Deployment & Administration

This category includes courses that help to deploy and administer Guardium.

Deployment & Administration Courses:

How to install GUI certificates in Guardium

This course contains a step by step guide for installing a Guardium GUI certificate signed by an internal organization certificate authority.


Guardium auto create inspection engines

In this video, Guardium expert Glenn Weidner demonstrates enhancements to Guardium 11.2 auto create inspection engines, including scheduler user interface, rules results report, report only mode, and alerts.

Guardium sample roles

In IBM Security Guardium, you use roles to grant access to Guardium resources, applications, and accelerators. This guide discusses the sample user roles such as Basel II, PCI, SOX, and GDPR to name a few. For each role, you learn the purpose of the role, the applications that the role has access to, and what the default user desktop that is associated with the role looks like.

Upgrading to Guardium 11

In this video, Vlad Langman, L3 Engineering Manager, discusses best practices for upgrading to Guardium 11.

Updating Guardium from 11.0 to 11.1

IBM Security Guardium Patch Updates (GPUs) update the subversion of Guardium. It is common practice to install the latest GPU for both code fixes and feature/function enhancements.

In this lab, you upgrade a Central Manager appliance from subversion 11.0 to version 11.1 by first installing the Health Check Patch p9999 and then installing GPU p100.

Upgrading Guardium from 10.6 to 11.0

The correct approach for upgrading IBM Security Guardium depends on multiple factors, which include the version you are upgrading from, the hardware of your system, and any special partitioning requirements you might have. A common way to upgrade Guardium to the latest version is the upgrade patch method. Use an upgrade patch to upgrade all systems in a managed environment. The upgrade patch preserves all data and configurations with the exception of user interface (UI) customizations due to a new UI architecture.


In this lab, you upgrade a Central Manager appliance from version 10.6 to version 11.0 by first installing the Health Check Patch p9998 and then installing upgrade patch p11001. Along the way, you encounter a couple of common error conditions that you must remediate in order to perform a successful upgrade.

Guardium default roles

This intermediate level guide discusses the default  user roles in Guardium. Students learn the purpose of each role, the applications that the role has access to, and what the default user desktop that is associated with the role looks like.

Troubleshooting Guardium S-TAP Severity 1 issues

In this course, targeted for Guardium administrators, you'll learn about Severity 1 problems when the Database or Database Server might be effected, and be provided key troubleshooting recommendations and information to gather if necessary.

Guardium Insights Installation Cookbook

The central reporting of activity of database activity monitoring systems is measured against the problem of huge amounts of data and the necessity of long data retention that is enforced by regulations, and correct identification of anomalies in user behavior through quantitative analysis.

IBM Security Guardium Insights (GI) is a response to these needs and is designed as a container service implementable in both private and public clouds. The following procedures bring together the various installation and configuration steps to install Guardium Insights. The process is divided into five main tasks:

  • System requirements
  • Red Hat setup
  • OpenShift installation
  • IBM Cloud Private installation
  • Guardium Insights installation

Upgrading a Guardium appliance to version 11.0

The correct approach for upgrading Guardium depends on multiple factors, which include the version you are upgrading from, the hardware of your system, and any special partitioning requirements you might have. A common way to upgrade Guardium to the latest version is the upgrade patch method. Use an upgrade patch to upgrade all systems in a managed environment. The upgrade patch preserves all data and configurations with the exception of UI customizations due to a new UI architecture.

In this course, you learn how to plan a Guardium 11 upgrade, how to install the upgrade patch, and how to troubleshoot common installation failures.

Franklin Almonte

Deploying the Guardium virtual appliance

Guardium is available as a hardware and software offering. The hardware offering is a physical appliance that is fully configured by IBM. The software offering consists of software images that are deployed on customer hardware directly or as virtual machines.

Most organizations use the software offering to deploy Guardium because they can take advantage of virtualization. The Guardium Virtual Machine (VM) is a software-only solution that you install on a host hypervisor machine such as VMware ESXI server.

In this lab you create a virtual machine, install the Guardium image, and perform basic configuration steps to connect the appliance to the network.


Author: Franklin Almonte

Creating and populating Guardium groups

Guardium 10.1.4 includes a new group builder application that  provides powerful tools you can use to add users to a group  and review  which resources use a given group. In this course, you learn to how to build and populate Guardium groups.

Louis Fuka

Windows S-TAP debug log changes from Guardium v10 to v11

In this video, you learn about the Windows S-TAP debug log changes that were implemented in Guardium versions 10 to 11.

Guardium Full Appliance Issues - Detection, Root Cause, and Remediation

The information in this Open Mic will help keep you out of trouble and possibly rescue you in the case of full appliance issues.

Agenda:

  • Introduction
  • Detection
  • First Response
  • Getting to Root Cause
  • Questions & Answers

In the follow-up to the Open Mic, John spends time answering audience questions on that and other topics.

  • Reboot the appliance
  • Issues with fixes
  • Vulnerabilities
  • The Discovery engine
  • High CPU

How to download a Guardium patch

Updating your Guardium environment is an important part of maintaining your site, and can provide new features and enhancements as well as fixing bugs. In this video series, you learn how to download a Guardium patch from IBM Fix Central and upload patch files to your Guardium environment.

Guardium external S-TAP overview

In this video, you will learn how IBM Guardium supports monitoring capabilities for Database as a Service (DBaaS) and containerized databases, offering a consistent approach to data protection for on-premise and cloud environments.

Use system alerts to monitor your Guardium environment

In this course, you learn how to monitor your Guardium environment with system alerts. You will see how to set up the Inactive S-TAPs Since alert.

The Case of the Missing Guardium DB Users

In Guardium, when a database user name in a report is blank, the cause should be investigated by the Guardium administrator.  In this course, you will learn various causes and solutions for missing DB USER information, illustrated with specific examples. 

IBM Guardium alerts: Database full troubleshooting

If the IBM Guardium database utilization reaches capacity, this is a critical situation and operations will fail.  There are many reasons why this could happen, and it is important to review these causes to prevent this problem. It is also imperative that you are alerted when there is a problem.

This course is a troubleshooting tool.  Depending on your situation, you will choose to take preventive steps to maintain the health of your Guardium environment and prevent this issue, or if you are experiencing symptoms your database is getting full, you will be guided through troubleshooting steps.

Topics covered in this course:

Appliance patch levels      
Auto stop services  
Alert notifications
Purge periods Policy tuning
Database percent used           
Top database tables
Aggregation / archive logs                          
Reports
Disk & Database Health Analyzer                          
Collectors S-TAPs



Objectives

  • Identify symptoms that indicate the Guardium database is getting full
  • Describe possible reasons the database utilization increases
  • Navigate through decision points to determine how to take preventive or corrective action
  • Troubleshoot based on the scenario you are experiencing
  • Prepare the required information to present to Guardium Technical Support, if needed 

Guardium v10 Enterprise Load Balancing

Load balancing automatically allocates managed units to S-TAP agents when new S-TAPs are installed and during fail-over when a managed unit is unavailable. The load balancing application also dynamically re-balances loaded or busy managed units by relocating S-TAP agents to less-loaded managed units.  These topics are discussed in this Open Mic.

Guardium Windows S-TAP performance and stability improvements v10

In this video, you will learn about some major performance improvements and stability improvements in the Guardium Windows S-TAP V10 series.

Guardium disk and database health analyzer

New in IBM Guardium 10.6, alerts are sent when the system predicts that a DB size or files on disk (/var) will reach 50% in the next 14 days. Alerts detail the predicted size and the largest tables or files. Alerts are also shown in the deployment health dashboard of the central manager.  In this course, you will see a quick overview of this feature and then a deeper dive into the function and its architecture.

Working with Guardium Certificates

This Open Mic covered different aspects of IBM Guardium certificates, including the prerequisite for installing certificates, how to create request certificates, converting certificates in the format that Guardium supports, and the hierarchy of certificates.

Guardium appliance patching

In this Open Mic video, Avi Walerius from Guardium Technical Support discusses different aspects of appliance patches: differences between patch types, advice on the health check patch, and best practices for installing GPU patches.

Tips and tricks to keep Windows S-TAP healthy

In this video, you will learn some tips and tricks for keeping your Windows S-TAP up and running with fewer issues.  You will investigate the following parameters and settings:

  • USE_TLS=1
  • DB2_EXIT_DRIVER_INSTALLED
  • WFP_DRIVER_INSTALLED
  • SOFTWARE_TAP_HOST or TAP_IP
  • LOAD_BALANCER_IP
  • GUARD_TAP.INI
  • LHMON_DRIVER_INSTALLED
  • TAP_MIN_TIME_BEFOREFAILOVER
  • TAP_MIN_HEARTBEAT_INTERVAL

Guardium Installation Manager (GIM) Usage and Deployment Methods - Part 2

The Guardium Installation Manager (GIM) allows you to install, upgrade, and manage agents on individual servers or groups of servers.  In this course, you will learn about GIM deployment and usage, and includes GIM reports, registration and authentication, and troubleshooting.  This is Part 2 of a two-part series.

Troubleshooting Missing Guardium Database User Problems

In Guardium, you may have a situation where the database user name in a report is blank, or there is a question mark, or may be a string of random characters. In this course, you will learn how to import the new missing DB user dashboard and use it to troubleshoot and take actions to resolve the problem.

Guardium Installation Manager (GIM) Agent Installation - Part 1

The Guardium Installation Manager (GIM) allows you to install, upgrade, and manage agents on individual servers or groups of servers.  In this course, you will learn about GIM Agent installation planning, installation steps and validation, and installation troubleshooting.  This is Part 1 of a two-part series.

Enabling IP-to-Hostname Aliasing

In this video, you learn how to enable IP-to-Hostname alias mapping.

Archiving Guardium Data

In this video, you learn how to configure the Guardium archive.

Using IBM Guardium APIs to Speed Deployment and Automate Repetitive Tasks

Regular upkeep of your data security environment is required to keep the system aligned with the ever-changing IT environment, including new data servers, new uses of sensitive data, new users, and new applications. Organizations that use IBM Guardium for data security and compliance can take advantage of a rich set of APIs to automate processes and maintain the system in a more efficient manner. 

In this course, you learn how Guardium APIs can speed deployment and automate repetitive tasks such as creating a datasource, updating users, and modifying groups.

The lab environment reflects Guardium 10.5.

Franklin Almonte


Deploying the Guardium S-TAP Agent

Guardium S-TAP is a lightweight software agent installed on database servers. S-TAP agents collect the data that are used by traffic reports, alerts, and visualizations. S-TAP agents also enact certain policy rules.

In this lab, you install the S-TAP agent on a database server using the Guardium Installation Manager (GIM) and Guardium GUI.


Guardium User Management

During this Open Mic session, Carolina Leme from Guardium Level 2 support discusses user management and roles and responsibilities.  The bookmarks in the video will take you to the following topics:

  • Administrator responsibilities
  • Root user
  • GUI users
  • CLI access
  • Roles and permissions

Open Mic: How to Build Custom KTAP Linux STAP

This IBM Guardium Open Mic discusses the following topics:

  • How to tell if KTAP will install directly on a kernel version? (i.e how to use ktaposmatch)
  • Options to build KTAP for unlisted kernel versions (flex_loading, and custom ktap build), including examples of each case, with GIM and non-GIM installs.

Managing Transport Layer Security (TLS) Protocol Versions in Guardium

IBM Guardium 10.1.4 introduces the capability for all managed units, agents, and clients to communicate by using Transport Layer Security (TLS) Protocol version 1.2. This capability enhances security in your data center.

In this series of three videos, you learn how to enable TLS1.2 in your IBM Guardium environment.

Duration: 15 minutes


Dos and Don'ts of Guardium GPU patch installation

This video provides an example of installing a Guardium GPU patch; highlighting good practices and tips for the install.

Guardium ATAP & EXIT functionality for database traffic collection

This Guardium Open Mic discusses the usage of ATAP and EXIT. ATAP allows interception of encrypted traffic at the database server application level, and EXIT functionality makes it possible to intercept any traffic while eliminating the need for loading the KTAP module into the kernel.

Is Your Guardium Environment Secure & Supportable?

In this Guardium Open Mic, the following topics are discussed:  Shared Secrets, ID's and Passwords, Ports and Firewalls, Backups and Archives, Supportability Options

Guardium Tech Talk: Hints and tips for a successful v10 upgrade

During this Tech Talk, Guardium experts discuss hints and tips for a successful upgrade to v10

IBM Guardium: Sniffer restart & High CPU correlation alerts

This Open Mic discusses how to troubleshoot underlying problems causing you to receive Sniffer restart and High CPU correlation alerts.

File Activity Monitoring using Guardium

Guardium 10.x includes functionality you can use to monitor file activity. In this course, you view the discovery and classification capabilities of the file activity monitoring (FAM) tools and learn how to set up a blocking rule to prevent someone from deleting files in a directory and logs the attempt. You also learn how to create and install policies to monitor files.

Using IBM Guardium for Cloud database service protection

IBM Guardium 10.1.4 has new functionality to protect Oracle 11 databases that reside on Amazon AWS. In this video series, you will learn how to discover cloud databases. Then you will see how to classify and audit sensitive objects.

Installing and configuring S-TAP

S-TAP and K-TAP are Guardium components that can intercept database communications between clients and the database server. This course includes the following materials:

  • Guardium: Linux S-TAP installation guidance
  • Troubleshooting the Guardium S-TAP Verification Process
  • How can a SLON capture be created on an InfoSphere Guardium Appliance

IBM Guardium troubleshooting and Support

This course covers:

  • How to capture must gathers from Guardium
  • Collecting a guard_diag for a Guardium S-TAP installed on UNIX
  • How to Upload Data to a Support Ticket (PMR)
  • Using Guardium cli commands iptraf and tcpdump to troubleshoot network issues

Preventing and Reacting to Guardium Database Full Issues

Guardium processes large amounts of information about database access. In this video, you will learn to take steps to prevent your Guardium internal database filling up, troubleshoot when it is filling up and take action to reduce the space when needed.

Deployment Guide for InfoSphere Guardium

This IBM Redbooks® publication provides a guide for deploying the Guardium solutions.

This book also provides a roadmap process for implementing an InfoSphere Guardium solution that is based on years of experience and best practices that were collected from various Guardium experts. We describe planning, installation, configuration, monitoring, and administrating an InfoSphere Guardium environment. We also describe use cases and how InfoSphere Guardium integrates with other IBM products.

Troubleshooting Guardium installation

This resource helps your identify solutions to common installation failures or warnings

  • Upload patch not recognized
  •  Installation stuck at "preparing to install patch" step
  • Health Check patch warnings or failures
  • Generic patch installation failures
  • Patch installation stuck at certain step
  • Guardium 11 upgrade issue
In addition, you can use this resources to identify what data to collect and review to troubleshoot general installation failures. This includes installation must gather, relevant log files for review, and how to manually collect data if the appliance is in recovery mode.
Franklin Almonte

Deploying the external S-TAP on AWS EKS using the Guardium UI

This video demonstrates the process of deploying the Guardium external S-TAP on Amazon Web Services (AWS) Elastic Kubernetes Service (EKS) in order to monitor AWS cloud databases with Guardium.


Guardium asset reconciliation

In this video, Leila Johannesen demonstrates a new feature in Guardium 11.2 that allows customers to compare a list of databases with the databases that are known to Guardium.

Guardium: Different data collection methods for different use cases

This session from Virtual Master Skills University 2020 focuses on how Guardium Data Protection enables flexibility and choice by offering agent-based and agent-less approaches to monitoring database activities. The session highlights benefits, use cases and considerations for each approach so that organizations can make the right choice(s) for securing their data assets.

IBM Guardium Architecture, Deployment, Automation

In This session from Virtual Master Skills University 2020, Prasad Bandaru covers architecture, as well as the product components, current architecture, deployment considerations, sizing, load balancing, agents , and automation.


IBM Guardium Data Protection

In this session from Virtual Master Skills University, Yosef Rozenblit reviews lessons learned and talks about the data protection elements that every deployment must have configured.

GIM and S-TAP Installation Assistance

GIM and S-TAP installation are common but complex tasks. In this session from Virtual Master Skills University, Avi Walerius covers GIM and S-TAP installation, how to investigate issues, leverage the S-TAP dashboard (from 11.2), and ensure installation is successful.

IBM Guardium Administration and Performance

In this session from Virtual Master Skills University 2020,  Vinay Vijayadharan shares advanced tips about what administrators need to watch out for and manage.

IBM Guardium Data Protection for Files, NAS, and SharePoint

IBM Guardium Data Protection for Files discovers and classifies unstructured sensitive file repositories on various platforms, including Network Attached Storage (NAS) and Microsoft SharePoint. These videos cover:
  • Data-centric security approach
  • Partnership with STEALTHbits
  • Data Protection for Files, NAS, and SharePoint
  •  File Discovery, Entitlement, and Classification (FDEC)
  • File Activity Monitoring (FAM)

How to check available disk space

In this video, you will see how to check available disk space in Guardium. This is important information to have to prevent database full issues.

How to check Guardium purge period

In this video, you learn how to check the Guardium purge period.  This is important information in helping to prevent database full issues.

How to check that the latest Guardium GPU patch is installed

In this video, you see how to check that the latest Guardium GPU patch is installed.  This is an important task and can be particularly helpful in preventing database full issues.

How to check the Guardium Aggregation/Archive Log

In this video, you will see how to check the Aggregation/Archive log for errors.  This could be particularly helpful in preventing database full issues.

How to set Guardium alert notificatons

In this video, you will see how to set Guardium notifications to alert you when your database reaches a specified threshold.  This is particularly useful in preventing database full issues.

How to check Guardium database usage and top tables

In this video, you will see how to check Guardium database usage and how much data is in the top tables.  This is critical information to prevent database full issues.

How to check the Guardium policy for actions that fill the database

In this video, you see how to check the Guardium policy for actions that can fill the database.  This is an important step in preventing database full issues.

How to use Guardium reports to see how data is spread across tables

In this video, you will see how to use Guardium reports to show how data is spread across tables and across time.  This is important information to help prevent database full issues.

How to check Guardium auto_stop_services

In this video, you will see how to check and turn auto_stop_services on in Guardium.  This is important to help prevent database full issues.