Central Management

In a central management configuration, one Guardium® unit is designated as the Central Manager. That unit can be used to monitor and control other Guardium units, which are referred to as managed units. Unmanaged units are referred to as stand-alone units.

The concept of a local Guardium system can refer to any Guardium system in the Central Management paradigm. Some applications (Audit Processes, Queries, Portlets, etc.) can be run on both the managed units and the central manager. In both cases, the definitions come from the Central Manager, and the data comes from the local Guardium system (which might also be the central manager).

After a Central Management system is set up, you can use either the central manager or a managed unit to create or modify most definitions. Keep in mind that most of the definitions are stored on the central manager, regardless of the system that does the actual editing.

Note:
  • With the Remote Source function, a user on the manager can: run any report on the managed unit (the user must have the correct role privileges); and view data and information of that managed unit.
  • CAS template definitions are shared between all units of a federated environment just like all other definitions (reports, policies, alerts, and so on).
  • It is recommended that a user run CAS Reports on a manager, especially CAS Reports relating to CAS configurations, hosts, and templates.
  • If you create a report with the Custom Domain Builder, and some or all of the tables are remote (they are stored on the manager, such as Datasource or Comments), this report does not work on a managed node. No data is returned.
  • The Central Management page of a manager does not automatically refresh itself based on a specific interval. It times out based on the GUI timeout of the system.
  • After some time of inactivity, the system logs you out automatically and displays a sign-in dialog. The length of the GUI timeout can be set with the CLI command store session timeout (default is 900 seconds). View the timeout with the CLI command show session timeout. Status lights refresh every 5 minutes when the session is active.
  • To synchronize or upload any data from the Central Manager to managed nodes, all nodes that are involved in this type of activity MUST be on the SAME version of Guardium.
  • During the Central Management Redundancy Transition, it can take up to 5 minutes for the Unit type sync to occur depending on how many units are defined in the central management environment.
  • IPMODE information is shared with the central manager at registration. A managed unit that registered with the central manager in a pre-V11.2 release is not aware of its IP mode and cannot share that information with the central manager. Even if a managed unit was upgraded to V11.2 and later, it does not share its IP mode with the central manager, unless you unregister and reregister it. To rectify: In the Central Manager page, select individual managed units, or all managed units, and click refresh unit information Refresh Unit info.