IBM Support

Software Appliance Technical Requirements for IBM Guardium V11.2

Detailed System Requirements


Abstract

This document establishes the technical requirements for Guardium v11.2 - CPUs, RAM.

Content

The IBM Security Guardium solution is available as a:

  • Hardware offering – fully configured physical appliance provided by IBM.
  • Software offering – software images deployed on customer hardware either directly or as virtual appliances.


The scope of this document is the “Software Offering”, and the requirements listed in this document apply to both the physical appliance and the virtual appliance unless specified otherwise.

Product overview

IBM® Security Guardium® is a unified, cross-platform solution that both protects databases in real time and automates the entire compliance auditing process. The solution supports all major database platforms, enterprise applications, and operating systems (UNIX, Linux, Windows, and z/OS).

IBM Security Guardium can be deployed in a variety of operational modes:

  • Collector – In Database Activity Monitoring or Vulnerability Assessment, the collectors monitor and analyze database activity to provide continuous fine-grained auditing and reporting, real-time policy-based alerting and database access controls.
  • Central Manager/Aggregator –The Central Manager is a single point of management for the entire IBM InfoSphere Guardium deployment. With the Central Manager, customers can define enterprise-wide policies, alerts, queries and reports, install patches, push configuration and perform a variety of other administrative tasks from a single console. In addition, data from multiple collectors can be aggregated to the Aggregation Server to provide holistic views and generate enterprise-level reports.


Hardware Requirements

The following hardware requirements are necessary for the IBM Security Guardium solution to work properly. Unless specified otherwise, the requirements are for both the physical installation and the virtual installation.

Installation on Physical Appliances

The IBM Guardium solution works only on x86 Intel-based or AMD-based platforms (for example, x86_64). Only platforms and hardware that are officially supported by RedHat Linux 7.6 (64-bit) are expected to work properly (See links to RedHat Support documentation, listed at end of this document). However, not all officially supported platforms are guaranteed. Platforms that require additional drivers or specialized post-install configuration are not supported at this time (see note below).

Note: If a customer has an appliance they know will require additional configuration beyond the standard RedHat 7.6 (64-bit) installation, then that customer should install RedHat 7.0 (64-bit) and record all the installation time choices and any post-install configuration steps. Send this information to Guardium Technical Services for analysis and, based on the analysis, they may be able to provide a software update to support this platform.

Deviations from the specifications in this document may result in failure to install the solution, in such cases, the appliance might not be accessible over the network and IBM Guardium Technical Support engineers will not be able to assist in troubleshooting and remediation.

Installation on Virtual Appliances

IBM Guardium can be installed on RedHat Enterprise Virtualization, VMware Virtualization, and Microsoft Hyper-V.

Notes:


1. Hardware requirements for the virtual solution are restricted to the platforms supported by VMware. ESX 5.1 higher is the minimum to run Guardium 11.0.

2. When using the virtual solution, the performance of Database Activity Monitoring using over-the-network inspection through SPAN port or Tap device depends on the configuration of the virtual system, including CPU and memory dedication.

3. VMware introduces additional complexity. The overall performance and utilization of your Guardium virtual appliance may vary based on VMware configuration, resource allocation, and/or sizing planning.

Minimum and Recommended Resources per software/virtual appliance

Resource Required Range * Comments
Physical CPUs Minimum: 4 cores

Recommended: 8 cores

x86 (Intel or AMD) processors required
Virtual CPUs Minimum: 4 vCPUs

Recommended: 8 vCPUs

RAM (64-bit)

Minimum: 24 GB (min)

Maximum: motherboard max

Recommended: 32 GB

Guardium's features are memory intensive. To take full advantage of these features, it is recommended to have at least 32 GB of RAM and 8-core CPU.

For Central Managers in a large federated environment, the recommended memory is
64 GB.

If using Ecosystem, 34 GB is required.

Ports (NICs)

1 Gbit or 10 Gbit per second card recommended

10 Gbit per second card can be used in 64-bit system with sufficient memory

1-4 Each port can be an actual NIC, or a virtual switch that can be configured to use multiple NICs, optionally with failover IP teaming.

Optional: The third port may also be configured to team with the primary interface in order to provide failover IP teaming. Alternatively, the last port on the device may be configured as a secondary management interface with a different IP, NETMASK and GW from the primary.

When using Inspection Engines to capture traffic (not
S-TAPs) on software appliances, additional ports may be required.

Multiple network interfaces are supported on: (1) a Guardium hardware appliance; (2) a customer's software appliance (the customer installs Guardium software on their hardware appliance); or (3) VMware solution with ESX Server.

Disk Size Minimum: 300 GB

Maximum:>2 TB

Recommended:

Collectors: 300-600 GB

Aggregators: 600-1000 GB


Guardium supports smaller HD disks for integrated data warehouse configurations, using datamart interfaces (10.1.3 and later).
Use of RAID is recommended.

RAID-10, RAID-0, RAID-1, RAID 0+1, RAID 1+0 are supported.

Note: Larger disks may hold more audit records for longer periods of time, but are more likely to impact performance.

At least 9 GB of free disk space on the /var partition is required.

Disk Size >2 TB Beginning with v10.1.2, disk partitions
>2 TB are supported.

However, certain conditions are required:

1. Configure the system into EFI/UEFI mode via the BIOS.

2. Then install v10.1.2,

(a) during which the install should auto-detect the EFI bios support and use GPT (GUID Partition Tables) that allow >2 TB partitions.

(b) Additionally the v10.1.2 install will also use EXT4 partition types by default, and thus avoid the previous EXT3 file size limitation of <2 TB.

Note: To resize the hard drive of an existing appliance, the user needs to rebuild their system.

Disk Speed 7200 RPM to 15,000 RPM To use 7200 RPM, scale back the sizing ratio by 70%.

Example: If you are using 7200 RPM disk, which is slow, you should reduce your sizing by 70%. If your sizing calls for 10 S-TAPs to a collector, if you are running with 7200 RPM drives, drop that to 3 S-TAPs to a collector.

* Refer to IBM configuration tables for physical ranges.

Important: The installation of the software appliance will wipe the disk, repartition and reformat the disk, and install the IBM Guardium solution as a newly installed operating system.

Refer to the Appliance Installation Guide for step-by-step instructions on configuration and installation. The separate Appliance Installation Guide also provides information on how to customize the partitioning on the appliance and how to install on a remote drive (SAN). Installation on a SAN is supported; installation on a NAS is not supported.

Guardium support for 10G network cards

The 10G network cards must be supported by the appropriate version of RedHat Enterprise Linux (RHEL) (RedHat 7.6 for Guardium v11.0).

Sizing Recommendations

Standard Appliance Specification

There are four configurations of the IBM m3550 M5 shipped by IBM:

· Collector x2264 64-bit

· Aggregator x2264 64-bit

· Collector x3164 64-bit

· Aggregator x3164 64-bit

Note: In general, hardware specifications and configuration should follow manufacturers' best-practices to optimize performance. For example on the topic of memory configuration, make sure that the DIMMs are both balanced and matched, otherwise you will not take advantage of the full capacity of the appliance.

Collector x2264 64-bit (3841-G2B)

QTY Description
1 IBM System x Advanced Lightpath Kit
8 8GB (1x8GB, 1Rx4, 1.2V) PC4-19200 CL17 ECC DDR3 2400MHz LP RDIMM
1 Intel X520 ML2 Dual port 10GbE SFP+ Fiber Adapter
1 x3550M5 4x 2.5" HS HDD Assembly Kit for 12Gb RAID
2 Rack power cable - 2.8m, 100-240V, C13 to IEC 320-C14 (WW)
1 ServeRAID M5210 SAS/SATA Controller for IBM System x
1 Intel Xeon Processor E5-2630 v4 10C 2.2GHz 25MB Cache 2133MHz 85W
1 Intel Xeon Processor E5-2630 v4 10C 2.2GHz 25MB Cache 2133MHz 85W
1 IBM System x3550 M5 Planar
1 ServeRAID M5200 Series 2GB Cache/RAID 5 Upgrade for IBM Systems
1 Intel X540-T2 Dual Port 10GBaseT Adapter for IBM System x
1 x3550 M5 WW Packaging
1 IBM System x3550 M5 2.5" Base Without Power Supply
2 IBM System x 550W High Efficiency Platinum AC Power Supply
1 x3550 M5 System Level Code
1 x3550 M5 PCIe Riser Card 1 (1 x16 LP Slot)
1 x3550 M5 PCIe Gen-III Riser Card 2(1 x16 FH/HL Slot)
1 x3550 M5 ODD Cable
1 IBM System x Gen-III Slides Kit
1 IBM System x Gen-III CMA
4 IBM 900GB 10K 12Gbps SAS 2.5" SFF G2HS HDD

Aggregator x2264 64-bit

QTY Description
4 IBM 1.2TB 10K 6Gbps SAS 2.5 G2HS HDD
1 IBM System x Advanced Lightpath Kit
8 8GB (1x8GB, 1Rx4, 1.2V) PC4-19200 CL17 ECC DDR3 2400MHz LP RDIMM
1 Intel X520 ML2 Dual port 10GbE SFP+ Fiber Adapter
1 x3550M5 4x 2.5" HS HDD Assembly Kit for 12Gb RAID
2 Rack power cable - 2.8m, 100-240V, C13 to IEC 320-C14 (WW)
1 ServeRAID M5210 SAS/SATA Controller for IBM System x
1 Intel Xeon Processor E5-2630 v4 10C 2.2GHz 25MB Cache 2133MHz 85W
1 Intel Xeon Processor E5-2630 v4 10C 2.2GHz 25MB Cache 2133MHz 85W
1 IBM System x3550 M5 Planar
1 ServeRAID M5200 Series 2GB Cache/RAID 5 Upgrade for IBM Systems
1 Intel X540-T2 Dual Port 10GBaseT Adapter for IBM System x
1 x3550 M5 WW Packaging
1 IBM System x3550 M5 2.5" Base Without Power Supply
2 IBM System x 550W High Efficiency Platinum AC Power Supply
1 x3550 M5 System Level Code
1 x3550 M5 PCIe Riser Card 1 (1 x16 LP Slot)
1 x3550 M5 PCIe Gen-III Riser Card 2(1 x16 FH/HL Slot)
1 x3550 M5 ODD Cable
1 IBM System x Gen-III Slides Kit
1 IBM System x Gen-III CMA

Collector x3164 64-bit

QTY Description
1 IBM System x Advanced Lightpath Kit
8 8GB (1x8GB, 1Rx4, 1.2V) PC4-19200 CL17 ECC DDR3 2400MHz LP RDIMM
1 Intel X520 ML2 Dual port 10GbE SFP+ Fiber Adapter
1 x3550M5 4x 2.5" HS HDD Assembly Kit for 12Gb RAID
2 Rack power cable - 2.8m, 100-240V, C13 to IEC 320-C14 (WW)
1 ServeRAID M5210 SAS/SATA Controller for IBM System x
1 Intel Xeon Processor E5-2667 v4 8C 3.2GHz 25MB Cache 2400MHz 135W
1 Intel Xeon Processor E5-2667 v4 8C 3.2GHz 25MB Cache 2400MHz 135W
1 IBM System x3550 M5 Planar
1 ServeRAID M5200 Series 2GB Flash/RAID 5 Upgrade for IBM Systems
1 Super Cap Cable 925mm for ServRAID M5200 Series Flash
1 Intel X540-T2 Dual Port 10GBaseT Adapter for IBM System x
1 x3550 M5 WW Packaging
1 IBM System x3550 M5 2.5" Base Without Power Supply
2 IBM System x 750W High Efficiency Platinum AC Power Supply
1 x3550 M5 System Level Code
1 x3550 M5 PCIe Riser Card 1 (1 x16 LP Slot)
1 x3550 M5 PCIe Gen-III Riser Card 2(1 x16 FH/HL Slot)
1 x3550 M5 ODD Cable
1 IBM System x Gen-III Slides Kit
1 IBM System x Gen-III CMA
4 IBM 900GB (4 * 900GB) 10K 6Gbps SAS 2.5" SFF G2HS HDD

Aggregator x3164 64-bit

QTY Description
8 IBM 1.2TB 10K 12Gbps SAS 2.5 G2HS HDD
1 IBM System x Advanced Lightpath Kit
16 8GB (1x8GB, 1Rx4, 1.2V) PC4-19200 CL17 ECC DDR3 2400MHz LP RDIMM
1 Intel X520 ML2 Dual port 10GbE SFP+ Fiber Adapter
1 x3550M5 4x 2.5" HS HDD Assembly Kit for 12Gb RAID
2 Rack power cable - 2.8m, 100-240V, C13 to IEC 320-C14 (WW)
1 ServeRAID M5210 SAS/SATA Controller for IBM System x
1 Intel Xeon Processor E5-2667 v4 8C 3.2GHz 25MB Cache 2400MHz 135W
1 Intel Xeon Processor E5-2667 v4 8C 3.2GHz 25MB Cache 2400MHz 135W
1 IBM System x3550 M5 Planar
1 ServeRAID M5200 Series 2GB Flash/RAID 5 Upgrade for IBM Systems
1 Super Cap Cable 925mm for ServRAID M5200 Series Flash
1 Intel X540-T2 Dual Port 10GBaseT Adapter for IBM System x
1 x3550 M5 WW Packaging
1 IBM System x3550 M5 2.5" Base Without Power Supply
2 IBM System x 750W High Efficiency Platinum AC Power Supply
1 x3550 M5 System Level Code
1 x3550 M5 PCIe Riser Card 1 (1 x16 LP Slot)
1 x3550 M5 PCIe Gen-III Riser Card 2(1 x16 FH/HL Slot)
1 x3550 M5 ODD Cable
1 IBM System x Gen-III Slides Kit
1 IBM System x Gen-III CMA

LENOVO X3550-M5 System Firmware Versions (or higher):

UEFI= 2.70

IMM2= 4.90

DSA= 10.3

X540= 1.924.0

X520= 1.924.0

M5210= 24.21.0-0052

RAID Controller: M5210 Firmware: 24.21.0-0052

SEAGATE Hard disk Firmware: L597 for 900GB and 1.2TB hard disks.

HITACHI Hard disk Firmware: J5H6 for 900GB and 1.2TB hard disks.

More Information

For more information, go to the following online resources:

IBM Security Guardium home page: http://www.ibm.com/software/data/guardium/

Technical Support home page:


https://www.ibm.com/mysupport/s/topic/0TO5000000025yoGAA/guardium-data-protection?language=en_US&productId=01t50000004XIxMAAW

Deployment Guide for IBM Guardium:

http://www.redbooks.ibm.com/Redbooks.nsf/RedpieceAbstracts/sg248129.html

RedHat hardware compatibility:

http:/www.redhat.com/rhel/compatibility/hardware/

RedHat Enterprise Linux (RHEL) Release notes/ Technical notes


https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/

[{"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"Documentation","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"11.2","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
17 June 2020

UID

ibm15736891