Professional Documents
Culture Documents
Copyright Notice This manual is Copyright DataMirror Corporation 1996-2004. All rights reserved. No part of this manual may be reproduced, distributed or transmitted, in whole or in part, in paper, electronic or any other form or by any means other than as expressly permitted in the applicable DataMirror Software License Agreement or Software License and Maintenance Agreement, or as otherwise expressly permitted by DataMirror Corporation. DataMirror reserves the right to revise this manual and make periodic changes to its content without obligation on DataMirrors part to notify any person of such revisions or changes. DataMirror does not assume responsibility for the use of the manual. DataMirror software products contain valuable trade secrets and proprietary information and are protected by Canadian, United States and international copyright and other intellectual property laws and treaties. Unauthorized use of the manual or DataMirror software products is strictly prohibited and may result in civil damages and criminal prosecution. See the applicable DataMirror Software License Agreement or Software License and Maintenance Agreement for additional information. Trademark Notice Constellar, Data From Where It Is To Where It Needs To Be, DataMirror, DataMirror DB/XML Transform, DataMirror DB/XML Vision, DataMirror Synapse Mobility, DataMirror Transformation Server, dbMirror, Enterprise Administrator, HA Suite, High Availability Suite, iCluster, iCluster for EMC Symmetrix, iDeliver, iReflect, iTransmit, JobScheduler, ObjectMirror, QuickMarts, Pervasive Gateway, SwitchOver System, The experience of now, Transformation Server, and XtremeCache are trademarks or registered trademarks of DataMirror Corporation and may not be used without the express written permission of DataMirror Corporation. This list of trademarks may not be complete; other trademarks or registered trademarks may be owned by DataMirror from time to time and may be used in this manual. Names, products and services of other companies may be mentioned in DataMirror manuals and are the trademarks or registered trademarks of their respective owners. LiveAudit - Concepts Guide DataMirror Corporation 29 April 2004
Table of Contents
Table of Contents
Chapter 1 Introduction ........................................................................................................................1 1.1 About This Document........................................................................................................ 2 1.2 Documentation Conventions ............................................................................................. 2 1.3 Documentation .................................................................................................................. 2 1.4 Training and Education ..................................................................................................... 3 1.5 Online Information and Technical Support........................................................................ 3 1.6 Contacting DataMirror ....................................................................................................... 3 Chapter 2 LiveAudit Overview ...........................................................................................................5 What is LiveAudit? .................................................................................................................. 6 2.1 History of LiveAudit ........................................................................................................... 6 2.2 Why You Need LiveAudit .................................................................................................. 6 2.3 How LiveAudit Works ........................................................................................................ 9
2.3.1 Platform Availability for LiveAudit.......................................................................................... 10 2.3.2 Database Availability for LiveAudit........................................................................................ 10 2.3.3 Database Security with LiveAudit ......................................................................................... 11 2.3.4 Selecting Tables for the Audit Trail System.......................................................................... 13 2.3.5 Row Selection Expressions .................................................................................................. 14 2.3.6 Column Selection and Adding Additional Columns .............................................................. 15 2.3.7 Journal Control Fields ........................................................................................................... 16 2.3.8 Enabling LiveAudit ................................................................................................................ 17 2.3.9 Capturing Database Changes............................................................................................... 17 2.3.10 Testing the Audit Trail System ............................................................................................ 19
DataMirror Corporation
iii
Table of Contents
Appendix A - Key Features of LiveAudit ........................................................................................23 A.1 Key Features and Benefits of LiveAudit.......................................................................... 24 Appendix B - Systems Supported by LiveAudit ............................................................................26 B.1 Supported Databases (Native) ....................................................................................... 27 B.2 Supported Operating Systems........................................................................................ 27 B.3 Supported Hardware Platforms ...................................................................................... 27 Index....................................................................................................................................................29
DataMirror Corporation
iv
Chapter 1 - Introduction
Chapter 1 Introduction
This chapter contains a brief introduction to the LiveAudit solution, and general information about this document and other LiveAudit documentation. LiveAudit training and educational opportunities as well as DataMirror contact information are also provided.
DataMirror Corporation
Chapter 1 - Introduction
1.3 Documentation
See the following DataMirror documentation for more information about LiveAudit: Enterprise Administrator for Transformation Server - User Manual. Contains information about the functions supported through the Enterprise Administrator and Access Manager applications. Note that most Transformation Server User Manuals (multiple platforms) also contain information about implementing LiveAudit. You can find the following technical White Papers and Business Resources on the DataMirror web site: http://www.datamirror.com/. Contact DataMirror if you need assistance in locating these documents: See the following White Papers (PDF format) on the DataMirror web site: ABCs of E-Records Management Technical White Paper: This document is an introduction to the automation of business processes through e-Records. The business advantages of employing DataMirrors LiveAudit solution are also discussed.
DataMirror Corporation
Chapter 1 - Introduction
HIPAA Compliance: Privacy and Security Best Practices and Solutions Technical White Paper. This document discusses the details of the Health Insurance Portability and Accountability Act of 1996, and how to use LiveAudit to become HIPAA compliant. 21 CFR Part 11 Compliance: Solutions and Best Practices Technical White Paper. This document discusses the details of the Food and Drug Administrations 21 Code of Federal Regulations (CFR) Part 11: Electronic Records, Electronic Signatures, and how to use LiveAudit to become FDA-compliant. Implications of Basel II on Financial Services - Technical White Paper. This document discusses the implications for IT departments in the financial services sector of increased regulatory demands for operational resilience.
See the following Business Resources (PDF format) on the DataMirror web site: LiveAudit Fact Sheet: Protect and monitor the security of your data assets. 21 CFR Part 11 Compliance: Cost-effective compliance with FDA e-Records regulations. HIPAA-Compliant Privacy, Security, and Transaction Solutions: Privacy, security and transaction solutions for HIPAA compliance and beyond. Basel II Compliance Fact Sheet: Integrate, protect and audit data for heightened riskmanagement and Basel II compliance.
For more information on LiveAudit, Transformation Server, and other DataMirror products, visit DataMirrors web site at http://www.datamirror.com/.
DataMirror Corporation
Chapter 1 - Introduction
DataMirror Corporation
DataMirror Corporation
What is LiveAudit?
LiveAudit is an out-of-the-box solution that captures database information generated by virtually any software application with no programming required. LiveAudit captures all data that is added, changed or deleted from a database to create realtime, secure audit trails that preserve historical information and enable companies to monitor and report on all operational activities. LiveAudit can be used to capture any changes made to an electronic record as well as the identity of the user and the time the change was made. LiveAudit captures changes at the application and database level. The audit trail contains a record of all data that was created, modified or deleted so that user errors or tampering can be easily detected. In the absence of a paper record, the LiveAudit database may provide the only proof that an electronic record was ever modified or deleted.
DataMirror Corporation
Action Make Calibrate Eqmt Test Initiated Test Result: Fail Particles Found Bottle Ship
1000 1000
Action Make Calibrate Eqmt Test Initiated Test Result: Pass Bottle Ship
In the example in Figure 1, the test passed after it was re-done on the same batch. Without LiveAudit, a record in the application database is updated, but there is no historical record of this update in the resultant database. In Figure 2, a record is deleted from an application database:
DataMirror Corporation
Action Make Calibrate Test Eqmt Test Initiated Test Result: Particles Found Bottle Ship
Figure 2 - Deleting a Database Record Without LiveAudit The Delete (Figure 2) is performed on the Test Result row (circled in Figure 2). The database is now missing the information about the test result, and there is no historical record of this change in the resultant database. LiveAudit addresses this loss of historical information by capturing all data that is added (Insert), changed (Update), or deleted (Delete) in a database to create real-time audit trails that allow companies to monitor and report on all operational activities. As shown in Figure 1 and Figure 2, historical database information is lost as data is added, changed, or deleted in a database. LiveAudit preserves this historical information in a separate database (Figure 3):
DataMirror Corporation
Application Database
Product ID Drug001 Drug001 Drug001 Drug001 Drug001 Drug001 Action Make Calibrate Test Eqmt Test Initiated Test Result: Passed Bottle Ship Qty 1000 1000 1000 1000
LiveAudit Database
Date/ Time 05/31/01-0800 05/31/01-1300 05/31/01-1500 06/01/01-0800 06/01/01-0900 06/01/01-1100 06/02/01-0800 06/01/01-1600 06/05/01-0800 Actn User I jwalker I jwalker I jwalker I jwalker D U U I I jwalker swilson swilson jwalker jwalker Product ID Drug001 Drug001 Drug001 Drug001 Drug001 Drug001 Drug001 Drug001 Drug001 Mfg Action Qty Make Calibrate Test Eqmt Test Initiated Test Result: 1000 Particles Found Particles Found Test Initiated Test Result: Pass Bottle Ship 1000 1000
As Figure 3 illustrates, Inserts, Updates, and Deletes are preserved in the LiveAudit database. See Section 2.3 - How LiveAudit Works for some additional technical details about how LiveAudit works.
DataMirror Corporation
2.3.1 Platform Availability for LiveAudit LiveAudit supports many different platforms (Figure 4):
LiveAudit provides a unified interface for working with different types of databases on different platforms. Intra and inter-system auditing is possible with LiveAudit. Audit trail tables may reside on the same system or a different system than the originating database. LiveAudits architecture is flexible enough that a single source database can be audited into two identical sets of audit trail tables on different systems. See Section B.2 - Supported Operating Systems for more information on the operating systems supported by LiveAudit. 2.3.2 Database Availability for LiveAudit LiveAudit supports many different native databases (Figure 5):
DataMirror Corporation
10
The database access parameters in LiveAudit are specific for the database type that you select (Figure 5), making it easier to implement your Audit Trail System. LiveAudit works at the database level (auditing is done at the database level). For this reason, it does not matter what application you are using to make changes. You can use any reporting tool that interfaces with any database on any platform. All information is tracked. See Section B.1 - Supported Databases (Native) for more information on the databases supported by LiveAudit. 2.3.3 Database Security with LiveAudit The ability to audit data relies on the fact that users are logged into a database, either through an application or otherwise. LiveAudit uses this native database log in information to track the user that makes changes to the data. Within LiveAudit, the security for the LiveAudit administrator is managed by using a native database log in. This takes advantage of the built-in security features of a particular database and is controlled by the database administrator(Figure 6):
DataMirror Corporation
11
LiveAudit also allows you to control the users that have access to your audit trail solution (Figure 7):
LiveAudit stores database user names and passwords in an encrypted state for connecting to a database. You can set up user profiles and specify the servers that the users can access. External reporting tools can be used with LiveAudit since it works at the database level, not the application level. Once the data is flowed to the audit table(s), the flexibility of the system allows any standard reporting tool capable of accessing information from a relational database to create reports based on the audit table(s). Enhanced security measures allow you to set options that give you better control over the password definition and access to a specific user account. Some of the features that are available include password definitions, password history, user account locking, password expiry,
DataMirror Corporation
12
new user account expiry, log in messages, and new user passwords. The following dialog allows you to set the security settings for your Audit Trail System (Figure 8):
See the Enterprise Administrator for Transformation Server - User Manual for more information on the security settings available for LiveAudit. After you have arranged access to your database, the next step is to select the tables that will be included in your Audit Trail System. 2.3.4 Selecting Tables for the Audit Trail System The LiveAudit solution makes use of a publication server/system and a subscription server/system that allows you to audit data and determine which tables are included in the audit trail. With the publication server/system, you can define the database tables that will be included in the audit trail. With the subscription server/system, you can define the relationship between the original tables (publication) and the audit tables or destination tables (subscription). Figure 9 illustrates how you can select (or de-select) the tables from the publication server/system that you want to include in your audit trail. You can select tables from different databases on the publication server/system (Available Tables in Figure 9):
DataMirror Corporation
13
The tables to be included in the Audit Trail System are now grouped together under Selected Tables (Figure 9). Once selected, these tables can be set up to keep track of delete, insert, update, and clear events. Auditing can be enabled or disabled individually for each table assignment. This means that you can choose the tables that will be included in the audit trail. Native database access rules are enforced. The tables that are available to the user are based on database access rules. 2.3.5 Row Selection Expressions LiveAudit includes functionality that allows the filtering of rows in the database with the row selection expression feature (Figure 10):
DataMirror Corporation
14
Rows containing sensitive or unnecessary data can be removed. Row selection is based on creating a simple expression that tests the value of a specific column in the database table. You can also verify that the row selection expression you have entered is valid. The procedures described in this section may not adhere to the auditing requirements in your organization. These features are optional and do not have to be implemented as part of your Audit Trail System. 2.3.6 Column Selection and Adding Additional Columns LiveAudit allows you to select or omit the columns that you want to include in your Audit Trail System with the column selection feature (Figure 11):
DataMirror Corporation
15
Columns containing sensitive or unnecessary data can be removed from your Audit Trail System. The procedures described in this section may not adhere to the auditing requirements in your organization. These features are optional and do not have to be implemented as part of your Audit Trail System. 2.3.7 Journal Control Fields Journal control fields convey information about changes to your database by inserting a twocharacter code into additional columns that have been added to the LiveAudit database (Figure 12):
DataMirror Corporation
16
You can accommodate the journal code in each audit record by adding additional columns to the LiveAudit database. Some common journal control codes used are &ENTTYP (what kind of change was made), &USER (who made the change), and &TIMSTAMP (when the change was made). Other journal control fields can be used to attach additional information to an audit record. See the Enterprise Administrator for Transformation Server - User Manual for more information on journal control fields and LiveAudit. 2.3.8 Enabling LiveAudit In order to enable LiveAudit for your Audit Trail System, you will have to define user exits to audit all actions. You can select the Audit option for Clear Table, SQL Delete, and SQL Insert (Figure 13). If you select the Audit: before & after images option for the SQL Update (Figure 13), the Audit Trail System will record two entries per update into the LiveAudit database, while the Audit: after image only option will only record one entry per update into the LiveAudit database.
See the Enterprise Administrator for Transformation Server - User Manual for more information about enabling LiveAudit. 2.3.9 Capturing Database Changes To begin capturing database changes with the Audit Trail System, you can choose the appropriate settings for the Replication Method and Subscribed Table Status on the Subscribed Table Properties dialog box (Figure 14):
DataMirror Corporation
17
If you only want to record changes in your audit tables, select the Mirror option for the Replication Method, and Active for the Subscribed Table Status. In general, the options you select for this dialog box and Figure 13 will depend on a number of factors such as the number of transactions that you will be mirroring. Selecting the Refresh option for the Subscribed Table Status will result in an increase in the amount of transactions that are mirrored. This option gives a point-in-time snapshot of the data. With this setting, the Audit Trail System will contain all the data in the dataset. Mirroring indicates that you want to immediately replicate any changes made to a database table (continuous mirroring) or accumulate these table updates and replicate these changes at a later time (net change mirroring) to the LiveAudit database (Figure 15):
You can choose between continuous and net change mirroring when you start replication.
DataMirror Corporation
18
During continuous mirroring, LiveAudit remains in a wait mode. As changes occur on the publication table, they are propagated in real time to the subscription tables. Some minor delays may occur if there is heavy network traffic, but otherwise the subscription database is kept accurate on a minute-by-minute basis. As a result, continuous mirroring is appropriate for implementations where changes are needed immediately on the subscription database. Net change mirroring is identical in function to continuous mirroring with the exception that mirroring activity automatically terminates when LiveAudit detects that no further changes have to be mirrored. In most cases, it is not necessary to select the End Mirroring function. LiveAudit accumulates updates until the next time that net change mirroring is initiated. Net change mirroring is designed to be run at regular intervals, typically by being added to a system scheduling facility (for example, cron in UNIX). You can schedule net change mirroring for offpeak periods when network traffic is less congested. However, if you need to make updates available as soon as possible, you should use continuous mirroring. See the Enterprise Administrator for Transformation Server - User Manual for more information about net change mirroring and continuous mirroring. 2.3.10 Testing the Audit Trail System Before testing the Audit Trail System, you should make sure that you have selected the appropriate journal controls. See Section 2.3.7 - Journal Control Fields on page 16 for more information. To test LiveAudit, update a source record in the native database with a SQL statement and then verify the SQL update in the audit table. For every SQL update of a source record, there should be a corresponding two-character journal code inserted into the LiveAudit database.
DataMirror Corporation
19
DataMirror Corporation
20
DataMirror Corporation
21
3.1.5 Corporate and Public Security An organizations databases may contain sensitive and confidential information that must be monitored and tracked to ensure security. LiveAudit provides historical audit trails that can be used to improve the overall security of information systems maintained by public and private sector organizations. LiveAudit monitors all updates and deletes made at the database level and then creates an audit trail of this information which can then be easily retrieved and reviewed by internal auditors, security staff or federal investigators. 3.1.6 Financial Services To help combat the rise in Internet fraud, banks and brokerage houses must keep detailed records of all online transactions and make them available to investigators. Typically, information that is recorded in a database will overwrite itself when updated or deleted. LiveAudit works at the database level to ensure that all operational activity is tracked and recorded in a chronological event log. This complete historical record can be used to confirm that receipts from sales have been deposited into the appropriate accounts or to ensure accountability for corrections or adjustments. Audit trails of sales, receipts and deliveries can also be used for business reporting, planning and forecasting and to support budget preparations. 3.1.7 Compliance with Sarbanes-Oxley The Sarbanes-Oxley Act of 2002 (SOX) was signed into law to promote corporate responsibility, increase public disclosure, improve the quality and transparency of financial reporting and auditing, and strengthen penalties for securities fraud and other violations. SOX was passed in the wake of Enron and other corporate accounting scandals to prevent the reoccurrence of ethics scandals and other governance issues. SOX outlines internal control requirements that can be satisfied with DataMirrors LiveAudit solution. LiveAudit allows businesses to record and track financial and other disclosure-related information.
DataMirror Corporation
22
DataMirror Corporation
23
Intra and Inter-system Auditing: Audit trail information captured by LiveAudit can either be stored locally, applied to nonlocal systems, or both. Built-in Transformation and Filtering: LiveAudit allows users to translate values, derive new calculated fields, join tables and more. Users can also create, store and retrieve custom data transformations as macros. Row/column selection allows users to limit access to sensitive information or flow user-specific data to particular sites. Multi-platform Support: LiveAudit supports a wide variety of computing platforms and databases including DB2 UDB, Oracle and SQL Server across Microsoft Windows NT/2000/XP, UNIX, Linux, IBM OS/400, OS/390 and z/OS. See Appendix B - Systems Supported by LiveAudit on page 23 for more information.
Multi-platform support gives businesses the option to consolidate and centralize audit trails from disparate systems and diverse geographical locations. Having centralized audit trail information can drastically reduce the cost of maintaining individual electronic systems, resulting in a lower total cost of ownership.
DataMirror Corporation
24
Native Support for Platforms and Databases: LiveAudit generates audit trails based on its native support for various platforms and database systems. LiveAudit is a journalbased solution, and journaling needs to be turned on for any tables that need to be audited. Out-of-the-box Solution: LiveAudit is an out-of-the-box solution that is easy to implement and requires zero programming.
LiveAudits native support capability ensures that the integrity of the audit trail is not compromised. LiveAudit is not affected by errors that may occur when creating an audit trail. In addition, LiveAudit operates at a minimal performance cost, and does not introduce significant overhead to the production system. LiveAudits out-of-the-box functionality significantly reduces implementation timelines. With zero programming, companies dont need to spend a lot of time training staff and dont need to hire expensive programmers. Both features enable companies to quickly, easily, and cost-effectively implement solutions that meet corporate and regulatory mandates. The audit trail table can be used for a wide variety of application integration solutions. You can use the row and column filtering capabilities of LiveAudit to only use data that is important for integration.
Application Integration: LiveAudit can be used as part of a larger application integration solution.
DataMirror Corporation
25
DataMirror Corporation
26
DataMirror Corporation
27
Index
Index
A
access parameters, 12 application integration with LiveAudit, 21 audit tables, 13 available tables, 13 application integration, 25 built-in transformation and filtering, 24 database-level audit trail solution, 24 intra and inter-system auditing, 24 multi-platform support, 24 native support for platforms and databases, 24 out-of-the-box solution, 25 real-time audit trail generation, 24 key features of LiveAudit, 23 knowledge base, 3
B
business solutions, 21
C
column selection and adding additional columns, 15 compliance FDA E-Records regulations (21 CFR Part 11), 21 Health Insurance Portability and Accountability Act, 21 continuous mirroring, 18 copyright notice, ii corporate and public security with LiveAudit, 22
L
LiveAudit application integration, 21 audit trail, 6 available databases, 10, 27 available platforms, 10, 27 before and after images, 17 business benefits, 24 business solutions, 21 capturing database changes, 17 changes to the application database, 6 column selection and adding additional columns, 15 compliance with Sarbanes-Oxley, 22 corporate and public security, 22 database security, 11 definition, 6 deleting a record from a database, 7 E-Business, 21 enabling LiveAudit, 17 environments, 21 FDA E-Records regulations (21 CFR Part 11), 21 financial services, 22 Health Insurance Portability and Accountability Act (HIPAA), 21 history of, 6 how it works, 9 inserts, updates, and deletes, 8 journal control fields, 16 key features, 23 more information, 6 preventing the loss of historical information, 6 real-time audit trails, 8 row selection expressions, 14 security features, 11 security settings, 13 selecting tables, 13 track changes to database records, 6 updating a database record, 7 what is LiveAudit, 6 why you need LiveAudit, 6 LiveAudit database, 9
D
database security, 11 databases LiveAudit, 9 DataMirror technical support Internet information, 3 destination tables, 13
E
E-Business and LiveAudit, 21
F
FDA E-Records regulations (21 CFR Part 11), 21 financial services and LiveAudit, 22
H
Health Insurance Portability and Accountability Act, 21
J
journal control fields, 16
K
key features
DataMirror Corporation
29
Index
N
net change mirroring, 18 notices copyright, ii
U
updating a database record, 7 user properties, 12
P
preventing the loss of historical information, 6
R
real-time audit trails, 8 replication method, 17 row selection expression feature, 14
S
Sarbanes-Oxley (SOX) Act and LiveAudit, 22 start mirroring, 18 subscribed table status, 17 supported databases (Native) IBM DB2 UDB, 27 Microsoft SQL Server, 27 Oracle, 27 Sybase Adaptive Server, 27 supported hardware platforms AlphaServer, 27 HP 9000, 27 IBM eServer, 27 Intel PC, 27 iSeries - AS/400, 27 pSeries - RS/6000, 27 SUN, 27 xSeries - NUMA-Q, 27 zSeries - S/390, 27 supported operating systems AIX, 27 DYNIX/ptx, 27 HP-UX, 27 IBM OS/390 (MVS), 27 IBM OS/400, 27 Linux, 27 Solaris, 27 Tru64, 27 Windows NT/2000/XP, 27 systems supported by LiveAudit databases (Native), 27 hardware platforms, 27 operating systems, 27
T
technical support Internet information, 3 testing the Audit Trail System, 19 trademark notice for iCluster, ii Transformation Server, 6 and LiveAudit, 6 data replication tool, 6 more information, 6
DataMirror Corporation
30
Index
DataMirror Corporation
31
ABOUT DATAMIRROR
DataMirror (Nasdaq: DMCX; TSX: DMC) delivers live, secure data integration and protection solutions that give companies the power to manage, monitor and protect their corporate data in real-time. DataMirrors comprehensive family of solutions enables customers to easily and cost-effectively capture, transform and flow live data throughout the enterprise. DataMirror software unlocks the experience of now by providing the live, secure data access, integration and availability companies require today across all computers in their business. Over 1,800 companies have gone live with DataMirror software. DataMirror is headquartered in Markham, Canada, and has offices around the globe.
HOW TO DO BUSINESS WITH DATAMIRROR North America UK France Germany Hong Kong + + + + 1 800 362 5955 44 (0)20 7633 5200 33 (0)1 72 75 73 40 49 6151 8275 0 852 2251 8226
Copyright 2004 DataMirror Corporation. All rights reserved. DataMirror, Transformation Server and The experience of now are trademarks or registered trademarks of DataMirror Corporation. All other brand or product names are trademarks or registered trademarks of their respective companies.