uCosminexus Application Server Overview

[Contents][Index][Back][Next]

4.3.5 Ensuring the system security by monitoring the system

Since problems such as accounting scandals have been increasing, it is necessary to reinforce an internal control in organizations.

The objective behind internal control is to understand what type of business was executed by whom, and when and how to ensure that the business is implemented by adhering to every law and regulation. The following conditions are required for supporting the internal control:

It is mandatory to monitor "What was executed", by "Whom", and "When" and this result must be maintained as a record.

Application Server provides the following functions:

This section gives an overview of the above functions. For details on the output of an audit log, see section 6.4 Output of audit log in the Application Server Operation, Monitoring, and Linkage Guide. For details on the output of the audit trail information linked with database, see section 7.6.2 Obtaining audit trail information of database in the Application Server Operation, Monitoring, and Linkage Guide.

Organization of this subsection
(1) Output of audit log
(2) Output of audit trail information linked with the database

(1) Output of audit log

In a business system built with Application Server, the information related to Who, When, and What was executed is output as the Audit log.

The following information is output in the audit log:

The following figure shows an overview of the audit log output in Application Server.

Figure 4-7 Overview of the audit log output in Application Server

[Figure]

Note that the audit log output by Application Server can be managed by consolidating with the audit log output by the Hitachi middleware other than Application Server, by linking with JP1.

For details on linking with JP1, see section 6. Linking with Other Products.

(2) Output of audit trail information linked with the database

In many cases, the database operates in the backend of a business system built by Application Server.

The database includes very important data that must not be leaked and falsified. This information must be managed strictly with an appropriate security management.

You can output the information related to "What type of database access was executed" by "Whom", and "When" in the database. This information is called the Audit trail information.

With Application Server, you can output the information that indicates the request of Application Server in which the database access was executed, to the audit trail information output by the database. If you combine this information with the log information output by a J2EE application, you can trace details such as the user operation of Application Server, which was extended to execute the database access.

Note that the database that Application Server can link with, to output the audit trail information is HiRDB.

The following figure shows an overview of the output of the audit trail information linked with the database.

Figure 4-8 Overview of output of audit trail information linked with the database

[Figure]

In this example, the following three types of information are output, when the system user (user01) accesses the database through J2EE applications:

The information to identify all the requests is output in the above types of information (root application information). With this information, the auditor verifies the request extension by which the database was accessed and the user who has executed the request. In addition to this, if you use the performance analysis trace, you can verify the flow of request processing.