Previous Topic: Installing CA User Activity Reporting ModuleNext Topic: Create the Installation DVDs


Understanding the CA User Activity Reporting Module Environment

CA User Activity Reporting Module is designed to be up and running in a short time from the start of install to the time that the product is collecting log information and generating reports. You must install the CA User Activity Reporting Module soft appliance on a dedicated system.

Important! Since the CA User Activity Reporting Module server is dedicated to high-performance event log collection, you should not install other applications on the server that hosts it. Doing so could have an adverse affect on performance.

There are a variety of ways that you can configure your environment. We recommend the following, specific configuration to help ensure handling of high event volumes in enterprise environments.

For a basic enterprise-level, production environment, install at least two CA User Activity Reporting Module servers into your existing network. The CA User Activity Reporting Module servers use the existing DNS servers in your network to work with named event sources and agent hosts. One server focuses on collection and the other on reporting of collected event logs. In a two-server environment, the management server you install first takes the role of a reporting server. As management server, it performs user authentication and authorization, and other management functions. The following illustration shows this basic environment with some event sources:

This illustration shows a basic log collection environment with a collection server receiving events from a variety of event sources, and a management server sending configuration and control traffic to both the collection server and agent hosts.

Solid lines in this diagram show event flow from event sources to the collection server, or to an agent host and then to the collection server. You can collect syslog events directly using the default agent on the collection CA User Activity Reporting Module server. You could also configure one or more connectors on a separate agent host to collect from multiple syslog sources (not shown in this diagram).

Windows event collection uses Windows Management Instrumentation (WMI) to monitor Windows servers for their events. This requires that you configure a WMI connector on an agent installed on a Windows host as an event collection point. For some other event types, you may decide to use a standalone CA Technologies iRecorder on a host server.

You can configure and manage the agents and connectors for these event sources from any CA User Activity Reporting Module server in the network. Dashed lines in the diagram represent configuration and control traffic between the management server and agents, and each of the other CA User Activity Reporting Module servers. In the environment represented in this diagram, you perform configurations from the management server. This allows the collection server to focus on processing events.

The log collection environment into which you install CA User Activity Reporting Module servers has the following characteristics: