Change management
Initially, all changes made to data in One Identity Manager are saved in the One Identity Manager database. You must ensure that log entries are regularly removed from the One Identity Manager database and archived in a One Identity Manager History Database. In this way, the One Identity Manager History Database provides an archive of change information. Statistical analyzes are carried out in the One Identity Manager History Database that simplify how trends and flows are presented. Historical data is evaluated using the TimeTrace function or using reports.
NOTE: Any number of One Identity Manager History Databases can be used for analyzing historical data in the TimeTrace and in reports. Not only are One Identity Manager History Databases in the current format supported, but older formats in read-only mode also.
Logged data may be subject to further regulations such as statutory retention periods. It is recommended to operate One Identity Manager History Databases that correspond to the report periods. After a specified reporting period has expired, you can set up a new One Identity Manager History Database.
Depending on the volume of the One Identity Manager database data and the frequency at which it is changed, it might be necessary to create further One Identity Manager History Databases at certain intervals (such as yearly, quarterly, or monthly). The proportion of historical data to total volume of a One Identity Manager database should not exceed 25 percent. Otherwise performance problems may arise.
Setting up a One Identity Manager History Database requires the following steps:
-
Installing the One Identity Manager History Database
-
Declaring a One Identity Manager History Database in the One Identity Manager database
-
Archiving procedure setup
Detailed information about this topic
Installing a One Identity Manager History Database
Installation of a One Identity Manager History Database is similar to that of a One Identity Manager database. For more information about the system prerequisites and how to install a database, see the One Identity Manager Installation Guide.
Use the One Identity Manager History Database to set up the Configuration Wizard.
IMPORTANT: Always start the Configuration Wizard on an administrative workstation.
To install a One Identity Manager History Database with the Configuration Wizard
-
Start the Configuration Wizard.
-
On the Configuration Wizard's home page, select the Create and install database option and click Next.
-
To install a new database, enter the following database connection data on the Create administrative connection page.
-
Server: Database server.
-
(Optional) Windows Authentication: Specifies whether the integrated Windows authentication is used. This type of authentication is not recommended. If you decide to use it anyway, ensure that your environment supports Windows authentication.
-
User: SQL Server Login name of the installation user.
-
Password: Password for the installation user.
- OR -
To use an existing empty database, on the Create administrative connectionpage, select the Use an existing, empty database for installation option and enter the database connection information.
-
Server: Database server.
-
(Optional) Windows Authentication: Specifies whether the integrated Windows authentication is used. This type of authentication is not recommended. If you decide to use it anyway, ensure that your environment supports Windows authentication.
-
User: SQL Server Login name of the installation user.
-
Password: Password for the installation user.
-
Database: Name of the database.
TIP: To configure additional connection settings, enable the Advanced option.
-
If you are creating a new database, perform the following tasks on the Create database page.
-
In the Database properties view, enter the following information about the database.
Table 1: Database properties
Database name |
Name of the database. |
Data directory |
Directory in which the data file is created. You have the following options:
-
<default>: The database server’s default directory.
-
<browse>: Select a directory using the file browser.
-
<directory name>: Directory in which data files are already installed. |
Log directory |
Directory in which the transaction log file is created. You have the following options:
-
<default>: The database server’s default directory.
-
<browse>: Select a directory using the file browser.
-
<directory name>: Directory in which transaction log files are already installed. |
Memory tables directory |
Directory for data file group and database file for memory-optimized tables. You have the following options:
-
<default>: The database server’s default directory.
-
<browse>: Select a directory using the file browser.
-
<Directory name>: Directory in which data files for memory-optimized tables are already installed. |
Initial size |
Initial size of the database files. You have the following options:
-
<Default>: Default entry for the database server.
-
<custom>: User-defined entry.
-
Different recommended sizes: Depending on the number of employees being administrated. |
-
In the Installation source pane, select the directory with the installation files.
- OR -
If you are using an existing database, on the Create database page, Installation source view, select the directory containing the installation files.
-
On the Select configuration modules page, select the Data archiving configuration module.
-
The installation steps are shown on the Processing database page.
Installation and configuration of the database are automatically carried out by the Configuration Wizard. This procedure may take some time depending on system performance. Once processing is complete, click Next.
TIP: Set Advanced to obtain detailed information about processing steps and the migration log.
-
On the last page of the Configuration Wizard, click Finish.
Additional configuration steps are required after the schema installation:
TIP: Alternatively, you can create the One Identity Manager History Database using the Quantum.MigratorCmd.exe command line program.
Calling example:
quantum.migratorcmd.exe
/connection="Data Source=<Database server>;Initial Catalog=<Database>;User ID=<Database user>;Password=<Password>"
--Install
/Module="HDB"
/System=MSSQL
/LogLevel= Info
/Destination=<source folder>
For more information about the Quantum.MigratorCmd.exe command line program, see the One Identity Manager Operational Guide.
Related topics
Updating a One Identity Manager History Database
IMPORTANT: As of One Identity Manager version 9.0, One Identity Manager History Database has been significantly simplified. On the one hand, this reduces the effort required to set up and operate the database and, on the other, enables the operation of Azure SQL Databases. The History Database only provides simplified data storage. The History Database neither includes One Identity Manager modules nor system configuration data. There are no active components anymore.
When updating a History Database with a version that is older than 9.0, note the following:
-
It is recommended to install the History Database first!
-
Existing databases are still supported for querying archived data in TimeTrace and reports. These databases do not need to be migrated.
-
If you still want to migrate an existing History Database, ensure that the all features, procedures, tables, and views that are not in the following list are deleted by the History Database migration:
HistoryChain, HistoryJob, ProcessChain, ProcessGroup, ProcessInfo, ProcessStep, ProcessSubstitute, RawJobHistory, RawProcess, RawProcessChain, RawProcessGroup, RawProcessStep, RawProcessSubstitute, RawWatchOperation, RawWatchProperty, SourceColumn, SourceDatabase, SourceTable, WatchOperation, WatchProperty
Save any custom extensions before migrating.
NOTE: Read the release notes for possible differing or additional steps for updating a One Identity Manager History Database.
To update a One Identity Manager History Database to a newer version
-
Update the administrative workstation, on which the One Identity Manager History Database database schema update will be started. For more information about updating an administrative database, see the One Identity Manager Installation Guide.
-
Make a backup of the One Identity Manager History Database.
-
Run the One Identity Manager History Database schema update.
-
Start the Configuration Wizard on the administrative workstation.
Select a user who has at least administrative permissions for the One Identity Manager database to update the One Identity Manager schema with the Configuration Wizard.
-
Use the same user that you used to initially install the schema.
-
If you created an administrative user during schema installation, use that one.
-
If you selected a user with Windows authentication to install the schema, you must use the same one for updating.
-
On the Configuration Wizard home page, select the Update database option and click Next.
-
On the Select database page, select the database and installation directory.
-
Select the database connection in the Select a database connection pane. Select a user who at least has administrative permissions for the One Identity Manager database.
-
In the Installation source pane, select the directory with the installation files.
-
Other users with existing connections to the database are displayed on the Active sessions page.
-
The installation steps are shown on the Processing database page. Installation and configuration of the database are automatically carried out by the .
TIP: Set Advanced to obtain detailed information about processing steps and the migration log.
-
On the last page of the Configuration Wizard, click Finish.
Related topics
Declaring a One Identity Manager History Database in the One Identity Manager database
Declare the One Identity Manager History Database to be used for transferring data to the One Identity Manager in the TimeTrace. The One Identity Manager Service service ensures the data is transferred from the One Identity Manager database to the One Identity Manager History Database.
NOTE: Any number of One Identity Manager History Databases can be used for analyzing historical data in the TimeTrace and in reports. Not only are One Identity Manager History Databases in the current format supported, but older formats in read-only mode also.
NOTE: Only one One Identity Manager History Database can be used as a destination for data transfer at a time, all other databases are read-only.
There are different ways to establish a connection to a One Identity Manager History Database: