or Agents - ObserveIT
advertisement
Before attending this course, students must have at least 2 years worth or equivalent knowledge of the following technologies and products: Managing, maintaining, and securing Microsoft Windows Server 2008/2008 R2, 2012, 2012 R2, including Active Directory and Network Infrastructure server roles. Working knowledge of networking, for example, TCP/IP, Domain Name System (DNS) and DHCP. Working knowledge of CITRIX XenDesktop 7.X, Internet Information Services (IIS), and Microsoft SQL Server. Working knowledge of common management and monitoring tools such as Microsoft SSCM/SCOM, PSEXEC, or equivalent. Knowledge in installing, configuring, and administering Microsoft Windows Server 2008/2008 R2, 2012/2012 R2, and Microsoft Windows XP Pro/Vista/7/8. • • • • • • • • • • • • • • • • • • ObserveIT ObserveIT_Data ObserveIT_Archive_1 ObserveIT_Archive_template ObserveITUser (do not delete or change the password) The user is responsible for handling the management of the 4 Databases and runs as a service. 1 – introduction 2 - Prerequisites & System Requirements 3 - One-Click Installation 5.11 – Installation ObserveIT Agent on CentOS 5.12 – Installation ObserveIT Agent on Ubuntu • • • • • • • • • • • • 4. Basic Use Cases 4. 1 4.2 5.13 5.14 Simulating User Activity Auditing the User Activity Simulate User Activity on Unix View Linux Recorded Session • • • • • 1 Application Server (2 for HA). • Recommended to use a database on a separate server from the Application Server, but it is OK to have them together. • SQL production database disk for user-activity logs: 390 GB ultra-fast disk IOPS (for the current month). • SQL production database or file system storage disk for graphical images: 1 TB ultra-fast disk IOPS (for each archived month). • Note - for longer data rotation, please user the built-in archive mechanism that can be stored according to your needs online or offline. Agent HTTP Traffic HTTP Traffic Agent “All in one” Database Server Application Server Web Console Agent ObserveIT Admin • 2 Application Servers (3 for HA) with load balancing. • Database server must be on separate server from the Application Server. • SQL production database disk for user-activity logs: 780 GB ultra-fast disk IOPS (for the current month). • SQL production database or file system storage disk for graphical images: 2 TB ultra-fast disk IOPS (for each archived month). • Note - for longer data rotation, please use the built-in archive mechanism that can be stored according to your needs online or offline. • Recommendation: The ObserveIT Application Servers should communicate with a central clustered Microsoft SQL Server Enterprise Edition 2008 or higher. Agent HTTP Traffic Agent SQL Traffic Application Server Web Console Database Server HTTP Traffic Agent RAID network File System ObserveIT Admin • 4 Application Servers (5 for HA) with load balancing. • Database Server must be on separate server from the application server. • SQL Production database disk for user-activity logs: 1.5 GB ultra-fast disk IOPS (for the current month). • SQL Production database or file system storage disk for graphical images: 4 TB ultra-fast disk IOPS (for each archived month). • Note – for longer data rotation, please use the built-in archive mechanism that can be stored according to your needs online or offline. • Requirement: The ObserveIT Application Servers should communicate with a central clustered Microsoft SQL Server Enterprise Edition 2008 or higher (enterprise recommended). DNS Records: oitsrv A 192.168.100.11 oitsrv A 192.168.100.12 Round Robin enabled and record cache set to 0 DNS Server Agent SQL 192.168.100.11 Active Application Server 1 SQL Traffic SQL Agent HTTP Traffic MS SQL Failover Cluster 192.168.100.12 Agent Active Application Server 2 DNS Records: oitsrv A 192.168.100.11 oitsrv A 192.168.100.12 Round Robin enabled and record cache set to 0 DNS Server Agent SQL 192.168.100.11 HTTP Traffic Active Application Server 1 SQL Traffic SQL Agent MS SQL Failover Cluster 192.168.100.12 Agent Active Application Server 2 Load Balancing Cluster RAID network File System Corporate Servers SSH PuTTY (no agent installed) MSTSC Gateway Server Corporate Desktops Internet (no agent installed) ObserveIT Agent Remote and local users Corporate Servers (no agent installed) ObserveIT Management Server Corporate Servers SSH PuTTY (no agent installed) MSTSC Gateway Server Corporate Desktops Internet (no agent installed) ObserveIT Agent Remote and local users Direct login (not via gateway) Sensitive production servers (agent installed) ObserveIT Management Server PUPM Server 10.2.56.78 User desktop Machine 10.2.56.74 Login to this machine only ObserveIT Agent CAB Transfer Machine “17” is in “My Privileged Accounts” list in the PUPM server RDP to 10.2.3.17 OIT Server 10.2.56.76 Contains the Test W2012 machine installation CAB 10.2.3.17 • • • • LDAP Traffic (TCP 389) Windows Server 2003/2008 Domain Controller Agent HTTP Traffic SQL Traffic Agent Application Server Web Console Database Server HTTP Traffic Agent ObserveIT Admin • Windows Agent • Unix/Linux Agent • Citrix Agent • • • Oracle Linux RHEL/CentOS Ubuntu Debian HP-UX AIX Solaris SLES (SuSE Linux) • • • • • • • • • • • • • • • • • • • • • • • • HTTPS Traffic or IPSec Tunnel OASIS standards for WS-Secure conversation, including Token Exchange, Digital Signature and Transaction TimeTo-Live limit Application Server Web Console • • • • • • • • HTTP Traffic (by default -TCP 4884) Application Server Web Console • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 80 • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •
