Central Management

In a central management configuration, one Guardium® unit is designated as the Central Manager. The Central Manager monitors and controls other Guardium units, which are referred to as managed units. Unmanaged units are referred to as stand-alone units.

Roles

The concept of a local Guardium system can refer to any Guardium system in the Central Management paradigm. Some applications, such as audit processes, queries, portlets, and more, can run on both the managed units and the central manager. In both cases, the definitions come from the Central Manager, and the data comes from the local Guardium system, which might also be the central manager.

After a Central Management system is set up, you can use either the central manager or a managed unit to create or modify most definitions. Most definitions are stored on the central manager, regardless of the system that edits them.

Considerations

When you configure and use central management, consider the following items:

  • Use the Remote Source function on the manager to run any report on the managed unit and view data and information of that managed unit.

    You must have the correct role privileges.

  • CAS template definitions are shared between all units of a federated environment, similar to other definitions such as reports, policies, and alerts.
  • A good practice is to run CAS Reports on a manager, especially CAS Reports relating to CAS configurations, hosts, and templates.
  • If you create a report with the Custom Domain Builder, and some or all of the tables are remote, this report does not work on a managed node. No data is returned.

    Reports, such as data source and comments, are stored on the manager.

  • The Central Management page of a manager does not automatically refresh on a specific interval. It times out based on the GUI timeout of the system.
  • After some time of inactivity, the system logs you out automatically and displays a sign-in dialog. The length of the GUI timeout can be set with the CLI command store session timeout (default is 900 seconds). View the timeout with the CLI command show session timeout. Status lights refresh every 5 minutes when the session is active.
  • To synchronize or upload any data from the Central Manager to managed nodes, all nodes that are involved in this type of activity MUST be on the SAME version of Guardium.
  • During the Central Management Redundancy Transition, it can take up to 5 minutes for the Unit type sync to occur depending on how many units are defined in the central management environment.
  • IPMODE information is shared with the central manager at registration.

    A managed unit that is registered with the central manager in a pre-V11.2 release is not aware of its IP mode and cannot share that information with the central manager. If a managed unit was upgraded to V11.2 and later, it does not share its IP mode with the central manager, unless you unregister and reregister it.

    To resolve this issue, in the Central Manager page, select individual managed units, or all managed units, and click refresh unit information Refresh Unit info.