Data Loss Prevention

 View Only
  • 1.  DLP - Oracle Database Size for 3-Tier Installation

    Posted Jan 30, 2012 01:55 PM

    Because the Oracel database is not supported on a Virtual Machine we are going to perform a 3-tier installation.

    That said, I need to provide our DBA's disk space requirement for the Enforce Database. According to te Oracle Database Requirement section of the Symantec_DLP_11.1_System_Requirements_Guidle.PDF pages 25-27 the minimum system requirements:

     

    Microsoft Windows Server 2003 or Red Hat Enterprise Linux version 5 Update 2, or later version of 5.x (32-bit or 64-bit)
    ■ 6 GB of RAM
    ■ 6 GB of swap space (equal to RAM)
    ■ 500 GB – 1 TB of disk space for the Enforce database

    On a Linux system, if the Oracle database is on the same computer as the Enforce Server, then the /opt file system must have at least 500 GB of free space for small or medium installations. 1 TB of free space is required for large or very large installations. If Oracle is installed on a different computer from the Enforce Server, then the /opt file system must have at least 10 GB of free space, and the /boot file system must have at least 100 MB of free space.

    The exact amount of disk space that is required for the Enforce database depends on variables such as:
    ■ The number of policies you plan to initially deploy
    ■ The number of policies you plan to add over time
    ■ The number and size of attachments you want to store (if you decide to store attachments with related incidents)
    ■ The length of time you intend to store incidents

    For us, all of our physical Oracle installs are on AIX, and I don't see that listed as supported.

    Also, 500GB to 1TB for the database seems very large.

    Could someone provide some insight into how you have implemented DLP - Storage across two-data centers with ~a petabyte of data? and if AIX is supported?

    TIA,

    RandyH



  • 2.  RE: DLP - Oracle Database Size for 3-Tier Installation

    Posted Jan 30, 2012 03:14 PM

    Randy,

    What is the size of your user base at your company?  How many policies will you enable?  How many file shares will you scan? These are some of the factors that decide how much storage the database will need.  For a petabyte of data using Network Discover to scan, I would make sure that whomever you chose to architect the product did so correctly.   If you are implementing Network Discover to scan that much data, make sure you are utilizing several Network Discover VM's or dedicated boxes to scan with.  Put the Network Discover boxes or vm's as close to the data as you can and scan with them.

    AIX isn't officially supported, but I have had several instances where Company ABC has implemented the DB on AIX.  

    500GB may seem like a lot, but consider the amount of policies you have that will trigger incidents that might come into that database.  

    You might be able to use a lower amount of disk space for the Oracle DB and then grow the DB accordingly.  



  • 3.  RE: DLP - Oracle Database Size for 3-Tier Installation

    Posted Jan 31, 2012 10:00 AM

    Thanks for the reply.

    We are roughly a 15k user base and I'm an unsure about how my policies we'll enable.  From a demo we had and being in the health space, out of the box we'll be looking at the HealthCare Solution Pack. There seem to be 7 policy bundle with that pack.

    As for file share, i don't have the exact number but I've heard there are over 3,000 share.

    I was working on two Discover and Protect servers, and one Data insight server in each of the data servers and one Enforce Server at the primary data center all VMs using a AIX Oracle instance.

    what are you thoughts?



  • 4.  RE: DLP - Oracle Database Size for 3-Tier Installation

    Posted Jan 31, 2012 12:42 PM

    For a 15k user base I would not use all of the policies that come witht the HC solution pack.  What will happen is you will have a whole bunch of incidents and not be able to manage them (if you are the only one using the product).  My suggestion would be to stick to the policies that are business critical at first, then add as needed.

     

    For Network Discover you should have at least one in each location.  Depending on the bandwidth between the sites it's best to keep the discover servers closest to the data repository and only send incidents back to the enforce server.  I highly suggest you use exclusions when you set up a scan.  This can be found in the 2nd tab of the scan configuration.  For scan configuratons I would slice off a bit at a time and see what kind of scan performance you are getting.  Start with a list of folders maybe A-C and bit off small chunks of the whole drives to see what type of performance you are getting.  Sometimes when you scan very large systems the discover server will stall and or not report correctly and it needs to be re-initiated.  Come up with a detailed plan to scan your file shares, it sounds like you have quite a bit of data to scan.   Depending on how many policies you have enabled and how many matching technologies you have included in those policies will have an impact on scan time/performance.  Pay attention to the scans and how they are reporting.

    Why isn't Network Monitor part of this integration?  Sounds like you have two egress points at a minimum and you could benefit tremendously from having this module.  



  • 5.  RE: DLP - Oracle Database Size for 3-Tier Installation

    Posted Jan 31, 2012 01:09 PM

    From what I understand only DLP for Storage was purchased, and not sure given how AIX is not officially supported and that the Oracle database is required to be on physical hardware, this purchase was approved. Neither here nor there at this point, it's on my desk and folks want reports.

    My intent was to start small as you have provided excellent information to put us on a good start but to also build this out once, and not have to re-engineer to scale out. That said, at a minimum - at the primary DC I was thinking of having two discover/protect servers, one data insight server, and the one enforce server.  carve off a bit at a time and then expand.  that is sound?

    Thanks again!!



  • 6.  RE: DLP - Oracle Database Size for 3-Tier Installation
    Best Answer

    Posted Feb 01, 2012 10:23 AM

    That sounds good, but just so you know the "protect" piece is just an add-on in the enforce server console and does not require an additional server.  



  • 7.  RE: DLP - Oracle Database Size for 3-Tier Installation

    Posted Feb 01, 2012 10:37 AM

    Thank you so much!