing Db2 Standard Edition. IBM Security Guardium Key Lifecycle Manager installer does not detect the presence of Db2. You must specify the Db2 installation path.

    You can also install a new copy of Db2 Standard Edition. An existing Db2 must be locally installed on the system and not on a network or shared drive.

    On a Windows system, if a new copy of Db2 is installed, the DB2_COPY_NAME is set to DBGKLMV421.

  • If an earlier version of IBM Security Guardium Key Lifecycle Manager and an earlier version of Db2 exist on the system, the installation process does not auto-detect the existing version of Db2. It installs Db2 Standard Edition at a version that depends on the operating system.
    The process also migrates data from the previous version of IBM Security Guardium Key Lifecycle Manager to the new version. For example:
    • The new copy of Db2 Standard Edition uses the previous db2admin user ID and password.
    • On a Windows system, if a new copy of Db2 is installed, the DB2_COPY_NAME is set to DBGKLMV421.
  • If no IBM Security Guardium Key Lifecycle Manager, no copy or earlier version of Db2 exist on the system, the installation process installs Db2.

    No Db2 upgrade occurs.

During Db2 configuration, you are prompted for the following information, which might differ from this list, depending on the operating system and on whether IBM Security Guardium Key Lifecycle Manager is installing Db2 or by using an existing copy:
Db2 Selection
The directory for the Db2 installation.

On Linux® or AIX® systems, the entry must start from the root directory. The first character in the entry must be a forward slash ('/').

The installation process provides a default value. See Definitions for HOME and other directory variables.

Db2 Administrator ID
The local Db2 administrator user ID. The installation process provides a default Administrator user ID with the necessary permissions.
Note: Do not use a hyphen (-) or underscore character (_) when you specify a user ID for an existing copy of Db2.

On a domain-managed Windows system, you can specify a domain user as the Db2 Administrator. Before you do so, ensure that you complete the prerequisites that are specified in Installing IBM Security Guardium Key Lifecycle Manager as a domain (Active Directory) user on a domain-managed Windows system.

On a Linux or AIX system, the user ID of the IBM Security Guardium Key Lifecycle Manager Db2 instance owner must be a member of a group in which the root user ID is also a member. If it is available, use bin as the group. If bin is not available, ask the system administrator for the name of a general-purpose group to use.

Db2 Administrator Password
The password for the administrator. For more information, see Password policy.
The password for the Db2 Administrator user ID is subject to the security policy active on the system. In addition, the login password for the Db2 Administrator user ID and the Db2 password for the user ID must be the same. When you change a password, ensure that the other one is changed too.
Note: If you are using an existing user as Db2 Administrator, ensure that the password is correctly specified during installation.
Database Name
Name of the IBM Security Guardium Key Lifecycle Manager database, klmdb421.
Db2 Port
The port that Db2 uses.
Administrator's Group
Access group in which the Administrator user ID exists.
Administrator / Database Home
The directory (AIX or Linux systems) or drive (Windows systems) in which the database instance and the formatted tables that are used by IBM Security Guardium Key Lifecycle Manager are created.
Notes:
  • Entries for all fields are restricted to alphabetical characters (A-Z and a-z), numeric characters (0-9), and the underscore character (_). Also, the password fields allow selected special characters. For more information, see Supported special characters in passwords.

    The restriction also applies to the values in the response file that is used for silent installation.

  • Do not specify spaces in any of the directory paths or file names.
  • The name of the computer on which you install Db2 cannot start with "ibm," "sql," or "sys," in lowercase or uppercase. The name of the computer also cannot contain the underscore character (_).
  • If you are using an existing user as Db2 Administrator, ensure that the password is correctly specified during installation.
  • The Db2 admin group name cannot be longer than 8 characters.

Updating the Db2 password

For detailed information about updating the Db2 password, see the following topics:
Table 1. Topic change log
Date Change description
15 May 2023 Corrected the Db2 edition.
07 March 2023 Initial version.