Scribd
Upload
285 views16 pages

LDL0230X DeployVA

Uploaded by

Ismael Ferreras Herrera
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
285 views16 pages

LDL0230X DeployVA

Uploaded by

Ismael Ferreras Herrera
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

®

Lab guide
Deploying the Guardium virtual appliance
Course code LDL0230X

IBM Training
October 2019 edition
NOTICES
This information was developed for products and services offered in the USA.
IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM
representative for information on the products and services currently available in your area. Any reference to an IBM product, program,
or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent
product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's
responsibility to evaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this
document does not grant you any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive, MD-NC119
Armonk, NY 10504-1785
United States of America
The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local
law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF
ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of
express or implied warranties in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein;
these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s)
and/or the program(s) described in this publication at any time without notice.
Any references in this information to non-IBM websites are provided for convenience only and do not in any manner serve as an
endorsement of those websites. The materials at those websites are not part of the materials for this IBM product and use of those
websites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other
publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other
claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those
products.
This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible,
the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to
the names and addresses used by an actual business enterprise is entirely coincidental.

TRADEMARKS
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many
jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM
trademarks is available on the web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml.
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems
Incorporated in the United States, and/or other countries.
IT Infrastructure Library is a Registered Trade Mark of AXELOS Limited.
ITIL is a Registered Trade Mark of AXELOS Limited.
Linear Tape-Open, LTO, the LTO Logo, Ultrium and the Ultrium Logo are registered trademarks of Hewlett Packard Enterprise,
International Business Machines Corporation and Quantum Corporation in the United States and other countries.
Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and
Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries,
or both.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.
Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used
under license therefrom.
UNIX is a registered trademark of The Open Group in the United States and other countries.
VMware, the VMware logo, VMware Cloud Foundation, VMware Cloud Foundation Service, VMware vCenter Server, and VMware
vSphere are registered trademarks or trademarks of VMware, Inc. or its subsidiaries in the United States and/or other jurisdictions.
The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds,
owner of the mark on a world­wide basis.
Red Hat®, JBoss®, OpenShift®, Fedora®, Hibernate®, Ansible®, CloudForms®, RHCA®, RHCE®, RHCSA®, Ceph®, and Gluster®
are trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in the United States and other countries.
RStudio®, the RStudio logo and Shiny® are registered trademarks of RStudio, Inc.

© Copyright International Business Machines Corporation 2019.


This document may not be reproduced in whole or in part without the prior written permission of IBM.
US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Contents
Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Exercise 1 Create virtual machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Exercise 2 Deploy the Guardium virtual appliance image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Exercise 3 Initial configuration and validation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

iii
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
Exercises
Guardium is available as a hardware and software offering:
• Hardware offering. IBM fully configures a physical appliance.
• Software offering. Software images are deployed on customer hardware either directly or as
virtual appliances.

The virtual appliance deployment method is a common model clients use to deploy Guardium in
their environments due to the advantages of virtualization. The Guardium Virtual Machine (VM) is a
software-only solution that you install on a host hypervisor server such as a VMware ESXI server.

In this lab, you create a virtual machine, install the Guardium image, and perform minimal
configuration to get the appliance on the network.

Exercise 1 Create the virtual machine


In this exercise, you use a VMware ESXI server to create a virtual machine, which you deploy
Guardium on later. You create a virtual machine with the minimum required resources to install
Guardium.

Note: To deploy Guardium as a virtual machine, the VMware ESXi server must be at version 4.0
or higher.

1. To start the VMware ESXi GUI, double-click the Firefox icon on the desktop.

2. To access the VMware ESXi GUI, log in as user labadmin with password guardium.

© Copyright IBM Corp. 2019 1


Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 1 Create the virtual machine

Uempty
The Host page opens.

3. To start the process to create the virtual machine, click Create/Register VM.

4. To select the default creation type, click Next.

5. For Name, type GuardiumVM.

6. For Guest OS family, select Linux.

2
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 1 Create the virtual machine

Uempty
7. For Guest OS version, select Red Hat Enterprise Linux 7 (64-bit).

Note: In this virtual lab, you select Red Hat Enterprise Linux 7 for the guest OS version because
you deploy Guardium 11.0, which runs on Red Hat Enterprise Linux 7. If you deploy a previous
version of Guardium, select Red Hat Enterprise Linux 6.

8. To select the storage, click Next.

9. To select the datastore for the virtual machine to use, select NFS-Store and click Next.
In the Entities and Attributes table, select Entity: Client/Server, Attribute: Client IP.

3
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 1 Create the virtual machine

Uempty
10. To customize the resources available to the VM, configure the following settings:
– CPU: 4
– Memory: 16 GB

Note: Disregard the warning about minimum memory because it disappears after you set the
memory units to GB.

– Hard disk 1: 300 GB


– USB controller 1: Click Remove icon
– CD/DVD Drive 1: Datastore ISO file
 In the Datastore browser, navigate to Images-Store2 > Images > Guardium > v11 >
Security_Guardium_Product_Image_V11.0 >
Security_Guardium_Product_Image_V11.0_DVD_auto.iso.
 To assign the ISO to the virtual machine, click Select.

Note: The minimum requirements for CPU, memory, and disk are set up. In a production
environment, you might need more resources to support your workload requirements.

11. To view a summary of the virtual machine configuration, click Next.

12. To view the rest of the summary, scroll down.

13. To create the virtual machine, click Finish.

4
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 1 Create the virtual machine

Uempty

You return to the Host page.

14. On the Navigator menu on the left side of the page and in the Recent tasks pane, verify that the
new virtual machine is listed.

5
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 2 Deploy the Guardium virtual appliance image

Uempty
Exercise 2 Deploy the Guardium virtual
appliance image
In this exercise, you deploy the Guardium virtual appliance image to the new virtual machine you
set up in the previous exercise. Guardium virtual appliance software includes two ISO files:
• Security_Guardium_Product_Image_V11.0_DVD_auto.iso
• Security_Guardium_Product_Image_V11.0_DVD.iso

The difference between the two files is that


Security_Guardium_Product_Image_V11.0_DVD_auto.iso skips the advanced configuration
page and uses standard partitions, which allows for an automated installation. This ISO is the most
common ISO to use unless you have custom partitioning requirements. In this exercise, you use the
*auto.iso to deploy the Guardium appliance.
1. To get to the virtual machine, from the Navigator menu on the left side of the page, click Virtual
Machines.
The Virtual Machine view opens.

2. To select the virtual machine, select GuardiumVM.

6
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 2 Deploy the Guardium virtual appliance image

Uempty
3. To access the virtual machine terminal, right-click and go to Console > Launch remote
console.

4. After a few seconds, the virtual machine console opens. Maximize the window for a better view.

5. To power on the virtual machine, click the Power on icon .


The installer screen opens and gives you five seconds to select an alternative installation
method. If you don’t choose another method, a stand-alone Collector installation occurs. In this
exercise, you leave the default and install a stand-alone collector.
Because the virtual machine is set up to use the auto ISO of the product image, the installation
proceeds without user intervention. As the installer progresses, you see messages about
package installations and services configuration.
When you see the login prompt, the installation is complete.

7
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 3 Initial configuration and validation

Uempty

Note: The installation in this virtual lab takes about five minutes. In a production environment, a
fresh installation of Guardium takes 10 - 15 minutes.

Exercise 3 Initial configuration and validation


Now that the Guardium virtual machine appliance deployment is complete, you need to perform
initial configuration and validation to make it accessible remotely. With remote access, you continue
to configure your business requirements without having to access the virtual machine console.

In this exercise, you perform basic initial configuration to get the appliance on the network and
validate that you can access the appliance remotely.
1. To close any kernel messages on the console, press Enter.

2. To access the Guardium CLI, log in as user cli with the factory installed password of
guardium.
For security reasons, Guardium requires that you change the default password on first login.

3. To change the password, enter guardium for the current password.

4. To enter your new password, type guardiumNew.

5. To validate the new password, type it again.

The Guardium CLI prompt opens and you can begin your initial configuration.

8
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 3 Initial configuration and validation

Uempty
The network administrator provides the network information:
– Hostname: guardcollector
– IP address: 10.0.100.165
– Subnet mask: 255.255.255.0
– Gateway: 10.0.100.1
– DNS: 10.0.100.1
– Domain: home

6. To configure the IP address, type the following command:


store network interface ip 10.0.100.165

7. To configure the default gateway, type the following command:


store network routes defaultroute 10.0.100.1

8. To configure the DNS server IP, type the following command:


store network resolver 1 10.0.100.1

9. To configure the hostname and domain of the new appliance, type the following commands and
be sure to type n when prompted with the question of whether this appliance is newly cloned:
store system hostname guardcollector
store system domain home

10. To enable the network configuration, type the following command and type y when prompted:
restart network

9
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 3 Initial configuration and validation

Uempty
The results of steps 6 - 10 are shown below.

11. To validate the configuration, type the following commands:


show network interface all
show network routes defaultroute
show network resolver all
show system hostname
show system domain
show unit type
Review the validation results.

To initialize the configuration, you need to restart the virtual appliance.

10
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 3 Initial configuration and validation

Uempty
12. To restart the virtual appliance, type the following command and type y:
restart system

13. To validate that you can access the appliance remotely without the use of VMware, close the
console window.

14. To get to the server desktop, minimize Firefox.

15. To open the terminal application, double-click the PuTTY icon.

16. To access the new Guardium virtual machine, type 10.0.100.165 for the Host Name, and
click Open.

11
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 3 Initial configuration and validation

Uempty
17. To store the appliance key in PuTTy, click Yes.

18. To log in to the Guardium CLI, type cli for the user and guardiumNew for the password.
The CLI prompt opens. Note the hostname and domain you set up in step 9.

At this point, the new Guardium virtual machine appliance is installed and accessible remotely
for further configuration according to your business requirements. After the initial configuration,
configure the following settings:
– Initial unit type if setting up a Managed Unit or Central Manager
– Time zone, date, and time
– License
– Reset root password

12
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
®

© Copyright IBM Corporation 2019. All Rights Reserved.

You might also like