Chat now with support
Chat with Support

Identity Manager Data Governance Edition 8.0 - User Guide

Introduction Data Governance navigation node and views Administering Data Governance Edition Managing unstructured data access
Managing resource access Managing account access Working with security permissions Working with SharePoint security permissions Account access modeling Bringing data under governance
Classifying governed resources Managing governed resources using the web portal Data Governance Edition reports Troubleshooting Appendix: EMC, NetApp Filer, and SharePoint configuration details Appendix: PowerShell commands Appendix: Governed data attestation policies Appendix: Governed data company policies Appendix: Governed data risk index functions About us

Resource activity page

You can collect resource activity on local managed Windows servers, SharePoint farms, and supported NetApp and EMC managed hosts. Resource activity collection is not supported for Windows Cluster/Remote Windows Computer, Generic, or Cloud managed hosts.

Note: Limitations with collecting resource activity on EMC storage devices:

  • EMC activity collection requires that EMC CEE 7.1 is installed on the same server as the Data Governance agent.
  • EMC VNX activity collection by Data Governance agents is not supported for storage devices with multiple CIFS exposed virtual data movers.
  • Resource activity collection and real-time security updates are not supported for EMC Isilon NFS managed hosts.
  • If Change Auditor is configured to collect activity from your EMC device via the Quest Shared EMC Connector, and you would like activity collection/aggregation in Data Governance Edition, you MUST configure Data Governance Edition to collect activity directly from Change Auditor. You will not be able to collect activity from your EMC device with both Change Auditor and Data Governance Edition.

When enabled, you can configure to collect data on identities, reads, writes, creates, deletes, renames, and security changes on securable objects. Resource activity summary information is used to calculate ownership and for generating activity-related reports, including:

Important: By default, the collection of resource activity is disabled. You can enable it when you configure your managed hosts. However, collecting resource activity on your managed hosts impacts network usage and increases load on the Resource Activity database server and Data Governance server, especially when collecting activity on large busy servers. Configuring the proper exclusions and aggregation is important to limit some of this load. You should carefully plan out which servers you want to collect activity on and enable it only on those machines.

If you are collecting resource activity, it is recommended that you set up a scheduled execution of the activity database compression utility. This utility compresses the activity in your database that is older than a certain age and optionally purges entries that are even older. This is essential in ensuring your database remains manageable. For more information on the activity database compression utility, see the One Identity Manager Data Governance Edition Technical Insight Guide.

Note: Data Governance Edition may report certain operations in unexpected ways. For example, in some instances a file rename operation may be represented as a delete and a create. This is normal behavior and depends on the system, or in some cases, the applications being used to interact with the resources.

Note: The time stamps for resource activity are based on the agent local time.

The Resource Activity page on the Managed Host Settings dialog contains the following information and options to configure the collection and aggregation of resource activity.

Table 54: Managed host settings: Resource Activity page
Field Description
No activity (scheduled security scans only)

Use this option if you do not want to collect resource activity for the target managed host.

NOTE: For all types of managed hosts, this option is selected by default indicating that resource activity in not being collected for the target managed host.
Collect and aggregate events

Select this option to collect resource activity for the target managed host. When this option is selected, you can configure the events to be collected and the aggregation interval to be used to compress the activity data.

NOTE: For SharePoint farm managed hosts, native SharePoint auditing must be enabled in order to collect resource activity.

NOTE: For NetApp managed hosts, the FPolicy settings control the activity sent to the agent, unless resource activity is being collected directly from Change Auditor. For more information, see FPolicy deployment.

NOTE: For EMC Celerra/VNX devices, you must configure the cepp.conf. For more information, see Creating the cepp.conf file (Celerra or VNX devices).

NOTE: For EMC Isilon CIFS devices, you must enable auditing. For more information, see Enabling system configuration auditing (Isilon devices).

NOTE: When using Change Auditor to collect resource activity, this option is selected by default. For more information, see the Post installation configuration chapter in the One Identity Manager Data Governance Edition Deployment Guide.
Events

Select or clear the check boxes to specify the type of events to be included in the resource activity collection process:

  • Security change
  • Create
  • Delete
  • Rename
  • Write
  • Read (Disabled by default)

NOTE: When resource activity collection is enabled, read operations are not collected by default. Care should be taken when enabling read operations because they may cause performance issues.
Aggregation

Select how often you would like to aggregate the data. Valid aggregation intervals are:

  • 5 minutes
  • 1 hours
  • 8 hours (default)
  • 1 day

All activity is aggregated within the set time frame, which is 8 hours by default. For example, if a user reads a file ten times within the time frame, it appears as a single line item with a count of 10.

NOTE: The aggregation interval should be chosen carefully. A shorter interval gives more granular information about activities but can cause the size of the database to use up all the disk space on the server.

NOTE: When using Change Auditor to collect resource activity, the aggregation setting is not available. Change Auditor is configured to collect events every 15 minutes on all managed hosts. For more information, see the Post installation configuration chapter in the One Identity Manager Data Governance Edition Deployment Guide

Resource Activity Exclusions

Use this button to specify the accounts, file extensions, and folders to be excluded from the resource activity collection process. By focusing on the objects in whose activity you are interested, you can reduce network traffic.

Certain well known system accounts, file extensions, and folders are excluded by default, such as:

  • Accounts: Local Service, Network Service, Null SID, System

    NOTE: The Accounts tab is not available for NFS managed hosts.
  • File Extensions: Database files, Disc Image files, Email files, Executable files, Explorer Metadata files, Log files, Shortcut files, Temporary files, and Virtual machine files
  • Folders: %SystemRoot%, %ProgramFiles%, %ProgramFiles(x86)%

By default, the Data Governance agent excludes the run as account (local managed hosts) and the domain service account (remote managed hosts) from activity collection and aggregation regardless if the service account is specified in the Resource Activity Exclusions list. The service account for SharePoint farm managed hosts are not excluded by default; you will need to add the SharePoint service account manually for SharePoint farm managed hosts.

To see the full list, click the Resource Activity Exclusions button.

  • If the list is empty on the Resource activity exclusions dialog, click Default to populate the exclusions list with default values.
  • To add an object to the exclusion list, click Add and specify the account, file extension or folder.

NOTE: When using Change Auditor to collect resource activity, the Resource Activity Exclusions feature is not available. For more information, see the Post installation configuration chapter in the One Identity Manager Data Governance Edition Deployment Guide.
View/Update cepp.conf

For EMC Celerra/VNX hosts, this button allows you to view or update the cepp.conf file for the selected data mover.

Selecting this button displays a Logon Credentials dialog allowing you to enter the EMC Celerra/VNX control station credentials and to select the data mover to be scanned.

  • Control Station: Enter the IP address or host name of the EMC Celerra/VNX control station.
  • User: Enter the user name of an account with administrative rights on the specified control station.
  • Password: Enter the password associated with the user account entered.

    The client attempts to connect and loads the list of available data movers on the specified device.

  • Data Mover: Select the data mover that holds the managed paths you wish to monitor and will also be associated with resource activity collection.

The client then retrieves and displays the cepp.conf file from the selected data mover. You can edit the Proposed cepp.conf file (lower pane) as needed. To save your edits, select Update File. The client then sends the Proposed cepp.conf file to the EMC device. It will stop and start the cepp service for the selected data mover to apply the new cepp.conf file.

Select the Check Status button to retrieve the same information you wold get if you ran "server_cepp server_2-pool-info" on the EMC device.

Resource activity exclusions dialog

The Resource activity exclusions dialog allows you to specify the accounts, file extensions or folders to be excluded from resource activity tracking. This dialog appears when you select the Resource Activity Exclusions button on the Managed Host Settings dialog.

This dialog contains the following controls:

Table 55: Resource activity exclusions dialog: Controls
Tab/Control Description
Accounts

Use the Accounts tabbed page to specify accounts that are to be excluded from resource activity tracking. By default, the following accounts are excluded:

  • Local Service
  • Network service
  • Null SID
  • System

NOTE: The agent will always filter out activity generated by the agent service account regardless if the service account is specified in the Resource Activity Exclusions. This applies to all local and remote managed hosts; however, the agent service account for SharePoint managed hosts are not excluded by default. You will need to add the SharePoint service account manually for SharePoint managed hosts.

Use the buttons at the bottom of the dialog, as described below, to add and remove account to this exclusion list.

File Extensions

Use the File Extensions tabbed page to specify file extensions for the types of files to be excluded from resource activity tracking. Click the Default button to view the full list of file extensions that are excluded by default.

Use the buttons at the bottom of the dialog, as described below, to add and remove file extensions to this exclusion list.

NOTE: N/A for SharePoint managed hosts.
Folders

User the Folders tabbed page to specify the folders to be excluded from resource activity tracking. By default the following folders are excluded:

  • %SystemRoot$
  • %ProgramFiles%
  • %ProgramFiles(x86)%

Use the buttons at the bottom of the dialog, as described below, to add and remove folders to this exclusion list.

NOTE: N/A for SharePoint managed hosts.
Export

Click the Export button to save the currently displayed exclusion list. The type of file exported depends on the tabbed page currently displayed:

  • Accounts tab: QAM Account List (*.qamtl)
  • File Extensions tab: QAM Extension List (*.qamel)
  • Folders tab: QAM Folder List (*.qamtf)
Import

Click the Import button to import a previously exported exclusion list. The type of file to be imported depends on the tabbed page currently displayed:

  • Accounts tab: QAM Account List (*.qamtl)
  • File Extensions tab: QAM Extension List (*.qamel)
  • Folders tab: QAM Folder List (*.qamtf)
Default Click the Default button to view and add the default accounts, file extensions or folders to the displayed exclusion list.
Remove Click the Remove button to remove the selected object from the displayed exclusion list.
Add

Click the Add button to add an object to the displayed exclusion list.

  • On the Accounts tab, clicking this button displays the Select Object dialog allowing you to locate and select a User or Built-in security principal.
  • On the File Extensions tab, clicking this button displays the Add Excluded Extension dialog, allowing you to select a category and enter the file extension to be excluded.
  • On the Folders dialog, clicking this button displays the Specify the folder to exclude dialog, allowing you to enter the name of the folder to be excluded.
OK

Click the OK button to save your selections and close the dialog.

Cancel

Click the Cancel button to close the dialog without saving your selections.

Apply Click the Apply button to save your selections without closing the dialog.
Related Topics

Managed host settings dialog

Resource activity page

Editing managed host properties

Editing managed host settings

You can edit the managed host settings for one or more managed hosts of the same host type. For more information on the configuration options available, see Managed host configuration settings. You can also use the Edit host settings task to add, remove or change the agent(s) used to scan a remote managed host. For more information, see Removing agents.

To edit a managed host’s configuration settings

  1. In the Navigation view, select Data Governance | Managed hosts.
  2. In the Managed Hosts view (right pane), select the required managed host with a status of Managed.

  3. Select Edit host settings in the Tasks view or right-click menu.

    The Managed Host Settings dialog appears, displaying the pages that contain settings that can be edited based on the type of host selected in the Managed hosts view.

    • Use the Managed Paths page to change the paths to be scanned and monitored.
    • Use the Security Scanning page to change the scanning schedule and scan settings.
    • Use the Resource Activity page to change the resource activity collection and aggregation settings.
  4. After making the required changes, click OK to save your selections and close the dialog.

The agent will scan using the new settings at the next scheduled scan time. However, if you modified the managed paths being scanned and the Immediately scan on agent restart or when managed paths change option is selected on the Security Scanning page, the agent initiates a scan immediately.

To edit multiple managed hosts

Note: When multiple managed hosts are selected, keep in mind that the settings are overwritten for all selected managed hosts and only the settings that are appropriate for the selected managed host type are applied. Because of this, you may notice that not all the same pages are displayed when multiple managed hosts are selected for editing (for example, the Managed Paths page is not displayed).

  1. In the Navigation view, select Data Governance | Managed hosts.
  2. Select multiple managed hosts with the same host type in the Managed hosts view
  3. Select Edit host properties in the Tasks view or right-click menu.

    The Managed Host Settings dialog appears, displaying the pages that contain settings that can be edited based on the type of host selected in the Managed hosts view.

    • Use the Security Scanning page to change the scanning schedule and scan settings.
    • Use the Resource Activity page to change the resource activity collection and aggregation settings.

    The options displayed are the factory default values regardless of the current values of the selected managed hosts.

  4. Select the Apply these settings to all selected managed hosts check box and make the required changes, which will be applied to all selected managed hosts.
  5. Click OK to save your selections and close the dialog.

The agent will scan using the new settings at the next scheduled scan time.

Customizing default host settings

Defining default host settings for each type of managed host is now available through the Manager. Using the Customize default host settings task in the Manager, you can define the default scanning schedule and settings and the default resource activity collection and aggregation settings for the selected managed host type. Once customized default settings are defined, they are used when adding new managed hosts to the Data Governance Edition deployment.

Note: Currently managed hosts are not affected by the default host setting changes made on this dialog; only those added in the future use the settings defined here.

To customize default host settings

  1. In the Navigation view, select Data Governance | Managed hosts.
  2. Select the Customize default host settings from the Tasks view or right-click menu.

    The Customize default host settings dialog appears.

  3. At the top of the dialog, specify the following information: 
    1. Host Type: Select the host type from the drop-down menu:

      • Local Windows Computer
      • Windows Cluster/Remote Windows Computer
      • Generic Host Type
      • SharePoint Farm
      • EMC Celerra/VNX Device
      • EMC Isilon Device
      • NetApp OnTap 7-Mode CIFS Device
      • NetApp OnTap Cluster Mode CIFS Device
      • NetApp Cluster NFS Device
      • EMC Isilon NFS Device
      • NetApp 7-Mode NFS Device
      • SharePoint Online
      • OneDrive for Business
    2. Agent Install Path: Use this field if you want to specify an alternate installation location. This must be a local path (for example, C:\MyPath) and cannot exceed 512 characters.

    3. Keywords: Use this field if you want to specify a keyword to be assigned to newly managed hosts, which can be used for sorting and grouping on the Managed hosts view.
  4. Use the Security Scanning page to define the default scanning schedule and settings. For more information, see Security Scanning page.
  5. Use the Resource Activity page to define the resource activity collection and aggregation settings. For more information, see Resource activity page.

    Note: Resource activity collection is not available for the following host types:

    • Windows Cluster/Remote Windows Computer
    • Generic Host Type
    • EMC Isilon NFS Device
    • SharePoint Online
    • OneDrive for Business
  6. Repeat steps 3 - 5 for any additional host types that require custom default settings.
  7. If necessary, click the Restore Factory Defaults button to reset all changed settings back to the factory defaults.

    Note: Selecting the Restore Factory Defaults button resets all custom default settings back to the factory default settings for all managed host types.

  8. Click OK to save your selections and close the dialog.

All managed hosts of the selected host type that are added in the future will use these customized default settings.

Related Documents