Professional Documents
Culture Documents
Contents
Requirements
Hardware
Software
• For TEC Centers: Software required to run the VM images: VMware Workstation.
• For IBMers running the images in their own laptop: if you don’t have a VMWare workstation
license, alternatives are:
• VMware player version (free version): This is a “bare bones” version of the VM Ware
workstation. It does not allow you to take snapshots and the network configuration is
different than described in this document.
• Alternatively you can also use a 30 days trial version of the VMWare Workstation.
• Minimum VMware version is 8.X.
• Windows 7
• Adobe Reader
• Mozilla Firefox
• FileZilla and 7zip to download and extract the images. These open source tools are
available via the IBM Open Community.
Select the first zip file of the image. For example: V10p8_Collector.7z.001 to Extract. All other
files that are part of this image will be extracted automatically.
• Note: you can remove the compressed images after you uncompressed and ran a few tests.
Connectivity Requirements
• A dynamic IP address is used in the VM to allow the user to access the internet as needed.
• The VM network setting is set to NAT.
• The host workstation does not need to be on the network.
• A Network Time Protocol (NTP) Server must be configured as follows:
• Workstation with VMware images must be running ntp server service
• PoT_V10_DB_Server image is configured to reference an ntp server at 10.10.9.240
• VMnet8 (NAT) network adapter on workstation should be set to 10.10.9.240
Detailed steps:
__1. Select Virtual Network Editor from the Edit pull down menu:
__2. You will see this editor. Select the VMNet8 adapter and set Subnet IP to 10.10.9.0 and Subnet
mask to 255.255.255.0
__6. Enter or validate these values then select OK. The gateway address must be as shown in since
the hosts are set to expect the Gateway at the IP shown.
__3. Select VMware network Adapter VMnet8 , right click and select Properties.
__5. Set the values as below, click Ok and close the window.
__6. You can also check this from the DOS prompt type: ipconfig
Windows IP Configuration
Ethernet adapter VMware Network Adapter VMnet8:
1. Upgrade the hardware version of your virtual machine to improve performance by increasing the
memory limit and the number of processors. This will enable the Quick Search functionality in
Guardium.
a. Verify that you have the latest version of VMware tools are installed.
e. Under Advanced options, select a hardware version from the Use Hardware Version
drop-down menu to upgrade to hardware version 12 and Apply.
i. Start VMware Fusion and select the Collector VM and click Settings.
j. Select Processors & Memory and change to 4 cores and 25000 MB.
l. Under Internet Sharing select the radio button to Share with my Mac.
m. Repeat the changes for the Network Adapter on the DBServer image.
To startup the Appliance VM you just unzipped, find the .vmx file, which is the VMware Virtual Machine
Configuration file. Double click on the icon for that file. This is one way to start the VMware Workstation
program. The VMware Workstation application will appear. Power up or resume the Appliance VM from
the Summary View. Right click on the VM tab and Select Add to Favorites to add this VM to the
VMware Workstation Favorites.
On First Startup of your VMware image, you MAY see the question:
Did you Move this VM or was it Copied.
For these labs, at first startup, a VMware image alert box may ask if this VM was Moved or Copied.
Always select the “I moved it” Radio Button. This will prevent VMware from automatically creating
new MAC addresses which will not allow the appliance license to be validated.
PoT_V10_Appliance image snapshot set to default state – “V10 PoT – Lab Start”:
__4. Repeat the same process for the PoT_V10_DB_Server image. Set the snapshot to state – “V10
PoT – Lab Start”
__1. Once the appliance login appears on the VMware Workstation Console View,
Login with user cli, password guardium on the IBM Security™ Guardium® appliance command
line.
If these commands execute successfully, you can proceed to verifying that the Database Server VM can
communicate with the Guardium Appliance VM.
__1. To startup the Database Server VM you just unzipped, find the .vmx file, which is the VMware
Virtual Machine Configuration file.
__2. Double click on the icon for that file. This is one way to start the VMware Workstation program.
The VMware Workstation application will appear with the tab for the Database Server VM. Power
up or resume the Database Server VM from the Summary View. Right click on the VM tab and
Select Add to Favorites to add this VM to the VMware Workstation Favorites.
On First Startup of your VMware image you MAY see the question:
Did you Move this VM or was it Copied.
For these labs, at first startup, a VMware image alert box may ask if this VM was Moved or Copied.
Always select the “I moved it” Radio Button. This will prevent VMware from automatically creating
new MAC addresses.
1. On the Database Server VM login with the root user and use password 'guardium'.
2. First, let’s verify that the IP address of the Database Server VM is 10.10.9.56. Issue the
command ifconfig and check that this is the address.
3. Let us now start the the database processes. Run the following script ./startdb_all.sh
Verify that the Collector and DB Server timestamps are the same
2. Login to the machine using the username 'cli' and the password 'guardium'.
3. Let us verify that the IP address of this Guardium appliance is 10.10.9.239. Issue the command
show network interface all and verify that this is the IP that is set.
4. We must now verify communication between the Database Server VM and the Guardium
Appliance VM. Issue the command ping 10.10.9.56 to see if the Guardium appliance can talk to
the Database Server.
5. Issue the command show system clock all to see what the day and time is. The date and time
on both VMs should be about the same. Note that synchronous time between both VMs is critical
to the success of the lab.
6. Switch to the DB Server VM and check the timestamp with the command date:
7. If the system clock or timezone in the appliance does not match the one in the DB Server image,
change the sys clock in the Guardium appliance with the command:
8. After changing the Guardium collector timestamp, run the command restart gui. Type Y to the
prompt.
9. Optional: Change the timezone of the VMs. Use the command first with the list option to display
all time zones. Then enter the command a second time with the appropriate zone.
DB Server Image
For more information on the database instances installed on the DB Server image, like credentials and
commands for each database, refer to the V10 POT DB Server Primer document.
Application Version Auto DB Start OS User
Informix Database
11.70 No informix
Server
MySQL Database
5.6.10 No mysql
Server
Oracle Database
11.2.0.2.0 Yes oracle
Server
Sybase Database
15.7 No sybase
Server
__2. Launch your browser (such as Firefox) from your Lab workstation to connect to the IBM
Security® Guardium® GUI web server.
Snapshots
Lab Start
This snapshot contains all the Guardium components (CAS, GIM, STAP, FAM) “uploaded” into the
appliance, ready to the imported and installed in the DB server.
The Installation and Configuration Lab will guide you thru all the steps for the installation of the Guardium
components.
Use the Lab Start snapshot if you want to do the Install Lab or FAM Discovery Lab_Start. If you are not
running the Install Lab, you should use the Demo Snapshot.
Demo Mode
In this snapshot, all the Guardium components (CAS, GIM, STAP and FAM) are already installed. You
can run all the other labs in this Snapshot, with the exception of Install and FAM Discovery Labs.
This snapshot contains data that can be displayed in several Standard pre-defined Guardium reports.
Look at the Standards report lab for a list of such reports.
Data for the Demo Mode snapshot was generated on March 7, 2016. Make sure you adjust the run time
parameter of the reports to 03/07/2016 00:00:00 to March 8 or to today’s date (‘NOW’).
Quick Search is available with demo data. In the time period drop down box, click on Specify to change
the time frame to display data:
Instructor guide
This proof of technology is designed to be self-paced. The PoT contains:
• Setup and Instructor Guide (this document)
• A presentation for each of the 19 Labs
• A hands-on laboratory workbook for each Lab.
• You need approximately 2 days to cover all the Labs. If your PoT is just for one day, you
should choose up to 10 Labs from the list below.
• Refer to the 1 Day and 2 Day PoT Flyers, in the Source Flyer folder for suggestions of Labs
to run.
• An overview
• Lab 1: Database Auto-Discovery
• Lab 2: Sensitive Data Finder
• Lab 3: Entitlement Reports
• Lab 4: Guardium Client Install
• Lab 5: Custom Reports
• Lab 6: Policy Builder
• Lab 7: FAM Discovery and Classification (Lab Start)
• Lab 7: FAM Discovery and Classification (Demo Mode)
• Lab 8: FAM Monitoring
• Lab 9: Vulnerability Assessment
• Lab 10: Compliance Workflow Automation
• Lab 11: Configuration Audit System (CAS)
• Lab 12: Correlation Alerts
• Lab 13: Standard Reports
• Lab 14: PCI Accelerator
• Lab 15: Application End-User Identifier
• Lab 16: SIEM Integration
• Lab 17: Data Level Security
• Lab 18: Query Rewrite
• Lab 19: Frequently Asked Questions
• VMware images
It is suggested that the presentation be given first. It is designed to provide introductory information,
terminology and navigation tips.
Some labs have optional sections. The instructor will use his or her own discretion informed by client’s
goals (if known) to decide which labs and lab optional sections will meet time and other constraints.
Demo or Lab -
Lab 2 – Sensitive Data Finder 30 minutes
Start
Demo or Lab -
Lab 3 – Entitlement Reports 15 minutes
Start
Lab 7 – FAM Discovery and Lab Start On Lab start, run Install
20 minutes
Classification (Lab Start) Lab first.
Classroom checklist
Instructors must reach the classroom at least an hour before the scheduled start time for the PoT to
make sure there is enough time to go through the checklist. Make sure you have the contact info of the
person responsible for the classroom and the machine setup.
VMware verification
__2. Find out the user login password in case machine gets locked
__3. Navigate to the directory where PoT VM images have been copied
__4. Put VM in full screen mode (Press ctrl+alt keys to undo full screen mode)
__7. Check that DBs needed for labs have been started.
Miscellaneous checklist
Troubleshooting tips
The computers are set up by TECs for the PoT in question.
Contacts
Marilene Roder – marilene@us.ibm.com
For Reference: