Installing on IBM zCX environment with PostgreSQL

Use instructions in this topic to install IBM® Security Guardium® Key Lifecycle Manager on IBM zCX environment with PostgreSQL.

Before you begin

Prepare the database system
Create a service for the database container.
docker service create --name db_service -e POSTGRES_PASSWORD=DB_PWD -e POSTGRES_USER=klmdb42 -e POSTGRES_DB=klmdb42 -p 5432:5432 --mount src=sklmpostgresvolume,dst=/var/lib/postgresql/data postgres
Obtain the License
Save the license file to the host system.
Prepare the host system with the IBM zCX environment
  • Ensure that your host system meets the minimum system requirements. For more information, see the Support matrix.
  • Provision an IBM z/OS® Container Extension (zCX) instance on the host system. For more information, see What is z/OS Container Extension?.

Procedure

Complete the following steps on the host system with the IBM zCX environment:

  1. Obtain the container installation file (eImage) from IBM Passport Advantage and save it in the same directory where you saved the license file. For more information, see Installation images for containerized platforms.
  2. Log in to the host system and go to the directory where you saved the eImage and license files.
  3. Ensure that the database (klmdb42) is running and ready to accept connections.
  4. Extract the Docker image of the Guardium Key Lifecycle Manager application from the image file.
    Sample command:
    docker load -i sklm:Rel_4200_155.s390x.tar
  5. Initialize the docker swarm. To do so, run the following command:
    docker swarm init
  6. Create docker secrets.
    echo DB_PWD | docker secret create sklmdb_password -
    echo klmdb42 | docker secret create sklmdb_username -
    echo 68d95f0081f1dbfc0b06de9b0916df1c | docker secret create sklmapp_seed -
    echo your_sklmadmin_password | docker secret create sklmadmin_password -
    
  7. Create a service for the IBM Security Guardium Key Lifecycle Manager application container.
    docker service create --name gklm_service -e DB_TYPE=postgres -e DB_HOST=<ip_address> -e DB_PORT=5432 -e DB_NAME=klmdb42 -e LICENSE=accept --secret sklmdb_username --secret sklmdb_password --secret sklmapp_seed --secret sklmadmin_password -p 9443:9443 -p 5696:5696 -p 1441:1441 --mount src=sklmappvolume,dst=/opt/ibm/wlp/products sec-sklm-build-docker-local.artifactory.swg-devops.com/sklm:Rel_4110_155.s390x
    
  8. To monitor the progress, run the following command:
    docker service logs -f gklm_service
    After you see the following message in the logs, proceed to the next step:
    IBM Security Guardium Key Lifecycle Manager server started.
  9. Start the IBM Security Guardium Key Lifecycle Manager graphical user interface.
    https://IP_address:port/ibm/SKLM/login.jsp

    Where, IP_address is the IP address or FQDN of the IBM Security Guardium Key Lifecycle Manager server, and port is the port number that IBM Security Guardium Key Lifecycle Manager server listens on for requests.

  10. Log in to the IBM Security Guardium Key Lifecycle Manager graphical user interface with the Administrator user credentials (For example, sklmadmin).
  11. Activate IBM Security Guardium Key Lifecycle Manager license. For instructions, see Trying IBM Security Guardium Key Lifecycle Manager trial version and activating a purchased license.

What to do next

  • From the Welcome page, configure the drive types, keys, and certificates that your organization requires, or get started with using the product. See Administering.
  • (Optional) Enhance secure communication between the client and the IBM Security Guardium Key Lifecycle Manager server by using a CA-signed certificate. See Importing a server certificate.