1/24/22, 10:13 AM IBM Guardium Appliance Technical Requirements 11.

IBM Guardium Appliance Technical Requirements 11.4

Detailed System Requirements

Abstract
This document establishes the technical requirements for Guardium version 11.4 - CPUs, RAM.

Content
The IBM Security Guardium solution is available as a:

• Hardware offering – fully configured physical appliance provided by IBM.

• Software offering – software images deployed on customer hardware either directly or as virtual appliances.

The scope of this document is the “Software Offering”, and the requirements listed in this document apply to both
the physical appliance and the virtual appliance unless specified otherwise.

Product overview

IBM® Security Guardium® is a unified, cross-platform solution that both protects databases in real time and
automates the entire compliance auditing process. The solution supports all major database platforms, enterprise
applications, and operating systems (UNIX, Linux, Windows, and z/OS).

IBM Security Guardium can be deployed in a variety of operational modes:

• Collector – In Database Activity Monitoring or Vulnerability Assessment, the collectors monitor and analyze
database activity to provide continuous fine-grained auditing and reporting, real-time policy-based alerting and
database access controls.

• Central Manager/Aggregator –The Central Manager is a single point of management for the entire IBM
InfoSphere Guardium deployment. With the Central Manager, customers can define enterprise-wide policies,
alerts, queries and reports, install patches, push configuration and perform a variety of other administrative
tasks from a single console. In addition, data from multiple collectors can be aggregated to the Aggregation
Server to provide holistic views and generate enterprise-level reports.

Hardware Requirements

The following hardware requirements are necessary for the IBM Security Guardium solution to work properly.
Unless specified otherwise, the requirements are for both the physical installation and the virtual installation.

Installation on Physical Appliances

The IBM Guardium solution works only on x86 Intel-based or AMD-based platforms (for example, x86_64). Only
platforms and hardware that are officially supported by RedHat Linux 7.9 (64-bit) are expected to work properly
(See links to RedHat Support documentation, listed at end of this document). However, not all officially supported
https://www.ibm.com/support/pages/node/6481035 1/8
1/24/22, 10:13 AM IBM Guardium Appliance Technical Requirements 11.4

platforms are guaranteed. Platforms that require additional drivers or specialized post-install configuration are not
supported at this time (see note below).

Note: If a customer has an appliance they know will require additional configuration beyond the standard RedHat
7.9 (64-bit) installation, then that customer should install RedHat 7.9 (64-bit) and record all the installation time
choices and any post-install configuration steps. Send this information to Guardium Technical Services for analysis
and, based on the analysis, they may be able to provide a software update to support this platform.

Deviations from the specifications in this document may result in failure to install the solution, in such cases, the
appliance might not be accessible over the network and IBM Guardium Technical Support engineers will not be
able to assist in troubleshooting and remediation.

Installation on Virtual Appliances

IBM Guardium can be installed on RedHat Enterprise Virtualization, VMware Virtualization, and Microsoft Hyper-V
are supported by Guardium as platforms for a virtualization solution.

Notes:

1. Hardware requirements for the virtual solution are restricted to the platforms supported by VMware. ESX 5.1
higher is the minimum to run Guardium 11.0.

2. When using the virtual solution, the performance of Database Activity Monitoring using over-the-network
inspection through SPAN port or Tap device depends on the configuration of the virtual system, including CPU and
memory dedication.

3. VMware introduces additional complexity. The overall performance and utilization of your Guardium virtual
appliance may vary based on VMware configuration, resource allocation, and/or sizing planning.

Minimum and Recommended Resources per software/virtual appliance

In addition to minimum and recommended resources for typical deployments, recommendations are also provided
for high-load environments such as Teradata clusters, Oracle Exadata, Oracle SuperCluster, or IBM POWER9.  

Resource Required Range * Comments

Physical CPUs Minimum: 4 cores x86 (Intel or AMD) processors required
Recommended: 8 cores

Recommended for high-load

environments: 24 cores

Virtual CPUs Minimum: 4 vCPUs

Recommended: 8 vCPUs

Recommended for high-load

environments: 24 cores

RAM (64-bit) Guardium's features are memory intensive. To take full

Minimum: 24 GB (min) advantage of these features, it is recommended to have
at least 32 GB of RAM and 8-core CPU.
Maximum: motherboard max

https://www.ibm.com/support/pages/node/6481035 2/8
1/24/22, 10:13 AM IBM Guardium Appliance Technical Requirements 11.4

Recommended: 32 GB
For Central Managers in a large federated environment,
the recommended memory is

Recommended for high-load 64 GB.

environments: 64 GB
If using Ecosystem, 34 GB is required.

Ports (NICs) 1-4 Each port can be an actual NIC, or a virtual switch that
1 Gbit or 10 Gbit per can be configured to use multiple NICs, optionally with
failover IP teaming.
second card
Optional: The third port may also be configured to team
recommended
with the primary interface in order to provide failover IP
10 Gbit per second teaming. Alternatively, the last port on the device may
card can be used in be configured as a secondary management interface
64-bit system with with a different IP, NETMASK and GW from the primary.
sufficient memory
When using Inspection Engines to capture traffic (not

S-TAPs) on software appliances, additional ports may

be required.

Multiple network interfaces are supported on: (1) a

Guardium hardware appliance; (2) a customer's
software appliance (the customer installs Guardium
software on their hardware appliance); or (3) VMware
solution with ESX Server.

Disk Size Minimum: 300 GB Use of RAID is recommended.

Maximum:<2 TB RAID-10, RAID-0, RAID-1, RAID 0+1, RAID 1+0 are
supported.
Recommended:
Note: Larger disks may hold more audit records for
Collectors: 300-600 GB
longer periods of time, but are more likely to impact
Aggregators: 600-1000 GB performance.

At least 9 GB of free disk space on the /var partition is

Guardium supports smaller HD required.
disks for integrated data
warehouse configurations, using
datamart interfaces (10.1.3 and
later).
Disk Size >2 TB Beginning with v10.1.2, disk partitions

>2 TB are supported.

However, certain conditions are required:

1. Configure the system into EFI/UEFI mode via the

BIOS.

2. Then install v10.1.2 or later

(a) during which the install should auto-detect the EFI

bios support and use GPT (GUID Partition Tables) that
allow >2 TB partitions.

https://www.ibm.com/support/pages/node/6481035 3/8
1/24/22, 10:13 AM IBM Guardium Appliance Technical Requirements 11.4

(b) Additionally the v10.1.2 install will also use EXT4

partition types by default, and thus avoid the previous
EXT3 file size limitation of <2 TB.

Note: To resize the hard drive of an existing appliance,

the user needs to rebuild their system.

Disk Speed 7200 RPM to 15,000 RPM To use 7200 RPM, scale back the sizing ratio by 70%.
Example: If you are using 7200 RPM disk, which is
slow, you should reduce your sizing by 70%. If your
sizing calls for 10 S-TAPs to a collector, if you are
running with 7200 RPM drives, drop that to 3 S-TAPs to
a collector.

* Refer to IBM configuration tables for physical ranges.

Important: The installation of the software appliance will wipe the disk, repartition and reformat the disk, and install
the IBM Guardium solution as a newly installed operating system.

Refer to the Appliance Installation Guide for step-by-step instructions on configuration and installation. The
separate Appliance Installation Guide also provides information on how to customize the partitioning on the
appliance and how to install on a remote drive (SAN). Installation on a SAN is supported; installation on a NAS is
not supported.

Guardium support for 10G network cards

The 10G network cards must be supported by the appropriate version of RedHat Enterprise Linux (RHEL) (RedHat
7.9 for Guardium v11.0 and up).

Sizing Recommendations

Standard Appliance Specification

There are four configurations of the IBM SR630 shipped by IBM:

· Collector x2364 64-bit

· Aggregator x2364 64-bit

· Collector x3264 64-bit

· Aggregator x3264 64-bit

Note: In general, hardware specifications and configuration should follow manufacturers' best-practices to optimize
performance. For example on the topic of memory configuration, make sure that the DIMMs are both balanced and
matched, otherwise you will not take advantage of the full capacity of the appliance.

Collector x2364 64-bit (4571-G2C)

Quantity Description

1 ThinkSystem SR630 2.5" Chassis with 8 Bays

https://www.ibm.com/support/pages/node/6481035 4/8
1/24/22, 10:13 AM IBM Guardium Appliance Technical Requirements 11.4

2 Intel Xeon Silver 4210 10C 85W 2.2GHz Processor

4 ThinkSystem 32GB TruDDR4 2666 MHz (2Rx4 1.2V) RDIMM

1 ThinkSystem RAID 930-8i 2GB Flash PCIe 12Gb Adapter

1 ThinkSystem SR530/SR630/SR570 2.5" SATA/SAS 8-Bay Backplane

1 ThinkSystem 10Gb 4-port Base-T LOM

1 ThinkSystem Intel X710-DA2 PCIe 10Gb 2-Port SFP+ Ethernet Adapter

2 SFP+ SR Transceiver

1 ThinkSystem SR530/SR570/SR630 x8/x16 PCIe LP+LP Riser 1 Kit

1 ThinkSystem SR530/SR570/SR630 x16 PCIe LP Riser 2 Kit

1 ThinkSystem XClarity Controller Standard to Enterprise Upgrade

2 ThinkSystem 750W (230/115V) Platinum Hot-Swap Power Supply

2 2.0m, 13A/100-250V, C13 to C14 Jumper Cord

1 ThinkSystem Toolless Slide Rail Kit with 1U CMA

4 2.5" 1.2TB 10K SAS 12Gb Hot Swap HDD

Aggregator x2364 64-bit (4571-G3C)

Quantity Description

1 ThinkSystem SR630 2.5" Chassis with 8 Bays

2  Intel Xeon Silver 4210 10C 85W 2.2GHz Processor

4 ThinkSystem 32GB TruDDR4 2666 MHz (2Rx4 1.2V) RDIMM

1 ThinkSystem RAID 930-8i 2GB Flash PCIe 12Gb Adapter

1 ThinkSystem SR530/SR630/SR570 2.5" SATA/SAS 8-Bay Backplane

1 ThinkSystem 10Gb 4-port Base-T LOM

1 ThinkSystem Intel X710-DA2 PCIe 10Gb 2-Port SFP+ Ethernet Adapter

2 SFP+ SR Transceiver

1 ThinkSystem SR530/SR570/SR630 x8/x16 PCIe LP+LP Riser 1 Kit

1 ThinkSystem SR530/SR570/SR630 x16 PCIe LP Riser 2 Kit

1 ThinkSystem XClarity Controller Standard to Enterprise Upgrade

2 ThinkSystem 750W (230/115V) Platinum Hot-Swap Power Supply

https://www.ibm.com/support/pages/node/6481035 5/8
1/24/22, 10:13 AM IBM Guardium Appliance Technical Requirements 11.4

2 2.0m, 13A/100-250V, C13 to C14 Jumper Cord

1 ThinkSystem Toolless Slide Rail Kit with 1U CMA

4 2.5" 1.2TB 10K SAS 12Gb Hot Swap HDD

Collector x3264 64-bit (4571-G4C)

Quantity Description

1 ThinkSystem SR630 2.5" Chassis with 8 Bays

2 Intel Xeon Gold 5217 8C 85W 3.0GHz Processor

4 ThinkSystem 32GB TruDDR4 2666 MHz (2Rx4 1.2V) RDIMM

1 ThinkSystem RAID 930-8i 2GB Flash PCIe 12Gb Adapter

1 ThinkSystem SR530/SR630/SR570 2.5" SATA/SAS 8-Bay Backplane

1 ThinkSystem 10Gb 4-port Base-T LOM

1 ThinkSystem Intel X710-DA2 PCIe 10Gb 2-Port SFP+ Ethernet Adapter

2 SFP+ SR Transceiver

1 ThinkSystem SR530/SR570/SR630 x8/x16 PCIe LP+LP Riser 1 Kit

1 ThinkSystem SR530/SR570/SR630 x16 PCIe LP Riser 2 Kit

1 ThinkSystem XClarity Controller Standard to Enterprise Upgrade

2 ThinkSystem 750W (230/115V) Platinum Hot-Swap Power Supply

2 2.0m, 13A/100-250V, C13 to C14 Jumper Cord

1 ThinkSystem Toolless Slide Rail Kit with 1U CMA

4 2.5" 1.2TB 10K SAS 12Gb Hot Swap HDD

Aggregator x3264 64-bit (4571-G5C)

Quantity Description

1 ThinkSystem SR630 2.5" Chassis with 8 Bays

2 Intel Xeon Gold 5217 8C 85W 3.0GHz Processor

8 ThinkSystem 32GB TruDDR4 2666 MHz (2Rx4 1.2V) RDIMM

1 ThinkSystem RAID 930-8i 2GB Flash PCIe 12Gb Adapter

1 ThinkSystem SR530/SR630/SR570 2.5" SATA/SAS 8-Bay Backplane

1 ThinkSystem 10Gb 4-port Base-T LOM

https://www.ibm.com/support/pages/node/6481035 6/8
1/24/22, 10:13 AM IBM Guardium Appliance Technical Requirements 11.4

1 ThinkSystem Intel X710-DA2 PCIe 10Gb 2-Port SFP+ Ethernet Adapter

2 SFP+ SR Transceiver

1 ThinkSystem SR530/SR570/SR630 x8/x16 PCIe LP+LP Riser 1 Kit

1 ThinkSystem SR530/SR570/SR630 x16 PCIe LP Riser 2 Kit

1 ThinkSystem XClarity Controller Standard to Enterprise Upgrade

2 ThinkSystem 750W (230/115V) Platinum Hot-Swap Power Supply

2 2.0m, 13A/100-250V, C13 to C14 Jumper Cord

1 ThinkSystem Toolless Slide Rail Kit with 1U CMA

8 2.5" 1.2TB 10K SAS 12Gb Hot Swap HDD

Lenovo SR630 (M6) System Firmware Version (or higher):

LXPM = 2.00 (PDL128K)

XCC = 5.40 (CDO364M)

UEFI = 2.80 (IVE164L)

RAID 930 = 51.13.0.3427

Fix Central link: SR630 (M6) Firmware

(https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%252BSecurity&product=ibm/Information+Management/InfoSphere+Guar

dium&release=All&platform=All&function=fixId&fixids=Guardium_FirmwareUpdate_SR630_USB_v3-10,Guardium_FirmwareUpdate_SR630_D

VD_v3-10,Change-logs_SR630_v3-10&includeSupersedes=0&source=fc)

More Information

For more information, go to the following online resources:

IBM Security Guardium home page: http://www.ibm.com/software/data/guardium/

(http://www.ibm.com/software/data/guardium/)

Technical Support home page:

https://www.ibm.com/mysupport/s/topic/0TO5000000025yoGAA/guardium-data-protection?
language=en_US&productId=01t50000004XIxMAAW
(https://www.ibm.com/mysupport/s/topic/0TO5000000025yoGAA/guardium-data-protection?language=en_US&productId=01t50000004XIxMAA

W)

Deployment Guide for IBM Guardium:

http://www.redbooks.ibm.com/Redbooks.nsf/RedpieceAbstracts/sg248129.html
(http://www.redbooks.ibm.com/Redbooks.nsf/RedpieceAbstracts/sg248129.html)

RedHat hardware compatibility:

http:/www.redhat.com/rhel/compatibility/hardware/

RedHat Enterprise Linux (RHEL) Release notes/ Technical notes

https://www.ibm.com/support/pages/node/6481035 7/8
1/24/22, 10:13 AM IBM Guardium Appliance Technical Requirements 11.4

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/
(https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/)
Document Information
More support for:

IBM Security Guardium (https://www.ibm.com/mysupport/s/topic/0TO5000000025yoGAA)

Software version:

All Version(s)

Document number:

6481035

Modified date:

17 September 2021

https://www.ibm.com/support/pages/node/6481035 8/8