In Active Roles version 7.4 and later, the Management History data is stored in the Active Roles Management history database. So, if you have Active Roles replication configured as described in the Configuring replication section later in this document, the Management History data is replicated between Administration Services along with the configuration data. Given a large volume of the Management History data, this may cause considerable network traffic.
You can turn off replication of Management History data so as to reduce network traffic. However, doing so causes each database server to maintain a separate Management History data store. The result is that you can use Management History to examine the changes that were made only through the Administration Services that use the same database as the Administration Service you are connected to.
To sum up, the implications of turning off replication of Management History data are as follows:
As the Active Roles console or Web Interface automatically selects the Service to connect to, you may encounter different reports for the same target object or user account during different connection sessions.
Active Roles uses the Management History storage to hold approval, temporal group membership, and deprovisioning tasks. Without synchronizing information between Management History storages, such a task created by one of the Administration Services may not be present on other Administration Services. As a result, behavior of the Active Roles console or Web Interface varies depending on the chosen Administration Service.
Turning off replication of Management History data has no effect on replication of the other data pertinent to the configuration of Active Roles. Only the Management History-related portion of the configuration database is excluded from Active Roles replication.
The instructions on how to turn off replication of Management History data depend upon whether Active Roles replication is already configured.
When initially configuring Active Roles replication, you can ensure that the Management History data will not participate in Active Roles replication by assigning the Publisher role as follows (for definitions of the replication roles, see Configuring replication later in this document):
Then, you can configure Active Roles replication by using the Active Roles console as described in the Configuring replication section later in this document: Use the Add Replication Partner command on the database in the Configuration Databases container to add Subscribers to the Publisher you have configured.
This section outlines the instructions on how to turn off replication of Management History data in case that Active Roles replication is already configured as described in the Configuring replication section later in this document. You need to first delete all Subscribers for Management History data, and then demote the Publisher for Management History data. This only stops replication of Management History data, leaving the other replication functions intact.
To turn off replication of Management History data
With replication of Management History data turned off, it is still possible to have multiple Administration Services maintain the same Change History log by configuring them to use the same database. Note that the Administration Service version 6.x allows you to install multiple Services with the option to connect to a single configuration database. Thus, you can install the first Service in your environment, having the Setup program create a database. Then, you can install one more Service, having the Setup program configure the new Service to use the same database as the existing Service.
However, if different Administration Services in your environment use different database servers, you may need to re-configure replication of Management History data in order to take full advantage of the Management History feature. You can do so by managing objects in the Management History Databases container as follows.
To re-configure replication of Management History data
The Add Replication Partner command starts the wizard that is similar to that discussed in the Adding members to a replication group section later in this document. The only difference is that the list of Administration Services whose database servers can be designated as Subscribers for Management History data is limited to those Services that share the configuration data hosted on the Publisher you have selected.
© 2020 One Identity LLC. ALL RIGHTS RESERVED. Feedback 이용 약관 개인정보 보호정책