Before you install the Change Guardian server, verify hardware and software requirements and determine the resources you need for your Change Guardian implementation.
Change Guardian offers enhanced protection against security threats and compliance with United States federal government standards by supporting Federal Information Processing Standards (FIPS). For Change Guardian to run in FIPS mode, you must configure it after you install the Change Guardian server. For more information, see Section 2.4.7, Configure Change Guardian to Run in FIPS Mode.
IMPORTANT:The installation process does not support installing the Change Guardian Server as a non-root user.
You can install the Change Guardian server on a computer running one of the following operating systems:
SUSE Linux Enterprise Server (SLES) 11 Service Pack 3 (64-bit)
NOTE:The Change Guardian Server does not work on openSUSE.
Red Hat Enterprise Linux for Servers (RHEL) 6.6 (64‑bit)
NOTE:Ensure the 64-bit expect RPM is installed before you start the installation process.
You can run the web console on the following supported browsers:
Windows
Firefox version 5 and later
Google Chrome
Internet Explorer 10 and 11
SLES
Firefox version 5 and later
RHEL
Firefox version 5 and later
If the Internet Security Level in Internet Explorer is set to High, a blank page appears after logging in, and the file download pop-up might be blocked by the browser. To work around this issue, you need to first set the security level to Medium-high and then change to Custom level as follows:
Navigate to Tools > Internet Options > Security tab and set the security level to Medium-high.
Make sure that the Tools > Compatibility View option is not selected.
Navigate to Tools > Internet Options > Security tab > Custom Level, then scroll to the Downloads section and select Enable under the Automatic prompting for file downloads option.
The hardware recommendations for the Change Guardian server can vary based on your environment and monitoring needs. Consult Professional Services prior to finalizing the Change Guardian implementation.
The following hardware requirements are for running the Change Guardian server in a production environment as an all-in-one Change Guardian implementation:
Category |
250 Monitored Assets |
1000 Monitored Assets |
2000 Monitored Assets |
---|---|---|---|
CPU |
Two Intel Xeon 3-GHz (4 core) CPUs (8 cores total) |
Two Intel Xeon 3-GHz (8 core) CPUs (16 cores total) |
Two Intel Xeon 3-GHz (8 core) CPUs (16 cores total) |
Memory |
32 GB |
32 GB |
64 GB |
NOTE:The Change Guardian server is supported on x86 (64-bit) Intel Xeon and AMD Opteron processors but is not supported on pure 64-bit processors like Itanium.
The Change Guardian server stores raw data to comply with legal and other requirements. The system can be set up to use both local and network storage. Local storage has better performance characteristics for searching and reporting while network storage provides a better compression ratio, reducing the cost of storage. Change Guardian will automatically manage data between local and network storage as it ages in the system.
To determine the amount of storage required, first estimate how many days of history you need available in the system. Then determine the average number of days that are generally used for searches and reports for day-to-day needs. Using the following formulas, plan enough local storage for your day-to-day needs and network storage for the remainder of the history.
NOTE:Ensure that the file system partition containing /var/opt has been allocated sufficient storage based on the local storage calculation below.
Use the following formulas to estimate the amount of space required to store data:
{bytes per event} x {events per second} x 0.00008 = {GB local storage per day}
({GB local storage per day} x {number of days}) x {30% buffer} = Total GB local storage
{bytes per event} x {events per second} x 0.00001 = {GB network storage per day}
({GB network storage per day} x {number of days}) x {20% buffer} = Total GB network storage
These sample recommendations model a production system that holds 90 days of online data. The recommendations assume an average event size of 1000 bytes.
Category |
250 EPS |
750 and 1000 EPS |
1500 and 2000 EPS |
---|---|---|---|
Local Storage (30 days) |
500 GB, 7.2k RPM drive |
3x300 GB SAS, 15k RPM drives (Hardware RAID 0) |
4x600 GB SAS, 15k RPM drives, (Hardware RAID 0 with 128kB stripe size) |
Networked Storage (90 days) |
2x128 GB |
4x1 TB |
8x1 TB |
Storage Planning Notes:
Plan for at least five days of local storage.
In a primarily networked storage-only implementation, the amount of local storage can be minimized. However, due to decompression overhead, searching and reporting performance might be impacted by as much as 70%.
If networked storage is enabled, event data is copied to networked storage typically after 2 days.
Partially compressed means that the data is compressed, but the index of the data is not compressed. Fully compressed means that both the event data and index data are compressed. Event data compression rates are typically 10:1. Index compression rates are typically 5:1. The index is used to optimize searching through the data.
You should also plan additional hard drive space beyond your minimum requirements to account for data rates that are higher than expected.
When configuring disk partitions larger than 2 TB on Linux, use GUID partition table (GPT) format.
The operating system for the Change Guardian server must include at least the Base Server components of the SLES server or the RHEL 6 server. Change Guardian requires the 64-bit versions of the following RPMs:
bash
bc
expect
coreutils
gettext
glibc
grep
libgcc
libstdc
lsof
net-tools
openssl
python-libs
samba-client
sed
zlib