Chat now with support
Chat mit Support

Identity Manager 9.0 LTS - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Mapping processes in One Identity Manager Setting up Job servers
The One Identity Manager Service functionality Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Visual Basic .NET scripts usage Notes on message output Notes on using date values Tips for using Windows PowerShell scripts Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD-notation Script library Support for processing scripts in the Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Overriding scripts Permissions for running scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
One Identity Manager query language Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration One Identity Manager as SCIM 2.0 service provider Processing DBQueue tasks One Identity Manager Service configuration files

Properties of process components, process tasks, and parameter templates

Table 88: Process component properties

Property

Meaning

Display name

Name of component for displaying.

Component class

Component class.

Assembly name

Name of the component.

Description

Description of component functionality.

Remarks

Additional remarks about the process component.

Max. instances

This value specifies the maximum number of instances in which this process component is allowed to run in a queue in the Job server.

Permitted values are:

  • -1: All instances of this process component are processed sequentially.

    It must be ensured that these components are run exclusively on one Job server, which means no other queue can exist to process these components.

  • 0: All instances of this process component can be processed simultaneously.

  • 1 or greater: The exact number of instances of a process component, which are processed simultaneously.

NOTE: The value is only used if the maximum number of instances of a process task is set to 0. Otherwise, the value applies that is set for the process task.

Configuration

Definition of possible additional options for the component in XML syntax.

Table 89: Process task properties
Property Meaning

Name

Name of the process task.

Operating system class

Specifies the operating system on which the process task can be run. The Win32, Linux and ALL values are permitted, where the ALL value specifies that this process task is used on any operating system.

Exe type

Exe type for the process task.

Permitted values are:

  • Internal: Runs internally in the One Identity Manager Service.

  • External: Runs externally as its own process.

  • External32: Runs externally as its own 32-bit process.

Description

Description of the process task.

Max. instances

This value specifies the maximum number of instances that can be run by One Identity Manager Service in parallel per process task.

Permitted values are:

  • -1: All instances of this process task are processed sequentially. Other process task instances of the same process component are not run simultaneously.

  • 0: The maximum number of instances given for the process component is used.

  • 1 or greater: The exact number of instances of a process task, which are processed simultaneously.

Last step in the partial process tree

Specifies whether a process task is principally marks the end of a partial process tree.

Component

Process component to which the process task belongs.

Direct database connection required

Specifies whether a process task requires a direct database connection.

Exclusive per object

Specifies whether the process task is run exclusively per object. If this option is enabled in a process task, only one process step with this process task can be run for a specific object. There is no parallel processing.

DBQueue does not wait

Specifies whether or not to wait until the process step has been processed before continuing to process DBQueue Processor tasks. It is only necessary to wait for process steps if a process step could change data that is relevant to the DBQueue Processor tasks.

Table 90: Parameter template properties
Property Meaning

Name

Name of the parameter.

Value template

Default template for finding values. When a parameter is added to a process step, the value template is taken from the parameter template. Define value templates in VB.Net syntax.

Value template (example)

Example of the value template.

Description

Description of the parameter.

Type

The IN, OUT and INOUT values are permitted.

Optional

Labels the parameter as a mandatory or optional parameter.

Hidden

Specifies whether the parameter is shown in the One Identity Manager Service log file and in the Job Queue Info program. Values for hidden parameters are shown as <HIDDEN>.

NOTE: The following users can view the hidden parameters in the Job Queue Info.

  • Administrative users

  • In the Job Queue Info, users with the Option to see the values of hidden parameters in Job Queue Info program (JobQueue_ShowHiddenParameters) function

Encrypted

Specifies whether the parameter is encrypted when it is passed.

Contains encrypted components

Specifies whether encrypted sequences are contained in this value.

Process task

Process task to which the parameter belongs.

Related topics

Setting up Job servers

The One Identity Manager Service handles defined processes. To run the processes, the One Identity Manager Service has to be installed on the One Identity Manager network server. For more information, see the One Identity Manager Installation Guide.

There are several methods for setting up a Job server:

  • For the initial schema installation with the Configuration Wizard, you already set up a Job server with the SQL processing server and Update server server functions. Use the Configuration Wizard to configure the service and install the service remotely on a server.

  • To configure further Job servers, use the Server Installer program.

    Using the Server Installer, you create the Job server with its machine roles and server functions in the database. Use the Server Installer to configure the service and install the service remotely on a server.

  • You can create Job servers in the Designer.

    Use the Designer, to create a Job server with the machine roles and server functions, configure the service on the server and install the service remotely.

  • If a remote installation is not possible, you can install and configure the service locally on a server.

    • Install the service components on the server using the installation wizard.

    • Configure the service using the Job Service Configuration program.

    • If the Common | Jobservice | AutoCreateServerFromQueues configuration parameter is enabled, in response to queries from the One Identity Manager Service for unknown queues, new Job servers are created in the database. Information about machine roles and server functions is transferred to the database.

Setting up a Job server requires the following steps:

  • Create an entry for the Job server in the One Identity Manager database.

  • Specify the machine roles and server functions for the Job server.

    Installation packages to be installed on the Job server are found, depending on the selected machine roles. The server function defines the functionality of a server in One Identity Manager. One Identity Manager processes are handled with respect to the server function.

  • Install the One Identity Manager Service.

  • Configure the One Identity Manager Service.

  • Start the One Identity Manager Service.

Each Job server within the network must have a unique queue identifier. The process steps are requested by the Job queue using exactly this queue name:

  • A Job server must be known in the One Identity Manager database for each queue.

  • Enter this queue name in the One Identity Manager Service configuration file.

Detailed information about this topic

Editing the Job server

To edit a Job server

  1. In the Designer, select the Base Data > Installation > Job server category.

  2. Enter a new Job server using the Job servers > New menu item.

    - OR -

    Select the Job server to be edited in the Job server overview.

  3. Edit the Job server's main data.

  4. Select the View > Server functions menu item and specify the server functionality.

  5. Select the View > Machine roles menu item and assign roles to the server.

    The machine roles expected by a server function, are already assigned.

Detailed information about this topic

Job server properties

NOTE: More properties may be available depending on which modules are installed.

Table 91: Job server properties

Property

Meaning

Server

Job server name.

Full server name

Full server name in accordance with DNS syntax.

Syntax:

<Name of servers>.<Fully qualified domain name>

Server is cluster

Specifies whether the server maps a cluster.

Server belongs to cluster

Cluster to which the server belongs.

NOTE: The Server is cluster and Server belongs to cluster properties are mutually exclusive.

IP address (IPv6)

Internet protocol version 6 (IPv6) server address.

IP address (IPv4)

Internet protocol version 4 (IPv4) server address.

Coding

Character set coding that is used to write files to the server.

Parent Job server

Name of the parent Job server.

Executing server

Name of the executing server. The name of the server that exists physically and where the processes are handled.

This input is evaluated when the One Identity Manager Service is automatically updated. If the server is handling several queues, the process steps are not supplied until all the queues that are being processed on the same server have completed their automatic update.

Queue

Name of the queue to handle the process steps. The process steps are requested by the Job queue using this queue identifier. The queue identifier is entered in the One Identity Manager Service configuration file.

Server operating system

Operating system of the server. This input is required to resolve the path name for replicating software profiles. The values Win32, Windows, Linux, and Unix are permitted. If no value is specified, Win32 is used.

Service account data

One Identity Manager Service user account information. In order to replicate between non-trusted systems (non-trusted domains, Linux server), the One Identity Manager Service user information has to be declared for the servers in the database. This means that the service account, the service account domain, and the service account password have to be entered for the server.

One Identity Manager Service installed

Specifies whether a One Identity Manager Service is installed on this server. This option is enabled by the QBM_PJobQueueLoad procedure the moment the queue is called for the first time.

The option is not automatically removed. If necessary, you can reset this option manually for servers whose queue is no longer enabled.

Stop One Identity Manager Service

Specifies whether the One Identity Manager Service has stopped. If this option is set for the Job server, the One Identity Manager Service does not process any more tasks.

You can make the service start and stop with the appropriate administrative permissions in the Job Queue Info program. For more information, see the One Identity Manager Process Monitoring and Troubleshooting Guide.

Paused due to unavailability of a target system

Specifies whether task processing for this queue has been stopped because the target system that uses this Job server as a synchronization server is temporarily unavailable. As soon as the target system is available again, processing starts and all outstanding tasks are performed.

For more information about offline mode, see the One Identity Manager Target System Synchronization Reference Guide.

No automatic software update

Specifies whether to exclude the server from automatic software updating.

NOTE: Servers must be manually updated if this option is set.

Software update running

Specifies whether a software update is currently running.

Port

Port for showing the One Identity Manager Service log file in a browser.

No direct database connection

Specifies whether the Job server has a direct connection to the database. Enable this option if the Job server receives its processes through an application server.

No process assignment

Specifies whether the Job server load balances.

Connection data

If the Job server has no direct connection to the database, enter the connection data for the application service.

You can enter the connection data in the Designer, in the Base data > Security settings > Connection data category.

Extended properties

Additional information about Job servers. The UID of the Job server and the details of creation and change (user, date) are displayed. These cannot be edited.

Last fetch time

Last time the process was collected.

Last timeout check

The time of the last check for loaded process steps with a dispatch value that exceeds the one in the Common | Jobservice | LoadedJobsTimeOut configuration parameter.

External port

(For docker containers) Custom port for showing the One Identity Manager Service log file in a browser.

Full server name external

(For docker containers) Custom full server name complying with DNS syntax.

Syntax:

<Name of servers>.<Fully qualified domain name>

Server function

Server functionality in One Identity Manager. One Identity Manager processes are handled with respect to the server function.

Machine role

Role of the Job server in One Identity Manager. Installation packages to be installed on the Job server are found depending on the selected machine role.

Related topics
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen