What you need:
- The Data Governance Server installation msi
- Local Administrator rights on the server where the Data Governance service is to be installed
- Installation of the One Identity Manager client applications (including the Data Governance Edition PowerShell snap-in)
- Ability to change One Identity Manager configuration options in the Designer application
- Connection information to the One Identity Manager database
- Database creation permissions (if creating the Data Governance Resource Activity database)
To manually deploy the Data Governance service:
- Log on to the system with the One Identity Manager client installation.
- Open the Designer and log on as a system user with administrative privileges (e.g., viadmin).
- Edit the Data Governance service configuration parameters as described below:
- In the navigation view, select Base Data | Configuration parameters.
- In the far right column, click Edit configuration parameters.
- Expand TargetSystem | ADS | QAM | QAMServer.
- Change the ServerName value to the fully qualified DNS name of the server where the Data Governance service is to be installed.
- Set the Port value to the net.tcp port your server will listen on. The HTTP port will automatically be configured to use the net.tcp port value -1.
- Set the Deployment value to the name of your Data Governance Edition deployment. NOTE: This defaults to "DEFAULT". If you are going to or already have multiple Data Governance Edition deployments in your Active Directory forest, you must ensure this name is unique. The Deployment value is restricted to a maximum of 30 characters and can contain alphanumeric characters and underscores (no spaces).
- Use the LocalSystem account to log onto the Data Governance server specified above and run the Data Governance Server installation msi.
NOTE: When you run the MSIEXEC from a command prompt, you must be running as local system. This ensures that the service connection point can be updated no matter what your Data Governance service runs as.
NOTE: Please refer to the Microsoft documentation for the command line syntax of MSIEXEC.EXE.
The Data Governance server deployment options available are:
- INSTALLDIR: Specify the folder on the local system where the Data Governance server is to be installed. If not specified, the default location is: %ProgramFiles%\Dell\One Identity Manager Data Governance Edition\Server.
- SERVICEACCOUNT: Specify an Active Directory account (DOMAIN\Username) for the Data Governance service when Windows Integrated Authentication is being used to communicate with the One Identity Manager database and Data Governance Resource Activity database.
- SERVICEACCOUNTPASSWORD: Specify the password associated with the user account if using Windows Integrated Authentication to access the databases.
- QAMPORT: Specify the net.tcp port the Data Governance server will listen on. This must be the same Port specified in the 'Configuration parameters' step above. If not specified, the port is set to 8722.
- QAMDEPLOYMENT: Enter the same Deployment name specified in the 'Configuration parameters' step above. If not specified, the deployment name is set to "DEFAULT".
EXAMPLE: ->msiexec /i "DataGovernance_ServerComponentsInstaller_x64.msi" /lv C:\DgeMsiInstallLog QAMDEPLOYMENT="testNew" QAMPORT=8722
- Open a Windows PowerShell console on the machine with the One Identity Manager client installation.
- Run the following cmdlet to import the Data Governance Edition PowerShell module:
Where <path> is the file path for the Quest.Titan.Client.PowerShell.dll assembly. By default the <path> would be "C:\Program Files\Dell\One Identity Manager Data Governance Edition\Client\Quest.Titan.Client.PowerShell.dll"
- Run the following PowerShell cmdlet to set the server name, deployment name and port information used by the Data Governance Edition commands to connect to the Data Governance server:
Set-QServiceConnection -ServerName "<DGE server machine name>" -Port <Value> -Deployment "<Deployment name>"
NOTE: The <DGE server machine name>, Port <Value> and <Deployment name> must be the same values as specified above.
- Close the PowerShell console and restart the Data Governance service.
- Run the following PowerShell cmdlet to establish the database connection between One Identity Manager and Data Governance Edition:
Initialize-QDataGovernanceServer -DatabaseConnectionString "<Connection string for D1IM dabasebase>" [-IdentityManagerIsOracle] [-DefaultEmployeeSid "<SID of user account>"]
NOTE: Only specify the "-IdentityManagerIsOracle" flag if the One Identity Manager database is hosted by an Oracle database management system.
NOTE: Only specify the "-DefaultEmployeeSid" parameter if you want to take advantage of the automatic forest topology harvest. Adding this parameter will add the user associated with the specified SID to the One Identity Manager Employees with the appropriate Data Governance application roles. This provides the same functionality as selecting the 'Add the current user to the One Identity Manager Employees with Data Governance application roles' option when using the Data Governance Configuration wizard.
NOTE: If Windows Integrated Authentication is used to connect to the database, the Data Governance server must be configured to run as an identity other than LocalSystem (See Step 4 above).
An example of a connection string for Windows authentication may look like this:
An example of a connection string for SQL authentication may look like this:
"Data Source=myServerAddress;Initial Catalog=myDatabase;User Id=myUser;Password=myPassword"
An example of a connection string for Oracle may look like this:
"Server=myServerAddress;User id=myUser;Password=myPassword;Direct=true;Connect mode=Direct;Service name=ServiceNameOfOracleInstance;Port=myPort"
For more information on connection strings, see The Connection String Reference.
- Using your preferred database management tool, browse on the Data Governance server to the %ProgramFiles%\Dell\One Identity Manager Data Governance Edition\Server\Activity Database Scripts folder and locate a file named 'DGAuditDatabaseCreationScript.sql' for SQL Server or 'DGAuditDatabaseCreationScriptOracle.sql' for Oracle.
- For SQL server hosted databases, open the DGAuditDatabaseCreationScript.sql file and update the database name specified in the CREATE DATABASE and USE statements.
NOTE: If you are running multiple Data Governance Edition deployments, it is highly recommended that you append the deployment name to the database name (e.g., DGE_DEFAULT). This database name has a maximum length of 30 characters and can contain alphanumeric characters and underscores (no spaces).
Skip to step 13.
- For Oracle hosted databases, you only need to modify the DGAuditDatabaseCreationScriptOracle.sql file if you changed the name of the default tablespaces (USERS and TEMP) created when a new database is created. To specify the custom tablespace name, open the .sql file, search for "TABLESPACE USERS" and change "USERS" to the appropriate tablespace name.
In addition, you must pre-stage the DGE User\Database name (DGE_DEFAULT in the sample query provided in Additional Information below). Then login with that DGE User\Database name to run the .sql script.
- Run the appropriate script for your database management system to create the Data Governance Resource Activity database.
- Run the following PowerShell cmdlet to initialize the database to store data generated when a managed host has resource activity tracking enabled:
Initialize-QDataGovernanceActivity -ConnectionString <Connection string to activity database> [-ActivityDatabaseIsOracle]
NOTE: Ensure the connection string's Initial Catalog value (Database value if using Windows authentication) matches the name you specified in the sql script when creating the Data Governance Resource Activity database.
NOTE: Only use the "-ActivityDatabaseIsOracle" flag if your Data Governance Resource Activity database is hosted by an Oracle database management system.
- Restart the Data Governance service.
NOTE: It might take a minute or two before the Data Governance topology harvest task begins.