Good Day Wuming,
Definitely guardium does not have any impact on the db servers since it does not use any resource on the servers. You can install complementary guardium agent software to the servers if the server is not at the secure DMZ of your intranet firewall in order to get info about local access activities and datafile manipulations. Agent is a thin application that uses negligible system resources.

Since in monitoring mode, Guardium gets the traffic from the span port of the L2 switch (mirrored traffic between clients and db servers) network switch does the real work and this spanning does not have impact on the network throughput & performance. In inline mode, there are several different models of Guardium and we don’t feel latency because of that box. Instead after deploying Guardium we disabled audit logs for all sessions on the Oracle servers and that improved the performance dramatically.

User_id resolution for enterprise applications is a very well know issue (also we had same issue while using oracle audit logs) since user --> activity correlation is nearly impossible when there are apps servers between client and db backend. We use Guardium built-in functionality which automatically identifies users during authentication and authorization phase of their session towards application servers. Other than this option, I know that tracing stored procedures that application server uses while authorizing users can also be used for correlation. And if it’s an in-house application, the code can be improved by using Guardium API to have the same results. I think for more information you need to contact Guardium for a demo session.