Connecting a One Identity Manager History Database through an application server
Declare the One Identity Manager History Database to be used for transferring data to the One Identity Manager in the TimeTrace. Use the Designer to set up access to the One Identity Manager History Database.
Prerequisites for connecting a One Identity Manager History Database through an application server
-
Declaring the One Identity Manager History Database in the TimeTrace, requires an ID.
-
An ID for the One Identity Manager History Database connection is entered in the application server’s configuration file (web.config).
-
Enter a unique ID for each One Identity Manager History Database.
-
The ID must be entered in all application servers that can be used by users to log in to the Manager.
-
The ID must be entered for the application server that the One Identity Manager Service uses to connect.
-
The Manager and the Web Portal use the application server to log in. Otherwise the evaluation of the data changes in TimeTrace or in reports is not possible.
-
To generate and send report subscriptions and reports by email that show changes to data, there must be a Job server set up over an application server.
For more information about setting up a Job server and about configuring the One Identity Manager Service, see the One Identity Manager Configuration Guide.
To link a One Identity Manager History Database into a TimeTrace
-
Use the Designer to log in to the One Identity Manager database.
-
In the Designer, select the Base Data > General > TimeTrace databases category.
-
Select the Object > New menu item.
-
Ensure that the Use ID from application server option is set.
-
In History database name, enter the name of the One Identity Manager History Database.
-
In the Connection parameter (read) field, enter the ID for connecting to the One Identity Manager History Database.
The ID must match the ID in the application server’s configuration file.
-
On the One Identity Manager History Database, where the data from the One Identity Manager database will be archived:
-
Enable the Current transport target option.
-
In the Connection parameter (transport) field, enter the connection parameters for connecting to the One Identity Manager History Database.
-
Select the Database > Save to database and click Save.
NOTE: Set the Disabled option to disable the connection at a later time. If a One Identity Manager History Database is disabled, it is not taken into account when determining change data in the TimeTrace.
To configure an ID in the application server for connecting to the One Identity Manager History Database
-
During installation of the application server, enter the ID for connecting to the One Identity Manager History Database.
-
To connect a One Identity Manager History Database at a later date, enter the ID for connection in the application server’s configuration file (web.config) in the <connectionStrings> section.
Example:
<connectionStrings>
...
<add name="<History Database ID>" connectionString="Data Source=<database server>;Initial Catalog=<database name>;User ID=<database user>;Password=<password>"/>
...
</connectionStrings>
NOTE: The connection credentials in the application server’s configuration file are encrypted with the default Microsoft ASP.NET encryption. If you want to change the connection credentials later, you must decrypt them first and then encrypt them again afterward. Use ASP.NET IIS registration tool to decrypt and encrypt (Aspnet_regiis.exe).
Example call:
Decrypt: aspnet_regiis.exe -pdf connectionStrings <path to web application in IIS>
Encrypting: aspnet_regiis.exe -pef connectionStrings <path to web application in IIS>
Related topics
Establishing a direct connection to a One Identity Manager History Database
Declare the One Identity Manager History Database to be used for transferring data to the One Identity Manager in the TimeTrace. Use the Designer to set up access to the One Identity Manager History Database.
To link a One Identity Manager History Database into a TimeTrace
-
Use the Designer to log in to the One Identity Manager database.
-
In the Designer, select the Base Data > General > TimeTrace databases category.
-
Select the Object > New menu item.
-
Ensure that the Use ID from application server option is not set.
-
In History database name, enter the name of the One Identity Manager History Database.
-
Declare the Connection parameters (read).
-
Click the [...] button next to the input field to open the input dialog for connection data.
-
Enter the connection data for the One Identity Manager History Database.
-
Server: Database server.
-
(Optional) Windows Authentication: Specifies whether the integrated Windows authentication is used. This type of authentication is not recommended. If you decide to use it anyway, ensure that your environment supports Windows authentication.
-
User: The user's SQL Server login name.
-
Password: Password for the user's SQL Server login.
-
Database: Select the database.
-
On the One Identity Manager History Database, where the data from the One Identity Manager database will be archived:
-
Enable the Current transport target option.
-
In the Connection parameter (transport) field, enter the connection parameters for connecting to the One Identity Manager History Database.
-
Select the Database > Save to database and click Save.
NOTE: Set Disabled to disable the connection at a later time. If a One Identity Manager History Database is disabled, it is not taken into account when determining change data in the TimeTrace.
Related topics
Archiving procedure setup
All entries logged in One Identity Manager are initially saved in the One Identity Manager database. The proportion of historical data to total volume of a One Identity Manager database should not exceed 25 percent. Otherwise performance problems may arise. You must ensure that log entries are regularly removed from the One Identity Manager database and archived.
The following methods are provided for regularly removing recorded data from the One Identity Manager database:
-
Data can be transferred directly from the One Identity Manager database into a One Identity Manager History Database. This is the default procedure for data archiving. Select this method if the servers on which the One Identity Manager database and the One Identity Manager History Database are located have network connectivity.
-
The data is deleted from the One Identity Manager database after a certain amount of time without being archived.
All records in the One Identity Manager History Database database that are triggered by an action are grouped together into a process group based on an ID number, the GenProcID, for direct transfer to a One Identity Manager. The exported process groups along with the associated records are deleted from the One Identity Manager database once the export has been successfully completed.
The following conditions have to be met for direct transfer to a One Identity Manager History Database:
-
This section of the records is configured for export.
-
The retention period for all records that belong to a process group has ended, not taking into account whether the section is labeled for export or not.
-
There are no processes enabled with the process group GenProcID in the DBQueue, Job queue, or as scheduled operations.
-
For the triggered action, there is at least one record in the section to be exported.
Selecting an archiving procedure in the One Identity Manager database
Select the basic procedure by setting the Common | ProcessState | ExportPolicy configuration parameter. In the Designer, modify the configuration parameter.
-
If the configuration parameter is disabled, the data remains in the One Identity Manager database.
-
If the configuration parameter is enabled, the selected procedure is applied.
-
HDB: The files are transferred directly to the One Identity Manager History Database after a specified time period has expired.
-
NONE: The data is deleted in the One Identity Manager database after the specified time period has expired.
After selecting the basic procedure, you can specify whether data is exported or deleted for each section of records individually. You use configuration parameters to make the choice for each section. In the Designer, modify the configuration parameters.
Table 2: Configuration parameter for handling logged data
Common | ProcessState | PropertyLog | IsToExport |
Exports the data changes. If this configuration parameter is not set the information is deleted once the retention period has expired. |
Common | ProcessState | ProgressView | IsToExport |
Exports the data in the process information. If this configuration parameter is not set the information is deleted once the retention period has expired. |
Common | ProcessState | JobHistory | IsToExport |
Exports the information in the process history. If this configuration parameter is not set the information is deleted once the retention period has expired. |