지금 지원 담당자와 채팅
지원 담당자와 채팅

Identity Manager 9.2.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics
Overview of the One Identity Manager schema Table types and default columns in the One Identity Manager data model Notes on editing table definitions and column definitions Table definitions Column definitions Table relations Dynamic foreign key Supporting file groups
Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Mapping processes in One Identity Manager Setting up Job servers
The One Identity Manager Service functionality Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Visual Basic .NET scripts usage Notes on message output Notes on using date values Tips for using PowerShell scripts Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD notation Script library Support for processing scripts in the Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Overriding scripts Permissions for running scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
One Identity Manager query language Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration One Identity Manager as SCIM 2.0 service provider Processing DBQueue tasks One Identity Manager Service configuration files

Job server properties

NOTE: More properties may be available depending on which modules are installed.

Table 91: Job server properties

Property

Meaning

Server

Job server name.

Full server name

Full server name in accordance with DNS syntax.

Syntax:

<Name of servers>.<Fully qualified domain name>

Server is cluster

Specifies whether the server maps a cluster.

Server belongs to cluster

Cluster to which the server belongs.

NOTE: The Server is cluster and Server belongs to cluster properties are mutually exclusive.

IP address (IPv6)

Internet protocol version 6 (IPv6) server address.

IP address (IPv4)

Internet protocol version 4 (IPv4) server address.

Coding

Character set coding that is used to write files to the server.

Parent Job server

Name of the parent Job server.

Executing server

Name of the executing server. The name of the server that exists physically and where the processes are handled.

This input is evaluated when the One Identity Manager Service is automatically updated. If the server is handling several queues, the process steps are not supplied until all the queues that are being processed on the same server have completed their automatic update.

Queue

Name of the queue to handle the process steps. The process steps are requested by the Job queue using this queue identifier. The queue identifier is entered in the One Identity Manager Service configuration file.

Server operating system

Operating system of the server. This input is required to resolve the path name for replicating software profiles. The values Win32, Windows, Linux, and Unix are permitted. If no value is specified, Win32 is used.

Service account data

One Identity Manager Service user account information. In order to replicate between non-trusted systems (non-trusted domains, Linux server), the One Identity Manager Service user information has to be declared for the servers in the database. This means that the service account, the service account domain, and the service account password have to be entered for the server.

One Identity Manager Service installed

Specifies whether a One Identity Manager Service is installed on this server. This option is enabled by the QBM_PJobQueueLoad procedure the moment the queue is called for the first time.

The option is not automatically removed. If necessary, you can reset this option manually for servers whose queue is no longer enabled.

Stop One Identity Manager Service

Specifies whether the One Identity Manager Service has stopped. If this option is set for the Job server, the One Identity Manager Service does not process any more tasks.

You can make the service start and stop with the appropriate administrative permissions in the Job Queue Info program. For more information, see the One Identity Manager Process Monitoring and Troubleshooting Guide.

Paused due to unavailability of a target system

Specifies whether task processing for this queue has been stopped because the target system that uses this Job server as a synchronization server is temporarily unavailable. As soon as the target system is available again, processing starts and all outstanding tasks are performed.

For more information about offline mode, see the One Identity Manager Target System Synchronization Reference Guide.

No automatic software update

Specifies whether to exclude the server from automatic software updating.

NOTE: Servers must be manually updated if this option is set.

Software update running

Specifies whether a software update is currently running.

Port

Port for showing the One Identity Manager Service log file in a browser.

No direct database connection

Specifies whether the Job server can work directly against the database when carrying out the process steps or whether it works via an application server. Enable the option if a Job server process step cannot be carried out against the database directly.

If a process step cannot be carried out by the Job server directly against the data, the application server connection is stored in with the process step connection data and not the direct database connection.

NOTE: Processes with process tasks that have the Direct database connection required option enabled must not be carried out by a Job server with the No direct database connection option enabled. Otherwise an error occurs.

No process assignment

Specifies whether the Job server load balances.

Connection data

If the Job server has no direct connection to the database, enter the connection data for the application service.

You can enter the connection data in the Designer, in the Base data > Security settings > Connection data category.

Extended properties

Additional information about Job servers. The UID of the Job server and the details of creation and change (user, date) are displayed. These cannot be edited.

Last fetch time

Last time the process was collected.

Last timeout check

The time of the last check for loaded process steps with a dispatch value that exceeds the one in the Common | Jobservice | LoadedJobsTimeOut configuration parameter.

External port

(For docker containers) Custom port for showing the One Identity Manager Service log file in a browser.

Full server name external

(For docker containers) Custom full server name complying with DNS syntax.

Syntax:

<Name of servers>.<Fully qualified domain name>

Server function

Server functionality in One Identity Manager. One Identity Manager processes are handled with respect to the server function.

Machine role

Role of the Job server in One Identity Manager. Installation packages to be installed on the Job server are found depending on the selected machine role.

Related topics

Machine roles and server functions

A machine role describes the role a computer or server assumes in a One Identity Manager system. You can give each computer or server several roles. This means, one, or more machine roles can be assigned. You select machine roles when One Identity Manager components are installed.

Machine roles are structured hierarchically. If you select a machine role at installation, all parent machine are also assigned.

Example: Machine role structure

Server

Job server

Active Directory

If you select the Active Directory machine role during the installation, the Job server and Server machine roles are also assigned.

Some machine roles such as Web cannot be actively selected during the installation. These machine roles are automatically assigned when different web applications are installed with the Web Installer.

Machine roles for installing the One Identity Manager Service are linked with server functions. The server function defines the functionality of a server in One Identity Manager. One Identity Manager processes are handled with respect to the server function. The server functions available are predefined when a server installed, based on the selected machine role.

Example: Connection between machine roles and server functions.

The Active Directory machine role is connected to the Active Directory Connector server function. Therefore, when you set up a One Identity Manager synchronization project after the machine role is installed, the server is available as synchronization server in Active Directory.

The installation packages and files to be installed on the computer or server are specified in a machine role. The information about the machine role, the installation package and the files is saved in the file InstallState.config during installation and are thus available for automatic software update.

NOTE: If you use the Software Loader to import new files into the One Identity Manager database, you should assign the files to a machine role. This ensures that the file are distributed by automatic software update. For more information about automatic software updates, see the One Identity Manager Installation Guide.

Related topics

Overview of server functions

To display information about server functions

  • In the Designer, select the Base data > Installation > Server functions category.

The server function defines the functionality of a server in One Identity Manager. One Identity Manager processes are handled with respect to the server function.

NOTE: More server functions may be available depending on which modules are installed.
Table 92: Permitted server functions

Server function

Remark

Update server

This server automatically updates the software on all the other servers. The server requires a direct connection to the database server that One Identity Manager database is installed on. It can run SQL tasks.

The server with the One Identity Manager database installed on it is labeled with this functionality during initial installation of the schema.

SQL processing server

It can run SQL tasks. The server requires a direct connection to the database server that One Identity Manager database is installed on.

Several SQL processing servers can be set up to spread the load of SQL processes. The system distributes the generated SQL processes throughout all the Job servers with this server function.

CSV script server

This server can process CSV files using the ScriptComponent process component.

One Identity Manager Service installed

Server on which a One Identity Manager Service is installed.

SMTP host

Server from which One Identity Manager Service sends email notifications. Prerequisite for sending mails using One Identity Manager Service is SMTP host configuration.

Default report server

Server on which reports are generated.

Related topics

Overview of machine roles

To display information about machine roles

  • In the Designer, select the Base data > Installation > Machine roles category.

Installation packages to be installed on the Job server are found depending on the selected machine role.

Table 93: Machine role and installation package options
Machine role Description of the installation package

Database Agent

Contains the DatabaseAgentServiceCmd.exe program for running the Database Agent Service from the command line.

Documentation

Contains One Identity Manager documentation in different languages.

SCIM Provider

Contains the SCIM Plugin for the API Server

Server

Contains all the basic components for setting up a server.

Server | Job Server

Contains the One Identity Manager Service and basic processing components. Additional machine roles contain connectors for synchronizing individual target systems.

Server | Job Server | Configuration tool

Contain configuration tool for the One Identity Manager Service.

Server | Web

Contains all the basic components for setting up a web server.

Server | Web | Application Server

Contains the components for setting up an application server. The machine roles Search Service and Search Indexing Service are required for indexing the full text search. These machine roles are always used together.

Server | Web | Business API Server

Contains the components for setting up an API Server.

Server | Web | Manager Web Application

Contains the tools for installing and configuring the Manager on a web server.

Server | Web| End User Web Application

Contains the tools for installing and configuring the Web Portal on a web server.

Workstation

Contains all basic components for installing tools on an administrative workstation.

Workstation | Administration

Contains administration tools required by default users for fulfilling their tasks with One Identity Manager. In addition to the tools that ensure basic functionality for working with One Identity Manager, the administration machine role includes the Manager as a main administration tool.

Workstation | Command line administration tools

Contains various command line programs.

Workstation | Configuration

Contains all tools for the default user and additional programs required to configure the system. For example, these include the Configuration Wizard, Database Compiler, Database Transporter, Crypto Configuration, Designer, Web Designer, and configuration tools for the One Identity Manager Service.

Workstation | Development and Testing

Contains the tools to develop and test custom scripts, such as the System Debugger.

Workstation | Monitoring

Contains programs for monitoring the system status, for example the Job Queue Info program.

Related topics
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택