Chat now with support
Chat with Support

Identity Manager Data Governance Edition 9.1.1 - Deployment Guide

One Identity Manager Data Governance Edition Deployment Guide Data Governance Edition system requirements Install One Identity Manager Data Governance Edition Deploy Data Governance Edition components Post installation configuration Authentication using service accounts and managed domains Working with managed hosts and agents Upgrade Data Governance Edition Remove Data Governance Edition Troubleshooting NetApp managed host deployment EMC managed host deployment SharePoint Farm managed host deployment

Credentials page

Provide the credentials of a user which can establish a connection to the NAS storage device.

  • For NetApp devices, this user account must have the 'ontapi' User Login Method application.
  • For EMC Isilon devices, this user account must be assigned the 'Platform API' privilege.

Note: This page only applies to NFS managed hosts and NetApp OnTap Cluster Mode CIFS managed hosts.

Table 19: Credentials page: Controls and settings
Control/setting Description
User Name

Enter the name of a user account with access to the target NAS storage device.

Password Enter the password associated with the specified user account.
Port

Enter the destination port to be used for communication between the agent and target NAS storage device.

  • NetApp filers: The default value is 443.
  • EMC devices: The default value is 8080.
Host EndPoint

Optionally, enter the API endpoint for the NetApp Cluster Mode connection. This could be an FQDN, host name or IP address.

The default is to use the FQDN of the targeted host. You would only use this setting if the API connection needs to be specified as something other than the FQDN of the targeted host.

NOTE: Only applies to NetApp Cluster Mode devices.

Test API Credentials Click this button to verify that the credentials entered are valid.

Cloud Provider page

The Cloud Provider page appears when managing a cloud resource. This page indicates if you are successfully authenticated with the Data Governance Edition API cloud proxy. You can also use this page to re-authenticate to the API cloud proxy. This API cloud proxy provides a consistent method for Data Governance Edition to interface with different cloud providers. When valid login credentials are provided, the system issues an access token which is used during the current and subsequent sessions to access resources hosted by the specified cloud provider.

Note: This page only applies to Cloud managed hosts.

Clicking the Re-authenticate button redirects you to Microsoft to sign in to your account and grant access to Office 365 data.

On Microsoft's Sign in to your account dialog, enter the following information:

  1. Email, phone, or Skype: Enter the email address of the administrator account to be used to authenticate with the cloud proxy.

    For example: Administrator@MyDomain.onmicrosoft.com

    NOTE: You must create a separate administrator account for this purpose. This administrator account must be, or have equal access as, a SharePoint Online Administrator. Each site will be modified to list this account as a Site Collection Administrator for the site. This provides the account with access to the site's contents.

    For SharePoint Online, create a separate Global Administrator account.

    Click Next.

  2. Password: Enter the password associated with the specified email account.

    Click Sign in.

Once signed in, Data Governance Edition will have access to the specified resources for all users in your organization; no other user will be prompted to enter credentials.

Agents page

Use the Agents page of the Managed Hosts Settings dialog to configure the agents to be used to monitor remote managed hosts and SharePoint farms. Once an agent is deployed, use the Agents view to check its status and performance metrics.

Note: For EMC managed hosts, if you are collecting resource activity (Collect and aggregate events on the Resource Activity page) or real-time security updates (Collect activity for real-time security updates on the Security Scanning page), you can only specify one agent to scan the EMC storage device.

Note: You can only specify one agent to scan a cloud host.

Table 20: Agents page: Remote managed hosts
Control/setting Description
Select the agent Select the agent host computer to be used to monitor the target computer.
Select the service account

Select the service account with sufficient permissions to access both the target computer and the agent host.

An agent requires a service account that has the rights to read security information on the remote host. Only previously configured service accounts that are registered with Data Governance Edition are available for selection. For more information, see Readying a service account and domains for deployment.

Add

After selecting the agent and service account, click the Add button to add it to the Agent list.

Remove

Select an agent from the Agents list and click the Remove button to remove it from the Agent list.

Removing the selected agent also removes the configured managed paths for the agent.

Agent list

Displays the agents selected to monitor the target computer.

For remote managed hosts, add only one remote agent during the host's initial deployment. You can add additional remote agents later using the Edit host settings task after the managed host is deployed.

Table 21: Agents page: SharePoint farm managed hosts
Control/setting Description
Agent Service Account

Select the service account with sufficient permissions to access the SharePoint farm.

The service account must be the SharePoint farm account (same account that is used to run the SharePoint timer service and the One Identity Manager service (job server)). The SharePoint farm account also needs to be added to the local Administrators group on the SharePoint server.

Only previously configured service accounts that are registered with Data Governance Edition are available for selection. For more information, see Readying a service account and domains for deployment.

Add

After selecting the service account, click the Add button to add an agent service to the Agent list.

Repeat to add additional agent services to be used to scan the target SharePoint farm.

Remove

Select an agent service from the Agent list and click the Remove button to remove it from the Agent list.

Removing the selected agent service also removes the configured managed paths for the agent service.

Agent list Displays the agent services selected to monitor the target SharePoint farm.

Managed paths page

Managed paths determine the unstructured data for which a security index is maintained. A managed path is the root of an NTFS directory tree to be scanned by an agent, or a point in your SharePoint farm hierarchy below which everything is scanned. The agent monitors the specified managed paths for changes to security settings to maintain the security index. In addition, if resource activity collection is enabled, the agent collects resource activity for resources within these same managed paths.

Use the Managed Paths page on the Managed Host Settings dialog to specify the paths to be monitored and scanned for the target managed host.

NOTE: For all managed host types, when placing a resource under governance, the resource must be a managed path or a folder or share under a managed path.

  • For remote managed hosts and SharePoint managed hosts, if you select to place a resource under governance that is not yet defined as a managed path, the path is automatically added to the managed paths list. If the managed host has more than one agent assigned, you are prompted to select the agent to which the managed path is added.
  • For local managed hosts, if you are scanning managed paths (that is, there are paths in the managed paths list), and you select to place a resource under governance that is not yet defined as a managed path, the path is automatically added to the managed paths list. However, if you are scanning the entire server (that is, the managed paths list is empty) and you place a resource under governance, no changes are made to the managed paths list and you continue to scan the entire server.
Table 22: Managed paths page: Controls and settings
Control/setting Description
Managed paths list

Displays the managed paths to be monitored by the agent.

  • For local managed hosts, when this list is empty, all NTFS drives are scanned and monitored (default scan behavior). When paths are added to this list, only the specified paths are scanned and monitored.
  • For remote managed hosts and SharePoint managed hosts, you must specify the paths to be managed in order for scanning to occur. So if this list is empty, no scanning will occur for the target managed host.

Add

Use the Add button to define the paths to be monitored. Clicking the Add button displays the Managed Paths Picker dialog allowing you to select the paths to be managed and the agent to be used to scan the selected managed paths. In the Managed Paths Picker dialog, click the check box to the left of a path to add it to the managed paths list and use the Agent Selection drop-down menu to specify the agent to be used to scan the different managed paths.

Multiple agents cannot scan the same managed paths on a remote managed host or SharePoint managed host.

Remove

Use the Remove button to remove a path from the managed paths list. Select the path to be removed and click the Remove button.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating