Enterprise Resource Planning Blogs by Members
Gain new perspectives and knowledge about enterprise resource planning in blog posts from community members. Share your own comments and ERP insights today!
cancel
Showing results for 
Search instead for 
Did you mean: 
rajesh_kumar71
Explorer
0 Kudos
2,177
Background

 

This document in brief about and how to encrypt the SAP system database as part of the client Infosec policy.

 

Landscape

 

In order to demonstrate this configuration, the below landscape is required

  • SAP Systems: ECC, SRM, GRC, HR, PI and Solution Manager

  • IBM DB2 database 10.5.7

  • RedHat Enterprise Linux Server Release 6.10


Tools & Requirements

  • DB2 GSKIT Library files

  • IBM DB2 Database service user account access (OS level)


 

Configuration Steps:

 

Pre-Requisites:

  • IBM DB2 GSKIT updated library files.

  • DB2<SID> user id access


References:

https://www.emc.com/collateral/TechnicalDocument/docu87632.pdf

 

https://www.ibm.com/support/knowledgecenter/en/SSXJFX_2.0.0/cfmup060.html

 

IBM DB2 Encryption steps:

 

Login to the database using db2<sid>


login to db db2SID



Check the db2 version


Check the database encryption status


Check the database encryption status


 Navigate to the path : /db2/db2<sid>/db2-software/gskit/bin


Goto the path gskit/bin


Check the gskit library files


check gskit library files


gskit files listed as below


gskit files


 Check the environmental variable set for LD_LIBRARY_PATH


check env path variable set


/db2/db2<sid>/db2_software/lib64/gskit:/db2/db2<sid>/db2_software/lib32/gskit

 

Set the environmental variable for LD_LIBRARY_PATH as below:

setenv LD_LIBRARY_PATH /usr/sap/<SID>/SYS/exe/run:/usr/sap/<SID>/SYS/exe/uc/linuxx86_64:/db2/db2<sid>/sqllib/lib64:/db2/db2<sid>/sqllib/lib32:db2/db2<sid>/db2_software/lib64/gskit:/db2/db2<sid>/db2_software/lib32/gskit

Navigate to to the location /db2/db2<sid>/db2_software/gskit/bin/gsk8capicmd


navigate to file path gsk8capicmd


 Login with the db2<sid> password and ensure it is working fine


check the db2sid login with password working fine


Create a folder as db2 under the path /db2/db2db0/


Run the command:

/db2/db2<sid>/db2_software/gskit/bin/gsk8capicmd_64 -keydb -create -db /db2/db2<sid>/db2/<SID>keystore.p12 -pw <password> -strong -type pkcs12 -stash


Update the keystore password

Command:

db2 update dbm cfg using keystore_type pkcs12 keystore_location

/db2/db2<sid>/db2/<SID>keystore.p12


Check the dbm cfg for keystore parameters

Command:

db2 get dbm cfg | grep KEY


Check the database encryption status

Command:

db2pd -db <SID> -encryptioninfo


Check the DB size

Command:

db2 "CALL GET_DBSIZE_INFO(?,?,?,0)"


Command:

db2 backup database <SID> to /encryption/<Provide name for BACKUP>  &

To check the backup status

Command:

db2 list utilities show detail


Offline Database backup completed


Now Drop the database

Command:

db2 drop database <SID>


Check the restore status



Then start the DB as below


Connect to the DB


 Check the DB configuration for Encryption status

Command:

db2 update db cfg for <SID> | grep encryption


 Check the DB connectivity


 Now check the encryption status in the DB configuration


Check the DB Encryption status in the application level


End of Encryption configuration

 

IBM DB2 Decryption steps:

 Check sapdata sizes



Execute Compress offline backup on disk (/encryption/bkpdecrypt)

NOTE: For storage constraint, the compressed backup option used, generally don’t use compress option, because restore will take more time



Check Restore Progress



Connect to Db2 database




 

 

 
Labels in this area