Deployment & Administration

This category includes courses that help to deploy and administer Guardium.

Deployment & Administration Courses:

Updating Guardium from 11.0 to 11.1

IBM Security Guardium Patch Updates (GPUs) update the subversion of Guardium. It is common practice to install the latest GPU for both code fixes and feature/function enhancements.

In this lab, you upgrade a Central Manager appliance from subversion 11.0 to version 11.1 by first installing the Health Check Patch p9999 and then installing GPU p100.

Upgrading Guardium from 10.6 to 11.0

The correct approach for upgrading IBM Security Guardium depends on multiple factors, which include the version you are upgrading from, the hardware of your system, and any special partitioning requirements you might have. A common way to upgrade Guardium to the latest version is the upgrade patch method. Use an upgrade patch to upgrade all systems in a managed environment. The upgrade patch preserves all data and configurations with the exception of user interface (UI) customizations due to a new UI architecture.

In this lab, you upgrade a Central Manager appliance from version 10.6 to version 11.0 by first installing the Health Check Patch p9998 and then installing upgrade patch p11001. Along the way, you encounter a couple of common error conditions that you must remediate in order to perform a successful upgrade.

Deploying the Guardium virtual appliance

Guardium is available as a hardware and software offering. The hardware offering is a physical appliance that is fully configured by IBM. The software offering consists of software images that are deployed on customer hardware directly or as virtual machines.

Most organizations use the software offering to deploy Guardium because they can take advantage of virtualization. The Guardium Virtual Machine (VM) is a software-only solution that you install on a host hypervisor machine such as VMware ESXI server.

In this lab you create a virtual machine, install the Guardium image, and perform basic configuration steps to connect the appliance to the network.

Author: Franklin Almonte

Creating and populating Guardium groups

Guardium 10.1.4 includes a new group builder application that  provides powerful tools you can use to add users to a group  and review  which resources use a given group. In this course, you learn to how to build and populate Guardium groups.

Louis Fuka

Using IBM Guardium APIs to Speed Deployment and Automate Repetitive Tasks

Regular upkeep of your data security environment is required to keep the system aligned with the ever-changing IT environment, including new data servers, new uses of sensitive data, new users, and new applications. Organizations that use IBM Guardium for data security and compliance can take advantage of a rich set of APIs to automate processes and maintain the system in a more efficient manner. 

In this course, you learn how Guardium APIs can speed deployment and automate repetitive tasks such as creating a datasource, updating users, and modifying groups.

The lab environment reflects Guardium 10.5.

Franklin Almonte

Deploying the Guardium S-TAP Agent

Guardium S-TAP is a lightweight software agent installed on database servers. S-TAP agents collect the data that are used by traffic reports, alerts, and visualizations. S-TAP agents also enact certain policy rules.

In this lab, you install the S-TAP agent on a database server using the Guardium Installation Manager (GIM) and Guardium GUI.

Configuring the Guardium Universal Connector for MongoDB

New in IBM Security Guardium 11.3, the universal connector allows you to configure a connection from native database activity logs to the Guardium collector. This allows Guardium to monitor data sources such as cloud database implementations that are not suited to running an S-TAP agent.  The Guardium Universal Connector includes support for MongoDB®, MySQL, and Amazon S3, requiring minimal configuration. Users can easily develop plug-ins for other data sources.

In this course, you learn to use the Guardium Universal Connector functionality to monitor activity from a MongoDB data source. 

Using Guardium health tools

IBM Security Guardium provides deployment health tools to help you visualize and gather information about problems that affect the central manager, collectors, aggregators, S-TAP and GIM agents, and inspection engines. 

Different tools provide different views into the health of your Guardium deployment. Some tools, such as the Deployment Health topology view, show the data flow relationships between various components. Others, such as the Deployment Health table, provide insight into issues that affect numerous components across your deployment. Others, such as the Deployment Health dashboard provides charts that summarize data and allow you to drill down to explore issues in greater detail.

In this lab, you explore various Guardium deployment health tools. You search for common issues, such as resource availability, a problem with K-TAP loading, changes in S-TAP agents and inspection engines, or with version control of GIM and S-TAP agents.