Chat now with support
Chat with Support

Identity Manager Data Governance Edition 9.0 LTS - Release Notes

Database server

The Database server refers to the server hosting the One Identity Manager database. One Identity Manager supports SQL Server database systems.

The following system requirements must be met in order to install the database on a server for use with Data Governance Edition. Depending on the number of One Identity Manager modules and the accounts managed in One Identity Manager, the requirements for working memory, hard disk space, and processors may be significantly greater than the minimum requirements. For more details on the system requirements for One Identity Manager, see the One Identity Manager Installation Guide or One Identity Manager Release Notes.

Table 21: Minimum system requirements: Database server
Processor

8 physical cores with 2.5 GHz+ frequency (non-production)

16 physical cores with 2.5 GHz+ frequency (production)

NOTE: 16 physical cores are recommended on performance grounds.

Memory

16 GB+ RAM (non-production)

64 GB+ RAM (production)

Free disk space

100 GB

Operating system

Windows operating systems:

  • Note the requirements given by Microsoft for the SQL Server version you are using.
NOTE: The 64-bit requirement for Windows Servers is specific to Data Governance Edition.

UNIX and Linux operating systems:

  • Note the requirements given by the operating system manufacturer for SQL Server databases.

Software

Supported SQL Server versions are:

  • SQL Server 2019 Standard Edition (64-bit) with the current cumulative update

    NOTE: The cumulative update 2 for SQL Server 2019 is not supported.

NOTE: For performance reasons, the use of SQL Server Enterprise Edition is recommended for live systems.

  • Compatibility level for databases: SQL Server 2019 (150)

  • Default collation: case insensitive, SQL_Latin1_General_CP1_CI_AS (recommended)

  • SQL Server Management Studio (recommended)

NOTE: The minimum requirements listed above are considered to be for general use. With each custom One Identity Manager deployment these values may need to be increased to provide ideal performance. To determine production hardware require-ments, it is strongly recommended to consult a qualified One Identity Partner or the One Identity Professional Services team. Failure to do so may result in poor database performance.

For additional hardware recommendations, read the KB article https://sup-port.oneidentity.com/identity-manager/kb/290330/how-to-configure-settings-as-per-the-system-information-overview, which outlines the System Information Overview available within One Identity Manager.

NOTE: NOTE: In virtual environments, you must ensure that the VM host provides performance and resources to the database server according to system requirements. Ideally, resource assignments for the database server are fixed. Furthermore, optimal I/O performance must be provided, in particular for the database server. For more information about virtual environments, see Product Support Policies.

For installation and operation of a One Identity Manager database, the following database server and database settings are required.

Table 22: Database server settings
Property Value Comment

Language

English

 

Server Collation

Case insensitive

SQL_Latin1_General_CP1_CI_AS (recommended)

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Extreme transaction processing supported (is XTP supported)

True

One Identity Manager uses In-Memory-OLTP (Online Transactional Processing) for memory-optimized data accesses. The database server must support extreme transaction processing (XTP). This function is activated by default in a standard installation.

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database. If XTP is not activated, the installation or update is not started.

SQL Server Agent

Started

Start the SQL Server Agent in the SQL Server Service Management Portal. You can log in to a SQL Server Agent as a domain user with Windows authentication or with a local system account.

The settings is checked by the Configuration Wizard before installing or updating the One Identity Manager database. If the SQL Server Agent is not started, the installation or update is not started.

Collation

SQL_Latin1_General_CP1_CI_AS

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Recovery model

Simple

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database. If the recovery model is not set to the value Simple, a warning is issued before installing or updating starts. You can ignore this warning.

For performance reasons, however, it is recommended you set the database to the Simple recovery model for the duration of the schema installation or update.

Compatibility level

SQL Server 2019 (150)

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Auto Create Statistics

True

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Auto Update Statistics

True

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Auto Update Statistics Asynchronously

True

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Arithmetic Abort enabled

True

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Quoted Identifiers Enabled

True

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Broker Enabled

True

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Is Read Committed Snapshot On

True

The default setting fro transactions is AutoCommit. If transactions are required, they are opened explicitly.

These settings have proven to provide the best balance between data security and performance for One Identity Manager's massive parallel processing. Other translation modes are not supported by One Identity Manager.

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Parameterization

Forced

The setting is checked by the Configuration Wizard before installing or updating the One Identity Manager database and adjusted for the database if necessary.

Database file and data file group for memory-optimized tables

Required

One Identity Manager uses In-Memory-OLTP (Online Transactional Processing) for memory-optimized data accesses.

For the creation of memory-optimized tables, the following prerequisites must be met:

  • A database file with the Filestream data file type must exist.
  • A memory-optimized data file group must exist.

Before installation or update of the One Identity Manager database, the Configuration Wizard checks whether these requirements are fulfilled.

In the Configuration Wizard, repair methods are available to create the database file and the data file group. The database file is created by the repair method in the directory of the data file (*.mdf).

For details about installation and operation of One Identity Manager database using Azure SQL Managed Instance, please refer to One Identity Manager Installation Guide: Identity Manager - Installation Guide (oneidentity.com).

Data Governance agent

The Data Governance agent refers to the server hosting a local or remote Data Governance Edition agent.

This server must meet the following minimum system requirements.

Table 23: Minimum system requirements: Data Governance agent
Processor 500MHz+
Memory 1024MB RAM
Free disk space

20 GB

NOTE: The agent will use the required CPU, memory and disk space to perform scans, data synchronizations, queries and activity reporting. Unexpected behavior will occur if any of these resources are depleted.

Operating system

Windows operating systems:

  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019

New Dynamic Access Control (DAC) features are not supported.

NOTE: When an agent is installed on Windows Server 2012/2012 R2, disable the following local policy: "User Account Control: run all Administrators in Admin Approval Mode".

NOTE: The following certificate must be installed as a Trusted Root Certification Authority on the target agent host computer: VeriSign Class 3 Public Primary Certification Authority — G5.cer.

Software

.NET Framework 4.8 or later

.NET Framework 3.5.1 (SharePoint 2010 agents)

NOTE: SharePoint 2010 agents require .NET Framework 3.5.1; all other Windows Servers and SharePoint farms hosting an agent require .NET Framework 4.5 or later.

Windows Servers hosting an agent for devices having SharePoint Online, EMC Isilon NFS, or NetApp ONTAP 9.8 and above, require TLS 1.2.

Resource Activity database server

The Resource Activity Database server refers to the server hosting the Data Governance Edition Resource Activity database.

Note: You can use your pre-existing One Identity Manager database server to host the resource activity database.

This server must meet the following system requirements.

Table 24: Minimum system requirements: Resource Activity Database server
Processor quad core CPU
Memory 16GB RAM
Free disk space 100GB

Supported target systems

The following systems are supported to be scanned.

Table 25: Supported target systems
Target Version Additional notes

Windows Server

The following Windows Server versions are supported for scanning (local or remote managed hosts):

  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019

NOTE: The space required depends on the configuration, the number of files, folders and shares scanned with explicit permissions, and the amount of activity processed.

Resource activity collection is not supported for remotely managed Windows Server hosts.

Windows Cluster

The following failover clusters are supported for scanning (remote managed host):

  • Windows 2012
  • Windows 2012 (R2)
  • Windows 2016
  • Windows 2019

NOTE: The space required depends on the configuration, the number of files, folders and shares scanned with explicit permissions, and the amount of activity processed.

Resource activity collection is not supported for Windows clusters.

NetApp CIFS Devices

The following NetApp filer versions (with CIFS file system protocol enabled) are supported for scanning (remote managed host):

  • NetApp ONTAP 7.3
  • NetApp ONTAP 8.0
  • NetApp ONTAP 8.1
  • NetApp ONTAP 8.2
  • NetApp ONTAP 8.3
  • NetApp ONTAP 9.0 RC1
  • NetApp ONTAP 9.1
  • NetApp ONTAP 9.2
  • NetApp ONTAP 9.3
  • NetApp ONTAP 9.4
  • NetApp ONTAP 9.5

  • NetApp ONTAP 9.6

  • NetApp ONTAP 9.7

  • NetApp ONTAP 9.8

  • NetApp ONTAP 9.9

Both NetApp 7-Mode and Cluster Mode are supported.

NOTE: The space required depends on the configuration, the number of files, folders and shares scanned with explicit permissions, and the amount of activity processed.

Real-time security updates and resource activity collection are not supported on versions of NetApp ONTAP filers earlier than 7.3.

NetApp storage devices require additional configuration.

NetApp NFS Devices

The following NetApp filer versions (with NFS file system protocol enabled) are supported for scanning (remote managed host):

  • NetApp ONTAP 7.3
  • NetApp OnTAP 8.0
  • NetApp ONTAP 8.1
  • NetApp ONTAP 8.2
  • NetApp ONTAP 8.3
  • NetApp ONTAP 9.0 RC1
  • NetApp ONTAP 9.1
  • NetApp ONTAP 9.2
  • NetApp ONTAP 9.3
  • NetApp ONTAP 9.4
  • NetApp ONTAP 9.5

  • NetApp ONTAP 9.6

  • NetApp ONTAP 9.7

  • NetApp ONTAP 9.8

  • NetApp ONTAP 9.9

Both NetApp 7-Mode and Cluster Mode are supported.

NOTE: The space required depends on the configuration, the number of files, folders and shares scanned with explicit permissions, and the amount of activity processed.

NFS managed hosts require the UNIX module to be installed during the One Identity Manager installation and configuration process.

For NetApp 7-Mode managed hosts, real-time security updates and resource activity collection require FPolicy; and in order to use FPolicy, CIFS must be installed and running.

NetApp storage devices require additional configuration.

EMC CIFS Devices

The following EMC devices are supported for scanning (remote managed host):

  • EMC Celerra
  • EMC VNX
  • EMC Isilon

The following EMC Framework versions (with CIFS file system protocol enabled) are supported:

  • Common Event Enabler (CEE) 7.1 (or higher)

NOTE: The space required depends on the configuration, the number of files, folders and shares scanned with explicit permissions, and the amount of activity processed.

VNXe is not supported. VNXe does not support CEPA currently and therefore Data Governance Edition will not run successfully in VNXe environments.

EMC storage devices require additional configuration.

See Appendix: EMC managed host deployment prior to adding an EMC managed host.

Common Event Enabler (CEE) version 8.7.8.1 or higher are not yet supported.

EMC Isilon NFS Devices

The following EMC Isilon devices (with NFS file system protocol enabled) are supported for scanning (remote managed host):

  • EMC Isilon 7.2
  • EMC Isilon 8.0
  • EMC Isilon OneFS 8.1.2
  • EMC Isilon OneFS 8.2

  • EMC Isilon OneFS 8.2.1

  • EMC Isilon OneFS 8.2.2

  • EMC Isilon OneFS 9.0

  • EMC Isilon OneFS 9.1

NOTE: The space required depends on the configuration, the number of files, folders and shares scanned with explicit permissions, and the amount of activity processed.

NFS managed hosts require the UNIX module to be installed during the One Identity Manager installation and configuration process.

Resource activity collection is not supported for EMC Isilon NFS managed hosts.

EMC storage devices require additional configuration.

SharePoint

The following SharePoint versions are supported for scanning (local managed host):

  • SharePoint Server 2010
  • SharePoint Server 2013
  • SharePoint Server 2016
  • SharePoint Server 2019

100GB disk space on the SharePoint agent computer for data storage and scan post-processing activities.

NOTE: The space required depends the number of sites, lists, and document libraries and the number of unique permissions gathered from the farm.

8GB RAM for the SharePoint agent computer.

Agent is installed where the One Identity Manager service (job server) is running for the SharePoint farm.

We recommend installing the One Identity Manager service on a dedicated SharePoint Application Server in the farm and not on a Web Front server which prevents extra load processing on that server.

Standalone farms are not supported.

Farms configured with only Local Users and Groups are not supported.

Cloud

The following cloud providers running on Office 365 are supported for scanning (remote managed host):

  • SharePoint Online
  • OneDrive for Business

Resource activity collection is not supported for Cloud managed hosts.

OneDrive for Business support is limited to the Documents folder for the Administrator account. Therefore, all managed paths are selected within the scope of the Administrator's Documents folder.

DFS Root

Windows 2012 Active Directory DFS and higher

  
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating