1 of 1 people found this helpful
We have a DEM already in our environment, and are looking to add another.
1 - Rack, cable, and power up the DEM
2 - Configure the Management IP on the DEM via a crash cart
3 - Key the DEM to the ESM
4 - Modify your connection settings to enable ping (personal preference)
NOTE - The DEM does not support the use of the IPMI port for remote lights out management
5 - Work with your LAN/WAN team to configure a SPAN/TAP to replicate traffic destined for your Database Servers (probably based on port usage - i.e. 1433, 1521 > you will need to work with your DBA's to get all of the ports being used) - cable this to the DEM. Note > You can connect the SPAN port to any one of the NIC's (except MGMT1 and IPMI), disregard the whole Trusted/Untrusted labeling on the expansion Ethernet Cards, we have worked directly with the developers in the UK during troubleshooting and they monitor all of the ports.
6 - Tune your DEM, if you are only using SQL and Oracle, disable the other database Policies in Policy Editor > DEM > Database (there are 709 rules - disable things like DB2, Greenplum, Informix, etc) this will help with performance.
7 - Depending on how many Databases you are going to be tracking, and how busy they are, you may want to put them in to different "Priority Groups" within the Database Configuration setup on the DEM. There are 8 Priority Groups possible, and each one spins up a new process to handle the events, so distribute the load, more processes use more CPU's, so rather than hammering one process / cpu, spread it out.
8 - You will then either need to monitor your "New Database Discovered" events, and create them from the Database from their, or if you already know the Database information, you can pre-populate.
NOTE - The data you see in the events is not all of the data, there are no packets captured and saved to the local drive, the Policies are matched in memory and it takes 2 packets to match a given rule (i.e. Oracle Select Statement)
Also, there is a maximum of 255 defined databases per DEM, regardless of the size of the DEM, the larger DEM just allows you to handle more database traffic, not more databases.
If you need to exceed 1GB on your SPAN port, you can split up your data to come in on multiple SPAN ports, SQL traffic to SPAN Port 1, and Oracle Traffic to SPAN port 2, again according to the UK developer, they scan all of the ports for traffic. We have the DEM-4600 which has 2 4-port Ethernet cards, and 4 built-in Ethernet ports, the program actually scans all 12 ports for database traffic.
Thanks rth67! This is really helpful. I will also need to perform an upgrade on the ESM, currently on version 9.5.0. Are you recommending to do the upgrade first and then setup the DEM or connect the DEM first and then do the upgrade of the ESM to the latest version?
You may want to upgrade to 9.6.0 first, we had an issue with our DEM on a previous version where it would not create any events. We had a ticket with support to resolve this issue, they had to get to the Developers to fix it (and re-fix it after upgrades) until we got to 9.6.0
Also, we are on 9.6.0 MR6 and there is still a bug that shows an "Out of Sync" warning on the DEM, it is not affecting anything, just annoying. Support can clear the flag/issue, but it returns later.
Great! I had a feeling it would be better to upgrade first but Support advised to setup the DEM first because according to them when you do the upgrade on the ESM the DEM will be updated also instead of doing a separate update for it. Is this true? Trying to formulate an action plan so things can go smoothly. You know how these things go, you miss a step or the order of steps and you have to troubleshoot 100 different things.
1 of 1 people found this helpful
The DEM has a separate Upgrade File, if you upgrade to 9.6.0 MR? first, then add the DEM, and it is running 9.5.x, it will still allow you to Key the device, but you will get a warning that the software is not on the same version. Upgrade it to the same release as everything else and your good.
The opposite could also be true, if your on 9.5.0 MR? and you add the DEM and it's running a newer release of 9.5.0 or 9.5.2, you will also get the warning about the software version mismatch.
The issue we had with the DEM not showing events was seen when we were running version 9.5.0 MR9, and had to be tweaked to work when upgraded to 9.5.2 as well.
Ok I see, that makes sense.