Hello all,

I have a new challenge, we need install Guardium in cloud AWS, and the databases will be on premise of customer. In this scenario I have a lot of questions:

- How the STAP works? Need I a certificate, tokens, etc.?
- What are the ports that the system must open from cloud to DBServers?
- How the STAP agent send the logs to guardium in cloud?
- Where can I found information or some training about this scenario?


------------------------------
Carlos Espinoza Chandia
------------------------------

- What are the ports that the system must open from cloud to DBServers?
The ports that need to be open depend on what database server type you are monitoring, as well as if encryption is configured for the S-TAP. Details for the ports can be found here.

- How the STAP agent send the logs to guardium in cloud?
This works the same as an S-TAP agent sending logs to Guardium locally. Make sure that the collector and S-TAP have network access to each other and configure the S-TAP to report to the desired collector. A word of caution here; the standard for Guardium is to have local collectors for local databases and a cloud collector for cloud databases. The reason for this is to reduce latency for sending traffic and ignore/block verdicts. This is especially important if you are doing S-GATE blocking where the server holds traffic waiting for a verdict from Guardium to allow the traffic. That is not to say it is impossible to mix cloud and local, just not recommended.

------------------------------
Chase Walkup
------------------------------

Original Message:
Sent: Mon August 17, 2020 07:01 PM
From: Carlos Espinoza Chandia
Subject: Guardium in cloud. Databases on premise.

Hello all,

I have a new challenge, we need install Guardium in cloud AWS, and the databases will be on premise of customer. In this scenario I have a lot of questions:

- How the STAP works? Need I a certificate, tokens, etc.?
- What are the ports that the system must open from cloud to DBServers?
- How the STAP agent send the logs to guardium in cloud?
- Where can I found information or some training about this scenario?


------------------------------
Carlos Espinoza Chandia
------------------------------

Thank you chase I'll work in this.

------------------------------
Carlos Espinoza Chandia
------------------------------

Original Message:
Sent: Wed August 19, 2020 09:43 AM
From: Chase Walkup
Subject: Guardium in cloud. Databases on premise.

- What are the ports that the system must open from cloud to DBServers?
The ports that need to be open depend on what database server type you are monitoring, as well as if encryption is configured for the S-TAP. Details for the ports can be found here.

- How the STAP agent send the logs to guardium in cloud?
This works the same as an S-TAP agent sending logs to Guardium locally. Make sure that the collector and S-TAP have network access to each other and configure the S-TAP to report to the desired collector. A word of caution here; the standard for Guardium is to have local collectors for local databases and a cloud collector for cloud databases. The reason for this is to reduce latency for sending traffic and ignore/block verdicts. This is especially important if you are doing S-GATE blocking where the server holds traffic waiting for a verdict from Guardium to allow the traffic. That is not to say it is impossible to mix cloud and local, just not recommended.

------------------------------
Chase Walkup

Original Message:
Sent: Mon August 17, 2020 07:01 PM
From: Carlos Espinoza Chandia
Subject: Guardium in cloud. Databases on premise.

Hello all,

I have a new challenge, we need install Guardium in cloud AWS, and the databases will be on premise of customer. In this scenario I have a lot of questions:

- How the STAP works? Need I a certificate, tokens, etc.?
- What are the ports that the system must open from cloud to DBServers?
- How the STAP agent send the logs to guardium in cloud?
- Where can I found information or some training about this scenario?


------------------------------
Carlos Espinoza Chandia
------------------------------