Question & Answer
Question
How do you configure Inspection Engine in IBM® AIX® workload partition (WPAR)?
Answer
1. S-TAP requires the IP address of the database server host to which it connects.
2. S-TAP requires the absolute path of the database server executable and install directory.
Install STAP/KTAP on the primary/global Zone/WPAR by the normal method.
By default, S-TAP connects to the loop back address 127.0.0.1. This will not work if the database server is installed in a AIX WPAR, as the loop back address refers to the "local host".
For example:
If the Database is on AIX WPAR and the IP address of AIX WPAR is "192.168.10.10", S-TAP must connect to this IP address rather than 127.0.0.1 in order to intercept database traffic.
Obtain the IP address of the AIX WPAR using "ifconfig -a".
Set the Inspection Engine parameter “connect_to_ip” to the IP address of the AIX WPAR.
Set the Inspection Engine parameters “db_exec_file” and “db_install_dir” to the full path as accessed from the AIX server.
For example:
1. Install STAP on AIX db server (aixglobal1)
2. Oracle database on aixg1w1 (aixg1w1 is AIX WPAR)
connect_to_ip= <IP address of the AIX WPAR>
db_exec_file=/wpars/aixg1w1/home/oracle12/product/12.0/db_1/bin/oracle
db_install_dir=/wpars/aixg1w1/home/oracle12
Summary:
If database is in the subordinate node, then guard_tap.ini file needs to configure "connect_to_ip" to be IP of the node, and "DB Install Dir" and "DB exec file" to be the full path from the primary to the subordinate node (similar to the Solaris zones environment).
2. S-TAP requires the absolute path of the database server executable and install directory.
Install STAP/KTAP on the primary/global Zone/WPAR by the normal method.
By default, S-TAP connects to the loop back address 127.0.0.1. This will not work if the database server is installed in a AIX WPAR, as the loop back address refers to the "local host".
For example:
If the Database is on AIX WPAR and the IP address of AIX WPAR is "192.168.10.10", S-TAP must connect to this IP address rather than 127.0.0.1 in order to intercept database traffic.
Obtain the IP address of the AIX WPAR using "ifconfig -a".
Set the Inspection Engine parameter “connect_to_ip” to the IP address of the AIX WPAR.
Set the Inspection Engine parameters “db_exec_file” and “db_install_dir” to the full path as accessed from the AIX server.
For example:
1. Install STAP on AIX db server (aixglobal1)
2. Oracle database on aixg1w1 (aixg1w1 is AIX WPAR)
connect_to_ip= <IP address of the AIX WPAR>
db_exec_file=/wpars/aixg1w1/home/oracle12/product/12.0/db_1/bin/oracle
db_install_dir=/wpars/aixg1w1/home/oracle12
Summary:
If database is in the subordinate node, then guard_tap.ini file needs to configure "connect_to_ip" to be IP of the node, and "DB Install Dir" and "DB exec file" to be the full path from the primary to the subordinate node (similar to the Solaris zones environment).
Related Information
[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium S-TAP","Platform":[{"code":"PF002","label":"AIX"}],"Version":"10.0;10.0.1;10.1;10.1.2;9.0;9.1;9.5","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
06 July 2023
UID
swg22002677