Prepare for installing IBM Security Guardium Insights

Before proceeding with your installation of Guardium Insights, your must prepare your system.

Obtain your entitlement key
Access the command line tools
SecurityContextConstraints requirements
Validated storage options

Obtain your entitlement key

You must have an entitlement key for Guardium Insights. To obtain an entitlement key from the IBM Entitled Registry, complete these steps:

Log in to the IBM® Container software library using your IBMid.
Select Get entitlement key in the navigation panel on the left.
Click Copy key in the Access your container software page.
Store the key in a safe location.

You will use the entitlement key when accessing the Docker registry during installation (in the installation instructions, the entitlement user is denoted as CP_REPO_USER and the entitlement key is denoted as CP_REPO_PASS).

To confirm that your entitlement key is valid for Guardium Insights, select View library in the left navigation panel of the Container software library. This shows you a list of products that you are entitled to. If Guardium Insights is not listed, or if the View library link is not available, the username with which you are logged in to the container library does not have entitlement for Guardium Insights. In this case, the entitlement key will not be valid for installing the software.

Access the command line tools

Tools for command line administration of the cluster and Guardium Insights can be accessed from the Red Hat® OpenShift® Container Platform and IBM Cloud Pak® foundational services web consoles. This table details the tools and versions that are required for Guardium Insights:

Table 1. Tools and versions that required for Guardium Insights
Tool	Download	Version
`oc` `oc login <OCP endpoint>` (Workstation must be logged in to the OpenShift cluster)	https://www.okd.io/download.html	4.4.6 or later
`kubectl`	https://kubernetes.io/docs/tasks/tools/install-kubectl/	1.16 or later
`cloudctl`	https://github.com/IBM/cloud-pak-cli/releases	3.17.0 or later
`openssl`	https://www.openssl.org/source/	1.1.1
`python` with `PyYAML` installed (must have a symbolic link to `python`)		3.x or later
`docker` (or `podman`)	https://hub.docker.com/?overlay=onboarding	17.03 or later
`skopeo` (Offline installations only)	https://github.com/containers/skopeo/blob/master/install.md	1.0.0
`ssh-keygen` CLI tool `base64` `cat` `echo` `grep` `awk` `rm` `tr` `cut` `tar`
`htpasswd` (Offline installations only)
Cluster administrator privileges to run the setup scripts
Your login credentials to cp.icr.io CP_REPO_USER="cp" CP_REP_PASS=entitlement key available at https://myibm.ibm.com/products-services/containerlibrary

`SecurityContextConstraints` requirements

The Guardium Insights installation workflow uses an operator that requires SecurityContextConstraints to be bound to the target namespace prior to installation. To meet this requirement, there may be cluster-scoped as well as namespace-scoped pre- and post- actions that need to occur. The predefined SecurityContextConstraints named restricted that comes pre-installed with OpenShift has been verified for this operator.

If your target namespace is bound to these SecurityContextConstraints, you can proceed to install the operator.

Validated storage options

See Validated storage options.

What to do next

Follow the instructions in Download the Guardium Insights CASE file and set up your environment for dependencies.