Chat now with support
Chat with Support

Identity Manager Data Governance Edition 8.0 - Deployment Guide

Introduction Data Governance Edition system requirements Install One Identity Manager Data Governance Edition Deploy Data Governance Edition components Post installation configuration Authentication using service accounts and managed domains Working with managed hosts and agents Upgrade Data Governance Edition Remove Data Governance Edition Troubleshooting Appendix: NetApp managed host deployment Appendix: EMC managed host deployment Appendix: SharePoint managed host deployment About us

Enabling system configuration auditing (Isilon devices)

EMC Isilon devices do not use the cepp.conf file; however, you must enable configuration change auditing and protocol access auditing in order for Data Governance Edition to perform security scans and collect resource activity on the EMC storage device.

Note: On the Data Governance server and all agent servers, you must have a Trusted Root Certificate Authority certificate to validate the Isilon server's HTTP certificate.

To enable auditing (OneFS web interface)

  1. Connect to the OneFS web interface.

  2. Select Cluster Management.
  3. Select Auditing.

  4. In the Settings pane, select the following check boxes:

    • Enable Configuration Change Auditing
    • Enable Protocol Access Auditing

  5. In the Audited Zones pane, add the zones to be audited:

    • Click the Add Zones button to add a zone.

  6. In the Event Forwarding pane, enter the following information:

    • CEE Server URIs: Enter the uniform resource identifier (URI) for the Windows server hosting the Common Event Enabler (CEE) software.

      Use the following format: http://<FullyQualifiedDomainName>:<Port>/cee.

      For example: http://server.test.abc.com:12228/cee

      The default CEE HTTP port is 12228.

      Click the Add another input field to add additional CEE server URIs.

    • Storage Cluster Name: Enter the resolved name of the EMC Isilon cluster.

      Use the following format: <ClusterName>.<DomainName>.com

      For example: Cluster1.test.abc.com

  7. Click Save Changes.

Appendix: SharePoint managed host deployment

Appendix: SharePoint Farm managed host deployment

SharePoint farms are similar to remote managed hosts in that they require an associated service account, even though they are installed locally on a SharePoint server. In addition, you can configure the level of auditing you want to perform on SharePoint farms.

Permissions required to access SharePoint farms

SharePoint farms are similar to remote managed hosts in that they require a service account with sufficient permissions to access the data, even though they are installed locally. The service account for the agent managing SharePoint farms, must meet the following minimum permissions:

  • Must be the SharePoint farm account (same account that is used to run the SharePoint timer service and the One Identity Manager service (job server)).
  • Must be a member of the administrators group on the SharePoint server.
  • Log On as a Service local user rights on the agent computer. (This is automatically granted when the agent is deployed.)

Configure SharePoint to track resource activity

To gather and report on resource activity in SharePoint, ensure that SharePoint native auditing is properly configured for any resources of interest. You can also optionally install the SharePoint Auditing Monitor farm solution to obtain activity for events not available in the native SharePoint auditing system.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating