IBM Support

Guardium and Db2 for i - technical resources

News


Abstract

Guardium and Db2 for i - technical resources

Content

You are in: IBM i Technology Updates > Db2 for i - Technology UpdatesDb2 for i Security Enhancements > Guardium and Db2 for i - technical resources

IBM Security Guardium is an enterprise information database audit and protection solution. It helps enterprises protect and audit information across a diverse set of relational and non-relational data sources.

With Guardium, Db2 for IBM i can be included as a data source, enabling the monitoring of accesses from native interfaces as well as through SQL.

Audit information provided includes:

  • SQL accesses whether initiated on a client or the IBM i server
  • Native database access that is captured in the audit journal
  • Both SQL access and native access are sent to the Guardium collector in real time
  • Extending the information available in the audit journal, Guardium captures more details regarding SQL statements, variable values, client special registers, interface information, users, jobs, TCP/IP addresses, and ports

Filtering can be specified on the IBM i server to capture only that information which is required by auditors. For example, it is quite simple to set up auditing of any SQL or native access performed by privileged users.

To install S-TAP for IBM i, the user must have *ALLOBJ, *JOBCTL, and *SECADM special authorities.


Service Level Requirements

To use Guardium Database Activity Monitor (DAM) with Db2 for i S-TAP, the recommended service level is:

  • IBM i 7.5
  • IBM i 7.4
  • IBM i 7.3 - Db2 PTF Group SF99703 Level 8
  • IBM i 7.2 - Db2 PTF Group SF99702 Level 20
  • Refer to Db2 for IBM i Group PTF Schedule to review the Db2 for IBM i PTF group schedule and availability.
  • License program 5722SS1-33 Portable App Solutions Environment (PASE) for i is a free of charge, optionally installable component of the operating system. Verify that PASE is installed on your IBM i server. If not, refer to IBM PASE for i in the IBM Documentation.
  • IBM InfoSphere Guardium V9.0 (or higher) appliance (configured as a collector) and the Standard Activity Monitoring for Databases software entitlement.

Education Resources

IBM i developerWorks article: "Using IBM InfoSphere Guardium for monitoring and auditing IBM Db2 for i database activity"

https://www.ibm.com/support/pages/system/files/inline-files/i-infosphere_guardium_db2-pdf.pdf


Guardium Activity Monitor & Db2 for i Serviceability Guide:

Guardium Activity Monitor & DB2 for i Serviceability Guide - Version 3.3.pdf
 

Guardium V11 overview: 

https://www.ibm.com/docs/en/guardium/11.5?topic=db2-i-s-tap

Guardium V10 S-TAP configuration:

        V10 S-TAP Details


Guardium IBM i Advanced S-TAP Filtering document:

        IBM i Advanced S-TAP Filtering
 

 Introductory Video: "InfoSphere Guardium Data Activity Monitoring for IBM i"

http://www.youtube.com/watch?v=eZYMuibslhQ


Figure 1. Guardium V10 - IBM i Features

image-20200114155625-1

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Component":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}]

Document Information

Modified date:
12 March 2024

UID

ibm11172518