IBM Guardium

IBM Guardium

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Guardium Collectors and Aggregator

    Posted Wed February 05, 2020 03:07 AM
    Reply

    Dear Team,

     

    We need to deploy a new environment for IBM Guardium. So, we planning deploy 3 collectors and 1 Aggregator.

     

    IBM Guardium

    Cluster Infrastructure

    Resource requirements :

    vCPU – 8               vRAM – 32\48 GB          vHDD – 1 TB         Network  -- eth0 , eth3

    S-TAP Communication port –  eth0

    Management port –  eth3

     

    Questions :

    • Will we need licenses for deploying , or we can assign licenses keys after the deployment
    • Can we increase S-TAP buffer memory more than 100 MB
    • How I can calculate the size of information (*GB) , received by one of the DB (S-TAP) for 24 hours
    • How data will be restore ? via collector or via aggregator ? Also, archiving will via collector or aggregator ?
    • We need to use (existing) F5 load balancing for cluster, so can you share any detailed guide , how to install and integrate IBM Guardium with F5 (S-TAP GRID Configuration)
    • Or, if we will use Load Balancing S-TAP configuration option ? Which of the this configurations is a better for using ?

    I'm using RedBook by Guardium for implementing, but this book fairly old. Can anyone share useful information for this issue ?

    Thank You

    ------------------------------
    Ali Bayramov
    ------------------------------


  • 2.  RE: Guardium Collectors and Aggregator

    Posted Thu February 06, 2020 11:57 AM
    Edited by Zbigniew (Zibi) Szmigiero Thu February 06, 2020 11:57 AM
    Reply

    Ali,
    This set of questions suggest that you should start to cooperate tightly with experienced Guardium implementator.

    • Will we need licenses for deploying , or we can assign licenses keys after the deployment
    What does mean deployment? Licenses must be assigned on CM, there is no need to install any licenses on collectors, aggregators

    • Can we increase S-TAP buffer memory more than 100 MB
    YES
    • How I can calculate the size of information (*GB) , received by one of the DB (S-TAP) for 24 hours
    Are you asking about network utilization? - 0-85% of DB NIC traffic responsible for session (many variables), maybe about audited data - long story :) there is no one line answer
    • How data will be restore ? via collector or via aggregator ? 
    Generally you should not restore data on production environment - setup standalone aggregator for this job

    • Also, archiving will via collector or aggregator ?
    Up to you - I suggest do that on collector.

    • We need to use (existing) F5 load balancing for cluster, so can you share any detailed guide , how to install and integrate IBM Guardium with F5 (S-TAP GRID Configuration)
    Still should work.
    • Or, if we will use Load Balancing S-TAP configuration option ? Which of the this configurations is a better for using ?
    It depends :)



    ------------------------------
    Zbigniew Szmigiero
    IBM
    Warsaw
    ------------------------------

    Original Message


  • 3.  RE: Guardium Collectors and Aggregator

    Posted Wed February 12, 2020 12:51 AM
    Reply
    Ok,

    Thank You :)

    ------------------------------
    Ali Bayramov
    ------------------------------

    Original Message