Micro Focus recommends the tested platforms listed below. However, customers running on any platforms not provided in this list or with untested configurations will be supported until the point Micro Focus determines that the root cause is the untested platform or configuration. Issues that can be reproduced on the tested platforms will be prioritized and fixed according to standard defect-handling policies. For more information about support polices, see Support Policies.
|
Component Name |
Platforms |
|---|---|
|
Change Guardian Server |
|
|
Change Guardian Server Soft Appliance (Includes Operating System) |
ISO Appliance
VHD Appliance (using DVD ISO)
OVF Appliance
|
|
Change Guardian Policy Editor |
|
|
Change Guardian Agent for Windows |
|
|
Change Guardian Agent for UNIX |
NOTE:The UNIX Remote Deployment wizard uses the su command to access the root account on the computer on which you want to install Change Guardian Agent for UNIX. The root password is used by the wizard only at installation and is not stored. |
|
Change Guardian Event Collector AddOn for Windows |
NOTE:Change Guardian Event Collector Addon for Windows Agent is not supported on Windows Server 2019 Core and Windows Server 2016 Core. |
|
Change Guardian Configuration Scanner |
NOTE:Change Guardian Configuration Scanner does not run in FIPS mode. |
NOTE:Change Guardian Server Soft Appliance is built on SLES 12 SP5.
IMPORTANT:
Ensure that you have the latest patch levels on all the agents for the agent to function efficiently.
FIPS mode is supported only for Change Guardian. Change Guardian is not supported if the operating system is in FIPS mode.
Change Guardian is not certified on Open Enterprise Server installations of SLES.
|
Application Name |
Versions |
|---|---|
|
Microsoft Active Directory and Group Policy |
|
|
Microsoft Exchange |
|
|
Dell EMC |
|
|
NetApp Storage System |
|
|
Azure AD |
Not applicable |
|
AWS (Identity) |
Not applicable |
|
Office 365 |
Not applicable |
|
Component Name |
Versions |
|---|---|
|
Secure Configuration Manager |
7.2 |
|
Sentinel Enterprise |
8.5 |
|
Micro Focus ArcSight Logger |
|
|
Splunk Enterprise Security |
8.2.2 |
|
Directory Resource Administrator |
|
|
Syslog |
syslog-ng-3.31.1 |
|
Component Name |
Browsers |
|---|---|
|
Change Guardian Web Console |
Latest version of the following:
NOTE:Although not officially certified, other modern browsers are known to work reasonably well with the Change Guardian web interface. |
|
Component Name |
Softwares |
|---|---|
|
Change Guardian Policy Editor |
Microsoft.NET Framework 4.5 or later |
|
Component |
Hardware |
|---|---|
|
Change Guardian Server |
CPU: 8 Cores RAM: 24 GB For standard installation, available free hard disk space: 50 GB or more For Appliance installation, available free hard disk space: 100 GB or more |
|
Category |
250 Monitored Assets |
1000 Monitored Assets |
1000+ Monitored Assets |
|---|---|---|---|
|
Total System Capacity |
|||
|
EPS Capability |
200 EPS |
500 EPS |
500+ EPS |
|
Alerts per Minute |
10 APM |
10 APM |
10+ APM |
|
Change Guardian Server Hardware |
|||
|
CPU |
Two Intel Xeon 3-GHz (4 core) E5450 CPUs (8 cores total), without Intel HT Technology |
Two Intel Xeon 3-GHz (8 core) E5450 CPUs (16 cores total), without Intel HT Technology |
Contact Micro Focus Services |
|
Primary Storage:Primary indexed event data optimized for fast retrieval. |
500 GB 7.2k RPM drive |
4 x 300 GB SAS 15k RPM (Hardware RAID 10) |
|
|
Memory |
24 GB |
32 GB |
|
|
Data Collection |
|||
|
Change Guardian Policies Used |
|
Set 01:
Set 02:
|
Contact Micro Focus Services |
|
Total |
|
|
|
|
Change Guardian NetApp Module |
3000 EPS NetApp Events with 1 Change Guardian Agent for UNIX. NOTE:You must install Change Guardian Agent for UNIX on a supported RHEL or SLES Linux platform to monitor NetApp. |
||
|
Data Storage |
|||
|
How far into the past will users search for data on a regular basis? Amount of locally cached data for higher search performance. |
7 days |
Contact Micro Focus Services |
|
|
What percentage of searches will be over data older than the number of days above? Impacts the amount of input/output operations per second (IOPS) for local storage. |
|
10% |
|
|
How far into the past must data be retained? Impacts how much disk space is required to retain all the data. If secondary storage is enabled, this impacts the size of secondary storage. Otherwise, it impacts the size of primary storage. |
|
14 days |
|
|
User Activity |
|||
|
How many users will be active at the same time, on average? Impacts the amount of IOPS for primary and secondary storage and other items. |
|
1 |
Contact Micro Focus Services |
|
How many searches will an active user be performing at the same time, on average? Impacts the amount of IOPS for primary and secondary storage. |
1 1M events per search |
1 1M events per search |
|
|
How many real-time alert views will be running at the same time, on average? |
3 (whenever) |
||
|
How many alert dashboards will be running at the same time, on average? |
1 (7 days) |
|
|
|
How many Threat Response dashboards will be running at the same time, on average? |
3 |
||
|
How many alert widgets per dashboard will be running at the same time, on average? |
2 (whenever) |
||
IMPORTANT:Agent Manager has the capability to install or upgrade agents with a maximum of 150 assets in a batch.
The Chart view might take about 25 seconds to load events up to 500,000, while the Grid view might load in five seconds with a similar number of event. Any operation, such as grouping and sorting, with events upto 500,000 events on the Grid view might take about 40 seconds to process and display.
If there are around 500,000 to 1,000,000 events, the Chart view loads in a minute, and the Grid view loads in half a minute. Any operation on the Grid view with around 50,00,00 and 10,00,000 events might take one and a half minute to process and display.
Similarly, if there are 1,000,000 to 1,500,000 events, the Chart view takes about a minute and a half to load, the Grid view takes about half a minute to load, and operations on the Grid view takes about two minutes to process and display.
Following are observations about the events generated per second from Change Guardian Agent for Windows and Change Guardian Agent for UNIX:
The EPS count might vary with an increase in time interval and increase in the number of events generated in one burst.
EPS count depends upon the number of files present in the folder if the folder is monitored for file integrity.
EPS count might vary with the hardware configuration of the agent machine.
EPS count might vary when the agent is monitoring a combination of assets, such as Microsoft Windows and Active Directory, or Active Directory and Group Policy, or Active Directory and file integrity.
For information about Micro Focus legal notices, see https://www.microfocus.com/about/legal/
Copyright © 2021 Micro Focus or one of its affiliates.