Chatta subito con l'assistenza
Chat con il supporto

Identity Manager Data Governance Edition 9.2.1 - Technical Insight Guide

One Identity Manager Data Governance Edition Technical Insight Guide Data Governance Edition network communications Data Governance service Data Governance agents Resource activity collection in Data Governance Edition Cloud managed hosts permission level to role mapping QAM module tables Configurable configuration file settings
Data Governance service configuration file settings Data Governance agent configuration file settings
Configurable registry settings PowerShell commands
Adding the PowerShell snap-ins Finding component IDs Data Governance Edition deployment Service account management Managed domain deployment Agent deployment Managed host deployment Account access management Resource access management Governed data management Classification management

Data Governance service configuration file settings

The following Data Governance service configuration settings can be configured in the DataGovernanceEdition.Service.exe.config file in the server directory: %ProgramFiles%\One Identity\One Identity Manager Data Governance Edition\Server.

Table 15: Server settings
Configuration setting Description
AgentLeaseRenewPeriod

Sets the agent lease renewal interval.

DfsDataSyncInterval

Sets the default DFS synchronization interval.

DirectAccessForServiceCredentials Allows the Data Governance service to access service account credentials directly from the database.
DisablePerceivedOwnershipUpdate

Can be used to disable the automatic perceived owner calculation for governed data.

EMCIsilonDFSLinksEnabled Defines whether to enable the resolution of DFS links pointing to EMC Isilon CIFS device’s folder.
EMCIsilonUseNetworkPathForAccessRequests Defines whether to enable reading of access groups and their associated permissions directly from network share for resource access requests for DFS links.
FolderSecurity.UseAdminPathsForShareFolders

Controls how the Data Governance server deals with the security that backs folders.

ManagedHostDeleteBatchSize

Defines the batch size used to delete managed hosts and their associated resources and resource activity records from the database.

MessagingCacheFolder

Defines the server messaging cache location.

Metrics.CollectionIntervalInSeconds

Sets the metrics collection interval.

MinimumSupportedModuleMigrationVersion

Specifies the minimum supported module migration version.

OracleBulkImportBatchSize

Specifies the number of records to be imported at a time during a bulk import for an Oracle database.

NOTE: Oracle Database support was deprecated beginning with One Identity Manager 8.1. Do not use.

PerceivedOwnershipActivityPeriod

Defines the time period (in days) to look for past resource activity to determine perceived owners.

PerceivedOwnershipByResourceActivity

Indicates the primary source for calculating perceived owners: resource activity history or security information.

PerceivedOwnershipByResourceOwner

Indicates whether the access control list owner within the target system should be considered as a perceived owner suggestion.

PerceivedOwnershipCalcUpdatesRefreshIntervalMinutes

Sets the perceived ownership update interval.

PerceivedOwnershipMaxReturnValue

Defines the maximum number of perceived ownership suggestions returned as a result of calculating perceived owners for a resource.

RemoteExecutor.WaitResultTimeout Defines how long the Data Governance service should wait for results from the RemoteExecutor before timing out.

RemoteHostForCloudOnlyImplementation

Specifies the DNS host name of the Windows Server to be used for deploying remote agent for cloud hosts.

RestServicePort Sets the communication port for HTTP protocol and REST services. (Communications with PowerShell and One Identity Manager clients and web server.)
SuggestedAgentCap Defines the suggested maximum number of agent instances on a given computer.
SyncDomainPasswordInterval Sets the managed domain and security information cache refresh interval.
VerboseHostForTrusteeLogging Debug setting used to log the complete Alias table used for the query.
Table 16: Self-service settings
Configuration setting Description
SelfService.AllowNonPublishedGroups

Indicates whether groups not published to the IT Shop are displayed in self-service web portal.

SelfService.AllowUnsychronizedGroups

Indicates whether groups not synchronized with One Identity Manager are displayed in self-service web portal.

SelfService.EnableSelfServiceRequest

Indicates whether self-service requests are enabled.

SelfService.IncludeSuitabilityTraceInfo

Indicates whether the suitability trace information is to be included as a property in the self-service request results.

SelfService.MarkSuitabilityVisible

Indicates whether the suitability integer is to be shown in the user interface when self-service groups are returned.

SelfService.MaximumMethodsCount

Defines the maximum number of self-service groups that can be returned for consideration.

SelfService.SuitabilityThreshold

Specifies the lowest possible suitability score to be used when returning self-service groups.

Table 17: Points of interest (POI) settings
Configuration setting Description
CollectPoi.CheckFrequencyInMinutes Sets the stale POI information check interval.
CollectPoi.IgnoreChangedResourceSynchronization Indicates whether the changed resource synchronization should be ignored.
CollectPoi.IncludeDeviations Indicates whether deviations are to be included in POI query.
CollectPoi.MaxConcurrentQueries Defines the maximum number of simultaneous POI queries to be performed.
CollectPoi.OverdueThresholdInMinutes Sets the amount of time before a resource is considered to be overdue for POI collection.
CollectPoi.QueryBatchSize Defines the threshold on which a query is sent to the agent.
CollectPoi.QueryTimeoutInMinutes Sets the amount of time before a POI query expires.
CollectPoi.QueryUpperBound Defines the maximum number of resources to be returned from a POI query.
Table 18: Custom host parameters
Configuration setting Description

additionalOperatingSystems

Allows you to specify additional operating systems so that those hosts can be added as generic managed hosts

In addition to the server, POI collection, and self-service settings listed above, you will find the following settings in the Data Governance service configuration file:

additionalOperatingSystems

This parameter allows you to specify additional operating systems so that those hosts can be added as generic managed hosts.

NOTE: Generic Managed Host functionality is meant to allow for the scanning of SMB shares and subfolers that are hosted on servers on an Active Directory joined computer. In order to be a Generic Managed Host, the server must be synchronized into the ADSMachine table, with the ADSMachine.DNSHostName set.

Generic Managed Host functionality is meant to allow for the scanning of SMB shares and subfolers that are hosted on servers on an Active Directory joined computer. In order to be a Generic Managed Host, the server must be synchronized into the ADSMachine table, with the ADSMachine.DNSHostName set.

Table 19: Configuration setting: additionalOperatingSystems
Configuration file %ProgramFiles%\One Identity\One Identity Manager Data Governance Edition\Server\DataGovernanceEdition.Service.exe.config
Section name <customHostParameters>
Setting

<customHostParameters>

  <additionalOperatingSystems>

    <!--<operatingSystem value="<MyOperatingSystem"/>-->

  </additionalOperatingSystems>

</customHostParameters

Value

When the operatingSystem line is left as is (as a comment), Data Governance Edition does not recognize unsupported host types and therefore they can not be added as a generic managed host.

When the operatingSystem line is no longer commented out and you specify the operating system for the hosts you want to manage, they will appear as an Unknown host type in the Managed host view which can then be added as a generic managed host.

How to modify

If you do not see the host you want to manage listed in the Managed host view, edit this parameter as follows:

  • Remove the commented operatingSystem line and replace it with a line that specifies the operating system value for the host you want to manage. That is, the string found in the ADSMachine.OperatingSystem field. For example, if the host you want to manage has the operating system field "My OS", edit this setting as follows:

    <customHostParameters>

      <additionalOperatingSytems>

        <operatingSystem value="My OS"/>

      </additionalOperatingSystems>

    </customHostParameters>

    This will include all machines that contain the string "My OS" in its operating system field.

  • If you want to specify an exact match, include the isExact parameter as follows:

    <customHostParameters>

      <additionalOperatingSytems>

        <operatingSystem value="My OS" isExact="true"/>

      </additionalOperatingSystems>

    </customHostParameters>

All of the hosts found using this filter will now appear in the Managed hosts view as Unknown host type.

AgentLeaseRenewPeriod

This key defines the refresh rate (in minutes) at which the server checks for expired agent leases. This key is used by the AgentLeaseManager internal service that handles agent lease management.

Table 20: Configuration setting: AgentLeaseRenewPeriod
Configuration file %ProgramFiles%\One Identity\One Identity Manager Data Governance Edition\Server\DataGovernanceEdition.Service.exe.config
Section name <appSettings>
Setting <add key ="AgentLeaseRenewPeriod" value="5"/>
Value

Default: 5 minutes

How to modify Replace the value as required.

CollectPoi.CheckFrequencyInMinutes

This key defines the frequency (in minutes) at which the server checks for stale points of interest (POI) information. This key is used by the InfrastructureManagement internal service that handles general infrastructure management, including contacting the agent to retrieve POI information on governed resources.

Table 21: Configuration setting: CollectPoi.CheckFrequencyInMinutes

Configuration file

%ProgramFiles%\One Identity\One Identity Manager Data Governance Edition\Server\DataGovernanceEdition.Service.exe.config

Section name

<appSettings>

Setting

<add key ="CollectPoi.CheckFrequencyInMinutes" value="10"/>

Value

Default: 10 minutes

How to modify

Replace the value as required.

Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione