Chat now with support
Chat with Support

Identity Manager Data Governance Edition 8.0 - User Guide

Introduction Data Governance navigation node and views Administering Data Governance Edition Managing unstructured data access
Managing resource access Managing account access Working with security permissions Working with SharePoint security permissions Account access modeling Bringing data under governance
Classifying governed resources Managing governed resources using the web portal Data Governance Edition reports Troubleshooting Appendix: EMC, NetApp Filer, and SharePoint configuration details Appendix: PowerShell commands Appendix: Governed data attestation policies Appendix: Governed data company policies Appendix: Governed data risk index functions About us

Enabling system configuration auditing (Isilon devices)

EMC Isilon devices do not use the cepp.conf file; however, you must enable configuration change auditing and protocol access auditing in order for Data Governance Edition to perform security scans and collect resource activity on the EMC storage device.

Note: On the Data Governance server and all agent servers, you must have a Trusted Root Certificate Authority certificate to validate the Isilon server's HTTP certificate.

To enable auditing (OneFS web interface)

  1. Connect to the OneFS web interface.

  2. Select Cluster Management.
  3. Select Auditing.

  4. In the Settings pane, select the following check boxes:

    • Enable Configuration Change Auditing
    • Enable Protocol Access Auditing

  5. In the Audited Zones pane, add the zones to be audited:

    • Click the Add Zones button to add a zone.

  6. In the Event Forwarding pane, enter the following information:

    • CEE Server URIs: Enter the uniform resource identifier (URI) for the Windows server hosting the Common Event Enabler (CEE) software.

      Use the following format: http://<FullyQualifiedDomainName>:<Port>/cee.

      For example: http://server.test.abc.com:12228/cee

      The default CEE HTTP port is 12228.

      Click the Add another input field to add additional CEE server URIs.

    • Storage Cluster Name: Enter the resolved name of the EMC Isilon cluster.

      Use the following format: <ClusterName>.<DomainName>.com

      For example: Cluster1.test.abc.com

  7. Click Save Changes.

Additional configuration for NetApp filers

Data Governance Edition uses the NetApp Data ONTAP file screening policy (FPolicy) to track activities on the filer. This policy allows third-party file screening software to interact with the NetApp filer.

Understanding the following aspects of the deployment process are key to ensuring a successful deployment of NetApp managed hosts:

Permissions required to access NetApp filer

The service account for the remote agent responsible for scanning the NetApp filer must meet the following minimum permissions:

  • Log On as a Service local user rights on the agent computer. (This is automatically granted when the agent is deployed.)
  • Must be a member of the local Administrators group on the NetApp filer.
  • Must have permissions to access the folders being scanned.

Data Governance agent deployment

NetApp filers are added to a Data Governance Edition deployment as managed hosts with remote agents. When selecting an agent for scanning a NetApp filer, take the following into consideration:

  • The remote agent must be hosted on a machine in the same domain as the NetApp filer device.

    Note: If you host a remote agent in an external domain to monitor a filer, the agent will NOT record the resource activity data.

  • There should be a good network connection between the NetApp filer and the monitoring agent servers.
  • The machine hosting the agent for NetApp can host agents for other servers, but those servers should be close to the agent host.
  • If the NetApp is split up into multiple domains, you must deploy one or more agents for each domain.
Related Documents