IBM Support

How to clone an IBM InfoSphere Guardium Virtual Machine for Version 10.1 (v10.0p100) and later versions

Question & Answer


Question

How do I clone a Guardium Virtual Machine?

Answer

The IBM InfoSphere Guardium Virtual Machine (VM) is a software-only solution licensed and installed on a guest virtual machine such as VMware ESX Server.

IBM InfoSphere Guardium have tested and verified installation of the Guardium appliance in VMWare ESX server and that is the supported and recommended configuration. While installing the appliance in a regular VMWare virtual machine will work, its performance may suffer, leading to backlog and possible instability of the Guardium components like the sniffer.

The appliance must not be installed in a Windows PC that is shared for other purposes, owing to performance considerations. The appliance must be installed in a host that is dedicated for it.


This document addresses the steps required to clone an instance of IBM InfoSphere Guardium Virtual Machine.

For information on how to install IBM InfoSphere Guardium in a Virtual Machine, please refer to:

http://www-01.ibm.com/support/docview.wss?uid=swg21567613


The following steps are based on the original How to clone an IBM InfoSphere Guardium Virtual Machine

v10.1 (v10.0p100) has the following defect fixed which require the following amended procedure

Defect 50631 - v10 Clone results in startup with eth1 instead of eth0



Requirements

  • A cloned Guardium Virtual Appliance
  • Hostname
  • Network attributes like IP address, resolver and default route
  • Appliance Global ID

Clone a working Guardium Virtual Appliance


IBM InfoSphere Guardium have tested and verified installation of the Guardium appliance in VMWare ESX server and that is the supported and recommended configuration.

Please consult your virtualization software vendor's documentation for information on cloning a virtual appliance.

Please ensure that the clone is full and not linked. The virtual appliance must be fully self contained


A Collector can be cloned for use only as a Collector. Once configured as a Collector, it is not possible to change the unit type to an Aggregator or a Central Manager, due to differences in the underlying database structure. The role of Aggregator and a Central Manager can be switched between the two, but not as a Collector. Please refer to the Guardium documentation for configuring an appliance as a Collector, Aggregator or a Central Manager.

Appliance Global ID


The appliance Global ID is a number that uniquely identifies it in your network of Guardium appliances.

The Global ID can be any number, so long as it is unique. During the cloning process this unique number is necessary. Please obtain the Global IDs from your other appliances and arrive at a number that is unique for this clone.

Configure the clone


Bring up the new VM. If it asks if you moved or copied the VM, please answer with "copy", as this will enable the virtualization software to configure new parameters like MAC address for the clone.
1. Log into the appliance as user CLI
2. Run "store network interface reset"]. example :- note the new v10.1 message shows it will trigger a hw rescan..
      store network interface reset
      WARNING: This command will clear existing network hardware configuration and trigger a hw rescan/rebuild on next boot
      Are you SURE you want to continue? (y/n)
3. Restart the system by running "restart system"
4. Either reconfigure the appliance as if it was a fresh installation or load what is available from the database with "store network interface restore" - example :-
      store network interface restore
      WARNING: This command will reset the network configuration to the stored Guardium network settings.
      Are you SURE you want to continue? (y/n)


      If reconfiguring the appliance : -

      Follow the steps as in the v10.0 and previous versions - How to Clone as follows
        1. Run "show network macs". If this returns an empty string, the MAC address has not been properly setup for the clone.
          1. Run "store network interface inventory". The appliance will warn about resetting the NICs. Respond with "y"
          2. Restart the system by running "restart system"
        2. Log into the appliance again as user CLI
        3. Set the IP address, defaultroute and resolver as necessary.
        4. Set the hostname for the clone. This will cause Guardium to recalculate a unique ID for your appliance.
        5. Perform any other configuration like time zone, NTP server as necessary.
        6. Restart the system by running "restart system"
        7. Log into the appliance again as user CLI
        8. Store the global ID by running store product gid <gid_value>
        9. Verify the global ID by running show product gid
        10. Restart the system if requested


Configuring a Guardium Appliance


Documentation is available online in any Guardium appliance that can be accessed via the GUI. Log into the appliance GUI and click on the "?" icon in the top right corner. You can browse the documentation online or download the material as PDF files.

Troubleshooting


If you have trouble setting up the clone, please contact the IBM Guardium Technical Support for assistance.

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"10.0.1;10.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21985657