Use instructions in this topic to install IBM® Security Guardium® Key Lifecycle Manager on IBM
zCX environment with PostgreSQL.
Before you begin
- Prepare the database system
- Create a service for the database
container.
docker service create --name db_service -e POSTGRES_PASSWORD=DB_PWD -e POSTGRES_USER=klmdb42 -e POSTGRES_DB=klmdb42 -p 5432:5432 --mount src=sklmpostgresvolume,dst=/var/lib/postgresql/data postgres
- Obtain the License
-
- Save the license file to the host system.
- Prepare the host system with the IBM zCX environment
-
- Ensure that your host system meets the minimum system requirements. For more information, see
the Support matrix.
- Provision an IBM
z/OS® Container Extension (zCX) instance on the host system.
For more information, see What is z/OS Container
Extension?.
Procedure
Complete the following steps on the host system with the IBM zCX environment:
- Obtain the container installation file (eImage) from IBM Passport Advantage and save it
in the same directory where you saved the license file. For more
information, see Installation images for containerized platforms.
-
Log in to the host system and go to the directory where you saved the eImage and license
files.
- Ensure that the database (
klmdb42
) is
running and ready to accept connections.
- Extract the Docker image of the Guardium Key Lifecycle Manager application from the image file.
Sample
command:
docker load -i sklm:Rel_4200_155.s390x.tar
- Initialize the docker swarm. To do so, run the following command:
- Create docker secrets.
echo DB_PWD | docker secret create sklmdb_password -
echo klmdb42 | docker secret create sklmdb_username -
echo 68d95f0081f1dbfc0b06de9b0916df1c | docker secret create sklmapp_seed -
echo your_sklmadmin_password | docker secret create sklmadmin_password -
-
Create a service for the IBM Security Guardium Key Lifecycle Manager
application container.
docker service create --name gklm_service -e DB_TYPE=postgres -e DB_HOST=<ip_address> -e DB_PORT=5432 -e DB_NAME=klmdb42 -e LICENSE=accept --secret sklmdb_username --secret sklmdb_password --secret sklmapp_seed --secret sklmadmin_password -p 9443:9443 -p 5696:5696 -p 1441:1441 --mount src=sklmappvolume,dst=/opt/ibm/wlp/products sec-sklm-build-docker-local.artifactory.swg-devops.com/sklm:Rel_4110_155.s390x
- To monitor the progress, run the following command:
docker service logs -f gklm_service
After you see the following message in the logs, proceed to the next
step:
IBM Security Guardium Key Lifecycle Manager server started.
- Start the IBM Security Guardium Key Lifecycle Manager
graphical user interface.
https://IP_address:port/ibm/SKLM/login.jsp
Where, IP_address is the IP address or FQDN of the IBM Security Guardium Key Lifecycle Manager server, and port is the port
number that IBM Security Guardium Key Lifecycle Manager server listens on for
requests.
- Log in to the IBM Security Guardium Key Lifecycle Manager
graphical user interface with the Administrator user credentials (For example,
sklmadmin).
- Activate IBM Security Guardium Key Lifecycle Manager license. For
instructions, see Trying IBM Security Guardium Key Lifecycle Manager trial version and activating a purchased license.
What to do next
- From the Welcome page, configure the drive types, keys, and certificates that your organization
requires, or get started with using the product. See Administering.
- (Optional) Enhance secure communication between the client and the IBM Security Guardium Key Lifecycle Manager server by using a CA-signed certificate. See Importing a server certificate.