Installing on IBM zCX environment with Db2 for z/OS
Use instructions in this topic to install IBM® Security Guardium® Key Lifecycle Manager on IBM zCX environment with Db2® for z/OS®.
Before you begin
- Prepare the database system
-
- Install Db2 for z/OS. For more information, see Installing and migrating Db2.
- Ensure that function level 501 or later is activated in Db2 for z/OS. For
more information, see https://www.ibm.com/docs/en/db2-for-zos/12?topic=12-db2-function-levels.To verify whether the required function level is activated, run the following command:
SELECT LISTAGG(id, ', ') as ids FROM ( VALUES (1),(2), (5), (6)) AS X(id)
The following output indicates that the required function level is activated:"1, 2, 5, 6"
- Create a buffer pool set with the following
configuration:
ALTER BUFFERPOOL (BP8K4) VPSIZE(1000) ALTER BUFFERPOOL (BP16K4) VPSIZE(1000) ALTER BUFFERPOOL (BP32K4) VPSIZE(1000)
- Create databases in the following
sequence:
create database KLMSMM BUFFERPOOL BP8K4 INDEXBP BP8K4; create database KLMLGG BUFFERPOOL BP16K4 INDEXBP BP16K4; create database KLM32KLH BUFFERPOOL BP32K4 INDEXBP BP32K4;
Note: The database names specified here are examples. You can specify the database names of your choice. Ensure that the database names are up to 8 characters long. - Grant the
DBADM
permission for the databases and buffer pools to the IBM Security Guardium Key Lifecycle Manager database user.GRANT DBADM with dataaccess with accessctrl TO DB_USER; GRANT USE OF BUFFERPOOL BP8K4 TO DB_USER; GRANT USE OF BUFFERPOOL BP16K4 TO DB_USER; GRANT USE OF BUFFERPOOL BP32K4 TO DB_USER;
Where, DB_USER is the database user for IBM Security Guardium Key Lifecycle Manager. For example,
USER0001
.
- Prepare the host system with the IBM zCX environment
-
- Ensure that your host system meets the minimum system requirements. For more information, see the Support matrix.
- Provision an IBM z/OS Container Extension (zCX) instance on the host system. For more information, see What is z/OS Container Extension? .
- Obtain the container installation files
- Obtain the container installation files (eImages) for IBM Security Guardium Key Lifecycle Manager from IBM Passport Advantage. For more information, see Installation images for containerized platforms.
- Obtain the license files
- Obtain the license file for Db2 for z/OS, db2jcc_license_cisuz.jar. This file is used by the Guardium Key Lifecycle Manager container to connect to the Db2 for z/OS database.
- Create Docker file
- Create a file (Dockerfile) with the following content and save the file in
the same directory where you saved the license file for Db2 for z/OS,
db2jcc_license_cisuz.jar on the host system.
# Extend from GKLM Application Repository ARG LATEST_IMAGE FROM ${LATEST_IMAGE} ARG DB2_LICENSE_FILE=${DB2_LICENSE_FILE} #Copy license file to SKLM COPY $DB2_LICENSE_FILE /opt/ibm/wlp/usr/sklm/custom # Set Environment variable ENV DB2_LICENSE_FILE=$DB2_LICENSE_FILE
Procedure
Complete the following steps on the host system with the IBM zCX environment:
What to do next
- From the Welcome page, configure the drive types, keys, and certificates that your organization requires, or get started with using the product. See Administering.
- (Optional) Enhance secure communication between the client and the IBM Security Guardium Key Lifecycle Manager server by using a CA-signed certificate. See Importing a server certificate.