Data Governance service deployment methods
Deploying Data Governance service and creating Resource Activity database
Deploying multiple Data Governance services
Updating One Identity Manager to a Data Governance Edition deployment
Data Governance service deployment methods
Deploying Data Governance service and creating Resource Activity database
Deploying multiple Data Governance services
Updating One Identity Manager to a Data Governance Edition deployment
Prior to deploying the Data Governance Edition components, including the Data Governance service and Resource Activity database:
This table lists the methods that can be used to deploy Data Governance Edition components, including the Data Governance service and Resource Activity database.
Deployment method | Description | Notes/Additional information |
---|---|---|
Data Governance Configuration wizard |
The recommended method for deploying the Data Governance service and Data Governance Resource Activity database. The wizard can be accessed using the following methods:
|
Running the Data Governance Configuration wizard:
For more information on using the Data Governance Configuration wizard, see Deploying Data Governance service and creating Resource Activity database. |
Windows Installer |
Use to manually install the Data Governance service. Use this method, to install the Data Governance service to a different location other than the default directory. Once installed, use the following PowerShell cmdlets in the OneIdentity.DataGovernance snap-in to manually configure and initialize the Data Governance Edition components:
|
The Data Governance service installer is included in the autorun and can be found in the QAM module's directory. For example, C:\<DGE Build>\Modules\QAM\dvd\DataGovernance_ServerComponentsInstaller_x64.msi. Only a 64-bit version is available. For more information on the Windows Installer options available and instructions on manually deploying the Data Governance service, see the One Identity Manager Data Governance Edition Technical Insight Guide. For more information on using Windows PowerShell to manage your Data Governance Edition deployment, see the One Identity Manager Data Governance Edition Technical Insight Guide. |
Using the Data Governance Configuration wizard is the recommended method for deploying and configuring the Data Governance service and creating the Data Governance Resource Activity database.
Important: When you follow the steps outlined in the Deployment overview and run the Data Governance Configuration wizard before you run the One Identity Manager Synchronization Editor, the Data Governance service will perform the following tasks allowing you to add managed hosts and deploy agents:
However, if you run the One Identity Manager Synchronization Editor prior to running the Data Governance Configuration wizard, the Data Governance service will NOT perform the automated steps mentioned above. Meaning that you must wait for the Active Directory synchronization process to finish each domain project before you can configure Employee records and assign One Identity Manager application roles, configure Data Governance service accounts and managed domains, and add managed hosts and deploy agents.
Note: The following procedure details installing the Data Governance service to a default location. However, if required, you can install the service to another location by running the Data Governance server msi. For more information, see the One Identity Manager Data Governance Edition Technical Insight Guide.
This should be performed before running the Data Governance Configuration wizard so that it is available for the Connect to the existing Data Governance service option.
To deploy a new Data Governance service and resource activity database
Run the Data Governance Configuration wizard using one of the following methods:
On the One Identity Manager database page, specify the information required to connect to the One Identity Manager database.
Database: Select the One Identity Manager database.
Click Next.
On the Data Governance Edition Configuration page, select Install or Upgrade the Data Governance service and provide the following information:
Port: This field displays the net.tcp port opened on the Data Governance server computer. In a new Data Governance Edition deployment, the default net.tcp port is 8722.
NOTE: The HTTP port aligns with the net.tcp port and automatically selects -1 from the port specified here. The HTTP port is used by the Data Governance agents if WCF fails.
Deployment: This field displays the deployment name assigned to the Data Governance Edition deployment. In a new Data Governance Edition deployment, the default deployment name is DEFAULT.
To change this value, enter the name to be associated with this deployment of Data Governance Edition. The deployment name is required; has a maximum length of 30 characters; and can only contain alphanumeric characters and underscores (no spaces allowed).
NOTE: The deployment name is also used in the Data Governance Resource Activity database name (that is, DGE_<DeploymentName>) and that name also has a limit of 30 characters. So, if you specify a 30 character deployment name, the new activity database name will only use <DeploymentName>.
NOTE: When deploying multiple Data Governance Edition deployments in a forest, specify a different server for the Data Governance service and a unique deployment name for each deployment. For more information, see Deploying multiple Data Governance services.
Leave the Add the current user to the One Identity Manager Employees with Data Governance application roles check box selected. The Data Governance service automatically assigns the current user account the Data Governance application roles and target system role in each domain found during the forest topology harvest.
NOTE: The Data Governance service obeys the current One Identity Manager "Edit Configuration Parameters"\TargetSystem\ADS\PersonExcludeList, which by default is:
ADMINISTRATOR | GUEST | KRBTGT | TSINTERNETUSER | IUSR_.* | IWAM_.* | SUPPORT_.* |.*\$
This means that ANY Active Directory account sAMAccount name that matches any of the names specified in this exclude list, including 'administrator' will not be added as a One Identity Manager Employee with the assigned Data Governance application roles, even if the current user running the configuration wizard is the administrator account.
Click Next.
In the Service Account Setting dialog, specify the account to be used to run the Data Governance service.
When SQL authentication is being used for the One Identity Manager database authentication method (that is, the Windows authentication check box is cleared on the One Identity Manager database page):
To use a service account other than the local system account, clear the Use LocalSystem account check box and enter the Windows credentials of the service account to be used.
NOTE: If you specify a service account, you must move the Service Principal Name (SPN) from the computer object. For more information, see Move Service Principal Name in Active Directory.
When Windows authentication is being used for the One Identity Manager database authentication method (that is, the Windows authentication check box is selected on the One Identity Manager database page):
The Use LocalSystem account check box is disabled and you must enter the Windows credentials of the service account to be used.
After specifying the account to be used for the Data Governance service, click OK.
Wait for the installation process to complete, click Finish to close the Data Governance server installation dialog.
Windows Authentication: If you select Windows Authentication for the One Identity Manager database authentication method, enter the Windows credentials for the account that will run the Data Governance service.
NOTE: If you selected SQL server authentication for the One Identity Manager database authentication method, use SQL authentication here as well. If you selected Windows authentication for the One Identity Manager database authentication method, you can select either SQL authentication or Windows authentication for the resource activity database.
Click Next.
On the Data Governance activity database server - Database Properties page, click Next to accept the default database name for which the schema for the Data Governance Resource Activity database should be created and to accept the default database options.
The Database name field is pre-populated with DGE_<DeploymentName>. Where <DeploymentName> is the name assigned to the Data Governance Edition deployment on the previous wizard page. If the total length of the activity database name exceeds 30 characters, then the new default activity database name will only use <DeploymentName>.
To change the name, enter the new name to be assigned to the database. The database name is required; has a maximum length of 30 characters; and can only contain alphanumeric characters and underscores (no spaces allowed).
IMPORTANT: When installing multiple Data Governance Edition deployments in the same forest, ensure that each deployment is connecting to a database with a unique name. Do NOT connect a new deployment to an existing database.
Before you can gather information on the data in your environment, perform the necessary post-installation configuration tasks. For more information, see Post installation configuration.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center