Observeit windows Agent

Download Report

Transcript Observeit windows Agent

Before attending this course, students must have at least 2 years worth or
equivalent knowledge of the following technologies and products:
Managing, maintaining, and securing Microsoft Windows Server 2008/2008 R2,
2012, 2012 R2, including Active Directory and Network Infrastructure server
roles.
Working knowledge of networking, for example, TCP/IP, Domain Name System
(DNS) and DHCP.
Working knowledge of CITRIX XenDesktop 7.X, Internet Information Services
(IIS), and Microsoft SQL Server.
Working knowledge of common management and monitoring tools such as
Microsoft SSCM/SCOM, PSEXEC, or equivalent.
Knowledge in installing, configuring, and administering Microsoft Windows
Server 2008/2008 R2, 2012/2012 R2, and Microsoft Windows XP
Pro/Vista/7/8.
•
•
•
•
•
•
•



















•
•
•
•
•
•
•
•
•
•
•
ObserveIT
ObserveIT_Data
ObserveIT_Archive_1
ObserveIT_Archive_template
ObserveITUser (do not delete or change the password) The user
is responsible for handling the management of the 4 Databases and
runs as a service.
1 – introduction
2 - Prerequisites & System
Requirements
3 - One-Click Installation
5.11 – Installation ObserveIT
Agent on CentOS
5.12 – Installation ObserveIT
Agent on Ubuntu
•
•
•
•
•
•
•
•
•
•
•
•
4. Basic Use Cases
4. 1
4.2
5.13
5.14
Simulating User Activity
Auditing the User Activity
Simulate User Activity on Unix
View Linux Recorded Session
•
•
•
•
• 1 Application Server (2 for HA).
• Recommended to use a database on a separate server from the
Application Server, but it is OK to have them together.
• SQL production database disk for user-activity logs: 390 GB ultra-fast disk
IOPS (for the current month).
• SQL production database or file system storage disk for graphical images:
1 TB ultra-fast disk IOPS (for each archived month).
• Note - for longer data rotation, please user the built-in archive
mechanism that can be stored according to your needs online or offline.
Agent
HTTP Traffic
HTTP Traffic
Agent
“All in one”
Database Server
Application Server
Web Console
Agent
ObserveIT Admin
• 2 Application Servers (3 for HA) with load balancing.
• Database server must be on separate server from the Application Server.
• SQL production database disk for user-activity logs: 780 GB ultra-fast disk
IOPS (for the current month).
• SQL production database or file system storage disk for graphical images:
2 TB ultra-fast disk IOPS (for each archived month).
• Note - for longer data rotation, please use the built-in archive mechanism
that can be stored according to your needs online or offline.
• Recommendation: The ObserveIT Application Servers should
communicate with a central clustered Microsoft SQL Server Enterprise
Edition 2008 or higher.
Agent
HTTP Traffic
Agent
SQL Traffic
Application Server
Web Console
Database Server
HTTP Traffic
Agent
RAID
network
File System
ObserveIT Admin
• 4 Application Servers (5 for HA) with load balancing.
• Database Server must be on separate server from the application server.
• SQL Production database disk for user-activity logs: 1.5 GB ultra-fast disk
IOPS (for the current month).
• SQL Production database or file system storage disk for graphical images:
4 TB ultra-fast disk IOPS (for each archived month).
• Note – for longer data rotation, please use the built-in archive
mechanism that can be stored according to your needs online or offline.
• Requirement: The ObserveIT Application Servers should communicate
with a central clustered Microsoft SQL Server Enterprise Edition 2008 or
higher (enterprise recommended).
DNS Records:
oitsrv A 192.168.100.11
oitsrv A 192.168.100.12
Round Robin enabled and
record cache set to 0
DNS Server
Agent
SQL
192.168.100.11
Active Application Server 1
SQL Traffic
SQL
Agent
HTTP Traffic
MS SQL Failover Cluster
192.168.100.12
Agent
Active Application Server 2
DNS Records:
oitsrv A 192.168.100.11
oitsrv A 192.168.100.12
Round Robin enabled and
record cache set to 0
DNS Server
Agent
SQL
192.168.100.11
HTTP Traffic
Active Application Server 1
SQL Traffic
SQL
Agent
MS SQL Failover Cluster
192.168.100.12
Agent
Active Application Server 2
Load Balancing Cluster
RAID
network
File System
Corporate Servers
SSH
PuTTY
(no agent installed)
MSTSC
Gateway
Server
Corporate Desktops
Internet
(no agent installed)
ObserveIT
Agent
Remote and local users
Corporate Servers
(no agent installed)
ObserveIT
Management Server
Corporate Servers
SSH
PuTTY
(no agent installed)
MSTSC
Gateway
Server
Corporate Desktops
Internet
(no agent installed)
ObserveIT
Agent
Remote and local users
Direct login
(not via gateway)
Sensitive production servers
(agent installed)
ObserveIT
Management Server
PUPM Server
10.2.56.78
User desktop Machine
10.2.56.74
Login to this machine only
ObserveIT
Agent CAB
Transfer
Machine “17” is in “My
Privileged Accounts” list in
the PUPM server
RDP to 10.2.3.17
OIT Server 10.2.56.76
Contains the
Test W2012 machine
installation CAB
10.2.3.17
•
•
•
•
LDAP Traffic
(TCP 389)
Windows Server
2003/2008
Domain Controller
Agent
HTTP Traffic
SQL Traffic
Agent
Application Server
Web Console
Database Server
HTTP Traffic
Agent
ObserveIT Admin
• Windows Agent
• Unix/Linux Agent
• Citrix Agent
•
•
•
Oracle Linux
RHEL/CentOS
Ubuntu
Debian
HP-UX
AIX
Solaris
SLES (SuSE Linux)
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
HTTPS Traffic
or IPSec Tunnel
OASIS standards for WS-Secure
conversation, including Token Exchange,
Digital Signature and Transaction TimeTo-Live limit
Application Server
Web Console
•
•
•
•
•
•
•
•
HTTP Traffic
(by default -TCP 4884)
Application Server
Web Console
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
80
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•