I wanted to let everyone know that F5 has published two step by step deployment guides- you can find them on their dw wiki page: One to support what we call Guardium "grid" and another for the real-time application end user identification from their firewall. If you didn't listen in or download the notes and slides from the What is new in V9 Tech Talk, you may not have a clue what I'm talking about so I'll briefly summarize:
- With Guardium grid, all S-TAPs point to the same virtual IP address for the collector. The load balancer in the middle will pick a collector. This significantly reduces the headaches of dealing with changing parameters when you need to add new collectors or otherwise move things around to accommodate your environment. This has been tested with both Cisco and F5. The F5 capability used is called the BIG IP Local Traffic Manager (LTM).
- The next capability is centered around an integration with F5 BIG-IP Application Security Manager (ASM). ASM is able to read HTML packets and be aware of which user is requesting/sending which traffic. We've now enabled the Guardium Collector to accept a data stream from BIG-IP with this information and to correlate the end-user information to individual SQL statements. By enabling the integration, Guardium can correlate end users with the related database activity, even in situations where user-sessions are not managed at the database level.