Linux-Unix: A-TAP management

A-TAP is an application-level tap. A-TAP sits in the application layer to support monitoring of encrypted database traffic, which cannot be done in the kernel by K-TAP.

The A-TAP mechanism monitors communication between internal components of the database server. The data is unencrypted in the application layer, where A-TAP picks it up and sends to K-TAP. K-TAP is a proxy to pass data to S-TAP, and from there it is then sent to the Guardium collector.

This figure shows where A-TAP fits in with the overall architecture on the database server.

ATAP in the applications level of the database

A-TAP is included in every S-TAP but must be specifically configured for each database that requires it.

When to use A-TAP

A-TAP is required when DBMS encryption in motion is used, but there may be other internal database implementation details such as shared memory that require it.

If you have the option, use an exit library instead of A-TAP.

Restrictions: A-TAP is not supported in an environment where a 32-bit database is located on a 64-bit server.

Monitoring restrictions: A-TAP does not support redaction. Blocking is supported for Linux kernels at 2.6.36 or later releases.