MySQL administration
MySQL is the database used with Nuix Adaptive Security. This section discusses installing MySQL Server and other configuration-related tasks. You can also configure the Amazon Aurora MySQL database in the cloud. For more information, see Amazon Aurora MySQL database.
Nuix Adaptive Security supports the following MySQL versions:
2.14.x is compatible with MySQL up to version 8.0.26
2.16.0 is compatible with MySQL up to version 8.0.28
2.16.1 is compatible with MySQL up to version 8.0.30
Note: If the database is offline for an extended time, the endpoint server should also be stopped. Restart the endpoint server anytime the database is lost for any period of time.
Note: Nuix Adaptive Security does not support connecting to a MySQL database by IPv6.
Install MySQL server
The MySQL Server requires 10 GB of disk space for installation. If the data folder is not on the primary drive/volume, then an additional 10 GB of disk space is needed on the primary drive/volume to install MySQL server.
Download and install MySQL Server, using the default options or the options recommended by your organization.
You can also install MySQL Workbench locally to aid in troubleshooting, but this is not required.
For more information about the installation, see the MySQL documentation on the MySQL website.
Note: Install the MySQL server using the thick client installer. Do not install using the web client installer and do not upgrade using the web client through a web browser. If you see a pop-up stating that a ‘Mandatory MySQL Installer Upgrade is Available’ and asking ‘Do you want to apply this upgrade now?’ Select No. The server will not install properly if you install or upgrade using the web client installer.
Install MySQL on Windows on a separate system
This section is for installing MySQL on a Windows system that is separate from the system running the Nuix Adaptive Security Endpoint Server.
Download and install MySQL Server, using the default options or the options recommended by your organization.
Next, you will need to create a MySQL user with the privileges to run the Nuix Adaptive Security Endpoint server installer. The server installer will use this MySQL account to create an additional account for the Nuix Adaptive Security Endpoint server.
To install MySQL on Windows on a separate system:
Write a statement like this to create a user for the server installer:
CREATE USER 'nuixadmin'@'192.168.1.55' IDENTIFIED BY 'mypassword';
GRANT ALL PRIVILEGES ON *.* TO 'nuixadmin'@'192.168.1.55' WITH GRANT OPTION;
Change mypassword to the desired password.
Change the IP address to the IP address of the Nuix Adaptive Security Endpoint server.
When you run the Nuix Adaptive Security Endpoint server installer, at the Database section, it will ask you for a username and password for a superuser and a new username. Use the account above for the Superuser.
After installing MySQL and creating the superuser, set up the configuration. See MySQL Server Configuration Settings for more information.
Install MySQL on Linux
The MySQL Server requires 10 GB of disk space for installation. If the data folder is not on the primary drive/volume, then an additional 10 GB of disk space is needed on the primary drive/volume to install MySQL server.
Install MySQL 8 on Linux
If you are installing MySQL 8 on Linux, follow the procedure below. This procedure includes how to configure lower case table names before the MySQL installation for a known issue on MySQL 8 on Linux.
To install MySQL 8 on Linux:
Create the /etc/mysql/conf.d folder.
Create a file named 'lower_case.cnf' with the following content.
[mysqld]
lower_case_table_names = 1
Download the MySQL Server.
Run the following command to install the server.
sudo apt-get install mysql-server-X.X mysql-client-X.X
Create a MySQL Superuser Account
Create a MySQL user with the privileges to run the Nuix Adaptive Security Endpoint server installer. The server installer will use this MySQL account to create an additional account for the Nuix Adaptive Security Endpoint server.
To create a MySQL superuser account:
Create a superuser account using the Linux command line and log into MySQL, using MySQL -p.
This command creates a root account and grants superuser privileges. Use the IP address of the remote host when creating the remote account, while the <password> should be replaced with the root password.
Write a statement like this to create a user for the server installer:
CREATE USER 'nuixadmin'@'192.168.1.55' IDENTIFIED BY 'mypassword';
GRANT ALL PRIVILEGES ON *.* TO 'nuixadmin'@'192.168.1.55' WITH GRANT OPTION;
Change mypassword to the desired password.
Change the IP address to the IP address of the Nuix Adaptive Security endpoint server.
When you run the Nuix Adaptive Security Endpoint server installer, at the Database section, it will ask you for a username and password for a superuser and a new username. Use the account above for the superuser.
Configure the my.cnf File on Linux
On a Linux MySQL system, the my.ini file is replaced with my.cnf in the following path:
/etc/mysql/my.cnf
In MySQL 8, see an example my.cnf file in the installation folder.
To configure the three fields in the my.cnf file that change when using MySQL on Linux:
The path to the MySQL server data directory. Ideally, a RAID array or bus attached SAN.
datadir = /var/lib/mysql
The directory used for temporary files and temporary tables. Ideally, a RAID array or bus attached SAN. tmpdir = /tmp
The following setting: lower_case_table_names = 1
Note: For a sample my.cnf file, see Appendix C: Sample MySQL Files.
MySQL server configuration settings
MySQL server has several settings that need to be updated to ensure optimized performance and integration with Nuix Adaptive Security.
These changes can be made in the configuration file, my.ini, found in the installation directory (usually C:\Program Data\MySQL\MySQL Server X.).
MySQL supports ANSI encoded my.ini files. If you use Notepad to edit the my.ini file, you must save the file as ANSI using File > Save As and select the encoding as ANSI in the save dialog. You may see a warning message in Notepad saying the file contains characters in a Unicode format that may be lost when saving to ANSI. The warning message is from a comment line in the default my.ini file which contains smart quotes, this Unicode information is not needed for the file. Select OK to save the file.
An example of the my.ini file is included in the installer package.
To configure the MySQL server configuration settings:
Configure the my.ini settings in the following table.
After the my.ini file is updated, save the file and restart MySQL to ensure the changes take effect.
Using Windows Services, restart MySQL.
| Setting |
Value |
Notes |
| character-set-server |
utf8mb4 |
n/a |
| collation-server |
utf8mb4_0900_ai_ci |
n/a |
| datadir |
C:\ProgramData\MySQL\MySQL Server 8.0\Data |
n/a |
| default_time_zone |
+00:00 |
n/a |
| max_connections |
500 |
1 – 500 endpoints: 350 500 – 2,000 endpoints: 500 2,000 – 5,000 endpoints: 1000 5,000+ endpoints: 2000 |
| innodb_io_capacity |
100 |
Single spinning disk: 100 Single low-end SSD: 200 Multiple spinning disks in RAID: 500 Bus attached SSD or SAN: 1000 Bus attached high-end SAN: 4000 |
| innodb_io_capacity_max |
4000 |
Single spinning disk: 200 Single low-end SSD: 400 Multiple spinning disks in RAID: 1000 Bus attached SSD or SAN: 2500 Bus attached high-end SAN: 6000 |
| innodb_lru_scan_depth |
1024 |
Single spinning disk: 1024 Single low-end SSD: 1024 Multiple spinning disks in RAID: 1024 Bus attached SSD or SAN: 1024 Bus attached high-end SAN: 2048 |
| innodb_flush_neighbors |
1 |
Single spinning disk: 1 Single low-end SSD: 0 Multiple spinning disks in RAID: 1 Bus attached SSD or SAN: 1 Bus attached high-end SAN: 1 |
| innodb_read_io_threads |
4 |
Single spinning disk: 4 Single low-end SSD: 4 Multiple spinning disks in RAID: 4 Bus attached SSD or SAN: 4 Bus attached high-end SAN: 8 |
| innodb_write_io_threads |
4 |
Single spinning disk: 4 Single low-end SSD: 4 Multiple spinning disks in RAID: 8 Bus attached SSD or SAN: 8 Bus attached high-end SAN: 16 |
| default-storage-engine |
INNODB |
n/a |
| max_allowed_packet |
64M |
n/a |
| tx-isolation |
read-committed |
Only for MySQL versions less than 5.7.20. |
| transaction-isolation |
read-committed |
Only for MySQL versions 5.7.20 or later. |
| log_error |
NIAS.err |
n/a |
| slow_query_log_file |
NIASSLOW.log |
n/a |
| table_definition_cache |
4096 |
n/a |
| table_open_cache |
4096 |
n/a |
| open_files_limit |
65535 |
n/a |
| tmp_table_size |
32M |
n/a |
| max_heap_table_size |
32M |
n/a |
| thread_cache_size |
20 |
n/a |
| join_buffer_size |
256K |
Can be increased if database performance is an issue. Be careful not to increase too much. |
| sort_buffer_size |
256K |
Can be increased if database performance is an issue. Be careful not to increase too much. |
| innodb_purge_threads |
4 |
n/a |
| innodb_log_files_in_group |
2 |
n/a |
| innodb_log_buffer_size |
32M |
n/a |
| innodb_buffer_pool_size |
2GB |
Recommended minimum. |
| innodb_concurrency_tickets |
5000 |
n/a |
| innodb_sort_buffer_size |
4M |
n/a |
| innodb_open_files |
4096 |
n/a |
| innodb_adaptive_hash_index_parts |
32 |
n/a |
Amazon Aurora MySQL database
Nuix Adaptive Security supports using Amazon Aurora as the database. The Aurora instance must be configured for use with Nuix Adaptive Security.
Before creating the Aurora instance, create a parameter group object (DB cluster parameter group for aurora-mysql8.0). This parameter group must have the value "lower_case_table_names" set to one, and then you must use this cluster parameter group during the creation of the Aurora instance. If this is not done, the product will not install and you will have to delete the Aurora instance and start over.
To reduce the number of times you must restart the instance, set the remainder of the required parameters before creating the instance.
The time_zone parameter must be set to UTC. This is different from the value "+00:00" that is used by the standalone MySQL database.
There are several parameters that are not allowed to be changed in Aurora. If the parameters are changed, warning messages are displayed during the database parameter checking portion of the install. On Aurora, these warnings may be safely ignored.
Configure the following settings during the initial creation of the cluster parameter group. Do not use the defaults. For the MySQL configuration settings see, MySQL server configuration settings.
character_set_server
collation_server
transaction_isolation
innodb_adaptive_hash_index_parts
innodb_adaptive_hash = 1
After creating the cluster parameter group with the necessary values set, create the Aurora instance.
Aurora in MySQL compatible mode is the only supported type. Choose Aurora 3.0 or later (supports MySQL 8.0.x). Choose the database cluster parameter group created above.
Complete the rest of the Aurora setup as needed for your environment.
Azure database for MySQL
Nuix Adaptive Security supports using Microsoft Azure database as the MySQL database. The Azure database must be configured for use with Nuix Adaptive Security.
Set up the Azure database for MySQL
In Microsoft Azure, select Create a resource and search for Azure Database for MySQL.
For Resource type, select Flexible server. Select Create.
Note: Single server is not supported.
To set up a flexible server:
Add the Resource group.
Create a Sever name for the Azure database.
Select MySQL version 8.0.
Select the Workload type, to fit your environment.
Select Availability zone, to fit your environment.
For Administrator account, create a new admin username, password, and confirm password.
Note: Nuix recommends a 10-character password with 1 uppercase and 1 number.
Select Next : Networking.
Select your Connectivity method.
For Firewall rules, add a rule to allow the Azure database for MySQL to access the Nuix Adaptive Server. Enter the Nuix Adaptive Server IP address for Start and End IP address.
Select Next :Tags. Set the tags for your environment.
Select Create.
Wait for the database to complete. The web browser will say Deployment is in progress.
Then you need to determine the IP address of the database for the Nuix Adaptive Security installation. You can do this by pinging the database server name.
Set up the Azure database as the MySQL database in the Nuix Adaptive Security installer
To set up the database in the Nuix Adaptive Security installer:
Select the Database tab, enter the Azure database for MySQL IP address.
Select Create User and enter the Azure database IP address, superuser, password, new username, and password.
Important: The superuser name should be the same as the new username. Do not attempt to create a new user.
Select Create User. This sets the permissions.
Select Test to see if there are any errors.
View errors and update the settings in Azure. See the parameter values in the table below. For example, if you see the following error:
Connections using insecure transport are prohibited while –require_secure_transport=ON.
Open Azure, and navigate to Azure Settings > Server parameters search for require_secure_transport and change to OFF.
The following tables describe the value settings for the database for use with Nuix Adaptive Security. Change these settings in Azure when creating the database. There are three levels to choose from when creating the database: development and test database, mid-level database, and production database.
The following table describes the value settings for the development and test database.
| Parameter |
Value |
| Database EndpointServer DatabaseConnectionPoolSize |
Minimum recommended value is 200. |
| Database max_connections |
Minimum recommended value is 300. |
| Database max_allowed_packet |
Maximum recommended value is 268435456. |
| Database tmp_table_size |
Minimum recommended value is 33554432. |
| Database max_heap_table_size |
Minimum recommended value is 33554432. |
| Database table_definition_cache |
Minimum recommended value is 4096. |
| Database table_open_cache |
Minimum recommended value is 4096. |
| Database thread_cache_size |
Minimum recommended value is 20. |
| Database innodb_purge_threads |
Minimum recommended value is 4. |
| Database innodb_log_buffer_size |
Minimum recommended value is 33554432. |
| Database innodb_sort_buffer_size |
Minimum recommended value is 4194304. |
| Database innodb_open_files |
Minimum recommended value is 4096. |
| Database innodb_adaptive_hash_index_parts |
Minimum recommended value is 32. |
| Database transaction_isolation |
Expected READ-COMMITTED. |
| Database innodb_buffer_pool_size |
Minimum recommended value is 7515637760. |
| require_secure_transport |
OFF |
The following table describes the value settings for the mid-level database.
| Parameter |
Value |
| Database EndpointServer DatabaseConnectionPoolSize |
Minimum recommended value is 200. |
| Database max_allowed_packet |
Maximum recommended value is 268435456. |
| Database tmp_table_size |
Minimum recommended value is 33554432. |
| Database max_heap_table_size |
Minimum recommended value is 33554432. |
| Database table_definition_cache |
Minimum recommended value is 4096. |
| Database table_open_cache |
Minimum recommended value is 4096. |
| Database thread_cache_size |
Minimum recommended value is 20. |
| Database innodb_purge_threads |
Minimum recommended value is 4. |
| Database innodb_log_buffer_size |
Minimum recommended value is 33554432. |
| Database innodb_sort_buffer_size |
Minimum recommended value is 4194304. |
| Database innodb_open_files |
Minimum recommended value is 4096. |
| Database innodb_adaptive_hash_index_parts |
Minimum recommended value is 32. |
| Database transaction_isolation |
Expected READ-COMMITTED. |
| Database innodb_buffer_pool_size |
Minimum recommended value is 7515637760. |
The following table describes the value settings for the production database.
| Parameter |
Value |
| Database max_connections |
Maximum recommended value is 1200. |
| Database max_allowed_packet |
Maximum recommended value is 268435456. |
| Database tmp_table_size |
Minimum recommended value is 33554432. |
| Database max_heap_table_size |
Minimum recommended value is 33554432. |
| Database table_definition_cache |
Minimum recommended value is 4096. |
| Database table_open_cache |
Minimum recommended value is 4096. |
| Database thread_cache_size |
Minimum recommended value is 20. |
| Database innodb_purge_threads |
Minimum recommended value is 4. |
| Database innodb_log_buffer_size |
Minimum recommended value is 33554432. |
| Database innodb_sort_buffer_size |
Minimum recommended value is 4194304. |
| Database innodb_open_files |
Minimum recommended value is 4096. |
| Database innodb_adaptive_hash_index_parts |
Minimum recommended value is 32. |
| Database innodb_buffer_pool_size |
Minimum recommended value is 7515637760. Maximum recommended value is 12025020416. |