Technical Information for Change Guardian 5.1.1

February 2019

NetIQ Corporation recommends the fully tested and certified platforms described in this page. However, customers running on other platforms or with untested configurations will be supported until the point NetIQ Corporation determines that the root cause is the uncertified platform or configuration. Issues that can be reproduced on the certified platforms will be prioritized and fixed according to standard defect-handling policies. For more information about support polices, see Support Policies.

1.0 System Requirements

1.1 Software Requirements

Operating Systems

Component Name

Operating Systems

Change Guardian Server

  • Red Hat Enterprise Linux Server (RHEL) 7.5 (64-bit)

  • Red Hat Enterprise Linux Server (RHEL) 6.10 (64-bit)

  • SUSE Linux Enterprise Server (SLES) 12 SP3 (64-bit)

  • SUSE Linux Enterprise Server 11 SP4 (64-bit)

Change Guardian Policy Editor

  • Windows 10 (64-bit)

  • Windows 8.1(64-bit)

  • Windows 7 SP1(64-bit)

  • Windows Server 2016

  • Windows Server 2012 R2

  • Windows Server 2012

  • Windows Server 2008 R2 SP1

Systems Monitored using Change Guardian Agent for Windows

  • Windows 10 (64-bit)

  • Windows 8.1(64-bit)

  • Windows 7 SP1(64-bit)

  • Windows Server 2016

  • Windows Server 2012

  • Windows Server 2012 R2

  • Windows Server 2008 SP2 (64-bit)

  • Windows Server 2008 R2 SP1

Change Guardian Agent for Active Directory (and Group Policy)

  • Windows Server 2016

  • Windows Server 2012 R2

  • Windows Server 2012

  • Windows Server 2008 R2

  • Windows Server 2008 SP2 (64-bit)

IMPORTANT:

  • FIPS mode is supported only for Change Guardian. Change Guardian is not supported if the operating system is in FIPS mode.

  • Change Guardian is not certified on Open Enterprise Server installations of SLES.

Appliance Platforms

Component Name

Operating Systems

Change Guardian Server Soft Appliance (Includes Operating System)

ISO Appliance

  • VMware ESX 6.5

  • VMware ESX 6.0

  • Hyper-V Server 2016

  • Hyper-V Server 2012 R2 (via DVD ISO)

  • Hardware without a pre-installed operating system (via DVD ISO)

OVF Appliance

  • VMware ESX 6.5

  • VMware ESX 6.0

IMPORTANT:Change Guardian Server Soft Appliance is built on SLES 12 SP3.

Web Browsers for Change Guardian Web Console

Component Name

Browsers

Change Guardian Web Console

Latest version of the following:

  • Google Chrome 68.

  • Mozilla Firefox 61

  • Microsoft Edge 42.0 – Windows 10

  • Microsoft Internet Explorer 11 and later

NOTE:Although not officially certified, other modern browsers are known to work reasonably well with the Change Guardian web interface.

Additional /Client Softwares

Component Name

Softwares

Change Guardian Policy Editor

Microsoft.NET Framework 4.5 or later.

Systems Monitored using Change Guardian for UNIX and Linux

  • Security Agent for UNIX 7.6.1

  • Security Agent for UNIX 7.6

NOTE:

  • Security Agent for UNIX 7.5.1 or later is required to benefit from the Change Guardian Agent Manager updates introduced in Change Guardian 5.0.

  • Security Agent for UNIX 7.6 and later is required to monitor NetApp Storage.

1.2 Recommended Hardware Requirements

Component

Hardware

Change Guardian Server (includes CG AM)

CPU:8 Cores

RAM: 24 GB

Free Hard Disk Space Available: 50 GB

2.0 Performance Sizing Guidelines

Category

250 Monitored Assets

1000 Monitored Assets

1000+ Monitored Assets

Total System Capacity

EPS Capability

200 EPS

500 EPS

500+ EPS

Alerts per Minute

10 APM

10 APM

10+ APM

Change Guardian Server Hardware

CPU

Two Intel Xeon 3-GHz (4 core) E5450 CPUs (8 cores total), without Intel HT Technology

Two Intel Xeon 3-GHz (8 core) E5450 CPUs (16 cores total), without Intel HT Technology

Contact Micro Focus Services

Primary Storage: Primary indexed event data optimized for fast retrieval.

500 GB 7.2k RPM drive

4 x 300 GB SAS 15k RPM (Hardware RAID 10)

Memory

24 GB

32 GB

Data Collection

Change Guardian Policies Used

  • Event Types: File Integrity

  • Agent Type: Windows Agents

  • Number of Agents: 200

  • EPS per Agent: 1

Set 01:

  • Event types: File System

  • Agent Type: Unix Agents

  • Number of Agents: 2

  • EPS per Agent: 200

Set 02:

  • Event Types: Processes/Daemons

  • Agent Type: Unix Agents

  • Number of Agents: 1000

  • EPM per Agent: 6

Contact Micro Focus Services

Total

  • Total Agents: 200

  • Server EPS: 200

  • Filtered: 0%

  • Total Agents: 1000+

  • Server EPS: 500

  • Filtered: 0%

Change Guardian NetApp Module

3000 EPS NetApp Events with 1 Security Agent for UNIX.

NOTE:You must install Security Agent for UNIX on a supported RHEL or SLES Linux platform to monitor NetApp.

Data Storage

How far into the past will users search for data on a regular basis?

Amount of locally cached data for higher search performance.

7 days

Contact Micro Focus Services

What percentage of searches will be over data older than the number of days above?

Impacts the amount of input/output operations per second (IOPS) for local storage.

 

10%

How far into the past must data be retained?

Impacts how much disk space is required to retain all the data. If secondary storage is enabled, this impacts the size of secondary storage. Otherwise, it impacts the size of primary storage.

 

14 days

User Activity

How many users will be active at the same time, on average?

Impacts the amount of IOPS for primary and secondary storage and other items.

 

1

Contact Micro Focus Services

How many searches will an active user be performing at the same time, on average?

Impacts the amount of IOPS for primary and secondary storage.

1

1M events per search

1

1M events per search

How many real-time alert views will be running at the same time, on average?

3

(whenever)

How many alert dashboards will be running at the same time, on average?

1

(7 days)

 

How many Threat Response dashboards will be running at the same time, on average?

3

How many alert widgets per dashboard will be running at the same time, on average?

2

(whenever)

IMPORTANT:Agent Manager has the capability to install or upgrade agents with a maximum of 150 assets in a batch.

3.0 Legal Notice

For information about Micro Focus legal notices, see https://www.microfocus.com/about/legal/

Copyright © 2019 Micro Focus or one of its affiliates.