In fact, we are trying to answer both cases: HA and disaster recovery. The load balancing is a benefit that I find it interesting, unless otherwise indicated.
In a second phase of the project, we are going to install a CM and a collector in the disaster site (standby site).
The collector of the backup site will be in the same group as the current collectors. The backup CM will be the mirror of the current CM. This is to ensure the sharing of configurations between the main site collectors and the backup site collector. In the event of a switchover, the entire configuration (Policy, ...) must be reopened on the backup site automatically without any manual intervention.
We currently have 10 S-TAPs and we plan to go to 15 very soon.
------------------------------
Mohamed AFEILAL
------------------------------
Original Message:
Sent: Thu March 05, 2020 10:47 AM
From: Zbigniew (Zibi) Szmigiero
Subject: Guardium ELB Configuration
"I installed ELB following a customer requirement. He wants to have load balancing between the collectors. Is there any special reason to not install the ELB"
It is not clear - would you like to spread traffic using round robin approach or use ELB to manage HA?
Still in both situation with two collectors I do not see reason to use ELB.
The ELB functionality to move STAP to another collector base on collector performance does not make sense for 2 collectors.
How many STAP's do you have?
"I don't reinstall S-TAP on the database server, it's from the collector. As soon as I change the value of an S-TAP parameter in ''Install by client'', Guardium reinstalls the affected module."
Affected modules are not reinstalled only reconfigured in this case.
------------------------------
Zbigniew (Zibi) Szmigiero
IBM
Warsaw
Original Message:
Sent: Thu March 05, 2020 10:16 AM
From: Mohamed AFEILAL
Subject: Guardium ELB Configuration
Hello
I installed ELB following a customer requirement. He wants to have load balancing between the collectors. Is there any special reason to not install the ELB
I don't reinstall S-TAP on the database server, it's from the collector. As soon as I change the value of an S-TAP parameter in ''Install by client'', Guardium reinstalls the affected module.
I know that the installation of S-TAP directly on the database server is a bit special.
Regards
------------------------------
Mohamed AFEILAL
Original Message:
Sent: Thu March 05, 2020 09:53 AM
From: Zbigniew (Zibi) Szmigiero
Subject: Guardium ELB Configuration
I suggest do not use ELB for your configuration.
BTW - why do you reinstall STAP's to change parameters?
STAP reinstallation can fail if you forgot restart OS.
------------------------------
Zbigniew (Zibi) Szmigiero
IBM
Warsaw
Original Message:
Sent: Thu March 05, 2020 09:21 AM
From: Mohamed AFEILAL
Subject: Guardium ELB Configuration
Hello Zibi
Can you please be more explicit. What do you mean by manual install first?
Regards
------------------------------
Mohamed AFEILAL
Original Message:
Sent: Thu March 05, 2020 08:54 AM
From: Zbigniew (Zibi) Szmigiero
Subject: Guardium ELB Configuration
For this small configuration you should consider manual setup primary and failover collector for each STAP
------------------------------
Zbigniew (Zibi) Szmigiero
IBM
Warsaw
Original Message:
Sent: Thu March 05, 2020 06:46 AM
From: Mohamed AFEILAL
Subject: Guardium ELB Configuration
Hello
I have a Guardium configuration with 1 CM - Aggregator and 2 Collectors. I have enabled Enterprise Load Balancing for all S-TAPs. The CM is the Load Balancer.
I see that at the CM (Aggregator) I am receiving traffic from the same database from both Collectors which confirms that the load balancing is working properly. (Not just failover)
The problem I have is with the S-TAP status monitor. The inspection engine status is green only on one collector, which is declared as primary. But since I'm in load balancing, why have a primary and a secondary. Normally on both collectors and on the S-TAP status monitor, the S-TAP should be green.
No problem with the S-TAP control, everything is green on both collectors.
Is this a normal behavior or did I miss something in the S-TEP configuration?
Thank you for your feedback
Regards
------------------------------
Mohamed AFEILAL
------------------------------