Deployment & Administration
This category includes courses that help to deploy and administer Guardium.
Deployment & Administration Courses:
Information on several views that come "out-of-the-box" which can be utilized in analyzing and improving your Guardium system's health.
In this course, Jack Kerbert from IBM Security Guardium Technical Support shares information about Guardium Aggregation, which while designed to be accessible to beginners, will also benefit more advanced users.
This course contains an Open Mic replay describing using the query builder to troubleshoot Guardium issues effectively.
Overview of the most commonly used timestamps in Guardium reports.
This video demonstrates how to capture a SLON file for diagnosis on Guardium version 10.0.
This course demonstrates how to download and install the Guardium S-TAP for IBM i.
This video demonstrates how to configure and activate ATAP to collect encrypted traffic on Redhat Linux 6.3.
This Open Mic addresses the Guardium File Activity Monitor (FAM), and common issues users face during configuration.
Originally presented 25 May 2017
This video quickly demonstrates how to capture and save a slon file for IBM Security Guardium. You may want to create a slon file to upload to technical support for reproduction.
This video demonstrates when and how to use the various support clean DAM_data commands on a Guardium appliance. Using this command can cause data loss and should not be used unless absolutely necessary.
This course contains a step by step guide for installing a Guardium GUI certificate signed by an internal organization certificate authority.
Correlation alerts in Guardium are query based, as opposed to real-time policy alerts. There are various considerations for configuration of correlation alerts. There are also some overhead cost to be considered. This Open Mic is a discussion of correlation alerts in IBM Security Guardium, including an example of setting up a Repeating Inactive S-Tap alert.
This video comprehensively examines the design of both standard and advanced S-TAP verification processes, including common reasons for failure and how to troubleshoot when the process fails.
This course demonstrates the hands-on lab available in the course Detect database login failures with Guardium. The demonstration covers creating a policy that will detect and alert on database login failures that occur multiple times over a short time period,
This Open Mic presented by David Plummer of Guardium Tech Support provides an overview to Guardium load balancing, including:
- How it works
- grdapi commands
- Activity report
- Other related information and general overview
In this IBM Security Guardium walkthrough, you learn about the data protection journey including Discovery, Classification, Vulnerability Assessment, monitoring, and protection.
This Open Mic discusses how to troubleshoot situations where the S-TAP shows 'no traffic', including various steps you can take on your system to understand the reason for the issue or at least the scope of the issue, and what to do if all else fails.
Originally presented 18 July, 2017
This video demonstration guides you step-by-step through how to install and configure IBM Security Guardium. This video uses the Arabic language.
This video demonstration guides you step-by-step through installing IBM Security Guardium agents (GIM and S-TAP).
In this video, Guardium expert Glenn Weidner demonstrates enhancements to Guardium 11.2 auto create inspection engines, including scheduler user interface, rules results report, report only mode, and alerts.
In IBM Security Guardium, you use roles to grant access to Guardium resources, applications, and accelerators. This guide discusses the sample user roles such as Basel II, PCI, SOX, and GDPR to name a few. For each role, you learn the purpose of the role, the applications that the role has access to, and what the default user desktop that is associated with the role looks like.
In this video, Vlad Langman, L3 Engineering Manager, discusses best practices for upgrading to Guardium 11.
IBM Security Guardium Patch Updates (GPUs) update the subversion of Guardium. It is common practice to install the latest GPU for both code fixes and feature/function enhancements.
In this lab, you upgrade a Central Manager appliance from subversion 11.0 to version 11.1 by first installing the Health Check Patch p9999 and then installing GPU p100.
The correct approach for upgrading IBM Security Guardium depends on multiple factors, which include the version you are upgrading from, the hardware of your system, and any special partitioning requirements you might have. A common way to upgrade Guardium to the latest version is the upgrade patch method. Use an upgrade patch to upgrade all systems in a managed environment. The upgrade patch preserves all data and configurations with the exception of user interface (UI) customizations due to a new UI architecture.
This intermediate level guide discusses the default user roles in Guardium. Students learn the purpose of each role, the applications that the role has access to, and what the default user desktop that is associated with the role looks like.
In this course, targeted for Guardium administrators, you'll learn about Severity 1 problems when the Database or Database Server might be effected, and be provided key troubleshooting recommendations and information to gather if necessary.
The central reporting of activity of database activity monitoring systems is measured against the problem of huge amounts of data and the necessity of long data retention that is enforced by regulations, and correct identification of anomalies in user behavior through quantitative analysis.
IBM Security Guardium Insights (GI) is a response to these needs and is designed as a container service implementable in both private and public clouds. The following procedures bring together the various installation and configuration steps to install Guardium Insights. The process is divided into five main tasks:
- System requirements
- Red Hat setup
- OpenShift installation
- IBM Cloud Private installation
- Guardium Insights installation
The correct approach for upgrading Guardium depends on multiple factors, which include the version you are upgrading from, the hardware of your system, and any special partitioning requirements you might have. A common way to upgrade Guardium to the latest version is the upgrade patch method. Use an upgrade patch to upgrade all systems in a managed environment. The upgrade patch preserves all data and configurations with the exception of UI customizations due to a new UI architecture.
In this course, you learn how to plan a Guardium 11 upgrade, how to install the upgrade patch, and how to troubleshoot common installation failures.
Most organizations use the software offering to deploy Guardium because they can take advantage of virtualization. The Guardium Virtual Machine (VM) is a software-only solution that you install on a host hypervisor machine such as VMware ESXI server.
In this lab you create a virtual machine, install the Guardium image, and perform basic configuration steps to connect the appliance to the network.
Author: Franklin Almonte
Guardium 10.1.4 includes a new group builder application that provides powerful tools you can use to add users to a group and review which resources use a given group. In this course, you learn to how to build and populate Guardium groups.
In this video, you learn about the Windows S-TAP debug log changes that were implemented in Guardium versions 10 to 11.
The information in this Open Mic will help keep you out of trouble and possibly rescue you in the case of full appliance issues.
- First Response
- Getting to Root Cause
- Questions & Answers
In the follow-up to the Open Mic, John spends time answering audience questions on that and other topics.
- Reboot the appliance
- Issues with fixes
- The Discovery engine
- High CPU
Updating your Guardium environment is an important part of maintaining your site, and can provide new features and enhancements as well as fixing bugs. In this video series, you learn how to download a Guardium patch from IBM Fix Central and upload patch files to your Guardium environment.
In this video, you will learn how IBM Guardium supports monitoring capabilities for Database as a Service (DBaaS) and containerized databases, offering a consistent approach to data protection for on-premise and cloud environments.
In this course, you learn how to monitor your Guardium environment with system alerts. You will see how to set up the Inactive S-TAPs Since alert.
In this Open Mic, you learn about how Outlier Detection works. You also learn about the Learning and Analysis phases, how to configure Outlier Detection, and how to interpret the Outlier results.
In Guardium, when a database user name in a report is blank, the cause should be investigated by the Guardium administrator. In this course, you will learn various causes and solutions for missing DB USER information, illustrated with specific examples.
|Appliance patch levels
||Auto stop services
|Purge periods||Policy tuning
||Database percent used
|Top database tables
||Aggregation / archive logs
|Disk & Database Health Analyzer
- Identify symptoms that indicate the Guardium database is getting full
- Describe possible reasons the database utilization increases
- Navigate through decision points to determine how to take preventive or corrective action
- Troubleshoot based on the scenario you are experiencing
- Prepare the required information to present to Guardium Technical Support, if needed
Load balancing automatically allocates managed units to S-TAP agents
when new S-TAPs are installed and during fail-over when a managed unit
is unavailable. The load balancing application also dynamically
re-balances loaded or busy managed units by relocating S-TAP agents to
less-loaded managed units. These topics are discussed in this Open Mic.
In this video, you will learn about some major performance improvements and stability improvements in the Guardium Windows S-TAP V10 series.
New in IBM Guardium 10.6, alerts are sent when the system predicts that a
DB size or files on disk (/var) will reach 50% in the next 14 days.
Alerts detail the predicted size and the largest tables or files. Alerts
are also shown in the deployment health dashboard of the central
manager. In this course, you will see a quick overview of this feature
and then a deeper dive into the function and its architecture.
This Open Mic covered different aspects of IBM Guardium certificates,
including the prerequisite for installing certificates, how to create
request certificates, converting certificates in the format that
Guardium supports, and the hierarchy of certificates.
In this Open Mic video, Avi Walerius from Guardium Technical Support
discusses different aspects of appliance patches: differences between
patch types, advice on the health check patch, and best practices for
installing GPU patches.
In this video, you will learn some tips and tricks for keeping your Windows S-TAP up and running with fewer issues. You will investigate the following parameters and settings:
- SOFTWARE_TAP_HOST or TAP_IP
The Guardium Installation Manager (GIM) allows you to install, upgrade, and manage agents on individual servers or groups of servers. In this course, you will learn about GIM deployment and usage, and includes GIM reports, registration and authentication, and troubleshooting. This is Part 2 of a two-part series.
In Guardium, you may have a situation where the database user name in a report is blank, or there is a question mark, or may be a string of random characters. In this course, you will learn how to import the new missing DB user dashboard and use it to troubleshoot and take actions to resolve the problem.
The Guardium Installation Manager (GIM) allows you to install, upgrade, and manage agents on individual servers or groups of servers. In this course, you will learn about GIM Agent installation planning, installation steps and validation, and installation troubleshooting. This is Part 1 of a two-part series.
In this video, you learn how to enable IP-to-Hostname alias mapping.
In this video, you learn how to configure the Guardium archive.
Regular upkeep of your data security environment is required to keep the system aligned with the ever-changing IT environment, including new data servers, new uses of sensitive data, new users, and new applications. Organizations that use IBM Guardium for data security and compliance can take advantage of a rich set of APIs to automate processes and maintain the system in a more efficient manner.
In this course, you learn how Guardium APIs can speed deployment and automate repetitive tasks such as creating a datasource, updating users, and modifying groups.
The lab environment reflects Guardium 10.5.
Guardium S-TAP is a lightweight software agent installed on database servers. S-TAP agents collect the data that are used by traffic reports, alerts, and visualizations. S-TAP agents also enact certain policy rules.
In this lab, you install the S-TAP agent on a database server using the Guardium Installation Manager (GIM) and Guardium GUI.
During this Open Mic session, Carolina Leme from Guardium Level 2 support discusses user management and roles and responsibilities. The bookmarks in the video will take you to the following topics:
- Administrator responsibilities
- Root user
- GUI users
- CLI access
- Roles and permissions
This IBM Guardium Open Mic discusses the following topics:
- How to tell if KTAP will install directly on a kernel version? (i.e how to use ktaposmatch)
- Options to build KTAP for unlisted kernel versions (flex_loading, and custom ktap build), including examples of each case, with GIM and non-GIM installs.
IBM Guardium 10.1.4 introduces the capability for all managed units, agents, and clients to communicate by using Transport Layer Security (TLS) Protocol version 1.2. This capability enhances security in your data center.
In this series of three videos, you learn how to enable TLS1.2 in your IBM Guardium environment.
Duration: 15 minutes
This video provides an example of installing a Guardium GPU patch; highlighting good practices and tips for the install.
This Guardium Open Mic discusses the usage of ATAP and EXIT. ATAP allows
interception of encrypted traffic at the database server application
level, and EXIT functionality makes it possible to intercept any traffic
while eliminating the need for loading the KTAP module into the kernel.
In this Guardium Open Mic, the following topics are discussed: Shared Secrets, ID's and Passwords, Ports and Firewalls, Backups and Archives, Supportability Options
This Open Mic discusses how to troubleshoot underlying problems causing you to receive Sniffer restart and High CPU correlation alerts.
New in IBM Security Guardium 11.3, the universal connector allows you to configure a connection from native database activity logs to the Guardium collector. This allows Guardium to monitor data sources such as cloud database implementations that are not suited to running an S-TAP agent. The Guardium Universal Connector includes support for MongoDB®, MySQL, and Amazon S3, requiring minimal configuration. Users can easily develop plug-ins for other data sources.
In this course, you learn to use the Guardium Universal Connector functionality to monitor activity from a MongoDB data source.
Guardium 10.x includes functionality you can use to monitor file activity. In this course, you view the discovery and classification capabilities of the file activity monitoring (FAM) tools and learn how to set up a blocking rule to prevent someone from deleting files in a directory and logs the attempt. You also learn how to create and install policies to monitor files.
IBM Guardium 10.1.4 has new functionality to protect Oracle 11 databases that reside on Amazon AWS. In this video series, you will learn how to discover cloud databases. Then you will see how to classify and audit sensitive objects.
S-TAP and K-TAP are Guardium components that can intercept database communications between clients and the database server. This course includes the following materials:
- Guardium: Linux S-TAP installation guidance
- Troubleshooting the Guardium S-TAP Verification Process
- How can a SLON capture be created on an InfoSphere Guardium Appliance
This course covers:
- How to capture must gathers from Guardium
- Collecting a guard_diag for a Guardium S-TAP installed on UNIX
- How to Upload Data to a Support Ticket (PMR)
- Using Guardium cli commands iptraf and tcpdump to troubleshoot network issues
Guardium processes large amounts of information about database access. In this video, you will learn to take steps to prevent your Guardium internal database filling up, troubleshoot when it is filling up and take action to reduce the space when needed.
This IBM Redbooks® publication provides a guide for deploying the Guardium solutions.
This book also provides a roadmap process for implementing an InfoSphere Guardium solution that is based on years of experience and best practices that were collected from various Guardium experts. We describe planning, installation, configuration, monitoring, and administrating an InfoSphere Guardium environment. We also describe use cases and how InfoSphere Guardium integrates with other IBM products.
This resource helps your identify solutions to common installation failures or warnings
- Upload patch not recognized
- Installation stuck at "preparing to install patch" step
- Health Check patch warnings or failures
- Generic patch installation failures
- Patch installation stuck at certain step
- Guardium 11 upgrade issue
This video demonstrates the process of
deploying the Guardium external S-TAP on Amazon Web Services (AWS) Elastic Kubernetes Service (EKS) in order to monitor AWS cloud databases
In this video, Leila Johannesen demonstrates a new feature in Guardium
11.2 that allows customers to compare a list of databases with the
databases that are known to Guardium.
This session from Virtual Master Skills University 2020 focuses on how Guardium Data Protection enables flexibility and choice by offering agent-based and agent-less approaches to monitoring database activities. The session highlights benefits, use cases and considerations for each approach so that organizations can make the right choice(s) for securing their data assets.
In This session from Virtual Master Skills University 2020, Prasad Bandaru covers architecture, as well as the product components, current architecture, deployment considerations, sizing, load balancing, agents , and automation.
In this session from Virtual Master Skills University, Yosef Rozenblit reviews lessons learned and talks about the data protection elements that every deployment must have configured.
GIM and S-TAP installation are common but complex tasks. In this session from Virtual Master Skills University, Avi Walerius covers GIM and S-TAP installation, how to investigate issues, leverage the S-TAP dashboard (from 11.2), and ensure installation is successful.
In this session from Virtual Master Skills University 2020, Vinay Vijayadharan shares advanced tips about what administrators need to watch out for and manage.
- Data-centric security approach
- Partnership with STEALTHbits
- Data Protection for Files, NAS, and SharePoint
- File Discovery, Entitlement, and Classification (FDEC)
- File Activity Monitoring (FAM)
In this video, you will see how to check available disk space in Guardium. This is
important information to have to prevent database full issues.
In this video, you learn how to check the Guardium purge period. This is important information in helping to prevent database full issues.
In this video, you see how to check that the latest Guardium GPU patch
is installed. This is an important task and can be particularly helpful
in preventing database full issues.
In this video, you will see how to check the Aggregation/Archive log for errors. This could be particularly helpful in preventing database full issues.
In this video, you will see how to set Guardium notifications to alert you when your database reaches a specified threshold. This is particularly useful in preventing database full issues.
In this video, you will see how to check Guardium database usage and how much data is in the top tables. This is critical information to prevent database full issues.
In this video, you see how to check the Guardium policy for actions that can fill the database. This is an important step in preventing database full issues.
In this video, you will see how to use Guardium reports to show how data is spread across tables and across time. This is important information to help prevent database full issues.
In this video, you will see how to check and turn auto_stop_services on in Guardium. This is important to help prevent database full issues.
IBM Security Guardium uses data activity monitoring, file activity monitoring, and vulnerability assessment to help ensure the security, privacy, and integrity of your data. Guardium can be deployed on various cloud environments, including Amazon AWS EC2, Microsoft Azure, Google, IBM Cloud, and Oracle Cloud Infrastructure. The following guides provide instructions that you can use to deploy a Guardium instance in a specific cloud.
This course covers five enhancements for Guardium Deployment Health available in the version 11.3 release.
IBM Security Guardium provides deployment health tools to help you visualize and gather information about problems that affect the central manager, collectors, aggregators, S-TAP and GIM agents, and inspection engines.
Different tools provide different views into the health of your Guardium deployment. Some tools, such as the Deployment Health topology view, show the data flow relationships between various components. Others, such as the Deployment Health table, provide insight into issues that affect numerous components across your deployment. Others, such as the Deployment Health dashboard provides charts that summarize data and allow you to drill down to explore issues in greater detail.
In this lab, you explore various Guardium deployment health tools. You search for common issues, such as resource availability, a problem with K-TAP loading, changes in S-TAP agents and inspection engines, or with version control of GIM and S-TAP agents.