Linux-UNIX: A-TAP management
A-TAP is an application-level tap. It sits in the application layer to support monitoring of encrypted database traffic, which cannot be done in the kernel by K-TAP.
The A-TAP mechanism monitors communication between internal components of the database server. The data is unencrypted in the application layer, where A-TAP picks it up and sends to K-TAP. K-TAP is a proxy to pass data to S-TAP, and from there it is then sent to the Guardium collector.
This figure shows where A-TAP fits in with the overall architecture on the database server.
A-TAP is included in every S-TAP but must be specifically configured for each database that requires it.
When to use A-TAP
A-TAP is required when DBMS encryption in motion is used, but there may be other internal database implementation details such as shared memory that require it.
If you have the option, use an exit library instead of A-TAP.
- A-TAP is not supported in an environment where a 32-bit database is located on a 64-bit server
- For ASO traffic, CLIENT_IP is not the actual client IP; use the Analyzed Client IP, which is the correct IP.
- For Oracle ASO encrypted IPv6 traffic (local as well as remote), use the Client Host Name to identify the actual client session, due to limitations.
- For SSL traffic, CLIENT_IP is not the actual client IP and there is no ANALYZED_CLIENT_IP.
- If CLIENT_HOST_NAME cannot be mapped to one specific network, it cannot be used to differentiate between multiple networks. In this case, ANALYZED_CLIENT_IP will not be available. Due to this limitation, use CLIENT_HOST_NAME to identify the actual client session.
- No need to install or use kernel modules (K-TAP).
- Lower CPU utilization.
- New database versions are supported sooner.
A-TAP for Db2 and Informix are no longer supported starting with Guardium 12.0.
For information about using Db2 Exit, see Linux-UNIX: Configuring Db2 Exit.
For information about using Informix Exit, see
Linux-UNIX: Configuring Informix Exit.
Monitoring restrictions: See Guardium support matrix for complete details on what is supported for the various databases and operating systems.