Previous Topic: CA Audit ArchitectureNext Topic: Integrated Architecture


CA User Activity Reporting Module Architecture

The following illustration shows a basic two-server CA User Activity Reporting Module implementation:

This diagram shows a CA Enterprise Log Manager collection server receiving events directly from syslog devices, and from an agent on a host that is also receiving events from a variety of event sources.

A CA User Activity Reporting Module system can have one or more servers, where the first installed server is the management server. There can be no more than one management server in a system, but you can have multiple systems. The management server maintains content and configuration for all CA User Activity Reporting Module servers and performs user authorization and authentication.

In a basic two-server implementation, the management server also performs the role of a reporting server. A reporting server receives refined events from one or more collection servers. The reporting server handles on demand queries and reports as well as scheduled alerts and reports. The collection server refines collected events.

Each CA User Activity Reporting Module server has its own internal event log store database. The event log store is a proprietary database that uses compression to enhance storage capacity, and to allow queries of active database files, files marked for archival, and defrosted files. No relational DBMS package is required for event storage.

The collection CA User Activity Reporting Module server can receive events directly using its default agent, or from an agent residing on the event source. Agents can also reside on a host that acts as a collector for other event sources in the network as for a VPN concentrator or router host.

Solid lines in this diagram represent event flows from event sources to agents to the collection server to the reporting role of the management/reporting server. The dashed lines show configuration and control traffic between the CA User Activity Reporting Module servers and from the management role of the management/reporting server to the agents. You can use any CA User Activity Reporting Module server in the network to control any agent in the network, so long as the CA User Activity Reporting Module servers were registered with the same application instance name in management server during installation.

Agents use connectors (not shown) to collect events. A single agent can manage several connectors to collect multiple, different types of events at the same time. This means that a single agent deployed on an individual event source can collect different types of information. The CA User Activity Reporting Module server also offers listeners that allow event collection from other CA Technologies applications using the existing iRecorder and SAPI recorders from your CA Audit network.

You can federate CA User Activity Reporting Module servers to scale your solution and to share reporting data between them without having that data transported out of bounds. This can give you a network-wide view of compliance while still following regulations about maintaining physical data locations.

Subscription updates to predefined queries and reports mean that you no longer have to maintain queries and reports manually. Supplied wizards allow you to create your own custom integrations for third-party devices and applications not yet supported.