Chat now with support
Chat mit Support

Identity Manager 8.2.1 - Data Archiving Administration Guide

Declaring the source databases in the One Identity Manager History Database

Declare the One Identity Manager database to be used for transferring data to the One Identity Manager History Database. Use the HistoryDB Manager to set up access to the source databases.

To declare a source database

  1. Start the HistoryDB Manager and enter the connection data.

  2. Select the History > Base Data > Source databases category.

  3. Select the source database in the result list and edit the main data.

    • Server: Name of the database server where the One Identity Manager database is installed.

      You can find the server name in the One Identity Manager database by using the following query:

      select @@SERVERNAME

      NOTE:

      • If the server is reached over a specific port, you can enter the port as follows:

        Server name, port

      • If you provide a linked server, enter the name of the server.

    • Database: Name of the One Identity Manager database.

    • Database ID: Database ID of the One Identity Manager database. This ID corresponds to the UID of the database entry in the One Identity Manager database.

      Using the Object Browser, connect to the One Identity Manager database and copy from the table DialogDatabase and the value of the UID_Database column. Insert the value in the input field Database ID.

    • (Optional) Use integrated Windows authentication:If you use Windows integrated authentication, the data transfer takes place with the One Identity Manager Service user account. You need to take certain installation prerequisites into account in order to use this authentication procedure.

    • Database user and Password: SQL Server login and password for committing data.

      This data is only required if the One Identity Manager History Database and One Identity Manager database are on different servers and there is no linked server.

  4. Save the changes.
Related topics

 

Archiving procedure setup

All entries logged in One Identity Manager are initially saved in the One Identity Manager database. The proportion of historical data to total volume of a One Identity Manager database should not exceed 25 percent. Otherwise performance problems may arise. You must ensure that log entries are regularly removed from the One Identity Manager database and archived.

The following methods are provided for regularly removing recorded data from the One Identity Manager database:

  • Data can be transferred directly from the One Identity Manager database into a One Identity Manager History Database. This is the default procedure for data archiving. Select this method if the servers on which the One Identity Manager database and the One Identity Manager History Database are located have network connectivity.

  • The data is deleted from the One Identity Manager database after a certain amount of time without being archived.

Figure 1: Transferring records to the One Identity Manager History Database

All records in the History Database database that are triggered by an action are grouped together into a process group based on an ID number, the GenProcID, for direct transfer to a One Identity Manager. The exported process groups along with the associated records are deleted from the One Identity Manager database once the export has been successfully completed.

The following conditions have to be met for direct transfer to a One Identity Manager History Database:

  • This section of the records is configured for export.

  • The retention period for all records that belong to a process group has ended, not taking into account whether the section is labeled for export or not.

  • There are no processes enabled with the process group GenProcID in the DBQueue, Job queue, or as scheduled operations.

  • For the triggered action, there is at least one record in the section to be exported.

Both databases for archiving records in a One Identity Manager History Database - the One Identity Manager database and the One Identity Manager History Database - have to be configured.

Selecting an archiving procedure in the One Identity Manager database

Select the basic procedure by setting the Common | ProcessState | ExportPolicy configuration parameter. In the Designer, modify the configuration parameter.

  • If the configuration parameter is disabled, the data remains in the One Identity Manager database.

  • If the configuration parameter is enabled, the selected procedure is applied.

    • HDH: The files are transferred directly to the One Identity Manager History Database after a specified time period has expired.

    • NONE: The data is deleted in the One Identity Manager database after the specified time period has expired.

After selecting the basic procedure, you can specify whether data is exported or deleted for each section of records individually. You use configuration parameters to make the choice for each section. In the Designer, modify the configuration parameters.

Table 1: Configuration parameter for handling logged data
Configuration parameter Meaning

Common | ProcessState | PropertyLog | IsToExport

Exports the data changes. If this configuration parameter is not set the information is deleted once the retention period has expired.

Common | ProcessState | ProgressView | IsToExport

Exports the data in the process information. If this configuration parameter is not set the information is deleted once the retention period has expired.

Common | ProcessState | JobHistory | IsToExport

Exports the information in the process history. If this configuration parameter is not set the information is deleted once the retention period has expired.

Specifying data retention periods

Once the retention period has ended, the recorded data is either exported or deleted from the One Identity Manager database depending on which archiving method has been chosen. A longer retention period should be selected for sections whose records will be exported than for those that will be deleted.

NOTE: If you do not specify a retention period, the records in this section will be deleted daily from the DBQueue Processor database within the daily One Identity Manager maintenance tasks.

The recordings are not exported until the retention period for all sections has expired and no other active processes for the process group (GenProcID) exist in the DBQueue, process history, or as scheduled operation.

You use configuration parameters to define the data retention periods for the individual sections. Modify the configuration parameter in the Designer.

Table 2: Configuration parameter for retention periods
Configuration parameter Meaning

Common | ProcessState | PropertyLog | LifeTime

This configuration parameter specifies the maximum retention period in the database for log entries from change tracking.

Common | ProcessState | ProgressView | LifeTime

This configuration parameter specifies the maximum length of time that log data from process information can be kept in the database.

Common | ProcessState | JobHistory | LifeTime

This configuration parameter specifies the maximum retention period in the database for log entries from process history.

Example 1

Records are transferred directly to the One Identity Manager History Database. The following configurations are selected for each section:

Configuration Process Information Process History Data Changes

Export data

No

No

Yes

Retention period

3 days

4 days

5 days

This results in the following sequence:

Time Process Information Process History Data Changes

Day 3

Data is deleted from the One Identity Manager database

No action

No action

Day 4

-

Data is deleted from the One Identity Manager database

No action

Day 5

-

-

Data is transferred to the One Identity Manager History Database and then deleted from the One Identity Manager database

Example 2

Records are transferred directly to the One Identity Manager History Database. The following configurations are selected for each section:

Configuration Process Information Process History Data Changes

Export data

Yes

No

Yes

Retention period

3 days

4 days

5 days

This results in the following sequence:

Time Process Information Process History Data Changes

Day 3

No action because the retention period has not ended for all sections.

No action

No action

Day 4

No action because the retention period has not ended for all sections.

Data is deleted from the One Identity Manager database

No action

Day 5

Data is exported and then deleted

-

Data is transferred to the One Identity Manager History Database and then deleted from the One Identity Manager database

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen