GIM video guideline

This video covers Guardium Installation Manager installation, configuration and administration.

Chapters timeline:

  1. Introduction 0’00”
  2. GIM installation 3’14”
  3. GIM self-upgrade 7’36”
  4. GIM deinstallation 12’07”
  5. GIM failover configuration 13’42”
  6. GIM deinstallation from data node 17’09”
  7. GIM in listener mode 18’14”
  8. GIM listener discovery and group activation 20’41”
  9. GIM reconfiguration 23’46”
  10. GIM report and GRDAPI calls 27’19”
  11. GIM Authentication 34’12”
  12. Installation with auto_set_tapip 42’35”
  13. Modules management 44’03”
  14. GIM on Windows 47’30”
  15. GIM troubleshooting  – network problems 53’52”
  16. GIM troubleshooting – GIM restart 54’37”
  17. GIM troubleshooting – configuration file modification 55’12”
  18. GIM troubleshooting – central log 57’03”
  19. GIM troubleshooting – managing standalone STAP installation by GIM 59’13”
  20. GIM troubleshooting – global parameters 63’00”
  21. GIM troubleshooting – process respawn 64’19”
  22. GIM troubleshooting – IP-PR status 66’26”
  23. Dynamic groups in GIM – 67’45”

Link: https://youtu.be/OSJnIXO-Kew

Summary:

GIM is very useful service. Eases Guardium implementation, administration and has effect of lowering TCO. It is implemented secure way in Client-Server architecture.

Some portal places wait for rebuilding to use new framework – module parameters settings especially.

Resources:

Guardium definitions – GIM reports (Clients Status and Installed Modules) with assigned GRDAPI functions and mapped attributes, GIM Dashboard (All 4 important reports together, refer to reports attached as first position)

Network ports list used in the Guardium communication – http://www.ibm.com/support/docview.wss?uid=swg21973188

GIM module states (Querying module states) – http://www.ibm.com/support/knowledgecenter/SSMPHH_10.1.0/com.ibm.guardium.doc.stap/gim/gim_cli.html

Using sudo during GIM installation – http://www-01.ibm.com/support/docview.wss?uid=swg21984662

Agent convention naming – http://www-01.ibm.com/support/docview.wss?uid=swg21698858

Operating system upgrade – http://www-01.ibm.com/support/docview.wss?uid=swg21679002

How To Install GIM Client On Unix Server? – http://www-01.ibm.com/support/docview.wss?uid=swg21991742

Uninstall Guardium UNIX S-TAP and GIM manually – http://www-01.ibm.com/support/docview.wss?uid=swg21982923

GIM Server Allocation – http://www.ibm.com/support/docview.wss?uid=swg27049424

Limitations:

GIM is not available on z/OS (zLinux is supported) and iSeries (aka AS/400).

Hidden reporting domains, no possibility to modify reports and create alerts based on it.

Remarks:

USING SUDO

I am using sudo to install GIM – the sudoers file configuration is not a part of Guardium.

MODULE UNINSTALLATION BY GRDAPI

We have 2 GRDAPI commands responsible for module uninstallation:

gim_uninstall_module – allows remove pointed module in define date on clientIP

If date is omitted the module is set for deinstallation but second command can initiate it – gim_schedule_uninstall – in defined date

Add-On’s

It is also possible the installation of STAP from command line with self-registration in GIM service. This article describes it and assumes that GIM client has been installed and registered before – http://www.ibm.com/support/docview.wss?uid=swg21998933

 

 

Appliance installation and configuration video guideline

This video contains set of appliance (collector, aggregator) installation scenarios and covers Guardium configuration in standalone and enterprise architecture.

I would not like to split it to many small parts so the specific tasks are pointed below with time:

  • Introduction – 0’00”
  • VM Template – 2’47”
  • Simple collector installation – 4’38”
  • Installer boot options – 8’05”
  • Appliance with software disk encryption – 9’36”
  • Appliance with software RAID – 12’20”
  • Simple aggregator installation – 15’44”
  • Basic network configuration – 16’38”
  • Time and timezone configuration – 20’03”
  • Hostname and domainname setup – 21’50”
  • VMWare tools installation – 22’58”
  • License installation in standalone configuration – 24’41”
  • Personal administration account creation – 28’20”
  • Manual appliance patching – 30’49”
  • Central Manager configuration – 40’22”
  • License installation on CM – 41’50”
  • CM backup configuration – 43’48”
  • Shared Secret – 45’31”
  • Unit registration – 46’36”
  • Remote patching from Central Manager – 48’11”
  • Summary – 52’18”

If are you looking for guidelines in other areas leave me message.

Direct link: https://youtu.be/dU_PDZ2g9mg

Appendix:

  • On hardware appliances (delivered by IBM) the default passwords are changed from “guardium” to mentioned in this technote (added 17-01-2017)
  • The largest disk space manageable by appliance is 16 TB (added 27-01-2017)