Deployment health topology and table views

Learn more about how the deployment health topology and table views present the configuration of your Guardium environment and its data.

The deployment health topology view is accessible from any central manager and provides an at-a-glance visualization of the entire Guardium environment that is connected to that central manager. In addition to showing relationships between nodes in the environment, the deployment health topology view also provides health information about all connected aggregators, collectors, and S-TAPs. Several investigation and resolution actions are available directly from the deployment health topology view to help quickly address health issues that are discovered in your environment.

The default deployment health topology view is a data flow view that shows the data import and export relationships between aggregators and managed units. Open the deployment health topology view at Manage > System View > Deployment Health Topology.

A sortable table view of the deployment health data is also available at Manage > System View > Deployment Health Table.

Data availability

Several factors influence that availability of system data and how that data is displayed on the deployment health topology and table views. For information about configuring your system to use the deployment health views, see Configuring a central manager for the deployment health views.

Types of data

When correctly configured, the deployment health topology and table views display data that is collected from several different sources. The specific types of data that are displayed depend on the unit type, as summarized in the following sections.

Connectivity

The connectivity category indicates whether systems in a Guardium environment are able to communicate.

Applies to central managers, aggregators, collectors, and S-TAPs
Examples include unit not responding and S-TAP not responding

Unit utilization

The unit utilization category provides information about how heavily Guardium systems are being loaded.

Applies to central managers, aggregators, and collectors
Examples include CPU load, free buffer space, and MySQL disk usage
For more information, see Unit Utilization Level.

Aggregation

The aggregation category provides information about data import and export flow between Guardium systems.

Applies to central managers (if configured as aggregators), aggregators, and collectors
Examples include import failed, export failed, and export not scheduled
For more information, see Predefined admin reports and Aggregation.

Inspection engines

The inspection engines category provides S-TAP verification information.

Applies to S-TAPs
Examples include S-TAP verification failed
For more information, see Configuring the S-TAP verification schedule, and Viewing S-TAP verification results.

Click the icon to open the Customize Settings dialog to define the types of data shown on the deployment health topology and table views.

Data latency

Several preset and user-defined schedules determine the latency of data that is displayed on the deployment health topology view. These schedules are summarized in the following table.

Table 1. Deployment health topology view data latency
Health category	Node type	Latency
Connectivity	Aggregator or collector	Less than 15 minutes
Connectivity	S-TAP	Less than 15 minutes if enterprise load balancing is enabled Less than 1 hour if enterprise load balancing is not enabled
Aggregation	Central manager, aggregator, or collector	Less than 1 hour
Verification	S-TAP	Less than 1 hour
Unit utilization	Central manager, aggregator, or collector	1 - 2 hours, based on the recommended configuration. For more information, see Configuring unit utilization data processing.

Observe the following latencies for specific environment and configuration changes:

Newly registered aggregators or collectors become available to the deployment health views within 15 minutes.
Deleting the data export schedule or data export configuration from a collector are reflected on the deployment health views within 2 hours.

Data presentation

Health status

The deployment health topology view displays three categories of health information for Guardium systems: connectivity, unit utilization, and aggregation. Metrics under these categories are assigned one of the following health statuses: status unavailable (least severe), no health issues, low severity, medium severity, and high severity (most severe). The overall status is determined by the most severe status of any individual metric included under any of the health categories being displayed. Data that has been excluded using the Customize Settings dialog is not used for determining the overall status of a system.

For example, if the Restarts metric under the Unit utilization category is assigned a High severity status, but no health issues exist under another category, the Overall status for that system is High severity. This behavior ensures that the most severe condition is always visible at-a-glance as the overall status of a system.

At the Manage > System View > Deployment Health Topology view, detailed statuses for the available health categories are only displayed when at least one low, medium, or high severity issue is found.

At the Manage > System View > Deployment Health Table view, detailed statuses for the available health categories are always displayed.

Health status roll-up

The deployment health topology view implements a health status roll-up strategy to efficiently display health information for an entire Guardium environment. Using this strategy, child nodes are collapsed under their parent nodes, and the child's health status is rolled-up to the parent. The rolled-up status is expressed as a small icon attached to the parent node.

Attention: Health status roll-up is only supported for S-TAP nodes rolling-up status to their parent collector.

For example, a green collector node with a small red circle indicates a collector with no health issues, but the small red circle indicates that one or more S-TAPs that are associated with that collector has high severity issues. Clicking the collector expands the node and reveals the associated S-TAPs and their health status. For example,

a green collector with two red and two yellow S-TAPs

indicates four S-TAPs that are associated with the collector: two S-TAPs have high severity health issues, and two S-TAPs have low severity health issues.

Only the most severe status is rolled-up from the child to the parent node when the child nodes are collapsed. In the previous example, the parent node shows a small red circle because one or more of its children has high severity issues. However, if one or more child nodes contain low severity issues but all the other child nodes have no health issues, the parent node would display a small yellow circle.

Deployment presentation

Some deployment configurations display unexpectedly on the deployment health topology view. Several of these configuration scenarios are described in the following sections.

Managed units before Guardium V10.1.3

Managed units before Guardium V10.1.3 may display incorrect or inconsistent unit utilization data when connected to a central manager at or after V10.1.3. To correct the problem, log in to the CLI of the central manager and run the following command for each managed unit:

grdapi change_tracker_reset host=[managed unit host name or IP address]

Best practice: In a managed environment, it is recommended that all units operate at the same Guardium version level.

Managed units before Guardium V10.1

Managed units before Guardium V10.1 display Status unavailable under the Aggregation health section when viewed from either the Deployment Health Topology page or the Deployment Health Table.

Best practice: In a managed environment, it is recommended that all units operate at the same Guardium version level.

Unsupported S-TAPs

The deployment health topology view displays any S-TAPs that are configured for S-TAP verification or that participate in enterprise load balancing. If an S-TAP cannot be configured for S-TAP verification or to participate in enterprise load balancing, the S-TAPs will not be displayed.

S-TAP load balancing

If S-TAP load balancing is configured with the participate_in_load_balancing parameter and an S-TAP is configured to balance traffic across multiple collectors, the deployment health topology view displays that S-TAP as a child node of each collector. For example, if S-TAP 1 is load balancing with Collector A and Collector B, both Collector A and Collector B display S-TAP 1 as a child in the deployment health topology view.

Unmanaged units

If a collector exports data to a central manager or to an aggregator that is configured as a central manager, but that collector is not designated as a managed unit of that central management cluster, the Overall status of the collector in the deployment health topology view is shown as Health status unavailable. No additional information about the collector is made available through the deployment health topology view unless the collector is designated as a managed unit of the central manager.

Collector exporting data to primary and secondary hosts

When a collector is configured to export data to both primary and secondary hosts, only the primary host is used for the deployment health topology view.