To optimize performance or increase storage capacity for the appliance,
you can deploy an external configuration database. You can configure the appliance to connect to DB2®, PostgreSQL, or Oracle database on an external
server.
About this task
A Security Access Manager appliance with Advanced Access Control or Federation includes
an internal database to store configuration data.
The appliance provides scripts to deploy the configuration database on an external DB2, PostgreSQL, or Oracle server. You can then configure the
appliance to use the external database.
The Oracle Compatibility mode in DB2 must be turned off
when you are using an external DB2 Configuration Database or HVDB with IBM Security Access Manager.
Note: IBM Security Access Manager uses
the configured username as the schema name to connect to the database. Therefore, aliases might need
to be created in DB2 in the event that the username does not match the schema name in the
database.
Procedure
-
Use the File Downloads management page in the local management interface
to access the configuration database deployment files for your environment.
Table 1. Configuration database deployment scripts
| Database type |
Deployment scripts |
| DB2 |
/access_control/database/db2/config/cluster_config_db2.sql |
| PostgreSQL |
/access_control/database/postgresql/config/cluster_config_postgresql.sql |
| Oracle |
/access_control/database/oracle/config/cluster_config_oracle.sql |
-
Save the deployment script on the database server.
-
Run the DB2, PostgreSQL, or Oracle script to create the
external database.
- PostgreSQL script
-
Run the following command:
psql --echo-all --variable ON_ERROR_STOP=1 --file <sql file name>
--username <username> --host <host> --port <port> <database name>
- Oracle script
-
- Copy the downloaded cluster_config_oracle.sql file into the
Oracle home directory. For example,
ORACLE_HOME=/opt/oracle/app/oracle/product/11.2.0/dbhome_1
- Log in to SQL*Plus.
- At the SQL prompt, run START cluster_config_oracle.sql.
- DB2 script
-
- Create a DB2 instance to contain the configuration
database. For information about creating the DB2 instance, see
the DB2 documentation.
- Open the cluster_config_db2.sql file in an editor on the DB2 server.
- Replace the following macros with the values specific to your environment:
- &DBINSTANCE
- The name of the DB2 instance.
- &DBUSER
- The name of the DB2 administrator.
- &DBPASSWORD
- The password for the DB2 administrator.
- Save the changes.
- Log in to the DB2 Command utility (Windows) or DB2 host (UNIX) as the DB2 administrator.
- Run the following command:
db2 -tsvf <fully_qualified_path_to_script>
The
following example shows the fully qualified path to the
script:
db2 -tsvf /tmp/cluster_config_db2.sql
-
Validate that the tables were successfully created.
-
Ensure that no errors were returned during the creation and log in to the database to manually
check that the tables exist.
-
From the top menu of the local management interface, select Manage System
Settings > Cluster Configuration to open the Cluster
Configuration management page.
-
Select the Database tab.
-
You must enter the following JDBC connection information:
- Type
- The database type, which is either DB2, PostgreSQL, or Oracle.
- Address
- The IP address of the external database server.
- Port
- The port on which the external database server is listening.
- Username
- The name of the database administrator.
- Password
- The password for the database administrator.
DB2 also requires the following information:
- Secure
- Select this check box to create a secure connection with the server.
Note: Before a
secure connection can be established, you must first import the certificate that the appliance uses
to communicate with the server into the lmi_trust_store and
rt_profile_keys key files. Use the SSL Certificates page
to import the appropriate certificate.
- Database name
The name of the database instance on the external DB2
server.
Complete the following steps to identify and specify the DB2 database name when your DB2 database is remote to
the cluster that you are configuring.
- Open the cluster_config_db2.sql file that was used to create the
database and tables.
- In the CREATE DATABASE entry, get the name that is specified. In the
following entry,
HVDB is the string that identifies the default database
name: CREATE DATABASE HVDB ALIAS HVDB using codeset UTF-8 territory us
COLLATE USING UCA400_NO PAGESIZE 8192 WITH "HVDB Tables";
PostgreSQL also requires the following information:
- Secure
- Select this check box to create a secure connection with the server.
Note: Before a
secure connection can be established, you must first import the certificate that the appliance uses
to communicate with the server into the lmi_trust_store and
rt_profile_keys key files. Use the SSL Certificates page
to import the appropriate certificate.
- Database name
- The name of the database instance on the external PostgreSQL server.
Oracle also requires the following information:
- Secure
- Select this check box to create a secure connection with the server.
Note: Before
a secure connection can be established, you must first import the certificate that the appliance
uses to communicate with the server into the lmi_trust_store and also a keystore
which only contains public keys that needs to be created. Use the SSL
Certificates page to create this keystore and to import the appropriate
certificate
- Certificate Store
- Choose the keystore which contains the certificate that will be used to communicate with the
server.
- Service name
- Specify the name of the Oracle instance on the external server. Contact your Oracle database
administrator for this information. SID will work but might show a warning in
the LMI on saving configuration. This can be ignored.
-
Click Save.
-
Deploy the changes.
Results
The appliance is configured to use the configuration database that is deployed on the external
system.