Download the Docker container

To deploy a Guardium® External S-TAP® monitor, you first need to download the IBM® Guardium External S-TAP container from the Docker store. Deploy the container onto the machine (real, virtual, or cloud) that serves as the External S-TAP host.

Before you begin

  1. Make sure that a Linux® environment is available for External S-TAP host. For the External S-TAP, Docker must be installed and running under Linux.
  2. For SSL-enabled sites, make sure that you have with the appropriate security certificates as described in SSL certificates for External S-TAP. If your environment is not SSL-enabled, you can skip this step.

About this task

Before you can deploy External S-TAP, create a Docker account, and then download the External S-TAP Docker container to a Linux environment.


  1. If you don't already have one, create an account with Docker at Creating a Docker account is straightforward (and free).
  2. If your site does not provide Docker, install Docker on the External S-TAP host. For more information, see Get Docker.
  3. Log in to Docker hub.
  4. Browse to ibmcom/guardium_external_stap or search for and select guardium_external_stap in the ibmcom repository.
  5. From the guardium_external_stap Docker page, click Tags to find and copy the appropriate docker pull command.
    Note: The container for the latest version of each Guardium release is available from the vx.x.0 tag for that release. For example, for Guardium 11.2, copy docker pull from the v11.2.0 tag.
  6. Use the docker pull command to download the Docker container into your environment.
    To deploy to an internal repository: If your Docker host machine does not have access to the internet, create an internal repository on which to store the Docker containers. One method to create an internal repository is to use multiple steps, for example:
    1. Configure a host to run a local (private) docker registry. For more information, see Deploy a registry server.
    2. Take the following steps on a host that where Docker is installed and that can contact both the local Docker registry and
      1. Pull the External S-TAP Docker image from Docker hub.
      2. Push the External S-TAP Docker image to the local Docker registry.
    3. After the image is in the local registry, you can deploy the External S-TAP containers on a host that has access to that registry.

What to do next

After you download the External S-TAP Docker container, you can either deploy the container onto the Docker host machine or, if needed, create the security certificates to help ensure that your system remains secure. For more information, see External S-TAP deployment scripts or SSL certificates for External S-TAP.