|
|
 |
Guardium for Mainframes FAQ
Q:
What does Guardium for Mainframes do?
A:
Guardium for Mainframes is a database activity monitoring solution for databases running on IBM mainframe servers. It allows you to define flexible audit policies and gives you visibility into all activity occurring on your database. With Guardium for Mainframes, you know who is accessing data, what your privileged users are doing, and when anomalous accesses are attempted. The product includes integrated workflows, reporting, investigation, and compliance features to provide a comprehensive database auditing solution.
Q:
How quickly will the product be ready after a new release of z/OS DB2 (i.e., how long after GA date)?
A:
Guardium for Mainframe currently supports version 7 and 8 of DB2. It is the policy of NEON Enterprise Software to support new IBM releases as soon as customer demand dictates support for those releases.
Q:
Does all data get sent to the appliance or do you limit data sent to the appliance through some data collection parameters?
A:
Data sent to the appliance is limited so that only the data required for auditing is sent to the appliance. The lightweight mainframe-based agent intelligently applies rules to limit the data sent to the appliance so that performance is optimized while still capturing all data needed to enforce an audit policy. Your audit policy settings directly affect the data volume sent from the mainframe to the Z2000 appliance.
Q:
Can we limit data collection by authorization ID wildcarding (i.e., only collect data for this batch ID or do not collect data for this batch ID)?
A:
Yes, you can limit data collection by authorization ID wildcarding. Additionally, object wildcarding may be used.
Q:
Does the product provide any safeguards to notify someone if it gets shut down?
A:
Yes, the product does provide notifications via the appliance in the event it can no longer communicate with the collector. Additionally, WTOs are issued that may be put into auto operators for notification from z/OS.
Q:
Can we EXPORT the raw SQL from their repository?
A:
Yes – either as a CSV format or as a feed to any relational database.
Q:
If we have 1 z/OS box with 2 LPARs and 1 DB2 in each LPAR what kind of setup will be required?
A:
You will need one started task for each LPAR and each started task can feed one Z2000.
Q:
We have two z/OS sites that share the workload. How many started tasks and appliances will I need?
A:
If you have two z/OS boxes each running DB2 and you will have two started tasks, one on each box, they both can feed the same Z2000. Depending on the volume you may need additional Z2000s that feed and aggregate for reporting.
Q:
Will I see any spikes in CPU usage, like when a “special process” kicks off?
A:
It’s possible if you request before and after images of changes, that you may see a spike when the log reading process begins. However, most of this processing will occur in the z/IIP.
Q:
What are the minimum requirements?
A:
Guardium for Mainframes runs on IBM z/OS version 1.6 or later. It supports DB2 versions 7 and 8 and requires IBM TCP/IP version 3.1 or later to support communications between the mainframe and the Z2000 appliance.
Q:
Do I need to change any application configurations to have my apps audited by Guardium for Mainframes?
A:
No. Guardium for Mainframes monitors activity going through the database server on the mainframe. No changes to any database, application, operating system, or network configuration are required (the Z2000 appliance has to be installed on the network). This includes all custom applications as well as common third-party packaged solutions like ERP or CRM applications.
Q:
I run several LPARS, each with its own DB2. Can Guardium for Mainframes monitor activity on that kind of environment?
A:
Yes. You will need to start a Z-TAP agent on each LPAR, and each Z-TAP will communicate with its own Z2000 appliance. In Guardium’s hierarchical architecture, multiple appliances feed a Central Server, which aggregates the data to provide a single, unified view for all of the databases in an enterprise.
Q:
What kind of trace information is captured by Guardium for Mainframes?
A:
Guardium for Mainframes does not require trace information. Guardium for Mainframes does not require the use of traces. It can capture as much information as you care to analyze and retain without using traces. For every SQL operation, it will capture information about every row that is inserted, updated, or deleted, as well as identity information, timestamp information, and network address of the person making the change. Before and after images can be captured as well (however, binary data is not retained for BLOB columns).
Q:
Where does the audit data get stored and how can we access it?
A:
Audit traces are securely stored on the Z2000 appliance or aggregated to the Central server and are accessed by running reports through the Guardium interface. Product features are available to help you with forensic analysis in the event of a breach and there are ways to export raw SQL from the repository.
Q:
Does Z-TAP use SMF records?
A:
No.
Q:
Does Z-TAP depend on the z/OS DB2 trace classes to be active?
A:
No.
Q:
Does Z-TAP depend on the AUDIT ALL or AUDIT CHANGES to be in effect for DB2 tables and other DB2 objects?
A:
No.
Q:
Does Z-TAP track more than the first attempt to read or change a table with the AUDIT ALL or AUDIT CHANGES clause?
A:
No. We don’t use the AUDIT ALL or AUDIT CHANGES clause. We have developed our own auditing method that does not rely on the usual DB2 audit traces. Our method will track more than the first attempt to read or change a table.
Q:
What type of DB2 access violations does Z-TAP track?
A:
Z-TAP will capture unauthorized access to objects such as SQLCODE-551 as well as failures during the connect process. z/OS login failures would be handled by the operating system’s security product.
Q:
Can we set a policy to track all successful and unsuccessful access events for specific users such as DBA’s and Security Administrators? If so, where?
A:
Yes, it would be set in the policy within the Guardium Appliance.
Q:
Does the RACF Started Task Userid for Z-TAP have to be a specific name?
A:
No but it does require specific privileges.
Q:
Can we RACF protect the Guardium GUI so that only authorized Administrators can access the GUI?
A:
Not today. However, Guardium supports user authentication via LDAP or Radius in addition to our internal mechanism.
Q: This FAQ didn’t answer my question. What do I do?
A: If you’re already a Guardium for Mainframes customer, there’s a good chance the answer is in the product documentation. If you’re not yet a Guardium for Mainframes customer and want to know more about how the product can secure your data and help you pass audits, contact a NEON sales representative. Email sales@neonesoft.com or call 888.338.6366 or 281.491.6366.
|
|
|
|
|
