The One Identity Manager Data Governance Edition Technical Insight Guide is intended for IT specialists who are involved in the Data Governance Edition deployment, configuration and maintenance. It provides a technical insight into the product components, operations and processes. It is written for advanced audiences who want a deeper understanding of the Data Governance Edition components and how they communicate with each other.
Data Governance Edition network communications
Data Governance service
Data Governance agents
Resource activity collection in Data Governance Edition
Cloud managed hosts permission level to role mapping
QAM module tables
Configurable configuration file settings
Configurable registry settings
Data Governance Edition documentation includes the following manuals:
One Identity Manager Data Governance Edition User Guide
This guide includes Data Governance Edition administration information.
One Identity Manager Data Governance Edition Deployment Guide
This guide includes Data Governance Edition installation, configuration, and deployment information.
One Identity Manager Data Governance Edition IT Shop Resource Access Requests User Guide
This guide includes details about the self-service resource requests related to resources that are governed, including the file system share creation request in the IT Shop.
One Identity Manager Data Governance Edition Technical Insight Guide
This guide is intended for advanced audiences who want a deeper understanding of the Data Governance Edition components and how they communicate with each other. It also provides a description of the configuration file settings, registry key settings and PowerShell commands.
Data Governance Edition uses a Service Connection Point (SCP) to locate the Data Governance service, listening ports for communication between Data Governance components, and network encryption to secure sensitive information.
Data Governance Edition publishes a Service Connection Point (SCP) in Active Directory so the Data Governance configuration wizard and Data Governance agents can locate the Data Governance service. Upon startup, the Data Governance service searches Active Directory in order to verify that the SCP is correct. When the Data Governance configuration wizard or agents start up, they search Active Directory for the SCP objects within their Active Directory forest, in order to retrieve connection information from the Data Governance service such as host name, listening port, deployment name, and other authentication information. The agents use the deployment name in the keywords search so they will only find services with the same user configured DGE deployment name.
The SCP objects are published directly subordinate to the service's computer object in Active Directory. SCP objects can be viewed and updated using Microsoft's ADSI Edit MMC snap-in.
The Data Governance service installs and maintains a single SCP (CN=DataGovernance.Server). The service checks and updates the Active Directory objects each time the service starts up.