Operating modes
You can deploy a Guardium® system in any of several operating modes.
As you plan your Guardium environment,
you might deploy systems in any or all of these operating modes:
- Collector
- A collector receives data about database activities or file activities from agents that are deployed on database servers and file servers. The collector processes this data and responds according to policies that are installed on the collector. A collector can export data to an aggregator.
- Aggregator
- An aggregator collects data from several collectors, to provide
an aggregated view of the data. The aggregator is not connected directly
to database servers and file servers. You can allocate collectors
to aggregators according to location or function. For example, you
might want to connect the collectors that monitor your human resources
database servers to a single aggregator, so that you can view data
that is related to all those servers in one location. If you want,
you can implement a second tier of aggregation by deploying an aggregator
that collects data from all your other aggregators, rather than from
collectors. Note: If you plan to use the appliance as a central manager you MUST select Aggregator option.
- Central manager
- There is only one central manager in a Guardium environment, although you can designate another Guardium system as a backup central manager. You can use the central manager to define policies and distribute them to all collectors, to perform other configuration tasks that affect all your Guardium systems, and to perform various other administrative tasks from a single console. Your central manager can also function as an aggregator, collecting data from collectors or from other aggregators. This model provides an enterprise-wide view of activities and enables you to view reports that are based on data that is aggregated from all your Guardium systems.
The number of monitored database servers and file servers that you assign to an collector depends on the amount of data that flows from the servers to the collector. For information about how many collectors and aggregators your environment requires, and how to locate your Guardium systems for best results, refer to the Deployment Guide for IBM® Guardium.
If you are using the Guardium Vulnerability Assessment component, you must decide where to run assessment tests. Some customers dedicate a separate Guardium system for this function. You can also run tests from any Guardium system that is deployed as a collector, an aggregator, or a central manager.