Imperva Cyber Community

Expand all | Collapse all

DAM Remote Cluster Gateway

  • 1.  DAM Remote Cluster Gateway

    Posted 12-06-2020 12:13
    ​Dear Team,

    We already have DAM MX and DAM gateway cluster to monitor Database events in our primary DC.

    Recently we acquired new DC and plan to deploy another DAM gateway cluster here .

    What are the factors to be considered for newly deployed DAM gateway cluster to communicate with DAM MX in our primary DC.
       Exam.. Bandwidth consideration between  New DC and Old DC
                    How the payload to be taken care from New gateway cluster to  existing DAM MX.

    Thanks
    Prabhu
    #DatabaseActivityMonitoring

    ------------------------------
    Prabhu S
    Etisalat Technology Services
    ------------------------------


  • 2.  RE: DAM Remote Cluster Gateway

    Imperva Employee
    Posted 12-07-2020 09:29
    Hello Probhu,

        There are a handful of details to consider...
    • The License - if you have Flex for Data, Data Sec, or Data 360, you can deploy as many virtual appliances as you need to monitor the number of database servers you are licensed for.  Since this is a new DC, you'll probably need to increase the license to support your new DB servers in that DC.  
    • If the number of DB servers in your new DC is small, then it is possible to deploy one or more gateways (GW) to monitor them and have those GWs registered to your MX in your primary DC.  However, depending on reliability of the connectivity between the DCs, it might be best to deploy an MX for the new DC and managed those GWs.  If a larger number of GWs is required, then a dedicated MX for that DC is a must.
    • If multiple MXs are required, then it's time to consider deploying a SOM (SecureSphere Operations Manager), recently rebranded as a the Management Server Manager (MSM).  The SOM helps you manage the policies and reports from one appliance, which can reside in your Primary DC.
    You will want to reach out to your Sales Rep. and SE (Account Team) to discuss your needs.  There are more questions to be answered in order to develop roll-out plan.

    I hope this has helped.
    -Rich

    ------------------------------
    Rich Blais
    ------------------------------



  • 3.  RE: DAM Remote Cluster Gateway

    Posted 12-07-2020 09:50
    Thanks Rich..

    I have flex license to deploy Virtual appliances in a new DC.

    Yes No of DB servers would be less than 50 in a new DC so plan to deploy 2 virtual appliances . I have 2 mpbs connectivity between New DC and Old DC. 

       what would be the data payload from virtual apps in new DC to MX at old DC.  is the bandwidth good enough between new DC and old DC.
       Any other factors to be considered. We plan to manage with one MX to serve all the DC virtual and physical appliances. Is it right option ?
     
    We will think about 3rd option.

    Thanks
    Prabhu

    ------------------------------
    Prabhu S
    Etisalat Technology Services
    ------------------------------



  • 4.  RE: DAM Remote Cluster Gateway

    Posted 12-07-2020 09:53
    Add on to that..

    In the existing MX module i am not see the few stream signatures. Do we need separate license to enable that one.

    • Worms and Critical Vulnerabilities for Database Applications - Filter, Sql
    • WebSocket Exploitation - Filter, Stream
    • XML External Entity Injection stream signature not present

    Thanks
    Prabhu

    ------------------------------
    Prabhu S
    Etisalat Technology Services
    ------------------------------