Applies to: All versions of Centrify DirectAudit.
Questions:
1. Is Clustered SQL instance (active-passive) supported?
2. Is SAN storage supported?
3. For rough planning purposes, and at the highest level of detail, what are the estimated storage requirements for 30 days for one client and 1000 users (average usage)?
4. Does Centrify DirectAudit support SQL 2008 and SQL 2012?
5. Does Centrify DirectAudit support a DR setup for failover?
6. Is Microsoft SQL required when not Auditing Windows systems?
7. Is it recommended to have separate servers for collector and database?
8. Can the Collector or SQL server be on a Virtual Machine?
9. Are there any drawbacks to using the free SQL Express provided with DirectAudit?
10. Will it be difficult to scale a single server solution to a multi-server one in the future if we decide to add hundreds more servers?
Answers:
1. Yes, Centrify has successfully tested Active Passive clustering configuration for SQL server in the 2.0 version of DirectAudit.
2. Yes, DirectAudit will support all underlying storage options supported by both SQL Server and Windows.
Note: Although SanDisk® WORM SD-based storage is gaining popularity, DirectAudit usage is not certified. This is due SQL server notes.
3. Please refer to the Centrify DirectAudit administration guide, additionally this excerpt illustrates some collected estimates:
4. DirectAudit supports the latest versions of SQL Server down to SQL 2005.
The version of SQL Server used must support full-text search.
Note: All DirectAudit systems running SQL 2005 must have .NET 2.0 SP1 or later installed; SQL 2008 and SQL 2008 R2 require .NET 3.5 SP1 or later.
5. Yes, it can be based on the SQL server architecture, and can also have collectors in the DR site provided proper planning and sizing has been performed. See link for more details
http://www.centrify.com/directaudit/howdirectauditworks.asp
Additionally database failing over from the master SQL Server to the slave SQL Server has been tested.
6. Yes. We use Microsoft SQL database to store the audited user sessions for Windows and Unix/Linux systems.
7. If the number of systems being audited is not high (around 50-100 Unix/Linux systems), you can have a collector and database on the same server.
8. Yes. The SQL Server and Collector can be installed on a Virtual Machine.
9. The only drawback is the maximum size of database that SQL Express supports (it's limited to 4GB). This means, once the Audit Store database (which stores the audited user sessions) reaches 4GB in size, the customer will have to create a new Audit Store database. We call this "database rotation" and is a standard practice.
10. Customer can always add new SQL server to host additional/new Audit Store databases and it is a standard procedure.