Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2590: Centrify DirectAudit Questions

Auditing and Monitoring Service ,  

12 April,16 at 11:08 AM

Applies to: All versions of Centrify DirectAudit.
 
Questions:
 
1. Is Clustered SQL instance (active-passive) supported?
 
2. Is SAN storage supported?
 
3. For rough planning purposes, and at the highest level of detail, what are the estimated storage requirements for 30 days for one client and 1000 users (average usage)?
 
4. Does Centrify DirectAudit support SQL 2008 and SQL 2012?
 
5. Does Centrify DirectAudit support a DR setup for failover?
 
6. Is Microsoft SQL required when not Auditing Windows systems?
 
7. Is it recommended to have separate servers for collector and database? 
 
8. Can the Collector or SQL server be on a Virtual Machine?
 
9. Are there any drawbacks to using the free SQL Express provided with DirectAudit?
 
10. Will it be difficult to scale a single server solution to a multi-server one in the future if we decide to add hundreds more servers?
 
Answers:
 
1. Yes, Centrify has successfully tested Active Passive clustering configuration for SQL server in the 2.0 version of DirectAudit. 
 
2. Yes, DirectAudit will support all underlying storage options supported by both SQL Server and Windows.
 
Note: Although SanDisk® WORM SD-based storage is gaining popularity, DirectAudit usage is not certified. This is due SQL server notes.
 
3. Please refer to the Centrify DirectAudit administration guide, additionally this excerpt illustrates some collected estimates:
 
 
 
 
 




























4. DirectAudit supports the latest versions of SQL Server down to SQL 2005.
 
The version of SQL Server used must support full-text search.
 
Note: All DirectAudit systems running SQL 2005 must have .NET 2.0 SP1 or later installed; SQL 2008 and SQL 2008 R2 require .NET 3.5 SP1 or later.
 
5. Yes, it can be based on the SQL server architecture, and can also have collectors in the DR site provided proper planning and sizing has been performed. See link for more details
 
http://www.centrify.com/directaudit/howdirectauditworks.asp
 
Additionally database failing over from the master SQL Server to the slave SQL Server has been tested.
 
6. Yes. We use Microsoft SQL database to store the audited user sessions for Windows and Unix/Linux systems. 
 
7. If the number of systems being audited is not high (around 50-100 Unix/Linux systems), you can have a collector and database on the same server.
 
8. Yes. The SQL Server and Collector can be installed on a Virtual Machine.
 
9. The only drawback is the maximum size of database that SQL Express supports (it's limited to 4GB). This means, once the Audit Store database (which stores the audited user sessions) reaches 4GB in size, the customer will have to create a new Audit Store database. We call this "database rotation" and is a standard practice.
 
10. Customer can always add new SQL server to host additional/new Audit Store databases and it is a standard procedure.
 
 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-4105: Questions on Centrify DirectAudit system audited data cache when the collector is not available. articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS articleKB-7419: Is there a way to force Centrify DirectAudit agent to use an alternate krb5.conf other than /etc/krb5.conf? articleKB-4993: Questions about Direct Audit regarding States seen in Audit Analyzer article[How To] find DirectAudit databases and collectors if you do not know where they exist in your environment articleKB-4375: What Firewall ports are needed for the various Centrify DirectAudit components? articleKB-4589: Error codes when installing SQL server bundled with Centrify DirectAudit and Centrify Reporting Services articleKB-0564: How to Collect Debug Logs from a DirectAudit Agent articleKB-1885: How does DirectAudit handle auditing of sesions, login when system is running low/out of disk space