Académique Documents
Professionnel Documents
Culture Documents
Deployment Part 1
Speakers: Boaz Barkai and Yosef Rozenblit
Information Management
Information Management
Logistics
This tech talk is being recorded. If you object, please hang up and
leave the webcast now.
Well post a copy of slides and link to recording on the Guardium
community tech talk wiki page: http://ibm.co/Wh9x0o
You can listen to the tech talk using audiocast and ask questions in
the chat to the Q and A group.
Well try to answer questions in the chat or address them at
speakers discretion.
If we cannot answer your question, please do include your email
so we can get back to you.
When speaker pauses for questions:
Well go through existing questions in the chat
June 5, 2013
Information Management
Link to more information about this and upcoming tech talks can be found on the InfoSpere
Guardium developerWorks community: http://ibm.co/Wh9x0o
Please submit a comment on this page for ideas for tech talk topics.
June 5, 2013
Information Management
Topics
Part 1
What Guardium deployment is all about
What teams need to be involved
What architecture options and IT infrastructure requirements need to be
considered
Part 2
What business requirements and drivers need to be understood
Monitoring deployment
How to manage the solution post deployment
Information Management
Product Components
TWO Products
DAM
VA
Basic
Advanced
Basic
Advanced
Data Activity
Monitoring (DAM)
Real-time activity
monitoring for data
compliance and data
security
TWO
Deployment
Options
Stand-alone
Federated
TWO
Appliance
Options
Physical
Appliance
Software
Appliance
Vulnerability Assessment
(VA)
Database vulnerability
assessment, patch levels
analysis, configuration
assessment, and
entitlement reporting
DAM Basic
Compliance Driven
Non-Intrusive,
Compliance Workflow,
Reports, Alerts
VA Basic
Vulnerability Assessment,
Data Protection
Subscription
DAM Advanced
Security Driven
Blocking & Masking
VA Advanced
Configuration Audit
System
Entitlements Reporting
Information Management
Non-invasive
No DBMS changes
Minimal impact
Does not rely on traditional DBMSresident logs that can easily be disabled
by DBAs
Heterogeneous Database Support
Information Management
Information Management
Information Management
Information Management
Comprehensive Audit
o Audit and log everything at least with the standard granularity (one hour), in this mode
customers may use Log Full Details but this should be done selectively on a subset of the
traffic and not on the entire data.
Note - Comprehensive with values, extrusion, or both is the most comprehensive logging
mode
10
Information Management
Discovery &
Classification
Security
Vulnerability
Assessment
Entitlement
Reporting
Database Activity
Monitoring (DAM)
Enterprise
Integrator
Change
Audit
System
Advanced Work
Flow
Automation
Information Management
Installation &
Configuration
Monitoring
Setup & Verification
Additional
Functionality Setup
Test Cycle
Production Roll-Out
Steady
Steady State
State
Information Management
Information Management
Implementation Resourcing
Customer Team (Example)
Installation & Configuration
Resources
Project Manager
Guardium administrator
(Guardium Solution Tech Lead)
DBA
(Testing)
Information Security
(Governance)
Network Administrator
(Review network impacts)
Auditors/Application Owners
(Monitoring requirements)
IT infrastructure
(Appliance install, VM install)
Disk storage Admin
(Backup, Archive & Restore)
Information Management
Analyze
Analyze Requirements
Requirements
Identify
Database
Identify Database
servers
servers in
in scope
scope
Discuss
Discuss Data
Data centers,
centers,
locations
and
network
locations and network
considerations
considerations
Discuss
Discuss Installation
Installation of
of
the
the appliances
appliances (process,
(process,
steps
and
requirements)
steps and requirements)
Discuss
Discuss Basic
Basic
configuration
configuration of
of the
the
appliances
appliances
Discuss
Discuss Deployment
Deployment
plan
plan of
of the
the Guardium
Guardium
appliances
appliances
Discuss
Discuss Installation
Installation of
of
the
S-TAP
(process,
the S-TAP (process,
steps
steps and
and requirements)
requirements)
Discuss
Discuss Basic
Basic
configuration
configuration of
of the
the
STAP
STAP
2.
2. Appliance
Appliance
Installation
Installation
3.
3. GIM,
GIM, S-TAP
S-TAP agent
agent
Installation
Installation
4.
4. Operations
Operations
Setup
Setup
Rack
Rack and
and connect
connect
each
each Guardium
Guardium
appliance
appliance to
to power
power
and
and network
network
Configure
Configure each
each
Guardium
appliance
Guardium appliance
with
with Basic
Basic
Configuration
Configuration
parameters.
parameters.
Verify
Verify systems
systems are
are on
on
the
the network
network
(If
(If applicable)
applicable) Register
Register
all
Guardium
all Guardium
appliances
appliances to
to the
the
Central
Central Manager
Manager
Review
Review and
and complete
complete
basic
configuration
basic configuration of
of
each
each appliance
appliance
Install
Install Ignore
Ignore Session
Session
Policy
Rule
Policy Rule
Install
Install GIM,
GIM, S-TAP
S-TAP
agents
on
database
agents on database
servers
servers
Verification
Verification that
that the
the
GIM,
S-TAP
are
GIM, S-TAP are
registered
registered with
with
collector
collector
Configure
Configure S-TAP
S-TAP
agents
to
capture
agents to capture
traffic.
traffic.
Verify
Verify S-TAP
S-TAP traffic
traffic is
is
captured
by
the
captured by the
collector
collector
Setup
Setup Aggregation
Aggregation
Setup
Setup Archiving
Archiving
Setup
Setup Purging
Purging
Setup
Setup System
System
Backup
Backup
Self
Self Monitoring
Monitoring Setup
Setup
Information Management
Outcome
oDeployment Document & Project Plan
Information Management
Information Management
DB to Collector Sizing
Database Activity Monitoring Sizing Guide
InfoSphere Guardium V9.0 > InfoSphere Guardium > Installing > IBM InfoSphere Guardium Software Appliance
Installation Guide > Step 1. Assemble the following before you begin
2011 IBM Corporation
Information Management
Conclusion if you are planning to only monitor privileged users/insiders and retain ~30 days
on-line you can calculate ratio like this:
o Number of collectors * GByte per collector per day* days required for retention < aggregator database size
o Example: 12 collectors * 0.5GB per-day * 30 days = 180 GB aggregator storage
Note: We do not recommend to MAX out the aggregator database (600GB disk ~ 300GB for database)
Information Management
Information Management
Track and alert on changes at the OS level (files, permissions, environment variables,
registry entries, etc.)
Information Management
Information Management
o
o
o
o
o
o
o
o
o
Data Capture types- Local and/or Network, Exclude Traffic, Exclude Results
Cluster Aware Support migrating, floating, unavailable databases
Prevention Block activity or terminate connection
Encryption Communicate encrypted to collector (TLS)
Basic Send traffic to one collector (no failover)
Failover Send traffic to one collector and failover to one or more collectors as needed
Load Balancing Send traffic across multiple collectors
GRID (Load balancer such as , f5 , Cisco, GSS.)
Redundancy Send traffic to more than one collector
23
2011 IBM Corporation
Information Management
2. Failover
24
3. Load Balancing
4. Grid
Information Management
Information Management
Information Management
Collectors
Central Manager
&
Aggregators
3rd Party
Archival
Storage
S-TAPs
Database Activity
Daily Archive & Monthly
Backups
Guidelines
System Backup
Configuration Backup
DAILY
NEVER
DAILY
NEVER / AS NEEDED
N/A
DAILY
DAILY
Information Management
Information Management
Information Management
Information Management
31
Information Management
Link to more information about this and upcoming tech talks can be found on the InfoSpere
Guardium developerWorks community: http://ibm.co/Wh9x0o
Please submit a comment on this page for ideas for tech talk topics.
Information Management
Thank You!
Information Management
Additional Content
Information Management
Self Monitoring
Information Management
Information Management
Operations
Enterprise Dashboards
Information Management
Information Management
39
Information Management
40
Information Management
41
Information Management
S-TAP/Monitoring Alert
42
Information Management
43
Information Management
44
Information Management
Information Management
Information Management
Information Management
Thank You!