Enabling Guardium for database security

You can use the apsetup utility to enable IBM® Guardium® on the IAS appliance. The Guardium® software helps provide comprehensive data protection.

About this task

IBM Guardium agent is preinstalled on IAS as a part of the Db2wh container.
Note: If your system has both FIPS and SELinux enabled, you must disable them before enabling Guardium. Otherwise, container redeployment might fail due to authentication issues. When Guardium is enabled, you can restore both FIPS and SELinux to their initial states.

Procedure

  1. Log in on any node as a member of the ibmapadmin group and use the apsetup utility.
  2. From the Appliance Setup Configuration Utility menu of the apsetup utility, select 1. 
    ibmapadmin@node0101 ~#] apsetup

Appliance Setup Configuration Utility
  1: General Appliance Settings
  2: Network Configuration
  3: Services Configuration
  *: Exit
Enter your selection:  1
  3. From the General Appliance Settings menu of the apsetup utility, select 3. 
    General Appliance Settings
  1: Time Zone Configuration
  2: User Settings
  3: Change Database Settings
  4: Continuous Availability Settings
  *: Return to Main menu
Enter your selection: 3
  4. From the Change Database Settings menu of the apsetup utility, select 3. 
    Change Database Settings 
  1: Change Database system type
  2: Oracle Compatibility
  3: Change Guardium Info
  4: Set IBM Data Replication data path
  *: Return to General Appliance Settings menu
Enter your selection: 3
  5. Enter the Guardium collector IP or hostname, and collector port information. 
    Please enter Guardium collector IP or hostname : IP/hostname of Guardium Collector
Please enter Guardium collector port: Guardium collector port

    If you do not specify a port number, port 16018 is used if TLS can be used to communicate with the collector. Otherwise, port 16016 is used for plain-text communication.

  6. Verify that you want to apply this Guardium setting and press enter when the setting is applied successfully. 
    Apply this Guardium setting? (yes/no) yes
Redeploying database container...
Guardium setting applied successfuly
Press Enter to continue
  7. In the Change Database Settings menu of the apsetup utility, select *. 
    Change Database Settings
  1: Change Database system type
  2: Oracle Compatibility
  3: Change Guardium Info
  4: Set IBM Data Replication data path
  *: Return to General Appliance Settings menu
Enter your selection: *
  8. In the Appliance Setup Configuration Utility menu of the apsetup utility, select *. 
    Appliance Setup Configuration Utility
  1: General Appliance Settings
  2: Network Configuration
  3: Services Configuration
  *: Exit
Enter your selection: *

Results

The Db2 Warehouse container is redeployed, which might take up to an hour.