Components and topology

Learn about Guardium appliances, agents, and other components.

Guardium components

  • Guardium systems:
    • Collectors: The collector performs real-time capture and analysis of the database activity, and logs it for further analysis and use in alerting.
    • Aggregators: Guardium aggregators collect and merge information from multiple Guardium collectors, and optionally from other aggregators. They produce holistic views of an entire environment. Collection and aggregation processes allow Guardium to easily generate enterprise-level reports. In a large enterprise environment, for example, several Guardium systems can be used for monitoring different geographic locations or business units. You can export data from multiple collectors to a single aggregator, and view database usage across all geographic areas or business units. Reports, assessments, and audit processes run from this aggregator would then reflect data collected from across the environment.
    • Central Managers: The central manager (CM) is a specialized functionality that is enabled on an aggregator. In this configuration, one Guardium system is designated as a central manager that controls and monitors an entire Guardium environment, from a single console. In this configuration, collectors and aggregators are referred to as managed units. While some applications (Audit Processes, Queries, Portlets, etc.) can be run from either a managed unit or from the central manager, application's definitions are stored on the central manager. See Aggregation and central management. Central management supports hierarchical aggregation where multiple aggregators merge their data repositories to a central aggregator. This is useful for multi-level views. For example, with different Guardium aggregators assigned to different geographic locations, a central management aggregator can merge the contents of all aggregators into a single global view spanning all geographies. See Data aggregation.

      To set up your central manager and managed units for Vulnerability Assessment (VA), see Set up your environment for Vulnerability Assessment.

  • Agents (required and most common):
    • Software TAP agent (S-TAP®): Windows: S-TAP user's guide and Linux and UNIX systems: S-TAP user's guide.
    • Guardium Installation Manager agent (GIM): The GIM server is installed as part of the Guardium system. It communicates with the GIM client, that is installed on servers that host databases or file systems that you want to monitor. It facilitates agent installation and updating and configuration modification of agents. See Guardium Installation Manager
    • Change Audit System agent (CAS): The CAS agent is installed on the database server. It captures change audit information of configuration files and more on the database server. See Configuration Auditing System (CAS)
    • Instance Discovery agent: The instance discovery agent is installed on the database server and sends database, listener, and port information to Guardium.
  • Datasource: A Guardium datasource identifies a specific database instance. Access to datasources may be restricted based on the roles assigned to the datasource and to the applications that use it. For example, the Value Change Auditing application requires a high level of administrative access that would not be appropriate for other less privileged applications.
  • Inspection engine: neither a component nor an agent, an inspection engine is a required configuration that specifies the database platform and the instances that the S-TAP monitors on the S-TAP host (database server). One S-TAP often has many inspection engines.
Guardium topology
  • Basic stand-alone architecture: The most basic architecture is for monitoring several databases in one data center: one stand-alone collector appliance and several Guardium S-TAP agents that are installed on the monitored database servers. The S-TAP agents capture and send the relevant database activities to the one Guardium collector for analysis, parsing, and logging.
  • Mid-size architecture: The mid-size architecture monitors numerous databases across data centers. It consists of multiple collector appliances and numerous S-TAP agents that are installed on the monitored database servers in each data center. The S-TAP agents capture and send the relevant database activities to the Guardium collectors for analysis, parsing, and logging. The collectors aggregate activities that are monitored to an aggregator appliance for central reporting. In this example, the aggregator appliance is also serving as the central management appliance for the solution that enables federated management capabilities, such as Access Management, patching, and metadata repository.
  • Enterprise architecture: The enterprise architecture monitors numerous databases across multiple data centers and continents. This architecture example consists of many collector appliances and numerous S-TAP agents that are installed on mainframe and distributed database servers across data centers. The S-TAP agents capture and send the relevant database activities to the Guardium collectors for analysis, parsing, and logging. The collectors aggregate activities that are monitored to the respective aggregator appliance for central reporting. A dedicated Central Manager appliance provides federated management capabilities, such as Access Management, patching, and metadata repository.