Detailed System Requirements
Abstract
This document summarizes the recommended hardware, supported databases, and operating system platforms for IBM Guardium v10.6.
Content
Links
Guardium v10.5 system requirements and supported platforms: http://www.ibm.com/support/docview.wss?uid=swg27047801
GUARDIUM v10.6
The Guardium products related to the specifications are: Database Activity Monitor; Advanced Compliance Workflow Automation; Enterprise Integrator; Vulnerability Assessment (VA), Entitlement Reports, Data-Level Access Control; and Central Manager and Aggregator.
Cross-Platform Security
The Guardium cross-platform Database Activity Monitoring (DAM) solution is ideal for heterogeneous environments because it supports all major DBMS data sources and protocols running on all major operating systems.
Disclaimer:
Not all functionality is available in all configurations. For more information, contact an IBM Security Sales Representative at: https://www.ibm.com/connect/ibm/us/en/?lnk=fcw
This table shows all data sources and versions currently supported in v10.6.
Attention: Guardium Data Protection tries to support new versions of existing data sources as quickly as possible. Typically, new versions are supported within three (3) months of release, but support for some data sources may take longer.
Data source |
Supported Versions |
Notes |
Oracle (including ASO/SSL) |
11gR2, 12.1, 12.2, 18c, 19c, 21c |
Oracle 11gR2, 12.1 ASO supported by Windows S-TAP.Guardium does not support Oracle SSL for Windows S-TAP.Oracle 12.1 ASO/SSL supported on AIX, Solaris, Linux, and HP-UX.Oracle 12.2 ASO/SSL supported on AIX, Solaris, Linux, and HP-UX[only ASO]. UID chain not supported for Oracle ASO encrypted sessions from ATAP.Query Rewrite not supported for Oracle 12.1 and later.Guardium Client IP and Analyzed Client IP are not supported in Oracle SSL traffic.Oracle Express (XE) is not supported
|
Oracle RAC (including ASO/SSL) |
11gR2, 12.1, 12.2, 18c, 19c |
Oracle 11gR2, 12.1 ASO supported by Windows S-TAP.Guardium does not support Oracle SSL is not supported for Windows S-TAP.Oracle 12.2 ASO/SSL supported on AIX, and Linux.UID chain not supported for Oracle ASO encrypted sessions from ATAP.Query Rewrite not supported for Oracle 12.1 and later.Oracle Express (XE) is not supported
|
Oracle Exadata (including ASO/SSL) |
11gR2, 12.1, 12.2 |
Oracle 11gR2, 12.1 ASO supported by Windows S-TAP.Oracle SSL is not supported for Windows S-TAP.Query Rewrite not supported for Oracle 12.1 and later.Oracle Express (XE) is not supported
|
Microsoft MS-SQL Server |
2012, 2014, 2016, 2017,2019, 2022 |
Windows Platform only
|
IBM DB2 (Linux, UNIX) |
9.7, 10.1, 10.5, 11.1
|
The versions of DB2 required in order to use DB2 Exit are: V97FP9, V101, V105 or higher.
|
IBM DB2 (Windows) |
10.1, 10.5, 11 |
SSL Encryption only supported by using DB2 EXIT. |
IBM Db2 pureScale |
9.8, 10.1, 10.5, 11 |
SSL Encryption only supported by using DB2 EXIT |
IBM PureData System for Transactions |
||
IBM PureData System for Operational Analytics |
||
IBM PureData Systems for Analytics |
||
IBM DB2 for i |
7.1, 7.2, 7.3 |
|
IBM Db2 for z/OS |
11, 12 |
S-TAP Prerequisites for Db2 for z/OS V12.
|
IMS for z/OS |
12,13, 14, 15 |
Version 10 S-TAP Prerequisites for IMS v15: PTF UI44191Version 9.1 S-TAP does not support IMS v15
|
Data sets for z/OS |
2.1, 2.2, 2.3 |
Version 10 S-TAP Prerequisites for zOS 2.3: PTF UI55620Version 9.1 S-TAP Prerequisites for zOS 2.3: PTF UI51198 |
IBM Informix |
11.70, 12.10 |
Informix Exit supported with 12.10
|
Oracle MySQL and MySQL Cluster |
5.7,8.0 |
Shared Memory traffic is not supported by Windows S-TAPMysql 8.0.13 is supported in v10.6 (requires Snif patch p4042 or above) for Unix S-TAP
Guardium supports MySQL Community Server
|
SAP Sybase ASE |
15.7, 16.0,16.1 |
Sybase 15.7 is supported on AIX, Linux, Solaris on SPARC and HPUX
|
SAP Sybase IQ |
16.0,16.1 |
Sybase IQ does not support SSL for any platform.Guardium supports SybaseIQ only on LINUX, and AIX.
|
IBM Netezza |
6.02, 7.0, 7.1, 7.2 |
|
PostgreSQL |
9.3, 9.4, 9.5, 9.6, 10, 13.4 |
SSL encryption is supported (9.4 and 9.5). Windows does not support encryption for PostgreSQL
|
Teradata |
15, 15.10, 16.10 and 16.20 |
Supported by SuSe Linux onlyTeradata 16.20 with EXIT supported in s-tap version 10.6 Teradata 16.20 with ATAP supported in S-TAP version 10.6 |
IBM BigInsights |
4.2, 4.2.5 |
Supported by Linux only |
Cloudera |
5.3, 5.8, 5.12.2 |
Supported by Linux only |
Aster |
6.2 |
Supported by Linux only, SSL encryption not supported |
Cassandra |
3.0.2, 3.5, 3.11 |
Supported by Linux only
|
DataStax Cassandra | 6.0.0 | Support by Linux only, SSL supported |
ElasticSearch | 7.15 | Supported by Linux only |
CouchDB |
2.1.1 |
Supported by Linux, and Windows |
Greenplum DB |
4.3.19, 5.7, 5.17 |
Supported by Linux only |
Hortonworks |
2.1, 2.2, 2.5, 2.6 |
Supported by Linux only.
|
MariaDB |
5.5, 5.6, 10.1.12, 10.1.22, 10.1.29,10.6,10.9 |
Supported by Linux only |
MemSQL |
5.5, 6,7.8 |
Supported by Linux only |
MongoDB |
3.2, 3.4, 3.6, 4.0,4.2,4.4,5.0 |
Supported by Linux, and Windows |
MongoDB mgo client (version 2) |
3.2.1, 3.4.2, 3.6, 4.0,4.2,4.4 |
Supported by Linux only |
MongoDB Compass client (versions 1.14, 1.15, 1.16) |
3.6, 4.0 |
Supported by Windows |
Neo4j | 4.4 | Supported by Linux only |
SAP HANA |
1.0, 2.0 |
Supported by Linux only |
HP Vertica |
7.2.3, 8.0 |
Supported by Linux only |
FTP |
||
Host-Based Monitoring
Unique in the industry, S-TAPs are lightweight software probes that monitor both network and local database protocols (shared memory, named pipes, etc.) at the OS level of the database server. S-TAPs minimize any effect on server performance by relaying all traffic to separate Guardium appliances for real-time analysis and reporting, rather than relying on the database itself to process and store log data. S-TAPs are often preferred because they eliminate the need for dedicated hardware appliances in remote locations or available SPAN ports in your data center.
This table shows all OS platforms and versions for which S-TAPs are currently available.
OS Type |
Version |
Notes |
AIX |
6.1, 7.1, 7.2 |
|
z/OS |
2.1.x, 2.2, 2.3 |
For data sets S-TAP, APAR# PI84769 is required to support 2.3 |
HP-UX |
11.11 PA-RISC
|
|
Red Hat Enterprise Linux (includes
|
5, 6, 7 |
Little endian and Big endian supported on Power 8 (RHEL 7.x-7.6) |
Red Hat Enterprise Linux for System z |
5.4, 6.x, 7 |
|
SuSE Enterprise Linux |
11 - 32-bit, 64-bit
|
SLES 11 PPC64 (Big Endian system only)
|
SuSE Enterprise Linux for System z |
11, 12 |
|
Solaris - SPARC |
10, 11.1, 11.2, 11.3 |
Not supported for Solaris release 11.4 and higher |
Solaris - Intel |
10, 11.1, 11.2, 11.3 |
Not supported for Solaris release 11.4 and higher |
Windows Server |
2012, 2012 R2, 2016, Datacenter Edition, 2016 Essentials Edition, 2016 Standard Edition, 2019 |
|
IBM i |
6.1, 7.1, 7.2, 7.3 |
|
Ubuntu |
10.4 (SP3 & 4), 12.04, 14.04, 16.04,18.04 |
DB2, Informix, MySQL, PostgreSQL only |
OpenSSL for UNIX S-TAP |
OpenSSL 1.0.2k |
|
CentOS for UNIX S-TAP |
CentOS 6.x, 7.x |
|
TLS 1.2 |
* Supports network activity monitoring, local activity via Enterprise Integrator
What data source is supported by what Guardium product?
Legend for Column 4 - Guardium Products
Data Protection for Databases |
= DPD |
Data Protection for Data Warehouses |
= DPDW |
Data Protection for Big Data |
= DPBD |
Data Protection for z/OS (DB2) |
= DPz/OS (DB2) |
Data Protection for z/OS (IMS) |
= DPz/OS (IMS) |
Data Protection for z/OS (data sets) |
= DPz/OS (data sets) |
Data Protection for Files |
= DPF |
Company |
Monitored Product Name |
Data Source Type |
Guardium Product covering |
IBM |
IBM DB2 |
Database |
DPD |
IBM |
IBM Db2 pureScale |
Database |
DPD |
IBM |
IBM PureFlex System |
Database |
DPD |
IBM |
IBM DB2 for i |
Database |
DPD |
IBM |
IBM Informix |
Database |
DPD |
IBM |
IBM Db2 for z/OS |
Database |
DPz/OS (DB2) |
IBM |
IBM DB2 Analytic Accelerator for z/OS |
Data Warehouse |
DPz/OS (DB2) |
IBM |
IBM DB2 Warehouse |
Data Warehouse |
DPDW |
IBM |
IBM IMS |
Database |
DPz/OS (IMS) |
IBM |
IBM z/OS data sets (VSAM, XDAP, BDAM, BSAM, QSAM, BPAM, ISAM, OAM) |
File system |
DPz/OS (data sets) |
IBM |
IBM PureData System for Transaction (PDTX) |
Database |
DPD |
IBM |
IBM PureApplication System |
Database |
DPD |
Oracle |
Oracle Database |
Database |
DPD |
Oracle |
Oracle Database RAC |
Database |
DPD |
Oracle |
Oracle Database BDA |
Database |
DPD |
Oracle |
Oracle Sun MySQL |
Database |
DPD |
Oracle |
Oracle Sun MySQL Cluster |
Database |
DPD |
MariaDB Foundation |
MariaDB |
Database |
DPD |
SAP |
SAP Sybase ASE |
Database |
DPD |
SAP |
SAP Sybase IQ |
Database |
DPD |
Microsoft |
MS SQL Server |
Database |
DPD |
Microsoft |
MS SQL Server Cluster |
Database |
DPD |
PostgreSQL |
PostgreSQL |
Database |
DPD |
SAP |
SAP HANA |
In-memory Database |
DPD |
SAP |
SAP HANA Appliance |
In-memory Data Warehouse |
DPDW |
Microsoft |
Microsoft Analytics Platform System (APS) |
Data Warehouse |
DPDW |
Teradata |
Teradata |
Data Warehouse |
DPDW |
Oracle |
Oracle Exadata |
Data Warehouse |
DPDW |
IBM |
IBM Netezza |
Data Warehouse |
DPDW |
IBM |
IBM PureData for Analytics |
Data Warehouse |
DPDW |
IBM |
IBM PureData System for Operational Analytics (PDOA) |
Data Warehouse |
DPDW |
IBM |
IBM BLU Acceleration |
Data Warehouse |
DPDW |
EMC |
GreenPlum DB |
Data Warehouse |
DPDW |
HP |
HP Vertica |
Data Warehouse |
DPDW |
Teradata |
Teradata Aster DB |
Hadoop |
DPBD |
IBM |
IBM BigInsights |
Hadoop |
DPBD |
Cloudera |
Cloudera |
Hadoop |
DPBD |
EMC |
GreenPlum HD |
Hadoop |
DPBD |
EMC |
Pivotal |
Hadoop |
DPBD |
Hortonworks |
Hortonworks |
Hadoop |
DPBD |
MongoDB |
MongoDB |
NoSQL |
DPBD |
Apache SW |
CouchDB |
NoSQL |
DPBD |
Apache SW |
Cassandra |
NoSQL |
DPBD |
DataStax |
DataStax Enterprise |
NoSQL |
DPBD |
MemSQL Inc. |
MemSQL |
NoSQL |
DPBD |
Generic |
HTTP |
Application protocol |
DPD |
IBM |
IBM InfoSphere Optim Archival |
Database Tool |
DPD |
IBM |
IBM Master Data Management |
Database Tool |
DPD |
IBM |
IBM Data Stage |
Database Tool |
DPD |
Generic |
FTP |
File system Protocol |
DPF |
Microsoft |
Windows File Share (WFS) |
File system Protocol |
DPF |
Microsoft |
MS File system |
File system |
DPF |
Red Hat |
Red Hat File system |
File system |
DPF |
Ubuntu |
Ubuntu File system |
File system |
DPF |
Novell |
SuSe File system |
File system |
DPF |
IBM |
AIX File system |
File system |
DPF |
HP |
HP-UX File system |
File system |
DPF |
IBM |
AIX GPFS |
File system |
DPF |
Supported Data source platforms for IBM Guardium Vulnerability Assessment (VA)
Data source |
Supported Versions |
Oracle |
11gR1, 11gR2, 12.1, 12.2, 18c.Note: Support for Oracle 18c CVEs and patch test detection will be in a future release. |
Microsoft SQL Server |
2012, 2014, 2016, 2017 |
IBM DB2 (LUW) |
9.7, 10.1, 10.5, 11.1 |
IBM DB2 for i |
6.1, 7.1, 7.2, 7.3, 7.4 |
IBM Db2 for z/OS |
10, 11, 12 |
IBM Informix |
11.50, 11.70, 12.10 |
Oracle MySQL |
5.5, 5.6, 5.7 |
SAP Sybase ASE |
15.7, 16 |
SAP Sybase IQ |
15.4, 16 |
IBM Netezza |
6.0, 6.02, 7.0, 7.1, 7.2 |
PostgreSQL |
9x |
Teradata |
14.10, 15, 15.10, 16 |
Aster |
6, 6.1 |
MongoDB |
2.6, 3.0, 3.2, 3.4 |
SAP HANA |
1.0, 2 |
Cloudera Hadoop | 5.x |
Amazon RDS data sources |
Oracle, SQL Server, MySQL, PostgreSQL |
Appliance deployment on the cloud
Appliance deployment on the cloud |
Guardium appliance images for on the cloud deploymenthttp://www.ibm.com/support/docview.wss?uid=swg27049576Cloud Deployment Guides for: Amazon AWS EC2; IBM Softlayer; Google; Microsoft Azure, OracleDeploy IBM Guardium VA on Amazon RDShttp://www.ibm.com/support/docview.wss?uid=swg27050667Additional Section or row for VA for Cloud - PaaSAmazon RDS - OracleAmazon RDS – MS-SQL ServerAmazon RDS – MySQLAmazon RDS - PostgreSQL |
Client-side requirements for UNIX S-TAP and Windows S-TAP
UNIX/Linux S-TAP: https://www.ibm.com/support/knowledgecenter/SSMPHH_10.6.0/com.ibm.guardium.doc.stap/stap/choose_setup.html
Windows S-TAP: https://www.ibm.com/support/knowledgecenter/SSMPHH_10.6.0/com.ibm.guardium.doc.stap/stap/windows_choose_setup.html
Supported Data Source Platforms for Guardium External S-TAP
External S-TAP is a component of Guardium that can intercept traffic for cloud and on-premises database services without installing an inspection agent on the database server. For more information, see Guardium External S-TAP in the IBM Documentation website.
Data source |
Supported Versions |
Notes |
Oracle (SSL enabled and non-SSL enabled) |
11gR1, 11gR2, 12.1, 12.2, 18.0 |
Available for on-premises and for Amazon RDS cloud. |
SQL Data Warehouse |
All Versions |
Available for Microsoft Azure cloud. |
Microsoft SQL Server (SSL enabled only) |
All Versions |
Available for on-premises and for Microsoft Azure cloud and Amazon RDS cloud. |
MongoDB (SSL enabled and non-SSL enabled) | 4.0.5 | Available for on-premises. |
What Guardium features work with nonSQL databases?
Platform/Feature |
Hadoop |
MongoDB |
Cassandra |
CouchDB |
DAM |
Yes |
Yes |
Yes |
Yes |
Exceptions |
Yes |
Yes |
Yes |
|
Blocking |
Yes (HIVE and IMPALA) |
Yes |
Yes |
No |
Redaction |
No |
Yes |
Yes |
No |
Discovery & Data Classification |
No |
No |
No |
No |
Instance Discovery |
No |
Yes |
No |
Yes |
SSL |
No |
Yes |
No |
No |
Kerberos |
Yes |
Yes |
No |
No |
Failed Logins |
Yes (Hue only) |
Yes |
Yes |
Yes |
VA |
Yes (Cloudera Only) |
Yes |
No |
No |
Encryption |
Yes |
Yes |
No |
No |
Query Rewrite |
No |
No |
No |
No |
End of service
Guardium supports database and operating system versions up to their End-of-Service (EOS), Premier, or Mainstream support end dates. For IBM, they are published in http://www-01.ibm.com/software/support/lifecycle/ . For other vendors, contact your vendor representative to confirm their support end dates. IBM offers optional extended service support after EOS. Contact your IBM representative for further information. Guardium will support the hardware system it is running to the End-of Marketing (EOM) date plus 5 years or end of support date, whichever is sooner.
Supported web browsers
Firefox ESR 52 and above
Chrome 70 and above
Minimum screen resolution - 1366 x 768
Flexible Deployment
Guardium is available as a hardware or software offering, ensuring that you can easily deploy the solution in a wide variety of environments. As a hardware offering, the solution is delivered with licensed software fully loaded and tested on a physical appliance provided by IBM (hardware appliance). When delivered as a software offering, the solution is delivered as software images ready to be deployed by the user on their own hardware (software appliance), either directly or as virtual appliances. While the software images can be installed on any VMware product, the VMware ESX server is the recommended platform for a virtual solution. Only VMware and Hyper-V are supported by Guardium.
The following table summarizes major hardware requirements for software appliances. The Guardium solution is designed to work on i86 Intel-based or AMD-based platforms (for example, x86_64). Only platforms and hardware that are officially supported by Red Hat Linux 6.9 (64-bit) can be used as Guardium v10.1.32 platforms (note in Guardium v10.0 hardware supported by Red Hat 6.5 is required), however, not all officially supported Red Hat Linux platforms can be used. Platforms that require extra drivers or specialized post-install configuration are not supported at this time.
Minimum and Recommended Resources per software or virtual appliance
Resource |
Required Range * |
Comments |
Physical CPUs |
Minimum: 4 coresRecommended: 8 cores |
x86 (Intel or AMD) processors required |
Virtual CPUs |
Minimum 4 vCPUsRecommended: 8 vCPUs |
|
RAM |
(64-bit)Minimum: 24 GB (min)Maximum: motherboard maxRecommended: 32 GB |
Guardium's features are memory intensive. To take full advantage of these features, it is recommended to have 32 GB of RAM and 8-core CPU.For Central Managers in a large federated environment, the recommended memory is
|
Ports (NICs)1 Gbit or 10 Gbit per second card recommended10 Gbit per second card can be used in 64-bit system with sufficient memory |
1-4 |
Each port can be an actual NIC, or a virtual switch that can be configured to use multiple NICs, optionally with failover IP teaming.Optional: The third port may also be configured to team with the primary interface in order to provide failover IP teaming. Alternatively, the last port on the device may be configured as a secondary management interface with a different IP, NETMASK and GW from the primary.When using Inspection Engines to capture traffic (not
|
Disk Size |
Minimum: 300 GBMaximum:>2 TBRecommended:Collectors: 300-600 GBAggregators: 600-1800 GB
|
Use of RAID is recommended.RAID-10, RAID-0, RAID-1, RAID 0+1, RAID 1+0 are supported.Note: Larger disks may hold more audit records for longer periods of time, but are more likely to impact performance.At least 9 GB of free disk space on the /var partition is required. |
Disk Size |
>2 TB |
Beginning with v10.1.2, disk partitions
|
Disk Speed |
7200 RPM to 15,000 RPM |
To use 7200 RPM, scale back the sizing ratio by 70%.Example: If you are using 7200 RPM disk, which is slow, you should reduce your sizing by 70%. If your sizing calls for 10 S-TAPs to a collector, if you are running with 7200 RPM drives, drop that to 3 S-TAPs to a collector. |
* Refer to IBM configuration tables for physical ranges.
Application Monitoring
Guardium identifies potential fraud by tracking activities of users who access critical tables via multitier enterprise applications rather than direct access to the database. This is especially important for applications that use connection pooling where all user traffic is aggregated within a few database connections, thereby masking the identity of users.
Guardium offers out-of-the-box support for the major off-the-shelf enterprise applications (see table below), and provides built-in tools to configure and add end-user identification for niche application and home-grown applications. Note: for most applications, some basic configuration is needed, to tailor the solution to your environment.
Supported Enterprise Applications |
Supported Application Server Platforms
|
Oracle E-Business Suite |
IBM WebSphere |
PeopleSoft |
BEA WebLogic |
Siebel |
Oracle Application Server (AS) |
SAP |
JBoss Enterprise Application Platform |
Cognos |
+ Others based on customer demand |
Business Objects Web Intelligence |
|
+ Others based on customer demand |
Was this topic helpful?
Document Information
Modified date:
22 December 2023
UID
ibm10719695