IBM InfoSphere Guardium Platform Support, V8.0

Content

These are the Guardium products related to the specifications: Database Activity Monitor; Advanced Compliance Workflow Automation; Enterprise Integrator; Vulnerability Assessment, Entitlement Reports, Data-Level Access Control; and Central Manager and Aggregator.

Cross-Platform Security

Guardium’s cross-platform solution is ideal for heterogeneous environments because it supports all major DBMS platforms and protocols running on all major operating systems.

This table shows all V8.0 supported platforms and versions.

Supported Platform	Supported Versions
Oracle	8i, 9i, 10g (r1, r2), 11g, 11gR2
Oracle (ASO, SSL)	9i, 10g (r1, r2), 11g
Microsoft SQL Server	2000, 2005, 2005 x64, 2005 IA64, 2008, 2008 x64, 2008 IA64
Microsoft SharePoint	2007, 2010
IBM DB2 (Linux, Unix, Linux for System z)	9.1, 9.5, 9.7
IBM DB2 (Windows)	9.1, 9.5, 9.7
IBM DB2 Purescale	9.8
IBM DB2 for z/OS	8.1, 9.1, 10.1
IBM DB2 for iSeries	V5R2, V5R3, V5R4, V6R1
IBM Informix	7, 9, 10, 11, 11.50
Sun MySQL and MySQL Cluster	4.1, 5.0, 5.1
Sybase ASE	12, 15, 15.5
Sybase IQ	12.6, 12.7, 15
Netezza	NPS 4.5, 4.6, 5,0, 6.0
PostgreSQL	8, 9
Teradata	6.x, 12, 13, 13.10
FTP

Note: Bold type denotes versions added for V8.

Host-Based Monitoring

Unique in the industry, S-TAPs are lightweight software probes that monitor both network and local database protocols (shared memory, named pipes, etc.) at the OS level of the database server. S-TAPs minimize any affect on server performance by relaying all traffic to separate Guardium appliances for real-time analysis and reporting, rather than relying on the database itself to process and store log data. S-TAPs are often preferred because they eliminate the need for dedicated hardware appliances in remote locations or available SPAN ports in your data center.

This table shows all OS platforms and versions for which V8.0 S-TAPs are available.

OS Type	Version	32-Bit & 64-Bit
AIX	5.2, 5.3	Both
	6.1, 7.1	64-Bit
HP-UX	11.11, 11.23, 11.31	Both
Red Hat Enterprise Linux	3, 4, 5	Both
Red Hat Enterprise Linux for System z	5.4
SUSE Enterprise Linux	9, 10, 11	Both
SUSE Enterprise Linux for System z	9, 10, 11
Solaris - SPARC	8, 9, 10	Both
Solaris - Intel/AMD	10, 11	10-Both, 11-64-Bit only
Tru64	5.1A, 5.1B	64-Bit
Windows	2000, 2003, 2008	Both
iSeries	i5/OS*

* Supports network activity monitoring, local activity support via Enterprise Integrator
Note: Bold type denotes versions added for V8.

Flexible Deployment

Guardium is available as a hardware or software offering. As a hardware offering, the solution is delivered with licensed software fully loaded and tested on a physical appliance provided by IBM (hardware appliance), When delivered as a software offering, the solution is delivered as software images ready to be deployed on your own hardware (software appliance), either directly or as virtual appliances. While the software images can be installed on any VMware product, the VMware ESX server is the recommended platform for a virtual solution.

The following table summarizes major hardware requirements for software appliances. Unless specified otherwise, the requirements are for both the physical installation and the virtual installation. The Guardium solution is designed to work on Intel-based platforms with Xeon processors. Only platforms and hardware that are officially supported by RedHat Linux 5.5 can be used as Guardium platforms, however, not all officially supported RedHat Linux 5.5 platforms can be used. Platforms that require additional drivers or specialized post-install configuration are not supported at this time.

Recommended Resources per software/virtual appliance

Resource	Required Range*	Comment
Physical CPUs	4-16 cores	Intel XEON processors required
Virtual CPUs	Minimum 4 vCPUs
RAM	8-16 GB	For virtual, initial value must be 8 GB. If virtual customers want to work outside the required range, consult with Guardium Technical Support.
Ports (NICs) 1 Gbit per second card recommended	1-4	Each port can be an actual NIC, or a virtual switch that can be configured to use multiple NICs, optionally with failover IP teaming. When using Inspection Engines (not S-TAPs), additional ports may be required.
Disk Size	300 GB to 1 TB	Using Raid is recommended. Raid-0, Raid-1, Raid 0+1, Raid 1+0 are supported. Note: Larger disks may hold more audit records for longer periods of time but are more likely to impact performance. If customers want to work outside the required range, consult with Guardium Technical Support.
Disk Speed	7200 RPM to 15,000 RPM	With 7200 RPM, scale back the sizing ratio by 70%
DVD Drive	1	1

* Refer to IBM x2000 high end configuration table for physical ranges.


Application Monitoring

Guardium identifies potential fraud by tracking activities of end-users who access critical tables using multi-tier enterprise applications rather than by direct access to the database. This is required because enterprise applications typically use an optimization mechanism called connection pooling. In a pooled environment, all user traffic is aggregated within a few database connections that are identified only by a generic application account name, thereby masking the identity of end-users.

Guardium supports application monitoring for all major off-the-shelf enterprise applications. Support for other applications, including in-house applications, is provided by monitoring transactions at the application server level.

This table shows all enterprise applications for which out-of-the-box support is provided, as well as all application server platforms that are supported.

Supported Enterprise Applications	Supported Application Server Platforms (for other enterprise & custom developed applications)
Oracle E-Business Suite	IBM WebSphere
PeopleSoft	BEA WebLogic
Siebel	Oracle Application Server (AS)
SAP	JBoss Enterprise Application Platform
Cognos	+ Others based on customer demand
Business Objects Web Intelligence
+ Others based on customer demand