Establishing a direct connection to the One Identity Manager History Database
Declare the One Identity Manager History Database to be used for transferring data to the One Identity Manager in the TimeTrace. Use the Designer to set up access to the One Identity Manager History Database.
To link a One Identity Manager History Database into a TimeTrace
-
Use the Designer to log in to the One Identity Manager database.
-
In the Designer, select the Base Data > General > TimeTrace databases category.
-
Select the Object > New menu item.
-
Ensure that the Use ID from application server option is not set.
-
In History database name, enter the name of the One Identity Manager History Database.
-
Declare the Connection parameters (read).
-
Click the [...] button next to the input field to open the input dialog for connection data.
-
Enter the connection data for the One Identity Manager History Database.
-
Server: Database server.
-
(Optional) Windows Authentication: Specifies whether the integrated Windows authentication is used. This type of authentication is not recommended. If you decide to use it anyway, ensure that your environment supports Windows authentication.
-
User: The user's SQL Server login name.
-
Password: Password for the user's SQL Server login.
-
Database: Select the database.
-
On the One Identity Manager History Database, where the data from the One Identity Manager database will be archived:
-
Enable the Current transport target option.
-
In the Connection parameter (transport) field, enter the connection parameters for connecting to the One Identity Manager History Database.
-
Select the Database > Commit to database and click Save.
NOTE: Set Disabled to disable the connection at a later time. If a One Identity Manager History Database is disabled, it is not taken into account when determining change data in the TimeTrace.
Related topics
Archiving procedure setup
All entries logged in One Identity Manager are initially saved in the One Identity Manager database. The proportion of historical data to total volume of a One Identity Manager database should not exceed 25 percent. Otherwise performance problems may arise. You must ensure that log entries are regularly removed from the One Identity Manager database and archived.
The following methods are provided for regularly removing recorded data from the One Identity Manager database:
-
Data can be transferred directly from the One Identity Manager database into a One Identity Manager History Database. This is the default procedure for data archiving. Select this method if the servers on which the One Identity Manager database and the One Identity Manager History Database are located have network connectivity.
-
The data is deleted from the One Identity Manager database after a certain amount of time without being archived.
All records in the One Identity Manager History Database database that are triggered by an action are grouped together into a process group based on an ID number, the GenProcID, for direct transfer to a One Identity Manager. The exported process groups along with the associated records are deleted from the One Identity Manager database once the export has been successfully completed.
The following conditions have to be met for direct transfer to a One Identity Manager History Database:
-
This section of the records is configured for export.
-
The retention period for all records that belong to a process group has ended, not taking into account whether the section is labeled for export or not.
-
There are no processes enabled with the process group GenProcID in the DBQueue, Job queue, or as scheduled operations.
-
For the triggered action, there is at least one record in the section to be exported.
Selecting an archiving procedure in the One Identity Manager database
Select the basic procedure by setting the Common | ProcessState | ExportPolicy configuration parameter. In the Designer, modify the configuration parameter.
-
If the configuration parameter is disabled, the data remains in the One Identity Manager database.
-
If the configuration parameter is enabled, the selected procedure is applied.
-
HDB: The files are transferred directly to the One Identity Manager History Database after a specified time period has expired.
-
NONE: The data is deleted in the One Identity Manager database after the specified time period has expired.
After selecting the basic procedure, you can specify whether data is exported or deleted for each section of records individually. You use configuration parameters to make the choice for each section. In the Designer, modify the configuration parameters.
Table 2: Configuration parameter for handling logged data
Common | ProcessState | PropertyLog | IsToExport |
Exports the data changes. If this configuration parameter is not set the information is deleted once the retention period has expired. |
Common | ProcessState | ProgressView | IsToExport |
Exports the data in the process information. If this configuration parameter is not set the information is deleted once the retention period has expired. |
Common | ProcessState | JobHistory | IsToExport |
Exports the information in the process history. If this configuration parameter is not set the information is deleted once the retention period has expired. |
Specifying data retention periods
Once the retention period has ended, the recorded data is either exported or deleted from the One Identity Manager database depending on which archiving method has been chosen. A longer retention period should be selected for sections whose records will be exported than for those that will be deleted.
The recordings are not exported until the retention period for all sections has expired and no other active processes for the process group (GenProcID) exist in the DBQueue, process history, or as scheduled operation.
NOTE: If you do not specify a retention period, the records in this section will be deleted daily from the DBQueue Processor database within the daily One Identity Manager maintenance tasks.
You use configuration parameters to define the data retention periods for the individual sections. Modify the configuration parameter in the Designer.
Table 3: Configuration parameter for retention periods
Common | ProcessState | PropertyLog | LifeTime |
This configuration parameter specifies the maximum retention period in the database for log entries from change tracking. |
Common | ProcessState | ProgressView | LifeTime |
This configuration parameter specifies the maximum length of time that log data from process information can be kept in the database. |
Common | ProcessState | JobHistory | LifeTime |
This configuration parameter specifies the maximum retention period in the database for log entries from process history. |
Example 1:
Records are transferred directly to the One Identity Manager History Database. The following configurations are selected for each section:
Export data |
No |
No |
Yes |
Retention period |
3 days |
4 days |
5 days |
This results in the following sequence:
Day 3 |
Data is deleted from the One Identity Manager database |
No action |
No action |
Day 4 |
- |
Data is deleted from the One Identity Manager database |
No action |
Day 5 |
- |
- |
Data is transferred to the One Identity Manager History Database and then deleted from the One Identity Manager database |
Example 2:
Records are transferred directly to the One Identity Manager History Database. The following configurations are selected for each section:
Export data |
Yes |
No |
Yes |
Retention period |
3 days |
4 days |
5 days |
This results in the following sequence:
Day 3 |
No action because the retention period has not ended for all sections. |
No action |
No action |
Day 4 |
No action because the retention period has not ended for all sections. |
Data is deleted from the One Identity Manager database |
No action |
Day 5 |
Data is exported and then deleted |
- |
Data is transferred to the One Identity Manager History Database and then deleted from the One Identity Manager database |