Level 4 - Deployment

Archiving and backing up Guardium data

lab guide
Guardium Data Protection

Contributors:

Tansel Zenginler
Technical Sales Enablement and Skill Specialist
[email protected]

Louis Fuka
Learning Specialist
[email protected]
July 2023 edition
NOTICES
This information was developed for products and services offered in the USA.
IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM
representative for information on the products and services currently available in your area. Any reference to an IBM product, program,
or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent
product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's
responsibility to evaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this
document does not grant you any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive, MD-NC119
Armonk, NY 10504-1785
United States of America
The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local
law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY
KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties
in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein;
these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s)
and/or the program(s) described in this publication at any time without notice.
Any references in this information to non-IBM websites are provided for convenience only and do not in any manner serve as an
endorsement of those websites. The materials at those websites are not part of the materials for this IBM product and use of those
websites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other
publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any
other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of
those products.
This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible,
the examples include the names of individuals, companies, brands, and products. All names and references for organizations and other
business institutions used in this deliverable’s scenarios are fictional. Any match with real organizations or institutions is coincidental.
All names and associated information for people in this deliverable’s scenarios are fictional. Any match with a real person is
coincidental.

TRADEMARKS
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many
jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM
trademarks is available on the web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml.
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems
Incorporated in the United States, and/or other countries.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.
The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds,
owner of the mark on a world­wide basis.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries,
or both.
UNIX is a registered trademark of The Open Group in the United States and other countries.
VMware, the VMware logo, VMware Cloud Foundation, VMware Cloud Foundation Service, VMware vCenter Server, and VMware
vSphere are registered trademarks or trademarks of VMware, Inc. or its subsidiaries in the United States and/or other jurisdictions.
Red Hat®, JBoss®, OpenShift®, Fedora®, Hibernate®, Ansible®, CloudForms®, RHCA®, RHCE®, RHCSA®, Ceph®, and Gluster® are
trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in the United States and other countries.

© Copyright International Business Machines Corporation 2023.

This document may not be reproduced in whole or in part without the prior written permission of IBM.
US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Contents
About these exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Prepare your environment for the exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

Archiving and backing up Guardium data exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Exercise 1 Archiving Guardium data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Exercise 2 Backing up a Guardium managed unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

© Copyright IBM Corp. 2023 iii

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
About these exercises

Uempty

About these exercises

The following figures show the setup of the virtual machines in the training lab.

1
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
About these exercises

Uempty
You use the following virtual machines to perform the exercises in this course:
• Central manager (MA170): A Guardium server, hostname MA170.example.com, and IP
address 192.168.42.170.
• Collector (C200): A Guardium server, hostname C200.example.com, and IP address
192.168.42.200.
• DB server (raptor): A database and GUI server, hostname raptor, and IP address
192.168.42.201.
This server hosts a Db2 database and several directories that Guardium manages. It also runs
the S-TAP agent that sends information to the Guardium Server. Finally, it hosts the graphical
desktop where you perform the course exercises.

In addition, there is an entry in the central manager for a second collector, C175, for which there
is not a virtual machine. This entry for a second collector simulates a slightly larger environment,
which is relevant to the System Data unit.

You log in to raptor as user root with password P@ssw0rd. You need two tools on the desktop to
perform the exercises:
• A web browser for accessing the Guardium interface, which you find in Applications > Firefox.

2
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
About these exercises
Prepare your environment for the exercises

Uempty
When the web browser starts, it shows two tabs: MA170, and C200.

• A Terminal window to run commands, which you find in Application > Terminal.

Prepare your environment for the exercises

Follow these steps to prepare for the course exercises:
1. Start all three virtual machines.

2. Log in to the DB server (raptor) virtual machine as user root with password guardium.

3. Check that the Db2 database is running.

a. Open a Terminal window.

b. To switch to the DB2INST1 user account, type su - db2inst1.

c. To verify that the database is running, type db2start.

d. To activate the Db2 database, type db2 activate database sample.

3
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
About these exercises
Prepare your environment for the exercises

Uempty
If the database is running, you receive the following message:

If the database is not running, start it by entering the command db2start.

If the database does not start, consult with the instructor to help troubleshoot the issue.

4. Close the Terminal window.

5. Ensure that raptor can connect to MA170 and C200.

a. On raptor, verify that each of the tabs shows the login screen for the Guardium interface.

b. If the Guardium interface does not appear, consult with the instructor to troubleshoot the
issue.

4
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
Archiving and backing up Guardium data
exercises
In an IBM Security® Guardium® Data Protection (Guardium) environment, multiple managed units
might gather and process data. In these exercises, you learn how to archive and backup data for
future auditing purposes. In the context of this lab, you encounter several terms that are closely
related:
• Archive: Store data to a system outside the Guardium environment for later auditing and
analysis
• Backup: Store data about Guardium managed units for disaster recovery purposes

Exercise 1 Archiving Guardium data

Normally, to archive only the previous day’s activity, you archive data older than one day and
ignore data older than two days. However, in this training environment, that criteria likely results
in nothing archived. To see results from this exercise, you extend the archive data set into the
past.

In a production environment, to save space, usually collected data is regularly purged from the
system after it is archived.

In this exercise, you configure the system to archive data to a folder on the database server.
1. Set up the data archive on raptor.
a. Open a command window on raptor.

b. To create a data archive directory, run the following commands as root:

mkdir /var/GuardiumArchive
ls -al /var/GuardiumArchive

You created an archive directory where root has write privileges.

© Copyright IBM Corp. 2022, 2023 1

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Archiving and backing up Guardium data exercises
Exercise 1 Archiving Guardium data

Uempty
2. On MA170, go to Manage > Data Management > Data Archive.
The Data Archive pane opens. You see that the data archive has been configured. However,
these settings are incorrect, and you must supply the correct settings.

3. Configure the settings as follows:

Field Value
Archive Selected
Archive data older than 1 Day(s)
Ignore data older than 2 Day(s)
Archive values Selected
Protocol SCP
Host 192.168.42.201
Directory /var/GuardiumArchive
Port 0
Username root
Password <raptor root password>
Re-enter password <raptor root password>

2
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Archiving and backing up Guardium data exercises
Exercise 1 Archiving Guardium data

Uempty
Field Value
Purge Selected
Data older than 2 Week(s)
Allow purge without Selected
exporting or archiving

4. Configure scheduling as follows:

Field Value
Schedule by Day
Select days Every Day
Repeat every Not selected
Start schedule at 2:15 AM
Begin schedule (Today’s date)
Active schedule Selected
Auto run dependent jobs Not selected

5. Scroll down, click Test connection, and verify that the connection tested successfully.

6. Close the Success dialog.

3
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Archiving and backing up Guardium data exercises
Exercise 1 Archiving Guardium data

Uempty
7. Click Save and close the confirmation message.

In a production environment, you schedule the archive and purge activity to run overnight
regularly. However, because that is a long time to wait to see the effects, in this exercise, you
run the activity immediately.

4
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Archiving and backing up Guardium data exercises
Exercise 1 Archiving Guardium data

Uempty
8. Click Run Once Now and close the confirmation message.

9. To view the job as it runs, navigate to Manage > Reports > Data Management >
Aggregation/Archive Log.
The Aggregation/Archive Log report opens.

If the data archive operation does not appear, click Refresh .

10. To look at the details of the archive operation, in the Activity Type column, right-click the
Archive entry, and select Aggregation/Archive Detail Log.

The Aggregation/Archive Detail Log opens.

ddd

5
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Archiving and backing up Guardium data exercises
Exercise 1 Archiving Guardium data

Uempty
The detail log shows how each day’s data is archived and sent to the target. You can refresh
the log by clicking Refresh . It might take up to 20 minutes to complete. You can continue
the exercise without waiting for the process to finish.

11. Close the detail log window.

12. On the database server, to find the archive files, open a terminal window and run:
ls -l /var/GuardiumArchive

This example shows a test file that Guardium puts on the target host to verify connectivity.
This file was generated when you tested the connection while you configured archiving. There
is also an archive file. Archive files contain the data for a single day, and each is labeled with
the date of the data. Your example might vary.
Guardium keeps a record of archives.

13. Navigate to Manage > Data Management > Catalog Archive.

The catalog archive search criteria pane opens.

14. Enter the search criteria.

a. In the From field, use the Relative date picker icon to choose a date that is at least
one week ago.

b. In the To field, enter NOW.

6
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Archiving and backing up Guardium data exercises
Exercise 1 Archiving Guardium data

Uempty
c. Leave the Host Name field blank.

d. Click Search.
The Catalog Archive Entry Locations pane opens.

Observe the archive files you created. Your results might be different than the example
above, which has only a single archive file. If the archive files move to a different location,
you can manually edit the location of each archive file.

Note: If no data is archived, consult with your instructor.

7
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Archiving and backing up Guardium data exercises
Exercise 2 Backing up a Guardium managed unit

Uempty
Exercise 2 Backing up a Guardium managed
unit
Backing up a Guardium system is similar to but not identical to archiving Guardium data. In both
cases, vital Guardium information is placed in a file repository for possible future use. However,
there are important differences:
• Backup is used to preserve information to recover in case of disaster or system loss. Archiving
preserves data for auditing and for system recovery.
• Backup preserves configuration information and data, while archiving preserves only data.
• Backup is done less frequently than archiving. Archiving is generally done daily, while backup
might take place weekly or even monthly.

Backup and archiving work together to ensure system recoverability. For example, if you archive
data daily, then you might only back up configuration settings rather than data.

In this exercise, you back up the collector (C200).

1. On raptor, open a terminal window and as root, create a system backup directory by using
the following command:
mkdir /var/GuardiumBackup

2. On C200.example.com, log in to the Guardium graphical console as labadmin with password

P@ssw0rd.

3. Go to Manage > Data Management > System Backup.

8
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Archiving and backing up Guardium data exercises
Exercise 2 Backing up a Guardium managed unit

Uempty
4. Enter the following settings:

Field Value
Protocol SCP
Host 192.168.42.201
Directory /var/GuardiumBackup
Port 0
Username root
Password/Re-enter password <raptor root password>
Backup Select Configuration and Data
Schedule by Month
Select Day of Month Selected, 1 of Every Month
Repeat every Not selected
Start Schedule at 3:00 AM
Begin schedule (Today’s date and time)
Active schedule Selected
Auto run dependent jobs Not selected

5. Test the connection. Close the success dialog.

If the connection test fails, check host IP, username and password, directory, and ensure that
you correctly created the /var/GuardiumBackup directory on the database server and that
root has read and write permissions for the directory.

9
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Archiving and backing up Guardium data exercises
Exercise 2 Backing up a Guardium managed unit

Uempty
6. Click Save.

7. Click Run Once Now. Close the confirmation dialog.

8. Go to Manage > Reports > Data Management > Aggregation/Archive Log.

You see entries for both Data and Configuration backup. If not, click Refresh .

10
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Archiving and backing up Guardium data exercises
Summary

Uempty
The backup process might take several minutes to complete.

9. On raptor, view the backup files by using the following command:

ls /var/GuardiumBackup

Summary
In this lab, you learned how to:
• Archive Guardium data
• Back up Guardium data

11
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
© Copyright IBM Corp. 2023