Managed hosts must be properly configured for security scanning (and resource activity collection, if applicable) to begin. An agent must be configured to communicate with the server and gather resource information. Until this is done, no security information will be stored or indexed for this computer. Agents are configured when you add or edit a managed host.

Real-time security updates in the context of Data Governance Edition refers to the monitoring of changes to the file system caused by create, delete, and rename operations, as well as DACL, SACL and Owner changes, in order to maintain the security index. These real-time security updates are not monitored by default, but can be configured on the Security Scanning page of the Managed Host Settings dialog.

Note: Enabling real-time security updates for NAS devices requires additional configuration on the NAS device itself. For more information, see Additional configuration for an EMC storage device and Additional configuration for NetApp filers .

When enabled, resource activity is collected in real time, compressed, and then stored in the Data Governance Resource Activity database. Historical activity data can then be used to calculate a resource's perceived owner and to generate activity-related reports. Use the Resource Activity page of the Managed Host Settings dialog to enable and configure resource activity collection and aggregation.
Managed paths will be scanned for security access information and if enabled, for collecting resource activity.

The available configuration settings vary depending on the type of managed host, as shown in the following table. Yes indicates that the settings can be configured.

Table 41: Configurable managed host settings
Managed host type	Resource activity	Real-time security updates	Security scanning	Managed paths	Service accounts
Local Windows Computer	Yes Not collected by default.	Yes Not monitored by default.	Yes By default, scanning starts immediately once an agent is deployed.	Yes By default, all NTFS drives are scanned if no managed paths are specified.	No service account is required as the agent runs as the Local System.
Windows Cluster / Remote Windows Computer	N/A	Yes Not monitored by default.	Yes Scanning starts on a configured schedule. By default, every day of the week at 2:00 A.M.	Yes Managed paths must be defined for scanning to occur.	Requires a service account with Local Administrator rights on the managed host. The agent scanning the host runs under the service account.
NetApp 7-Mode and Cluster-Mode CIFS Devices NetApp 7-Mode and Cluster Mode NFS Devices	Yes Not collected by default. Requires FPolicy	Yes Not monitored by default.	Yes Scanning starts on a configured schedule. By default, every day of the week at 2:00 A.M.	Yes Managed paths must be defined for scanning to occur.	Requires a service account; must be a member of the local Administrators group on the NetApp 7-Mode filer in order to create FPolicy. This account must also have permissions to access folders being scanned.
EMC CIFS Devices	Yes Not collected by default.	Yes Not monitored by default.	Yes Scanning starts on a configured schedule. By default, every day of the week at 2:00 A.M.	Yes Managed paths must be defined for scanning to occur.	Requires a service account with required permissions. The agent scanning the host runs under the service account. The service account for an agent managing EMC Isilon storage devices, must have "run as root" permissions on the Isilon SMB share to be managed (that is, selected as a managed path).
EMC Isilon NFS Devices	N/A	N/A	Yes Scanning starts on a configured schedule. By default, every day of the week at 2:00 A.M.	Yes Managed paths must be defined for scanning to occur.	Requires a service account; must have "run as root" permissions on the Isilon SMB share to be managed (that is, selected as a managed path).
SharePoint Farm	Yes Not collected by default.	N/A	Yes Scanning starts on a configured schedule. By default, every day of the week at 2:00 A.M.	Yes Managed paths must be defined for scanning to occur.	Requires a service account; must be the SharePoint farm account (same account that is used to run the SharePoint timer service and the One Identity Manager service (job server)); must be a member of the administrators group on SharePoint server. The agent scanning the host runs under the service account.
Cloud (for example, SharePoint Online)	N/A	N/A	Yes Scanning starts on a configured schedule. By default, every day of the week at 2:00 A.M.	Yes Managed paths must be defined for scanning to occur.	Requires a service account which becomes the agent run as account. This account is not used to connect to the Cloud provider.
Generic	N/A	N/A	Yes Scanning starts on a configured schedule. By default, every day of the week at 2:00 A.M.	Yes Managed paths must be defined for scanning to occur.	Requires a service account with required permissions. The agent scanning the host runs under the service account.
Distributed File System	Yes Not collected by default.	N/A	N/A	N/A	N/A

Managed host settings dialog

Administering Data Governance Edition > Working with managed hosts and agents > Managed host configuration options > Managed host settings dialog

The Managed Host Settings dialog allows you to define the configuration settings for new managed hosts. This dialog appears when you select one of the following tasks from the Managed hosts view:

Manage host
Manage multiple hosts
Manage NFS host
Manage Cloud host
Edit host settings

This dialog contains the following controls.

Table 42: Managed Host Settings dialog: Controls

Control

Description

Managed Host

Specifies the managed host to be added.

For local managed hosts, this is a read-only field that displays the name of the host computer selected in the Managed hosts view.
For remote managed hosts, including supported EMC and NetApp storage devices with CIFS file system protocol enabled, this is a read-only field that displays the name of the host computer selected in the Managed hosts view.
For cloud managed hosts, this field is blank when using the Manage Cloud host task. However, it displays the <DomainName>.onmicrosoft.com host name when using the Edit host settings task.
If multiple hosts are selected, <Multiple Managed Hosts> appears in this field.
For NFS managed hosts, enter the IP address or fully qualified domain name of the NFS host computer to be managed.

Host Type

Select the type of managed host to be added to the Data Governance Edition deployment.

When using the Manage host or Manage multiple hosts task, the options available depend on the host computer selected in the Managed hosts view. Valid managed host types include:

EMC Celerra/VNX Device
EMC Isilon Device
Generic Host Type
Local Windows Computer
NetApp OnTap Cluster Mode CIFS Device
NetApp OnTap 7-Mode CIFS Device
SharePoint Farm
Windows Cluster/Remote Windows Computer

When using the Manage NFS host task, you must select one of the following host types:

EMC Isilon NFS Device
NetApp Cluster NFS Device
NetApp 7-Mode NFS Device

When using the Manage Cloud host task, you must select one of the following host types:

SharePoint Online
OneDrive for Business

When using the Edit host settings task, this is a read-only field that specifies the type of host.

Agent Install Path

By default, the agent will be installed in the Data Governance Server installation directory (%ProgramFiles%\One Identity\One Identity Manager Data Governance Edition\Agent Services).

When you deploy an individual agent, you can use this field to specify an alternate agent installation. To specify an alternate installation directory, enter a local path (for example C:\Mypath) that does not exceed 512 characters.

NOTE: If there is an existing agent on the machine, you cannot install another agent with a different installation directory. All agents must be installed in the same directory.

NOTE: If required, use the Customize default host settings task to define an alternate default installation directory for deploying new agents. When you opt to set the installation directory for an individual agent using the Agent Install Path field on the Managed Host Settings dialog, it will take precedence over the default agent installation location defined on the Customize default host settings dialog.

Keywords

(Optional) Enter a keyword which can then be displayed and used to group your managed hosts on the Managed hosts view.

NIS Host

Use the NIS Host page to select the Network Information Systems (NIS) server whose users and groups have been synchronized with One Identity Manager.

NOTE: This page only applies to NFS managed hosts.

For more information, see NIS Host page.

Credentials page

Use the Credentials page to provide user credentials that can establish a connection with the NAS device.

For NetApp hosts, the user must have the 'ontapi' User Login Method application.
For EMC hosts, this account must have the 'Platform API' privileges applied.

NOTE: This page only applies to NFS managed hosts and NetApp OnTap Cluster Mode CIFS managed hosts.

For more information, see Credentials page.

Cloud Provider

Use the Cloud Provider page to enter the Office 365 domain and login credentials of the administrative account to be used to authenticate with the Data Governance Edition API cloud proxy.

NOTE: This page only applies to Cloud managed hosts.

For more information, see Cloud Provider page.

Agents page

Use the Agents page to configure the agents to be used to monitor a remote managed host or SharePoint managed host.

NOTE: This page only applies to remote managed hosts and SharePoint managed hosts.

For more information, see Agents page.

Managed Paths page

Use the Managed Paths page to define the paths to be managed by Data Governance Edition. These managed paths will be scanned for security access information and if enabled, for collecting resource activity.

Click the Add button to display the Managed Paths Picker dialog, where you can then navigate to and select the paths to be scanned.

For more information, see Managed paths page.

Security Scanning page

Use the Security Scanning page to set the schedule and settings for scanning agents for changes to the structure and security of the file system.

For more information, see Security Scanning page.

Resource activity page

Use the Resource Activity page to configure the collection and aggregation of resource activity for the target managed host.

NOTE: Not available for Windows Cluster/Remote Windows Computer, Generic or Cloud managed hosts.

For more information, see Resource activity page.

Click the OK button to save your selections and close the dialog.

Cancel

Click the Cancel button to close the dialog without saving your selections.

NIS Host page

Administering Data Governance Edition > Working with managed hosts and agents > Managed host configuration options > NIS Host page

Select a Network Information Service (NIS) server whose users and groups have been synchronized with One Identity Manager.

NOTE: This page only applies to NFS managed hosts.

Table 43: NIS Host page: Controls and settings
Control/setting	Description
NIS Host	Select the NIS server to be managed. The NIS servers previously synchronized with One Identity Manager (UNIX synchronization project) are listed in the drop-down menu.

Credentials page

Administering Data Governance Edition > Working with managed hosts and agents > Managed host configuration options > Credentials page

Provide the credentials of a user which can establish a connection to the NAS storage device.

For NetApp devices, this user account must have the 'ontapi' User Login Method application.
For EMC Isilon devices, this user account must be assigned the 'Platform API' privilege.

Note: This page only applies to NFS managed hosts and NetApp OnTap Cluster Mode CIFS managed hosts.

Table 44: Credentials page: Controls and settings

Control/setting

Description

User Name

Enter the name of a user account with access to the target NAS storage device.

Password

Enter the password associated with the specified user account.

Port

Enter the destination port to be used for communication between the agent and target NAS storage device.

NetApp filers: The default value is 443.
EMC devices: The default value is 8080.

Host EndPoint

Optionally, enter the API endpoint for the NetApp Cluster Mode connection. This could be an FQDN, host name or IP address.

NOTE: The default is to use the FQDN of the targeted host. You would only use this setting if the API connection needs to be specified as something other than the FQDN of the targeted host.

NOTE: Only applies to NetApp Cluster Mode devices.

Test API Credentials

Click this button to verify that the credentials entered are valid.

Identity Manager Data Governance Edition 8.0.1 - User Guide

Managed host configuration options

Managed host configuration settings

Related Topics

Managed host settings dialog

Related Topics

NIS Host page

Credentials page

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem

Identity Manager Data Governance Edition 8.0.1 - User Guide

Managed host configuration options

Managed host configuration settings

Related Topics

Managed host settings dialog

Related Topics

NIS Host page

Credentials page