IBM Security Identity Governance and Intelligence, Version 5.2.3.1

Managing the database server configuration

Use the Database Server Configuration page to configure, reconfigure, or unconfigure the database server for the IBM® Security Identity Governance and Intelligence virtual appliance.

About this task

The following table lists the fields for configuring or reconfiguring a database as the Identity data store. The options depend on the type of database that you configure. Database types are independent of each other. If you unconfigure the database and reconfigure a different database type, the data is retained in the original database. It is not merged with the new database.
Attention:
  • In a cluster environment, all nodes must use the same database. In that environment, reconfiguring, and unconfiguring can be done from the primary node only.

  • For Oracle, if you change the version of the LMI security protocol, and consequently also the TLS version on the Oracle database server, you must reconfigure Database Server Configuration before users can log in to Identity Governance and Intelligence again.

  • An embedded PostgreSQL database environment requires higher resource consumption than the standard external DB2 database, making it critical to increase memory and CPU allocation to ensure a stable operation of the environment. When the database is co-resident in the VA, the CPU and memory resources will be taxed additionally to provide services to the Identity Governance processes, as well as the database management processes. In laboratory tests, the CPU requirements on the VA are 2 to 3 times higher when running with PostgreSQL, versus the combined requirements of a VA and DB running with DB2. The additional memory and CPU requirements are most important in the PostgreSQL cluster scenario when data replication is enabled. Despite additional memory and CPU, the performance of this environment also falls behind that of DB2.

    At this time, PostgreSQL is not recommended for mission-critical environments, or deployments where performance requirements are high.

Table 1. Options for configuring the Identity data store
Button Data store options
Configure
Database type
Select the database type from the list. To configure the database server, select one of these options.
  • IBM DB2
  • Oracle (Standard)
  • Oracle (Custom)
  • PostgreSQL (Internal) If you select PostgreSQL, except for being required to change the number of minimum connections to 0, you need to enter no additional connection information.
Host name (FQDN, IPv4, or IPv6)
Specify the name of the server that hosts the data store. For example, igidstore.example.com.
JDBC URL
Specify the JDBC URL to connect with the database. For example:
  • jdbc:oracle:thin:@//<hostname>:<port>:<dbName> for non-SSL.
  • jdbc:oracle:thin:@(DESCRIPTION(ADDRESS_LIST= (ADDRESS=(PROTOCOL=TCPS) (HOST=<hostname>)(PORT=<port>))) (CONNECT_DATA=(SERVICE_NAME=<service>))) for SSL.
Note: Specify the JDBC URL for Oracle (Custom).
Port
Specify the data store service port. For example, 50000.
SSL
Flag the check box to configure with the database server in SSL.
If you select this option, and you do not have a signer certificate for the database, another window prompts you to accept a default certificate. The window is not displayed if a certificate is already in place in the Identity Governance and Intelligence signer certificate store of the virtual appliance.
Note: For a PostgreSQL database, this option is enabled by default when you configure over a FIPS-enabled virtual appliance.
Database name
Specify the Identity Governance and Intelligence database name, such as igidb.
Database User Password
Specify the password for the Identity data store user ID.
Note: All the database users must have the same password. If the password does not match for all the database users, a message indicates that the password is not correct for that user.
If you select Oracle (Standard) or Oracle (Custom), configure these options.
Oracle SID or Service name
Specify the Oracle System ID (SID) or the service name to identify the database. For example, isimdb.
Select or clear the Service name check box to manage the following aspects:
  • If you select the check box, the value is treated as service name.
  • If you do not select the check box, the value is treated as SID.
Note: When you select Oracle (Custom) as the database type, you cannot configure these options:
  • Port, Database name, Oracle SID or service name
Note: If you want to manage FIPS features with Oracle, you must be compliant with TLSv1.2 protocol (see LMI security protocol).
Reconfigure
Note: Reconfiguration does not update the database schema. It configures IBM Security Identity Governance and Intelligence with new database details.
Host name (FQDN, IPv4, or IPv6)
Specify the name of the server that hosts the data store. For example, igidstore1.example.com.
JDBC URL
Specify the JDBC URL to connect with the database. For example:
  • jdbc:oracle:thin:@//<hostname>:<port>:<dbName> for non-SSL.
  • jdbc:oracle:thin:@(DESCRIPTION(ADDRESS_LIST= (ADDRESS=(PROTOCOL=TCPS) (HOST=<hostname>)(PORT=<port>))) (CONNECT_DATA=(SERVICE_NAME=<service>))) for SSL.
Note: Specify the JDBC URL for Oracle (Custom).
Port
Specify the data store service port. For example, 51000.
SSL
Flag the check box to configure with the database server in SSL.

If you select this option, and you do not have a signer certificate for the database, another window prompts you to accept a default certificate. The window is not displayed if a certificate is already in place in the Identity Governance and Intelligence signer certificate store of the virtual appliance.

Note: For a PostgreSQL database, this option is enabled by default when you configure over a FIPS-enabled virtual appliance.
Database name
Specify the name of the IBM Security Identity Governance and Intelligence database. Example, igidb.
Database User Password
Specify the password for the Identity data store user ID.
Note: All the database users must have the same password. If the password does not match for all the database users, a message indicates that the password is not correct for that user.
If you select Oracle (Standard) or Oracle (Custom), configure these options.
Oracle SID or Service name
Specify the Oracle System ID (SID) or the service name to identify the database. For example, igidb.
Select or clear the Service name check box to manage the following aspects:
  • If you select the check box, the value is treated as service name.
  • If you do not select the check box, the value is treated as SID.

Procedure

  1. From the top-level menu of the Appliance Dashboard, click Configure > Manage External Entities > Database Server Configuration. The Database Server Configuration page displays the Database Server Configuration table.
  2. Click Configure.
  3. In the Database Server Configuration window, specify the expected variable values. For more information, see Table 1.
  4. Click Save Configuration to complete this task.
  5. Optional: To reconfigure an existing database server configuration, do these steps:
    1. Before you reconfigure, create a snapshot to recover from any configuration failures. See Managing the snapshots.
    2. From the Database Server Configuration table, select the database configuration record, Identity data store.
    3. Click Reconfigure.
    4. In the Database Server Configuration window, edit the details. For more information, see Table 1.
    5. Click Save Configuration.
      Note: The database server reconfiguration takes some time. Do not refresh or close the page. Wait for the reconfiguration process to complete.
  6. Optional: To unconfigure an existing identity store, do these steps:
    1. From the Database Server Configuration table, select the database configuration record, Identity data store.
    2. Click Unconfigure.
    3. Click Yes to confirm the deletion.
Parent topic: Virtual appliance administration