Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Identity Manager Data Governance Edition 9.0 LTS - Deployment Guide

Table of Contents

One Identity Manager Data Governance Edition Deployment Guide

Data Governance Edition overview Architecture Data Governance Edition Services

Data Governance service Data Governance agent One Identity Manager service

Deployment overview Available documentation

Data Governance Edition system requirements

Data Governance server Database server Data Governance agent Resource Activity database server Supported target systems Data Governance Edition minimum permissions

Granting SQL Server permissions Granting Active Directory permissions

Data Governance Edition required ports

Install One Identity Manager Data Governance Edition Deploy Data Governance Edition components

Deployment pre-flight check Data Governance service deployment methods Deploying Data Governance service and creating Resource Activity database Deploying multiple Data Governance services Updating One Identity Manager to a Data Governance Edition deployment

Post installation configuration

Move Service Principal Name in Active Directory Data Governance Edition components One Identity Manager service (job server) - Data Governance connector flag One Identity Manager - Synchronization projects Assign employee to UNIX account Assign employee to cloud account Assign employee to One Identity Manager application role One Identity Manager - Database configuration Configuring Change Auditor to collect resource activity One Identity Manager Application Server One Identity Manager database encryption

Authentication using service accounts and managed domains

Readying a service account and domains for deployment

Adding and editing a service account Adding a managed domain

Working with managed hosts and agents

Deployment best practices Agent leases Agent deployment pre-flight check Agent deployment methods Adding and configuring managed hosts

Adding a local managed host (Windows computer) Adding a Windows cluster / Windows computer as a remote managed host Adding a generic managed host Adding a Distributed File System (DFS) root managed host Adding a SharePoint farm managed host Adding a NetApp CIFS device as a managed host Adding an EMC CIFS device as a managed host Adding an NFS managed host Adding a cloud managed host

Managed host configuration settings

Managed host settings dialog

NIS Host page Credentials page Cloud Provider page Agents page Managed paths page Security Scanning page Resource activity page

Editing managed host settings Customizing default host settings

Deployment management

Verifying managed host system status Determining the state of the data Checking the agent status Viewing agent errors Restarting agents Remove managed hosts (and associated agents) Removing agents

Upgrade Data Governance Edition

Before you upgrade Upgrading One Identity Manager Data Governance Edition Applying a hotfix to Data Governance Edition 8.x

Remove Data Governance Edition

Remove managed hosts (and associated agents) Remove service account assignments Delete service accounts Uninstall Data Governance service Uninstall Resource Activity database

Troubleshooting

Data Governance Edition logs

Exporting agent log Getting server logs

Job queue shows that database needs to be compiled Receiving unauthorized access violations Cannot save the service account Cannot connect to a managed host DNS error when attempting to add a new managed host Agent not connecting to the Data Governance server Data Governance agents cannot access NAS devices via SMB Agent leases expiring Cannot add managed paths to my EMC server No activity data No activity data available for SharePoint 2010 managed host Resource activity is not displaying in the web portal for a business owner Governed resources are missing from the All my resources view in the web portal Not receiving scheduled reports Groups missing from the Group Memberships tree view

NetApp managed host deployment

Permissions required to access NetApp filer Data Governance agent deployment FPolicy deployment Managed host configuration options Performance considerations Compatibility with Change Auditor for NetApp

EMC managed host deployment

Configuring CEE framework Creating the cepp.conf file (Celerra or VNX devices) Enabling system configuration auditing (Isilon devices)

SharePoint Farm managed host deployment

Permissions required to access SharePoint farms Configure SharePoint to track resource activity

Configure auditing on SharePoint farms Install the QAM.SharePoint.Auditing.Monitor farm solution Map SharePoint events to Data Governance events

SharePoint Farm managed host deployment

SharePoint farms are similar to remote managed hosts in that they require an associated service account, even though they are installed locally on a SharePoint server. In addition, you can configure the level of auditing you want to perform on SharePoint farms.

Permissions required to access SharePoint farms

SharePoint farms are similar to remote managed hosts in that they require a service account with sufficient permissions to access the data, even though they are installed locally. The service account for the agent managing SharePoint farms, must meet the following minimum permissions:

Must be the SharePoint farm account (same account that is used to run the SharePoint timer service and the One Identity Manager service (job server)).
Must be a member of the administrators group on the SharePoint server.
Log On as a Service local user rights on the agent computer. (This is automatically granted when the agent is deployed.)

Configure SharePoint to track resource activity

To gather and report on resource activity in SharePoint, ensure that SharePoint native auditing is properly configured for any resources of interest. You can also optionally install the SharePoint Auditing Monitor farm solution to obtain activity for events not available in the native SharePoint auditing system.

Configure auditing on SharePoint farms

You can enable auditing at different levels in the SharePoint farm. It is recommended that you enable auditing at the site collection level to ensure that all events are collected. The methods available for configuring auditing vary depending on the SharePoint edition installed. Sometimes, you can use Central Administration; in all cases you can use Windows PowerShell. It is recommended that you enable all SharePoint native events to ensure maximum coverage for data governance activities, but you may select a smaller set to improve performance if necessary.

Consult your Microsoft documentation for complete information on configuring auditing.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center