Data Governance agent
The Data Governance agent refers to the server hosting a local or remote Data Governance Edition agent.
This server must meet the following minimum system requirements.
| Processor | 500MHz+ | ||||||
| Memory | 1024MB RAM | ||||||
| Free disk space |
20 GB
| ||||||
| Operating system |
Windows operating systems:
| ||||||
| Software |
.NET Framework 4.5 or later .NET Framework 3.5.1 (SharePoint 2010 agents)
|
Resource Activity database server
The Resource Activity Database server refers to the server hosting the Data Governance Edition Resource Activity database.
|
|
Note: You can use your pre-existing One Identity Manager database server to host the resource activity database. |
This server must meet the following system requirements.
| Processor | quad core CPU |
| Memory | 16GB RAM |
| Free disk space | 100GB |
Supported target systems
The following systems are supported to be scanned.
| Target | Version | Additional notes | ||||
|---|---|---|---|---|---|---|
|
The following Windows Server versions are supported for scanning (local or remote managed hosts):
|
Resource activity collection is not supported for remotely managed Windows Server hosts. | |||||
|
The following failover clusters are supported for scanning (remote managed host):
|
Resource activity collection is not supported for Windows clusters. | |||||
|
The following NetApp filer versions (with CIFS file system protocol enabled) are supported for scanning (remote managed host):
|
Real-time security updates and resource activity collection are not supported on versions of NetApp ONTAP filers earlier than 7.3. NetApp storage devices require additional configuration. | |||||
|
The following NetApp filer versions (with NFS file system protocol enabled) are supported for scanning (remote managed host):
|
NFS managed hosts require the UNIX module to be installed during the One Identity Manager installation and configuration process. For NetApp 7-Mode managed hosts, real-time security updates and resource activity collection require FPolicy; and in order to use FPolicy, CIFS must be installed and running. NetApp storage devices require additional configuration. | |||||
|
The following EMC devices are supported for scanning (remote managed host):
The following EMC Framework versions (with CIFS file system protocol enabled) are supported:
|
VNXe is not supported. VNXe does not support CEPA currently and therefore Data Governance Edition will not run successfully in VNXe environments. EMC storage devices require additional configuration. | |||||
|
The following EMC Isilon devices (with NFS file system protocol enabled) are supported for scanning (remote managed host):
|
NFS managed hosts require the UNIX module to be installed during the One Identity Manager installation and configuration process. Resource activity collection is not supported for EMC Isilon NFS managed hosts. EMC storage devices require additional configuration. | |||||
|
The following SharePoint versions are supported for scanning (local managed host):
100GB disk space on the SharePoint agent computer for data storage and scan post-processing activities.
8GB RAM for the SharePoint agent computer. |
Agent is installed where the One Identity Manager service (job server) is running for the SharePoint farm. We recommend installing the One Identity Manager service on a dedicated SharePoint 2010/2013 Application Server in the farm and not on a Web Front server which prevents extra load processing on that server. Standalone farms are not supported. Farms configured with only Local Users and Groups are not supported. | |||||
|
The following cloud providers running on Office 365 are supported for scanning (remote managed host):
|
Resource activity collection is not supported for Cloud managed hosts. OneDrive for Business support is limited to the Documents folder for the Administrator account. Therefore, all managed paths are selected within the scope of the Administrator's Documents folder. | |||||
|
Windows 2008 Active Directory DFS and higher |
Data Governance Edition minimum permissions
The following table contains the permissions required to properly deploy Data Governance Edition.
| Account | Permission | ||
|---|---|---|---|
|
System user (Active Directory account logged on to the computer) AND |
Must have an associated One Identity Manager Employee. Employee must be assigned the Data Governance/Administrators application role or the Data Governance/Access Managers application role.
| ||
|
Log On as a Service local user rights on the Data Governance server. Local Administrator rights on Data Governance agent computers.
If the service account is not a member of the Domain Users group (for example, a user from domain A is used to manage trusted domain B), additional rights are required. | |||
|
SQL service account for connection with the Data Governance Resource Activity database |
dbcreator server role is required to create the database during initial configuration of Data Governance Edition db_owner role is required to work with the database | ||
|
SQL service account for connection with One Identity Manager database |
db_owner role for One Identity Manager database | ||
|
The agent runs under the Local System account. No additional rights are required. | |||
|
Service account for an agent managing remote Windows managed hosts |
Local Administrator rights on the managed host.
Log On as a Service local user rights on the agent computer. (This is automatically granted when the agent is deployed.) | ||
|
Must be the SharePoint farm account (same account that is used to run the SharePoint timer service and the One Identity Manager service (job server)). This account also needs to be a member of the administrators group on the SharePoint server. Log On as a Service local user rights on the agent computer. (This is automatically granted when the agent is deployed.) | |||
|
Log On as a Service local user rights on the agent computer. (This is automatically granted when the agent is deployed.) Must be a member of the local Administrators group on the NetApp filer in order to create FPolicy. Must have permissions to access folders being scanned. | |||
|
Service account for an agent managing EMC Isilon storage devices |
Log On as a Service local user rights on the agent computer. (This is automatically granted when the agent is deployed.) Must have "run as root" permissions on the Isilon SMB share that has been selected as a managed path. | ||
|
One Identity Manager service (job server) account used for scheduling Data Governance Edition reports |
Must have an associated One Identity Manager Employee. Employee must be assigned the Data Governance/Administrators application role or the Data Governance/Access Managers application role. | ||
|
Active Directory account used by the AppServer to establish communication between the Data Governance server and the Manager |
Must have an associated One Identity Manager Employee. Employee must be assigned the Data Governance/Administrators and the Data Governance/Access Managers application roles.
|