IBM Support

System Requirements for IBM Guardium v9.5

Product documentation


This document summarizes the recommended hardware and supported databases and operating system platforms for Guardium v9.5 (v9.0 patch 700).


The Guardium products related to the specifications are: Database Activity Monitor; Advanced Compliance Workflow Automation; Enterprise Integrator; Vulnerability Assessment (VA), Entitlement Reports, Data-Level Access Control; and, Central Manager and Aggregator.

Cross-Platform Security

Guardium’s cross-platform solution is ideal for heterogeneous environments because it supports all major DBMS data sources and protocols running on all major operating systems.

Not all functionality is available in all configurations. For more information, contact an IBM Security Sales Representative at:

This table shows all data sources and versions currently supported in v9.5.

Data source Supported Versions
Oracle (including ASO/SSL) 9i, 10g (r1, r2), 11gR1, 11gR2, 12.1 (12.1 Restrictions: Monitoring support for Windows, Linux, Solaris, HP-UX, AIX only. No support for SSL encryption. ASO support available only on AIX, Solaris, Linux and HP-UX.) UID chain not supported for Oracle ASO encrypted sessions from ATAP.

Guardium Classifier will work with Oracle 12.1 open source driver.

Oracle RAC (including ASO/SSL) 10g, 11g, 11gR2, 12.1 (12.1 Restrictions: Monitoring support for Windows, Linux, Solaris, HP-UX, AIX only. No support for SSL encryption. ASO support available only on AIX, Solaris, Linux and HP-UX.) UID chain not supported for Oracle ASO encrypted sessions from ATAP.
Oracle Exadata (including ASO/SSL) 11gR2, 12.1 (12.1 Restrictions: Monitoring support for Windows, Linux, Solaris, HP-UX, AIX only. No support for SSL encryption. ASO support available only on AIX, Solaris, Linux and HP-UX.) UID chain not supported for Oracle ASO encrypted sessions from ATAP.
Microsoft SQL Server MS SQL Cluster, 2005, 2008, 2008 R2, 2012, 2014, 2016 (Windows Platform only)
(Note: The "Always Encryption" option in MS SQL Server 2016 is supported, except for the Redact (scrub) function. For the Redact (scrub) function within MS-SQL Server 2016, Guardium can parse SQL statements but the encrypted columns cannot be read).
Microsoft SharePoint 2007, 2010
IBM DB2 (Linux, UNIX) 9.1, 9.5, 9.7, 10.1, 10.5 (including BLU acceleration)
IBM DB2 (Windows) 9.1, 9.5, 9.7, 10.1, 10.5
IBM DB2 Purescale 9.8, 10.1, 10.5
IBM PureData System for Transactions
IBM PureData System for Operational Analytics
IBM PureData Systems for Analytics
IBM DB2 for z/OS 10, 11, 12

S-TAP Prerequisites for DB2 for z/OS V12:

Version 10 S-TAP: PTF UI36827 (APAR PI58287); Version 9.1 S-TAP PTF UI36830 (APAR PI58287); Version 9.0 S-TAP does not support DB2 for z/OS v12.

Common Collector (CQC 1.1) requires PTF UI36781 (APAR PI58175).

For more information on S-TAP and collector level compatibility, see:

IBM DB2 for i 6.1, 7.1, 7.2
IMS 11, 12, 13
VSAM see OS version support, part of z/OS (not separately versioned)
IBM Informix 11.50, 11.70, 12.10
Sun MySQL and MySQL Cluster 5.0, 5.1, 5.5, 5.6
Sybase ASE 15.7 (SSL encryption supported excluding HP-UX, SunOS-5.10-i386_64, and SunOS-5.11-i386_64.)

Guardium Client IP and Analyzed Client IP are not supported in Sybase encrypted traffic.
Sybase IQ 15.0, 15.1, 15.2, 15.3, 15.4, 16 (Sybase IQ does not support SSL for any platform)
IBM Netezza 4.6, 4.6.8, 5,0, 6.0, 6.02, 7.0, 7.1, 7.2
PostgreSQL 8, 9, 9.1, 9.2
Teradata 12, 13, 13.10, 14, 14.10, 15, 15.10 - Supported by UNIX/Linux only
IBM InfoSphere BigInsights 1.4, 2.0, 2.1, 2.1.2, 3.0, 4.0, 4.1, 4.2 - Supported by UNIX/Linux only
Cloudera 3.2, 3.3, 3.4, 4.0, 4.1, 5.0, 5.3 - Supported by UNIX/Linux only
Aster 5, 6 - Supported by UNIX/Linux only
Cassandra 1.2, 3.0, 3.2 - Supported by UNIX/Linux only
CouchDB 1.2.2
Greenplum DB 4.0, 4.1, 4.2, 4.3, 4.3.4 - Supported by UNIX/Linux only
Horton Works 2.1, 2.2 - Supported by UNIX/Linux only
MariaDB 5.5, 5.6, 10.1, 10.1.12 - Supported by UNIX/Linux only
MemSQL 5.1.0 - Supported by UNIX/Linux only
MongoDB 2.0, 2.2, 2.4, 2.6, 3.0, 3.2
MongoDB mgo.v2 2.6.8, 3.2.1, 3.4.2 - Supported by UNIX/Linux only
SAP HANA 1.0 - Supported by UNIX/Linux only
HP Vertica 7.2.3, 8.0, 9.0 - Supported by UNIX/Linux only
Host-Based Monitoring

Unique in the industry, S-TAPs are lightweight software probes that monitor both network and local database protocols (shared memory, named pipes, etc.) at the OS level of the database server. S-TAPs minimize any effect on server performance by relaying all traffic to separate Guardium appliances for real-time analysis and reporting, rather than relying on the database itself to process and store log data. S-TAPs are often preferred because they eliminate the need for dedicated hardware appliances in remote locations or available SPAN ports in your data center.

This table shows all OS platforms and versions for which S-TAPs are currently available.

OS Type Version 32-Bit & 64-Bit
AIX 5.3 Both (Note: DB2 SHM and Informix SHM on 32-bit AIX not supported)
6.1, 7.1 64-Bit
z/OS 2.1.x, 2.2.x
HP-UX 11.11 PA-RISC,
11.23 PA-RISC
11.23 IA-64
11.31 PA-RISC
11.31 IA-64
Red Hat Enterprise Linux (includes
Oracle Linux) +
4, 5, 6, 7 (64-bit only) Both
Red Hat Enterprise Linux for System z + 5.4, 6.x
SuSE Enterprise Linux + 9, 10, 11 Both
SuSE Enterprise Linux for System z + 9, 10, 11
Solaris - SPARC 9, 10, 11 Both
Solaris - Intel 10, 11 10-Both, 11-64-Bit only
Windows Server 2008 R2, 2012, 2012 R2, 2016 Datacenter Edition, 2016 Essentials Edition, 2016 Standard Edition Both
IBM i 6.1, 7.1, 7.2
Ubuntu 10.4 (SP3 & 4), 12.4, 14.4 PostgreSQL only

+ Note: Linux kernels 3.16 and higher (this includes kernels 4.x) are not supported.
* Supports network activity monitoring, local activity via Enterprise Integrator

End of Service

Guardium supports database and operating system versions up to their End-of-Service (EOS), Premier, or Mainstream support end dates. For IBM, they are published in . For other vendors, contact your vendor representative to confirm their support end dates. IBM offers optional extended service support after EOS. Contact your IBM representative for further information. Guardium will support the hardware system it is running on up to the End-of Marketing (EOM) date plus 5 years or end of support date, whichever is sooner.

Flexible Deployment

Guardium is available as a hardware or software offering, ensuring the solution can be easily deployed in a wide variety of environments. As a hardware offering, the solution is delivered with licensed software fully loaded and tested on a physical appliance provided by IBM (hardware appliance), When delivered as a software offering, the solution is delivered as software images ready to be deployed by the user on their own hardware (software appliance), either directly or as virtual appliances. While the software images can be installed on any VMware product, the VMware ESX server is the recommended platform for a virtual solution. VMware only is supported by Guardium.

The following table summarizes major hardware requirements for software appliances. The Guardium solution is designed to work on i86 Intel-based or AMD-based platforms (for example, i686, x86_64). Only platforms and hardware that are officially supported by RedHat Linux 5.11 (32-bit or 64-bit) can be used as Guardium platforms, however, not all officially supported RedHat Linux platforms can be used. Platforms that require additional drivers or specialized post-install configuration are not supported at this time.

Recommended Resources per software/virtual appliance

Resource Required Range* Comments
Physical CPUs 4-16 cores x86 (Intel-based or AMD-based) processors required
Virtual CPUs Minimum 4 vCPUs
RAM (32-bit)

8 GB (min) to 16 GB (max)

Quick search not supported on 32-bit


16 GB (min) to motherboard max

With quick search enabled, it is required to use a minimum of
24 GB

Some of Guardium's newer features are memory intensive. In order to take full advantage of these features, Guardium strongly encourages customers to have a minimum of 24 GB of RAM and a minimum of 4-core CPU.

With quick search enabled, Guardium requires a minimum of 24 GB of RAM and a minimum of 4-core CPU.

Ports (NICs)

1 Gbit per second card recommended

10 Gbit per second caar can be used in 64-bit system with sufficient memory

1-4 Each port can be an actual NIC, or a virtual switch that can be configured to use multiple NICs, optionally with failover IP teaming.

Optional: The third port may also be configured to team with the primary interface in order to provide failover IP teaming. Alternatively, the last port on the device may be configured as a secondary management interface with a different IP, NETMASK and GW from the primary.

When using Inspection Engines to capture traffic (not
S-TAPs) on software appliances, additional ports may be required. Note that this collection method is not applicable for virtual appliances.

Multiple network interfaces are supported on: (1) a Guardium hardware appliance; (2) a customer's software appliance (the customer installs Guardium software on their hardware appliance); or (3) VMware solution with ESX Server.

Disk Size 300 GB to <2 TB Using RAID is recommended.

RAID-0, RAID-1, RAID 0+1, RAID 1+0 are supported.

Note: Larger disks may hold more audit records for longer periods of time, but are more likely to impact performance.

At least 9 GB of free disk space on the /var partition is required.

Disk Speed 7200 RPM to 15,000 RPM With 7200 RPM, scale back the sizing ratio by 70%
DVD Drive 1
* Refer to IBM x2000 high end configuration table for physical ranges (See Software Appliance 9.0 Technical Requirements)

Application Monitoring

InfoSphere Guardium identifies potential fraud by tracking activities of end-users who access critical tables via multi-tier enterprise applications rather than direct access to the database. This is especially important for applications that use connection pooling where all user traffic is aggregated within a few database connections, thereby masking the identity of end-users.

Guardium offers out-of-the-box support for the major off-the-shelf enterprise applications (see table below), and provides built-in tools to configure and add end-user identification for niche application and home-grown applications. Note: for most applications, some basic configuration is needed, to tailor the solution to your environment.

Supported Enterprise Applications Supported Application Server Platforms
(for other enterprise & custom developed applications)
Oracle E-Business Suite IBM WebSphere
PeopleSoft BEA WebLogic
Siebel Oracle Application Server (AS)
SAP JBoss Enterprise Application Platform
Cognos + Others based on customer demand
Business Objects Web Intelligence
+ Others based on customer demand

Document information

More support for: IBM Security Guardium

Software version: 9.0, 9.5

Operating system(s): AIX, HP-UX, Linux, Solaris, Windows, z/OS

Software edition: All Editions

Reference #: 7045286

Modified date: 15 March 2018

Translate this page: