Guardium Data Protection - L4 Deploy - Administration - Archive Backup Lab Guide
Guardium Data Protection - L4 Deploy - Administration - Archive Backup Lab Guide
Contributors:
Tansel Zenginler
Technical Sales Enablement and Skill Specialist
[email protected]
Louis Fuka
Learning Specialist
[email protected]
July 2023 edition
NOTICES
This information was developed for products and services offered in the USA.
IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM
representative for information on the products and services currently available in your area. Any reference to an IBM product, program,
or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent
product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's
responsibility to evaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this
document does not grant you any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive, MD-NC119
Armonk, NY 10504-1785
United States of America
The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local
law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY
KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties
in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein;
these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s)
and/or the program(s) described in this publication at any time without notice.
Any references in this information to non-IBM websites are provided for convenience only and do not in any manner serve as an
endorsement of those websites. The materials at those websites are not part of the materials for this IBM product and use of those
websites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other
publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any
other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of
those products.
This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible,
the examples include the names of individuals, companies, brands, and products. All names and references for organizations and other
business institutions used in this deliverable’s scenarios are fictional. Any match with real organizations or institutions is coincidental.
All names and associated information for people in this deliverable’s scenarios are fictional. Any match with a real person is
coincidental.
TRADEMARKS
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many
jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM
trademarks is available on the web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml.
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems
Incorporated in the United States, and/or other countries.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.
The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds,
owner of the mark on a worldwide basis.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries,
or both.
UNIX is a registered trademark of The Open Group in the United States and other countries.
VMware, the VMware logo, VMware Cloud Foundation, VMware Cloud Foundation Service, VMware vCenter Server, and VMware
vSphere are registered trademarks or trademarks of VMware, Inc. or its subsidiaries in the United States and/or other jurisdictions.
Red Hat®, JBoss®, OpenShift®, Fedora®, Hibernate®, Ansible®, CloudForms®, RHCA®, RHCE®, RHCSA®, Ceph®, and Gluster® are
trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in the United States and other countries.
Uempty
1
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
About these exercises
Uempty
You use the following virtual machines to perform the exercises in this course:
• Central manager (MA170): A Guardium server, hostname MA170.example.com, and IP
address 192.168.42.170.
• Collector (C200): A Guardium server, hostname C200.example.com, and IP address
192.168.42.200.
• DB server (raptor): A database and GUI server, hostname raptor, and IP address
192.168.42.201.
This server hosts a Db2 database and several directories that Guardium manages. It also runs
the S-TAP agent that sends information to the Guardium Server. Finally, it hosts the graphical
desktop where you perform the course exercises.
In addition, there is an entry in the central manager for a second collector, C175, for which there
is not a virtual machine. This entry for a second collector simulates a slightly larger environment,
which is relevant to the System Data unit.
You log in to raptor as user root with password P@ssw0rd. You need two tools on the desktop to
perform the exercises:
• A web browser for accessing the Guardium interface, which you find in Applications > Firefox.
2
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
About these exercises
Prepare your environment for the exercises
Uempty
When the web browser starts, it shows two tabs: MA170, and C200.
• A Terminal window to run commands, which you find in Application > Terminal.
2. Log in to the DB server (raptor) virtual machine as user root with password guardium.
3
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
About these exercises
Prepare your environment for the exercises
Uempty
If the database is running, you receive the following message:
If the database does not start, consult with the instructor to help troubleshoot the issue.
b. If the Guardium interface does not appear, consult with the instructor to troubleshoot the
issue.
4
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
Archiving and backing up Guardium data
exercises
In an IBM Security® Guardium® Data Protection (Guardium) environment, multiple managed units
might gather and process data. In these exercises, you learn how to archive and backup data for
future auditing purposes. In the context of this lab, you encounter several terms that are closely
related:
• Archive: Store data to a system outside the Guardium environment for later auditing and
analysis
• Backup: Store data about Guardium managed units for disaster recovery purposes
In a production environment, to save space, usually collected data is regularly purged from the
system after it is archived.
In this exercise, you configure the system to archive data to a folder on the database server.
1. Set up the data archive on raptor.
a. Open a command window on raptor.
Uempty
2. On MA170, go to Manage > Data Management > Data Archive.
The Data Archive pane opens. You see that the data archive has been configured. However,
these settings are incorrect, and you must supply the correct settings.
Field Value
Archive Selected
Archive data older than 1 Day(s)
Ignore data older than 2 Day(s)
Archive values Selected
Protocol SCP
Host 192.168.42.201
Directory /var/GuardiumArchive
Port 0
Username root
Password <raptor root password>
Re-enter password <raptor root password>
2
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Archiving and backing up Guardium data exercises
Exercise 1 Archiving Guardium data
Uempty
Field Value
Purge Selected
Data older than 2 Week(s)
Allow purge without Selected
exporting or archiving
Field Value
Schedule by Day
Select days Every Day
Repeat every Not selected
Start schedule at 2:15 AM
Begin schedule (Today’s date)
Active schedule Selected
Auto run dependent jobs Not selected
5. Scroll down, click Test connection, and verify that the connection tested successfully.
3
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Archiving and backing up Guardium data exercises
Exercise 1 Archiving Guardium data
Uempty
7. Click Save and close the confirmation message.
In a production environment, you schedule the archive and purge activity to run overnight
regularly. However, because that is a long time to wait to see the effects, in this exercise, you
run the activity immediately.
4
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Archiving and backing up Guardium data exercises
Exercise 1 Archiving Guardium data
Uempty
8. Click Run Once Now and close the confirmation message.
9. To view the job as it runs, navigate to Manage > Reports > Data Management >
Aggregation/Archive Log.
The Aggregation/Archive Log report opens.
10. To look at the details of the archive operation, in the Activity Type column, right-click the
Archive entry, and select Aggregation/Archive Detail Log.
5
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Archiving and backing up Guardium data exercises
Exercise 1 Archiving Guardium data
Uempty
The detail log shows how each day’s data is archived and sent to the target. You can refresh
the log by clicking Refresh . It might take up to 20 minutes to complete. You can continue
the exercise without waiting for the process to finish.
12. On the database server, to find the archive files, open a terminal window and run:
ls -l /var/GuardiumArchive
This example shows a test file that Guardium puts on the target host to verify connectivity.
This file was generated when you tested the connection while you configured archiving. There
is also an archive file. Archive files contain the data for a single day, and each is labeled with
the date of the data. Your example might vary.
Guardium keeps a record of archives.
6
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Archiving and backing up Guardium data exercises
Exercise 1 Archiving Guardium data
Uempty
c. Leave the Host Name field blank.
d. Click Search.
The Catalog Archive Entry Locations pane opens.
Observe the archive files you created. Your results might be different than the example
above, which has only a single archive file. If the archive files move to a different location,
you can manually edit the location of each archive file.
7
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Archiving and backing up Guardium data exercises
Exercise 2 Backing up a Guardium managed unit
Uempty
Exercise 2 Backing up a Guardium managed
unit
Backing up a Guardium system is similar to but not identical to archiving Guardium data. In both
cases, vital Guardium information is placed in a file repository for possible future use. However,
there are important differences:
• Backup is used to preserve information to recover in case of disaster or system loss. Archiving
preserves data for auditing and for system recovery.
• Backup preserves configuration information and data, while archiving preserves only data.
• Backup is done less frequently than archiving. Archiving is generally done daily, while backup
might take place weekly or even monthly.
Backup and archiving work together to ensure system recoverability. For example, if you archive
data daily, then you might only back up configuration settings rather than data.
8
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Archiving and backing up Guardium data exercises
Exercise 2 Backing up a Guardium managed unit
Uempty
4. Enter the following settings:
Field Value
Protocol SCP
Host 192.168.42.201
Directory /var/GuardiumBackup
Port 0
Username root
Password/Re-enter password <raptor root password>
Backup Select Configuration and Data
Schedule by Month
Select Day of Month Selected, 1 of Every Month
Repeat every Not selected
Start Schedule at 3:00 AM
Begin schedule (Today’s date and time)
Active schedule Selected
Auto run dependent jobs Not selected
9
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Archiving and backing up Guardium data exercises
Exercise 2 Backing up a Guardium managed unit
Uempty
6. Click Save.
10
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Archiving and backing up Guardium data exercises
Summary
Uempty
The backup process might take several minutes to complete.
Summary
In this lab, you learned how to:
• Archive Guardium data
• Back up Guardium data
11
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
© Copyright IBM Corp. 2023