IBM Support

How to move a GIM client to point to another appliance (GIM Server)?

How To


Summary

The IBM Guardium Installation Manager (GIM™) is a very flexible, powerful, lightweight module of the IBM Security Guardium™ solution intended to ease the management of the other Guardium™ software that is deployed at the DB hosts (S-TAP™, CAS™, FAM™, K-TAP™, the GIM™ itself, etc.).

A very common task for large enterprise level infrastructures, is having the need to move some of the already deployed GIM™ clients to point to another GIM™ server (in this context, the GIM™ server can be any Guardium™ appliance, but it is recommended to use a Central Manager for easiness of management), either by a reorganization of the infrastructure, appliance's role changes, etc.

In this article, we will discuss two ways to accomplish the task.

Objective

Explain how to easily move a GIM™ client to point to another GIM™ server.

Environment

The images describing the method documented in this knowledge article are based on IBM Security Guardium™  v10.5.

The same principles apply for previous versions of Guardium™, simply,  get familiar with the name and location of the menus at the GUI that correspond to your version.

Steps

Method 1. Using the GIM™ Graphical User Interface (GUI).

This method can be used when you have a fully operational GIM™ client, and it is connected properly to the GIM™ Server.

1. Open the GIM™ Server's GUI (appliance). Navitage to "Manage -> Module Installation -> Set up by Client". From there, select the GIM™ client you wish to move, then hit the "Next" button.

image-20180829094917-1

2. Now, find the currently installed GIM™ bundle client at the selected machine, by selecting the module from the list menu. If needed, apply some filters to help you out to find it. Once done, click on the "Next" button.

image-20180829095343-2

3. At the "Choose parameters" section, use the list menu to find a parameter named "GIM_URL". Here, set the IP address of the new Guardium™ machine that will serve as the GIM™ Server. Once done, hit "Next".

image-20180829095907-3

4. At the new frame that appears, double check the GIM™ Client name and the new GIM™ Server IP. If everything is correct, click on the "Install" button.

image-20180829100348-4

5. The button will turn into a list menu. From there, select the absolute or relative time when you want to submit the change and then, click "OK".

image-20180829122411-1

You will see a pop-up window that notifies about the action. Just close it.

image-20180829100752-6

6. To monitor the status of the process, move to the "Choose bundle" section of the "Setup by Client" window. There, you must see the "Status" column again as "Installed".

image-20180829101604-7

Tip 1: you can exploit the benefits of the report named "GIM Events List" ("Manage > Reports > Install Management > GIM Events List") in order to monitor/confirm a successful installation.
Method 2. Using the "configurator.sh" script.

This method is useful in UNIX/Linux systems when the GIM™ client is not connected anymore to the GIM™ server (for example, if the GIM™ was already server was decommissioned, or is not reachable anymore by the GIM™ client), so the GUI method will not work.

It is also useful when you have the need of applying the change using a custom build script or application.

You must have root access on the GIM™ client machine.

1. First, fully identify the GIM™ installation folder (the one you set up as the installation prefix during the installation).

Tip 2. You must be familiar with the operating system where the method will be executed, and properly identify the folder where the IBM Guardium™ software is installed.
 
One possible approach in Linux and UNIX systems where the GIM™ client is working properly, could be to query the process table and search for the string "gim".
ps -fea | grep -i gim
image-20180829102859-8

2. Once you identify the IBM Guardium™ software installation prefix, you must be able to find the absolute path to a script named "configurator.sh" at the "/guardium/modules/UTILS/current/" sub-folder.

image-20180829103135-9

Tip 3. Commonly, another way to refer to the GIM™ installation directory is installation prefix.
At the example given the installation prefix (in this technote it is represented with the string  <GIM_installation_prefix>) is the "/GUARD/guardium" folder.

Tip 4: You can use the standard Linux/UNIX find command to find the absolute path to that script file, using the GIM™ installation prefix as a starting point for the lookup.

3. Run the script using the following syntax:

<absolute_path_to_configurator.sh> --set GIM_URL <NEW_GIM_SERVER_IP_ADDRESS>

Where:

<absolute_path_to_configurator.sh>. Absolute path to the configurator.sh script.

This script must be always invoked using its absolute path.

--set GIM_URL. Internal script setter function used to change the value of the "GIM_URL" parameter.

<NEW_GIM_SERVER_IP_ADDRESS>. The IP address of the Guardium™ appliance where the GIM™ client will connect to.

Example:

image-20180829104355-12

4. Wait for a couple of minutes for the change to take effect.

Tip 5. You can confirm if the change was successful by checking the last 20 lines of the "GIM.log" file.
 
It can be found at "<GIM_installation_prefix>/modules/GIM/current/GIM.log".

Tip 6.  Alternatively you can validate the configuration change using the self "configurator.sh" script, by invoking its
"--get GIM" function and checking the value of "GIM_URL".
 
Example.
 
image-20180829104616-14

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"GIM","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
26 November 2020

UID

ibm10729617

Page Feedback