Adjusting Guardium central manager and OpenShift Container Platform settings for data mart streaming

This topic describes settings that you can configure to avoid problems or delays when streaming to Guardium Insights.

Adjust OpenShift load balancer settings
Managing the Guardium central manager user synchronization setting to avoid delays

Adjust OpenShift load balancer settings

If your OpenShift Container Platform employs a load balancer, you will need to adjust its settings to properly route traffic to Guardium Insights. For example, if you use a High Availability Proxy (HAProxy) load balancer, you will need to define a frontend and backend to enable data mart streaming by adding settings similar to these:

frontend sshd
 bind *:<port_number>
 default_backend ssh
 timeout client 1h

backend ssh
 mode tcp
 server worker0 10.16.38.62:<port_number>
 server worker1 10.16.46.74:<port_number>
 server worker2 10.16.50.102:<port_number>
 server worker3 10.16.50.179:<port_number>
 server worker4 10.16.51.116:<port_number>
 server worker5 10.16.51.117:<port_number>
 server worker6 10.16.51.146:<port_number>
 server worker7 10.16.53.241:<port_number>
 server worker8 10.16.53.249:<port_number>

Where <port_number> is the port that the frontend listens on. This port number is dynamically-allocated for communication between Guardium Data Protection and Guardium Insights, and it is described in Port requirements (this topic includes instructions for determining the port).

Managing the Guardium central manager user synchronization setting to avoid delays

Guardium central manager controls the definition of users, security roles, groups, and data mart tables for all managed units - and it transmits this information to the managed units. The managed units then update their internal databases according to a schedule - and data mart streaming does not begin until this user synchronization begins. Since Guardium Insights relies on data mart extraction, this process means that there may be a delay before this information is available to Guardium Insights for analysis. These delays can be mitigated by changing the schedule of data mart extraction.

When you first enable streaming from a central manager, data mart extraction occurs 10 minutes later. By contrast, central manager user synchronization is set to run every 30 minutes, by default. Since Guardium Insights relies on this user synchronization, analysis can fail until the user synchronization occurs. In other words, enabling the stream will fail at first - but then it will succeed after central manager user synchronization occurs.

To mitigate this delay, change the central manager user synchronization schedule to be less than 10 minutes.