Deployment health topology and table views

Learn more about how the deployment health topology and table views present the configuration of your Guardium® environment and its data.

The deployment health topology view is accessible from any central manager and provides an at-a-glance visualization of the entire Guardium environment that is connected to that central manager. In addition to showing relationships between nodes in the environment, the deployment health topology view also provides health information about all connected aggregators, collectors, and S-TAPs. Several investigation and resolution actions are available directly from the deployment health topology view to help quickly address health issues that are discovered in your environment.
Tip: It is also possible to view aggregated health data from across multiple central managers by establishing a cross-CM health view system in your environment. For more information, see Viewing cross-CM health view deployment health data.

The default deployment health topology view is a data flow view that shows the data import and export relationships between aggregators and managed units. Browse to the deployment health topology view at Manage > System View > Deployment Health Topology.

A sortable table view of the deployment health data is also available at Manage > System View > Deployment Health Table. In the table view, the Guardium systems tab provides overall deployment health information while the S-TAPs tab provides detailed health information about S-TAPs and databases.

Data availability

Several factors influence that availability of system data and how that data is displayed on the deployment health topology and table views. For information about configuring your system to use the deployment health views, see Configuring a central manager for the deployment health views.

The backup central manager only shows its connectivity status.

Types of data
When correctly configured, the deployment health topology and table views display data that is collected from several different sources. The specific types of data that are displayed depend on the unit type, as summarized in the following sections.
Overall Status
The overall status gives the status of the unit:
Connectivity
The connectivity category indicates whether systems in a Guardium environment are able to communicate.
  • Applies to central managers, aggregators, collectors, and S-TAPs.
  • Examples include unit not responding and S-TAP not responding, and incorrect S-TAP configuration.
Investigation dashboard
The investigation dashboard category indicates whether there are open issues with the investigation dashboard environment.
12.1 and later Monitored processes
This report provides combined information about the Investigation dashboard and Threshold alerter.
  • Investigation dashboard
    The investigation dashboard category indicates whether there are open issues with the investigation dashboard environment.
  • Threshold alerter
    The threshold alerter category indicates whether the alerter service is down.
    • Applies to central managers, aggregators and collector.
View Unit utilization report
This report provides information about how heavily Guardium systems are loaded.
View Aggregation/Archive Log
This log provides information about data import and export flow between Guardium systems.
  • Applies to central managers (if configured as aggregators), aggregators, and collectors.
  • Examples include import failed, export failed, and export not scheduled.
  • For more information, see Predefined admin reports and Data aggregation.

S-TAP only

K-TAP status
The K-TAP status indicates whether K-TAP is successfully loaded. Use the View S-TAP events link for more information.
Traffic status
If Traffic is selected from the Customize settings menu, then Guardium checks the status of traffic between S-TAPs and Guardium.
  • Applies to central managers, aggregators, and collectors.
  • For topology views, traffic status displays on the S-TAP roll-up.
  • By default, traffic is queried every five minutes on the collector, but you can modify this interval (to between 5 and 30 minutes) with the set_health_traffic_job_interval API. If the status changes, the data is pushed to the central manager every 5 minutes. In most cases, traffic data is less than 10 minutes old (but can be as much as 20 minutes old in some worst-case scenarios).
Data latency
Several preset and user-defined schedules determine the latency of data that is displayed on the deployment health topology view. These schedules are summarized in the following table.
Table 1. Deployment health topology view data latency
Health category Node type Latency
Connectivity Aggregator or collector Less than 15 minutes
Connectivity S-TAP, data stream, or universal connector Less than 15 minutes if enterprise load balancing is enabled

Less than 1 hour if enterprise load balancing is not enabled

Aggregation Central manager, aggregator, or collector Less than 1 hour
Verification S-TAP Less than 1 hour
Unit utilization Central manager, aggregator, or collector 1 - 2 hours, based on the recommended configuration. For more information, see Configuring unit utilization data processing.
Investigation dashboard Central manager, aggregator, or collector Less than 1 hour

Observe the following latencies for specific environment and configuration changes:

  • Newly registered aggregators or collectors become available to the deployment health views within 15 minutes.
  • Deleting the data export schedule or data export configuration from a collector are reflected on the deployment health views within 2 hours.

Data presentation

Health status

The deployment health topology view displays three categories of health information for Guardium systems: connectivity, unit utilization, and aggregation. Metrics under these categories are assigned one of the following health statuses: status unavailable (least severe), no health issues, low severity, medium severity, and high severity (most severe). The overall status is determined by the most severe status of any individual metric included under any of the health categories being displayed. Data that has been excluded using the Customize Settings dialog is not used for determining the overall status of a system.

For example, if the Restarts metric under the Unit utilization category is assigned a High severity status, but no health issues exist under another category, the Overall status for that system is High severity. This behavior ensures that the most severe condition is always visible at-a-glance as the overall status of a system.

At the Manage > System View > Deployment Health Topology view, detailed statuses for the available health categories are only displayed when at least one low, medium, or high severity issue is found.

At the Manage > System View > Deployment Health Table view, detailed statuses for the available health categories are always displayed.

Health status roll-up

The deployment health topology view implements a health status roll-up strategy to efficiently display health information for an entire Guardium environment. Using this strategy, child nodes are collapsed under their parent nodes, and the child's health status is rolled-up to the parent. The rolled-up status is expressed as a small icon attached to the parent node.

Attention: Health status roll-up is only supported for S-TAP nodes rolling-up status to their parent collector.
For example, a green collector node with a small red circle indicates a collector with no health issues, but the small red circle indicates that one or more S-TAPs that are associated with that collector has high severity issues. Clicking the collector expands the node and reveals the associated S-TAPs and their health status. For example,
a green collector with two red and two yellow S-TAPs
indicates four S-TAPs that are associated with the collector: two S-TAPs have high severity health issues, and two S-TAPs have low severity health issues.

Only the most severe status is rolled-up from the child to the parent node when the child nodes are collapsed. In the previous example, the parent node shows a small red circle because one or more of its children has high severity issues. However, if one or more child nodes contain low severity issues but all the other child nodes have no health issues, the parent node would display a small yellow circle.

Filtering
The topology view provides Active filters for several metrics, such as database type, host name, and health severity. Use the filter-type fields to select and apply filters to the topology.
The table view provides quick filtering by health status using the Filter overall status by check boxes in the table header. In addition to quick filtering, the table view also provides Advanced filter controls that can be configured and saved.
  1. Use the advanced filter icon to open the Advanced filter pane.
  2. To use an existing filter, select one from the Saved filters menu and click Apply Filter.
  3. To create a new filter:
    1. Leave the Saved filter field blank.
    2. Use the menus and fields to define filtering criteria.
    3. Click Save.
    4. On the Save Filter dialog, use the Filter name field to name the filter.
    5. Click Save and Apply or Save Filter.
  4. Use the Remove link in the table header to disable an advance filter that has been applied.
Customizing the settings
Click the customize icon to open the Customize Settings dialog and define the following properties:
  • From the Health Settings tab:
    • The health status categories to display, such as connectivity, traffic, and unit utilization.
    • Display settings for the topology view, such as default zoom settings, and whether to exclude healthy nodes or expand S-TAPs by default.
    • Column-display settings for the table view.
    • Other settings, such as whether to show S-TAP aliases.
  • From the Traffic ignore list tab, you can select one or more databases to ignore for traffic monitoring. If you do not select Traffic from the Health Settings tab, traffic is not monitored.
    1. From the Traffic ignore list tab, click the Add icon to display a list of all available databases.
    2. Select the databases to ignore. You might, for example, want to ignore test databases.
    3. Click Add to ignore list.

Deployment presentation

Some deployment configurations display unexpectedly on the deployment health topology view. Several of these configuration scenarios are described in the following sections.

Unsupported S-TAPs
The deployment health topology view displays any S-TAPs that are configured for S-TAP verification or that participate in enterprise load balancing. If an S-TAP cannot be configured for S-TAP verification or to participate in enterprise load balancing, it is not displayed.
S-TAP load balancing
If S-TAP load balancing is configured with the participate_in_load_balancing parameter and an S-TAP is configured to balance traffic across multiple collectors, the deployment health topology view displays that S-TAP as a child node of each collector. For example, if S-TAP 1 is load balancing with Collector A and Collector B, both Collector A and Collector B display S-TAP 1 as a child in the deployment health topology view.
Invalid S-TAPs
Invalid S-TAPs are similar to inactive S-TAPs, but they only appear in topology views. Use the API delete_invalid_stap to remove invalid S-TAPs from the topology views.
Unmanaged units

If a collector exports data to a central manager or to an aggregator that is configured as a central manager, but that collector is not designated as a managed unit of that central management cluster, the Overall status of the collector in the deployment health topology view is shown as Health status unavailable. No additional information about the collector is made available through the deployment health topology view unless the collector is designated as a managed unit of the central manager.

Collector exporting data to primary and secondary hosts
When a collector is configured to export data to both primary and secondary hosts, only the primary host is used for the deployment health topology view.