It is determined that you do not want to run the CCS or ESM agent locally on a DB2 database machine, however the security settings for DB2 need to be collected. There are several steps involved in connecting to a remote DB2 database instance with the Enterprise Security Manager (ESM) DB2 application module.
The DB2 module for ESM and CCS Agents can remotely connect to DB2 database instances. However, currently the only version of the DB2 application module that can be configured for remote DB2 database connections is the Windows version. Therefore to connect to remote DB2 instances the DB2 module must be loaded and configured on a Windows based ESM or CCS Agent.
Documentation for the DB2 Application module indicates that the DB2 client needs to be installed (as a pre-requisite) on the same host machine that the DB2 application module is to be installed on. However the documentation does not indicate the steps involved for configuring the DB2 Client itself. The DB2 Client must be individually configured to have a catalog entry of the various databases that the client will be used to attach to. This configuration needs to be done prior to configuring the DB2 application module itself.
Note: The latest versions of the DB2 Application module can be installed on 64 bit Windows systems having ESM or CCS Agents. If installed on a 64 bit Windows system you will need to install the 64 bit version of the DB2 Client.
The three major steps to configuring the DB2 client are:
1.) Catalog the tcpip node 2.) Catalog the database 3.) Test the connection of the DB2 client to the cataloged database with a given ID and password.
You can find information on doing all three of these steps on the following IBM website:
Once the DB2 client is configured and tested for connectivity to the remote DB2 database(s), the remaining steps to configure the DB2 Application module are covered in the DB2 Application module Installation guide.
Enterprise Security Manager (ESM) Windows agent.
Control Compliance Suite (CCS) Windows agent.
Imported Document ID: TECH200925
Spreadsheet indicating which DB2 module checks can be run using remote connectivity and which cannot