Lab guide

Using Guardium health tools

Course code LDL0360X
April 2021 edition
NOTICES
This information was developed for products and services offered in the USA.
IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM
representative for information on the products and services currently available in your area. Any reference to an IBM product, program,
or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent
product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's
responsibility to evaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this
document does not grant you any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive, MD-NC119
Armonk, NY 10504-1785
United States of America
The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local
law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY
KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties
in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein;
these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s)
and/or the program(s) described in this publication at any time without notice.
Any references in this information to non-IBM websites are provided for convenience only and do not in any manner serve as an
endorsement of those websites. The materials at those websites are not part of the materials for this IBM product and use of those
websites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other
publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any
other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of
those products.
This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible,
the examples include the names of individuals, companies, brands, and products. All names and references for organizations and other
business institutions used in this deliverable’s scenarios are fictional. Any match with real organizations or institutions is coincidental.
All names and associated information for people in this deliverable’s scenarios are fictional. Any match with a real person is
coincidental.

TRADEMARKS
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many
jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM
trademarks is available on the web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml.
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems
Incorporated in the United States, and/or other countries.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.
The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds,
owner of the mark on a world­wide basis.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries,
or both.
UNIX is a registered trademark of The Open Group in the United States and other countries.
VMware, the VMware logo, VMware Cloud Foundation, VMware Cloud Foundation Service, VMware vCenter Server, and VMware
vSphere are registered trademarks or trademarks of VMware, Inc. or its subsidiaries in the United States and/or other jurisdictions.
Red Hat®, JBoss®, OpenShift®, Fedora®, Hibernate®, Ansible®, CloudForms®, RHCA®, RHCE®, RHCSA®, Ceph®, and Gluster® are
trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in the United States and other countries.
Apache®, Apache Tomcat, Tomcat®, and the cat logo are either registered trademarks or trademarks of the Apache Software
Foundation in the United States and/or other countries. No endorsement by The Apache Software Foundation is implied by the use of
these marks.

© Copyright International Business Machines Corporation 2021.

This document may not be reproduced in whole or in part without the prior written permission of IBM.
US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
V7.0

Uempty

© Copyright IBM Corp. 2021 iii

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
Contents
Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Exercise 1 Verify configuration settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Exercise 2 The Deployment Health topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Exercise 3 The Deployment Health Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Exercise 4 The Deployment Health Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Exercise 5 The S-TAP and GIM Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

© Copyright IBM Corp. 2021 iv

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
Exercises
Guardium provides deployment health tools to help you visualize and gather information about
problems that affect the central manager, collectors, aggregators, S-TAP and GIM agents, and
inspection engines.

Different tools provide different views into the health of your Guardium deployment. Some tools,
such as the Deployment Health topology view, make it easy to understand the data flow
relationships between various components. Others, such as the deployment health table, allow
you to see details of many issues at once which you can then filter and arrange to get a sense of
common issues across your environment. The dashboards enable you to see summary charts and
then drill down to explore issues in greater detail.

In this lab, you explore various Guardium deployment health tools. You search for common
issues, such as resource availability, a problem with K-TAP loading, changes in S-TAP agents and
inspection engines, or with version control of GIM and S-TAP agents.

Important: These exercises are presented in a virtual lab format. A virtual lab is an interactive
simulation of the original virtual machines. A virtual lab is not an production virtual machine.
Therefore, your interaction opportunities are restricted to the exercise steps with some minor
variance. You use this lab guide, which walks you through usage and responses for the
components that are taught.

You can run the virtual lab multiple times without restriction.

© Copyright IBM Corp. 2021 1

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 1 Verify configuration settings

Uempty
Exercise 1 Verify configuration settings
In this exercise, you verify that the various configuration settings are set.

1. From the welcome page, go to Comply > Custom Reporting > Custom Table Builder.
The Custom Tables window opens.

2. Click CM Buffer Usage Monitor and then click Upload Data. The CM Buffer Usage Monitor
provides unit utilization information that is needed by the health tools.

2
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 1 Verify configuration settings

Uempty
The Upload Data window opens.

3. Click Modify Schedule.

3
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 1 Verify configuration settings

Uempty
The Schedule Definition window opens.

The Upload Data task is configured to run every day at midnight. No modifications are
necessary.

4. Go to Manage > Unit Utilization. Scroll down and select Unit Utilization Levels. This
report uses information from the CM Buffer Usage Monitor and a few parameters from the
Guardium statistics to analyze and provide an enterprise-level view of the collectors that are
over or under-used. Health views use this information, so the report must run regularly.

4
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 1 Verify configuration settings

Uempty
The Unit Utilization Levels window opens.

The Unit Utilization processing is scheduled to run every hour of every day. No modification of
the settings is necessary.

5. Go to Manage > Unit Utilization > Unit Utilization Thresholds.

5
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 1 Verify configuration settings

Uempty
You use this window to view and configure the thresholds for what is considered normal
values. Threshold 1 describes the value for warning levels. Threshold 2 describes the values
for critical levels. You do not change these values.

6. For System Var Disk Usage, write down the Threshold 1 and Threshold 2 numbers.
_____________________________________________

7. Go to Protect > Database Intrusion Detection > Alert Builder.

8. Scroll down and select STAP Uninstall Alert.

6
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 2 The Deployment Health Topology

Uempty
9. Click the Edit icon.

10. Verify that Active and View in deployment health dashboard are selected.

Note: In this environment, the STAP Uninstall alert is active. By default, in an production
environment, no alerts are active.

Exercise 2 The Deployment Health Topology

The Deployment Health Topology provides a comprehensive interconnected view of your
Guardium environment. It does not display as many details at one time, but you can drill down to

7
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 2 The Deployment Health Topology

Uempty
determine more information. This view is useful when you need to trace trouble between
interconnected systems.
1. In the navigation menu, go to Manage > System View > Deployment Health Topology.
The Deployment Health Topology window opens.

This topology shows a Central Manager, an Aggregator, and six Collectors. Three of the
Collectors report directly to the Central Manager, and three report to the Aggregator. A legend
defines the levels and icons that describe the system components.
Each managed unit icon is a specific color. This color reflects the greatest severity associated
with a component of this managed unit.
Because Guardium management environments typically contain many S-TAP agents, S-TAP
agents are not shown by default. In this example, two of the collector icons have a small circle.
This indicates that these collectors are connected to S-TAP agents that have issues.

2. Hover over each of the icons and note the information dialogs that appear.

Important: This virtual lab is an interactive simulation and is not a live virtual machine.
Therefore, not all the links that are shown when you hover over the managed systems are active.
Your interaction opportunities are restricted to the exercise steps with some minor variance.

8
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 2 The Deployment Health Topology

Uempty
3. The Central Manager has a high severity issue. Hover over the icon to view the details.

Note that the high severity issue seems to be associated with unit utilization. Connectivity and
Aggregation have no issues. Therefore, the Central Manager icon is red, reflecting the highest
severity associated with it.

4. Click Show details.

9
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 2 The Deployment Health Topology

Uempty
The information changes to show that /var disk usage is 35%. How does that compare with the
thresholds you noted in the last exercise?

Because topologies are large, the topology does not show S-TAPS by default.

10
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 2 The Deployment Health Topology

Uempty
5. Click the collector that has high severity issues and is connected to S-TAP agents that have
medium severity issues. The collector expands its view to show the four S-TAP agents.

6. Hover over each of the S-TAP icons. Dialogs display details about the S-TAP agents.

Important: The dialogs display links, which are not active. In an production environment, these
links are active.

7. Click the collector icon with S-TAP agents that have high severity issues.

11
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 2 The Deployment Health Topology

Uempty
The view expands to show the S-TAP agents associated with this collector, while the
previously displayed S-TAP agents are collapsed.

12
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 2 The Deployment Health Topology

Uempty
8. Hover over each of the S-TAP agents. Find the S-TAP agent labeled ol-rh8db01. Write down
the OS Version. _______________________________________

The OS is RHEL. There are several issues with this S-TAP agent, but the high severity issue
seems to concern the K-TAP. This makes sense because K-TAP is a feature of S-TAP agents
that is used with Unix-type systems.

9. Click Show details.

You see that the K-TAP is not loaded on this system.

13
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 2 The Deployment Health Topology

Uempty
10. Click View S-TAP events. The S-TAP Events window opens.

11. Close the S-TAP Events window

14
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 3 The Deployment Health Dashboard

Uempty
Exercise 3 The Deployment Health Dashboard
In this exercise, you view the features of the Deployment Health Dashboard.
1. Go to Manage > System View > Deployment Health Dashboard.

2. You can see the following details:

– Central manager limits
– High severity issues
– Alerts by name
– Unit utilization issues

Note: Use the expand icon to view details and the contract icon to return to the
dashboard.

3. Expand the Alerts by name report and change the timeframe to Last 3 weeks.

15
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 3 The Deployment Health Dashboard

Uempty
The number of alerts changes to 535.

4. To filter the alerts, type STAP in the filter field.

The report updates to show only alerts associated with S-TAP agents.

5. To return to the Deployment Health Dashboard, click the contract icon .

The other reports update to reflect the increased time scope.

16
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 4 The Deployment Health Table

Uempty
6. To add a chart, click Add chart and select Alerts by system. A new chart appears on the
dashboard.

Note: Only the Alerts by system chart can be added in this virtual lab. In production
environment, you can add other charts. For example, the Unit utilization timechart builds a chart
that displays one or more parameters for one or more managed units.

Exercise 4 The Deployment Health Table

In this exercise, you use the deployment health topology application to monitor the health of the
central manager, aggregator, collectors, and S-TAP agents. The Deployment Health Table is
useful for issues that are common over multiple managed systems or S-TAP agents. It is a good
place to find much detailed information at once.

For example, the Deployment Health Table can show if connectivity or aggregation issues are
widespread among managed systems, or determine whether there are specific issues that affect
many S-TAP agents at once. However, the topology view is useful to view the relationships
between the various managed systems and the S-TAP agents more intuitively.

17
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 4 The Deployment Health Table

Uempty
In the previous exercise, you saw that one system had a problem with the K-TAP agent that failed
to load. In this exercise, you investigate to see whether this is a common problem in your
environment.
1. In the navigation menu, go to Manage > System View > Deployment Health Table.
The Deployment Health Table opens. There is a tab for Guardium Systems and S-TAPs. You
see that this environment contains a Central Manager, an Aggregator, and six Collectors.

2. On the Guardium Systems tab, select High severity.

Only systems whose overall status is High are displayed.

18
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 4 The Deployment Health Table

Uempty
3. To view information about the S-TAP agents in this environment, click the S-TAPs tab.

In this environment, there are fewer than ten S-TAP agents. In a production environment, you
might have many more. Therefore, it is important to be able to filter this table.

19
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 4 The Deployment Health Table

Uempty
4. Create an advanced filter.
a. Click the Filter icon .
The Advanced Filter dialog opens.

b. For Issue type, select K-TAP and Save the filter.

c. In the Save Filter dialog, enter Lab K-TAP, and click Save and Apply.

d. Close the Advanced Filter dialog.

Only the systems with High level K-TAP status are displayed. You see that only one S-TAP
agent has this problem, which indicates that it is not necessarily a common problem in this
environment.

Optionally, you can remove and apply this filter that you created. Click the Filter icon. The Lab
K-TAP filter will show up in the list of available filters. Click Apply Filter.

20
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 5 The S-TAP and GIM Dashboard

Uempty
Exercise 5 The S-TAP and GIM Dashboard
The S-TAP and GIM Dashboard provides information on and helps you troubleshoot issues that
concern S-TAP and GIM agents. It is a series of charts with the ability to drill down to gather more
information. For example, this view provides you insights about:
• S-TAP health
• What versions of the S-TAP agent exist in your environment
• Database types that Guardium monitors
• Types of data server operating systems
• Recent traffic flow

In this exercise, you view various features of the S-TAP and GIM Dashboard. Then, you use the
dashboard to find systems whose S-TAP agent are a later version than their GIM agent.

Task 1 View S-TAP charts

In this task, you apply filters to dynamically update the S-TAP charts.
1. Go to Manage > System View > S-TAP and GIM Dashboard.

21
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 5 The S-TAP and GIM Dashboard

Uempty
2. Hover over various fields in the S-TAP health and S-TAPs by version charts. You see that the
charts change dynamically.

3. In the S-TAP health chart, click the High bar.

The GUI adds a filter that updates the other charts.

4. To remove the filter and return to the previous view, click Remove.

5. Add filters for the following characteristics:

– S-TAP health:

22
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 5 The S-TAP and GIM Dashboard

Uempty
 High
– S-TAPs by version:
 STAP-11.2
– Databases by inspection engines:
 db2
 DB2

Note: Because this is a virtual lab, not all filters are available, only the ones listed above. Also, in
an production environment, you can drill down on each chart for more information. Finally,
applied filters modify drill-down information in all the charts.

Task 2 View Historical charts

In this exercise, you configure the time scope of the historical charts and view changes in S-TAP
agents and inspection engines.
1. Click Historical charts.

2. In the STAP Count chart, click the Configuration icon .

The Configuration options dialog opens.

3. Set the time period to the past 24 hours and click OK.

23
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 5 The S-TAP and GIM Dashboard

Uempty
You see that within the last 24 hours, the number of S-TAP agents in the environment
fluctuated.

4. In the IE Count chart, change the time period to 24 hours.

You see a recent decrease in the number of inspection engines.
if

5. To view IE Count details, click the Details icon .

24
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 5 The S-TAP and GIM Dashboard

Uempty
6. To change the comparison date, click the date.
The Select dates for comparison dialog opens.

7. Set the First date to 31 March 2021 and the Second date to 1 April 2021. Click OK.

You see that the number of inspection engines for ol-sol11-04 decreased.

8. Click the ol-sol11-04 entry.

You see that an oracle inspection engine was removed.

9. Close the dialog.

25
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 5 The S-TAP and GIM Dashboard

Uempty
10. View the STAP Count details. You see that the number of S-TAP agents has changed.

11. Close the details view.

Task 3 View GIM charts

In this task, you examine systems whose S-TAP version is greater than their GIM version to
determine possible agent management and configuration problems.
1. Click GIM charts.

26
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
V7.0
Exercises
Exercise 5 The S-TAP and GIM Dashboard

Uempty
2. In the Compare S-TAP and GIM versions chart, click the Details icon .

3. Select GIM is earlier.

The list is filtered to show that ol-rh8db01 has a GIM agent whose version is earlier than the
S-TAP agent version.

4. Close the details.

This concludes the virtual lab exercises.

27
Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
© Copyright IBM Corp. 2021