Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Information Management
nfoSphere Guardium Technical Training
Introduction and TechnicaI Overview
Guardium & Optim Technology Ecosystem
IBM Toronto Lab
Summer/Fall 2010
2
2010 BM Corporation
nformation Management
Agenda
ntroduction to Guardium
Guardium's Advantage
Case Studies
3
2010 BM Corporation
nformation Management
ntroduction to Guardium
Market Ieader in Database Activity
Monitoring (DAM) and safeguarding
high-vaIue databases
Comprehensive compIiance
automation system
ScaIabIe architecture with support
for heterogeneous environments
Industry-Ieading patented software
agent soIution for greater data
access monitoring and controI
Key product in IBM's
Information Governance portfoIio
Continued support for
heterogeneous environments
2010 BM Corporation
g g
atabases
compIiance
system
re with support
environments
ented software
greater data
g and controI
Continued support for
heterogeneous environments
4
2010 BM Corporation
nformation Management
Reality of Data Security
ntroduction
S-TAP Architecture
CAS Architecture
Collector Architecture
mplementation Options
3
2010 BM Corporation
nformation Management
nfrastructure
Data Servers Application Servers
Network
Switch
Client
nternet
Local
Access
Network
Access
Guardium
Collector
GGuuaarrddiiuumm
Collector
4
2010 BM Corporation
nformation Management
Database Activity Monitoring
Monitoring options
Port Mirroring
Network Tap
Software Tap
5
2010 BM Corporation
nformation Management
Port Mirroring
Copy of network packets observed on the switch port
connected to the data server is sent to the CoIIector
Specific traffic can be filtered such that not all traffic is sent
to the Collector. This reduces network load significantly.
Dependent on K-TAP
Network Layer
Shared Memory
S-TAP
9
2010 BM Corporation
nformation Management
CAS Architecture
K-TAP A-TAP
S-TAP
Network Layer
Shared Memory
Application/User Level
Kernel Level
DBMS
Data Server
LocaI
AppIication/User
CAS
CoIIector
Config FiIe C fi FiI
CAS (Change Audit System)
Environment variables
Configuration files
Script outputs
Optional component
Control signal sent to S-TAP for filtering control and termination actions
Data
Server
LOGIN USER ...
SELECT... FROM ...
CREATE TABLE .
INSERT .
DELETE ....
Security PoIicy
nventory Data Log SQL Construct
Sales Data Log Full SQL
Sensitive Data Alert
Unknown User Terminate
CoIIector
Database
S-TAP
Log
Terminate
AIert
12
2010 BM Corporation
nformation Management
Failover and Load Balancing
S-TAP can also be configured with multiple Collector for failover and/or load balancing
Load balancing would only be required to sustain logging in cases with extreme data
volumes and full audit condition
13
2010 BM Corporation
nformation Management
Collector Sizing
Note: These are simply guidelines. Sizing is dependent on user activity, security policy, and data sever load.
Deta||ed
Logg|ng
Deta||ed
Logg|ng
8as|c
Logg|ng
8as|c
Logg|ng
14
2010 BM Corporation
nformation Management
Managed Environment
kemote Locat|ons
Aggregator &
Centra| Manager
CoIIector
CoIIector
CoIIector
CoIIector
Aggregator &
Centra| Manager
15
2010 BM Corporation
nformation Management
Aggregator G5000 Appliance
Centralized management:
Monitoring the status of all managed Aggregator and Collectors
Centralized policy management for entire enterprise environment
Unified security policy pushed out to all managed Collectors
Centralized users and groups that is synchronized with managed units
Ability to query managed Collector's data from Central Manager
Note: this is not applicable to managed Aggregator units