System Requirements for Change Guardian 5.2

December 2019

Micro Focus recommends the tested platforms listed below. However, customers running on any platforms not provided in this list or with untested configurations will be supported until the point Micro Focus determines that the root cause is the untested platform or configuration. Issues that can be reproduced on the tested platforms will be prioritized and fixed according to standard defect-handling policies. For more information about support polices, see Support Policies.

1.0 System Requirements

1.1 Software Requirements

Supported Platforms

Component Name

Platforms

Change Guardian Server

  • Red Hat Enterprise Linux Server (RHEL) 7.6

  • Red Hat Enterprise Linux Server (RHEL) 6.10

  • SUSE Linux Enterprise Server (SLES) 12 SP4 (64-bit)

Change Guardian Policy Editor

  • Windows 10 (64-bit)

  • Windows 7 SP1(32-bit and 64-bit)

  • Windows Server 2019

  • Windows Server 2016

  • Windows Server 2012 R2

  • Windows Server 2012

  • Windows Server 2008 R2 SP1

Change Guardian Agent for Windows

  • Windows 10 (32-bit and 64-bit)

  • Windows 8.1(32-bit and 64-bit)

  • Windows 7 SP1(64-bit)

  • Windows Server 2019

  • Windows Server 2016

  • Windows Server 2012

  • Windows Server 2012 R2

  • Windows Server 2008 SP2 (32-bit and 64-bit)

  • Windows Server 2008 R2

Security Agent for UNIX

See the Security Agent for UNIX System Requirements page.

IMPORTANT:

  • FIPS mode is supported only for Change Guardian. Change Guardian is not supported if the operating system is in FIPS mode.

  • Change Guardian is not certified on Open Enterprise Server installations of SLES.

Monitored Applications

Application Name

Versions

Microsoft Windows

  • Windows 10 (32-bit and 64-bit)

  • Windows 8.1(32-bit and 64-bit)

  • Windows 7 SP1(64-bit)

  • Windows Server 2019

  • Windows Server 2016

  • Windows Server 2012

  • Windows Server 2012 R2

  • Windows Server 2008 SP2 (32-bit and 64-bit)

  • Windows Server 2008 R2

Microsoft Active Directory and Group Policy

  • Windows Server 2019

  • Windows Server 2016

  • Windows Server 2012

  • Windows Server 2012 R2

Microsoft Exchange

  • Microsoft Exchange Server 2019

  • Microsoft Exchange Server 2016

Dell EMC

  • Isilon 8.1.0.4

  • Unity 4.4

NetApp Storage System

Data ONTAP 9.1

Integration with Other Softwares

Component Name

Versions

Secure Configuration Manager

7.2

Sentinel Enterprise

8.2.3

ArcSight Enterprise Security Manager

6.7.1

Splunk Enterprise Security

7.3.2

Directory Resource Administrator

9.2.1

Web Browsers for Change Guardian Web Console

Component Name

Browsers

Change Guardian Web Console

Latest version of the following:

  • Google Chrome

  • Mozilla Firefox

  • Microsoft Edge – Windows 10 or later

  • Microsoft Internet Explorer 11 or later

NOTE:Although not officially certified, other modern browsers are known to work reasonably well with the Change Guardian web interface.

Additional /Client Softwares

Component Name

Softwares

Change Guardian Policy Editor

  • Microsoft.NET Framework 4.5 or later

  • (Optional) Security Agent for Windows

NOTE:

  • Security Agent for UNIX 7.5.1 or later is required to benefit from the Change Guardian Agent Manager updates

  • Security Agent for UNIX 7.6 and later is required to monitor NetApp Storage.

1.2 Recommended Hardware Requirements

Component

Hardware

Change Guardian Server (includes CG AM)

CPU:8 Cores

RAM: 24 GB

Free Hard Disk Space Available: 50 GB

2.0 Performance Sizing Guidelines

Category

250 Monitored Assets

1000 Monitored Assets

1000+ Monitored Assets

Total System Capacity

EPS Capability

200 EPS

500 EPS

500+ EPS

Alerts per Minute

10 APM

10 APM

10+ APM

Change Guardian Server Hardware

CPU

Two Intel Xeon 3-GHz (4 core) E5450 CPUs (8 cores total), without Intel HT Technology

Two Intel Xeon 3-GHz (8 core) E5450 CPUs (16 cores total), without Intel HT Technology

Contact Micro Focus Services

Primary Storage: Primary indexed event data optimized for fast retrieval.

500 GB 7.2k RPM drive

4 x 300 GB SAS 15k RPM (Hardware RAID 10)

Memory

24 GB

32 GB

Data Collection

Change Guardian Policies Used

  • Event Types: File Integrity

  • Agent Type: Windows Agents

  • Number of Agents: 200

  • EPS per Agent: 1

Set 01:

  • Event types: File System

  • Agent Type: Unix Agents

  • Number of Agents: 2

  • EPS per Agent: 200

Set 02:

  • Event Types: Processes/Daemons

  • Agent Type: Unix Agents

  • Number of Agents: 1000

  • EPM per Agent: 6

Contact Micro Focus Services

Total

  • Total Agents: 200

  • Server EPS: 200

  • Filtered: 0%

  • Total Agents: 1000+

  • Server EPS: 500

  • Filtered: 0%

Change Guardian NetApp Module

3000 EPS NetApp Events with 1 Security Agent for UNIX.

NOTE:You must install Security Agent for UNIX on a supported RHEL or SLES Linux platform to monitor NetApp.

Data Storage

How far into the past will users search for data on a regular basis?

Amount of locally cached data for higher search performance.

7 days

Contact Micro Focus Services

What percentage of searches will be over data older than the number of days above?

Impacts the amount of input/output operations per second (IOPS) for local storage.

 

10%

How far into the past must data be retained?

Impacts how much disk space is required to retain all the data. If secondary storage is enabled, this impacts the size of secondary storage. Otherwise, it impacts the size of primary storage.

 

14 days

User Activity

How many users will be active at the same time, on average?

Impacts the amount of IOPS for primary and secondary storage and other items.

 

1

Contact Micro Focus Services

How many searches will an active user be performing at the same time, on average?

Impacts the amount of IOPS for primary and secondary storage.

1

1M events per search

1

1M events per search

How many real-time alert views will be running at the same time, on average?

3

(whenever)

How many alert dashboards will be running at the same time, on average?

1

(7 days)

 

How many Threat Response dashboards will be running at the same time, on average?

3

How many alert widgets per dashboard will be running at the same time, on average?

2

(whenever)

IMPORTANT:Agent Manager has the capability to install or upgrade agents with a maximum of 150 assets in a batch.

2.1 Change Monitoring Dashboard Performance

The Chart view might take about 25 seconds to load events up to 500,000, while the Grid view might load in five seconds with a similar number of event. Any operation, such as grouping and sorting, with events upto 500,000 events on the Grid view might take about 40 seconds to process and display.

If there are around 500,000 to 1,000,000 events, the Chart view loads in a minute, and the Grid view loads in half a minute. Any operation on the Grid view with around 50,00,00 and 10,00,000 events might take one and a half minute to process and display.

Similarly, if there are 1,000,000 to 1,500,000 events, the Chart view takes about a minute and a half to load, the Grid view takes about half a minute to load, and operations on the Grid view takes about two minutes to process and display.

2.2 Performance of Single Change Guardian Agent

Following are observations about the events generated per second from Change Guardian Agent for Windows and Security Agent for UNIX:

  • The EPS count might vary with an increase in time interval and increase in the number of events generated in one burst.

  • EPS count depends upon the number of files present in the folder if the folder is monitored for file integrity.

  • EPS count might vary with the hardware configuration of the agent machine.

  • EPS count might vary when the agent is monitoring a combination of assets, such as Microsoft Windows and Active Directory, or Active Directory and Group Policy, or Active Directory and file integrity.

3.0 Legal Notice

For information about Micro Focus legal notices, see https://www.microfocus.com/about/legal/

Copyright © 2019 Micro Focus or one of its affiliates.