Deployment health topology and table views
Learn more about how the deployment health topology and table views present the configuration of your Guardium® environment and its data.
The deployment health topology view is accessible from any central manager and provides an at-a-glance visualization of the entire Guardium environment that is connected to that central manager. In addition to showing relationships between nodes in the environment, the deployment health topology view also provides health information about all connected aggregators, collectors, and S-TAPs. Several investigation and resolution actions are available directly from the deployment health topology view to help quickly address health issues that are discovered in your environment.
The default deployment health topology view is a data flow view that shows the data import and export relationships between aggregators and managed units. Browse to the deployment health topology view at
.A sortable table view of the deployment health data is also available at In the table view, the Guardium systems tab provides overall deployment health information while the S-TAPs tab provides detailed health information about S-TAPs and databases.
.Data availability
Several factors influence that availability of system data and how that data is displayed on the deployment health topology and table views. For information about configuring your system to use the deployment health views, see Configuring a central manager for the deployment health views.
The backup central manager only shows its connectivity status.
- Types of data
- When correctly configured, the deployment health topology and table views display data that is
collected from several different sources. The specific types of data that are displayed depend on
the unit type, as summarized in the following sections.
- Overall Status
- The overall status gives the status of the unit:
- Overall status.
- Guardium version for Guardium systems and S-TAPs.
- OS version, databases, and database status for S-TAPs, including S-TAP® type, version, and verification status. For more information, see Windows: Inspection engine verification / Linux-UNUX: Inspection engine verification.
- Connectivity
- The connectivity category indicates whether systems in a Guardium
environment are able to communicate.
- Applies to central managers, aggregators, collectors, and S-TAPs.
- Examples include unit not responding and S-TAP not responding, and incorrect S-TAP configuration.
- View Unit utilization report
- This report provides information about how heavily Guardium
systems are loaded.
- Applies to central managers, aggregators, and collectors.
- Examples include CPU load, free buffer space, and MySQL disk usage.
- For more information, see Unit utilization and inspection core performance.
- View Aggregation/Archive Log
- This log provides information about data import and export flow between Guardium systems.
- Applies to central managers (if configured as aggregators), aggregators, and collectors.
- Examples include import failed, export failed, and export not scheduled.
- For more information, see Predefined admin reports and Data aggregation.
S-TAP only
- K-TAP status
- The K-TAP status indicates whether K-TAP is successfully loaded. Use the View S-TAP events link for more information.
- Traffic status
- If Traffic is selected from the Customize settings
menu, then Guardium checks the status of traffic between S-TAPs and Guardium.
- Applies to central managers, aggregators, and collectors.
- For topology views, traffic status displays on the S-TAP roll-up.
- By default, traffic is queried every five minutes on the collector, but you can modify this interval (to between 5 and 30 minutes) with the set_health_traffic_job_interval API. If the status changes, the data is pushed to the central manager every 5 minutes. In most cases, traffic data is less than 10 minutes old (but can be as much as 20 minutes old in some worst-case scenarios).
- Data latency
- Several preset and user-defined schedules determine the latency of data that is displayed on the
deployment health topology view. These schedules are summarized in the following table.
Table 1. Deployment health topology view data latency Health category Node type Latency Connectivity Aggregator or collector Less than 15 minutes Connectivity S-TAP, data stream, or universal connector Less than 15 minutes if enterprise load balancing is enabled Less than 1 hour if enterprise load balancing is not enabled
Aggregation Central manager, aggregator, or collector Less than 1 hour Verification S-TAP Less than 1 hour Unit utilization Central manager, aggregator, or collector 1 - 2 hours, based on the recommended configuration. For more information, see Configuring unit utilization data processing. Observe the following latencies for specific environment and configuration changes:
- Newly registered aggregators or collectors become available to the deployment health views within 15 minutes.
- Deleting the data export schedule or data export configuration from a collector are reflected on the deployment health views within 2 hours.
Data presentation
- Health status
-
The deployment health topology view displays three categories of health information for Guardium systems: connectivity, unit utilization, and aggregation. Metrics under these categories are assigned one of the following health statuses: status unavailable (least severe), no health issues, low severity, medium severity, and high severity (most severe). The overall status is determined by the most severe status of any individual metric included under any of the health categories being displayed. Data that has been excluded using the Customize Settings dialog is not used for determining the overall status of a system.
For example, if the Restarts metric under the Unit utilization category is assigned a High severity status, but no health issues exist under another category, the Overall status for that system is High severity. This behavior ensures that the most severe condition is always visible at-a-glance as the overall status of a system.
At the
view, detailed statuses for the available health categories are only displayed when at least one low, medium, or high severity issue is found.At the
view, detailed statuses for the available health categories are always displayed. - Health status roll-up
-
The deployment health topology view implements a health status roll-up strategy to efficiently display health information for an entire Guardium environment. Using this strategy, child nodes are collapsed under their parent nodes, and the child's health status is rolled-up to the parent. The rolled-up status is expressed as a small icon attached to the parent node.
Attention: Health status roll-up is only supported for S-TAP nodes rolling-up status to their parent collector.For example, indicates a collector with no health issues, but the small red circle indicates that one or more S-TAPs that are associated with that collector has high severity issues. Clicking the collector expands the node and reveals the associated S-TAPs and their health status. For example, indicates four S-TAPs that are associated with the collector: two S-TAPs have high severity health issues, and two S-TAPs have low severity health issues.Only the most severe status is rolled-up from the child to the parent node when the child nodes are collapsed. In the previous example, the parent node shows a small red circle because one or more of its children has high severity issues. However, if one or more child nodes contain low severity issues but all the other child nodes have no health issues, the parent node would display a small yellow circle.
- Filtering
- The topology view provides Active filters for several metrics, such as database type, host name, and health severity. Use the filter-type fields to select and apply filters to the topology.
- Customizing the settings
- Click the icon to open the Customize Settings dialog and define the following properties:
- From the Health Settings tab:
- The health status categories to display, such as connectivity, traffic, and unit utilization.
- Display settings for the topology view, such as default zoom settings, and whether to exclude healthy nodes or expand S-TAPs by default.
- Column-display settings for the table view.
- Other settings, such as whether to show S-TAP aliases.
- From the Traffic ignore list tab, you can select one or more databases to
ignore for traffic monitoring. If you do not select Traffic from the
Health Settings tab, traffic is not monitored.
- From the Traffic ignore list tab, click the icon to display a list of all available databases.
- Select the databases to ignore. You might, for example, want to ignore test databases.
- Click Add to ignore list.
- From the Health Settings tab:
Deployment presentation
Some deployment configurations display unexpectedly on the deployment health topology view. Several of these configuration scenarios are described in the following sections.
- Unsupported S-TAPs
- The deployment health topology view displays any S-TAPs that are configured for S-TAP verification or that participate in enterprise load balancing. If an S-TAP cannot be configured for S-TAP verification or to participate in enterprise load balancing, it is not displayed.
- S-TAP load balancing
- If S-TAP load balancing is configured with the participate_in_load_balancing parameter and an S-TAP is configured to balance traffic across multiple collectors, the deployment health topology view displays that S-TAP as a child node of each collector. For example, if S-TAP 1 is load balancing with Collector A and Collector B, both Collector A and Collector B display S-TAP 1 as a child in the deployment health topology view.
- Invalid S-TAPs
- Invalid S-TAPs are similar to inactive S-TAPs, but they only appear in topology views. Use the API delete_invalid_stap to remove invalid S-TAPs from the topology views.
- Unmanaged units
-
If a collector exports data to a central manager or to an aggregator that is configured as a central manager, but that collector is not designated as a managed unit of that central management cluster, the Overall status of the collector in the deployment health topology view is shown as Health status unavailable. No additional information about the collector is made available through the deployment health topology view unless the collector is designated as a managed unit of the central manager.
- Collector exporting data to primary and secondary hosts
- When a collector is configured to export data to both primary and secondary hosts, only the primary host is used for the deployment health topology view.