Chat now with support
Chat with Support

Identity Manager 8.0 - Configuration Guide

One Identity Manager Software Architecture Working with the Designer Customizing the One Identity Manager Default Configuration Checking Data Consistency Compiling a One Identity Manager Database Working with Change Labels Basic System Configuration Data
One Identity Manager Authentication Module Database Connection Data Configuration Parameters for System Configuration Setting up the Mail Notification System Enabling More Languages for Displaying and Maintaining Data Displaying Country Information Setting Up and Configuring Schedules Password Policies in One Identity Manager Reloading Changes Dynamically TimeTrace Databases Machine Roles and Server Functions Files for Software Update Operating Systems in Use System Configuration Reports Using Predefined Database Queries Managing Custom Database Objects within a Database
The One Identity Manager Data Model Granting One Identity Manager Schema Permissions Working with the User Interface
Object definitions for the User Interface User Interface Navigation Forms for the User Interface Statistics in the One Identity Manager Extending the Launchpad Task Definitions for the User Interface Applications for Configuring the User Interface Icons and Images for Configuring the User Interface Language Dependent Data Representation
Process Orchestration in One Identity Manager
Declaring the Job Server One Identity Manager Service Configuration Handling Processes in the One Identity Manager
Tracking Changes with Process Monitoring Conditional Compilation using Preprocessor Conditions One Identity Manager Scripts Maintaining Mail Templates Reports in the One Identity Manager Custom schema extensions Transporting One Identity Manager Schema Customizations Importing Data Web Service Integration SOAP Web Service One Identity Manager as SPML Provisioning Service Provider Searching for Errors in the One Identity Manager Processing DBQueue Tasks One Identity Manager Configuration Files

The Jobdestination Module

In this module you can define Job destinations. This handles the process steps and returns an result to the Job provider. The following module types may be selected:

Within a configuration file you can configure as many Job destinations as you wish. The associated configuration sections are determined by name. Therefore the Job destinations that are added can be renamed.

Related Topics

JobServiceDestination

The JobServiceDestination is the One Identity Manager Service module that deals with the handling process steps. A JobServiceDestination requests the process steps from the Job provider, processes them using process components and returns the result.

Following parameters are available:

  • External slot count (ExternalSlots)

    This parameter specifies how many external processes (StudioProcessor.exe) the One Identity Manager Service opens to handle process components.

  • Environment variables for external slots (ExternalSlotEnvironment)

    This parameter contains a list of environment variables that you should set for external slot processes. Enter the variables in a pipe (‘|’) delimited list.

    Variable1=value1|Variable2=value2...

  • External 32-bit slot count (ExternalSlots32)

    This parameter specifies how many external processes in 32-bit memory (StudioProcessor.exe) the One Identity Manager Service opens to handle process components.

  • Environment variables for external 32-bit slots (ExternalSlotEnvironment32)

    This parameter contains a list of environment variables that you should set for external 32-bit slot processes. Enter the variables in a pipe (‘|’) delimited list.

    Variable1=value1|Variable2=value2...

  • Internal slot count (InternalSlots)

    This parameter specifies how many internal slots One Identity Manager Service makes available for internal process components processing.

  • File with private key (PrivateKey)

    Enter the file with the encryption data. The default file is private.key. The encryption file has to be in the installation directory of all servers with One Identity Manager Service. If the One Identity Manager Service finds a private key on start up, it places it in the per-user key container and deletes the file from the hard drive.

    Use the program "Crypto Configuration" in order to create an encryption file and to encrypt the database information.

    NOTE: If you are working with an encrypted One Identity Manager database, see the advice for working with an encrypted database in the One Identity Manager Installation Guide.

  • Encryption scheme (EncryptionScheme)

    Specify the encryption scheme you want to use.

    Table 205: Encryption scheme
    Method Description
    RSA RSA encryption with AES for large data (default).
    FIPSCompliantRSA FIPS certified RSA with TripleAES for large data. This method is used if encryption must match the FIPS 1040-2 standard. The local security policy "Use FIPS compliant algorithms for encryption, hashing, and signing" must be enabled.
  • Job provider ID (ProviderID)

    Enter the name of the Job provider that will be used if more than one Job provider is being processed by the One Identity Manager Service. If this is empty the first Job provider is used.

  • Private key ID (PrivateKeyId)

    Identifier of the private key. If no ID is given, the file "private.key" is searched for. Use this parameter if you work with several private keys, for example, if One Identity Manager Service data must be exchanged between two encrypted One Identity Manager databases. Enter the private key in the module, "File with private key". If One Identity Manager only uses one encrypted database, you can enter the key file in the parameter "File with private key (PrivateKey)" as an alternative.

  • Queue (Queue)

    Each One Identity Manager Service within the network must have a unique queue identifier. The process steps are requested by the Job queue using exactly this queue name. Enter this queue name in the One Identity Manager Service configuration file. Create a corresponding Job server entry for every queue.

  • Timeout for process queries (RequestTimeout)

    This input specifies a time after which a process request can be said to have failed and is sent again.

    Timeout format:

    day.hour:minutes:seconds

  • Process query interval (StartInterval)

    This property defines a time interval in which One Identity Manager Service can request new process steps. Click on this icon to discard the change. The default value is 90 seconds. Suggestions for configuring the time interval are calculated from Job server statistical data.

  • Interval of time allowed for statical calculations (StatisticInterval)

    This property defines the time interval (in seconds) in which One Identity Manager Service’s processing speed statistics are supplied to the database. Click on this icon to discard the change. The default value is set to 4 times the process request interval. Suggestions for configuring the time interval are calculated from Job server statistical data.

  • Max. reuse of external processors (MaxExternalSlotReuse)

    This value specifies how many times an external processor can be reused before the process is unloaded and restarted. The default value "0" means that the process is not unloaded until it is no longer in use. The default value is 1000.

Related Topics

FileJobDestination

The FileJobDestination processes the process steps that are queued by the FileJobGate (FileJobProvider or FTPJobProvider) and returns the results to the Job provider.

Following parameters are available:

  • Backup transferred files (BackupFiles)

    If this option is set, all the file are moved to a directory "Backup" irrespective of errors. In the default case (not set) only files with errors are saved.

  • Check file index (CheckInputIndex)

    If this option is set, the file name index is checked to see if has increased in size. Files with the same or a lower index are not processed. This option is not set by default.

  • Max.number of process trees in one transfer file (MaxListCount)

    This setting specifies the maximum number of process steps that can be grouped together in one file. This allows limiting of the file size.

  • Use encoding (UseEncryption)

    The data is encoded when written to file.

    NOTE: The encryption setting must be configured the same in the Job provider and associated Job destination.

  • Notification procedures (EventTypes)

    The FileJobProvider supports three different methods of acquiring information about new data. The notification methods can be combined when separated by commas.

    Table 206: Supported Notification Procedures
    Method Description
    Timer Querying newly added data is done in a specified time interval.
    HTTP The provider queries the parent Jon server over HTTP and processes the added data after it has answered.
    FSEvent Queries newly added data after a file system event.

    Example:

    TIMER,FSEVENT

  • HTTP notification destination computer (HostName)

    Enter the name of the target computer here that will receive the queries if the "HTTP" notification methods are used.

  • Port for HTTP notification (Port)

    Enter the transfer port here if the "HTTP" notification method are used.

  • Monitoring interval for input directory (TimerInterval)

    Enter the time interval in milliseconds if the "timer" notification method is used.

  • Directory for receiving input (InputDirectory)

    The module reads and processes the process files (*.fjg) in this directory.

    NOTE: It is necessary to ensure that the Job provider and associated Job destination use the same directory. The input and output directories are correspondingly reversed.

  • Destination directory (OutputDirectory)

    The processed files are written to this directory.

  • List of subdirectories (SubDirectories)

    A list of directory names separated by a pipe character "|" can be entered here. All the directories are then monitored and processed correspondingly. The following directory structure is expected:

    SubDirectories = "ServerA|ServerB"

    ...

    Request

    ServerA

    ServerB

    Response

    ServerA

    ServerB

    where Request and Response are directories enter in the parameters "InputDirectory" and "OutputDirectory".

    NOTE: Only the "Timer" notification method can be used. The notification methods "HTTP" and "FSEvent" are not available!

  • Automatic identification of subdirectories (AutoSubDirectories)

    If this option is enabled, the module automatically processes all the files in the subdirectories. Processing is not recursive.

  • Job provider ID (ProviderID)

    If several Job providers are processed by the One Identity Manager Service, enter the name of the Job provider to use. If this is empty the first Job provider is used.

Related Topics

FTPJobDestination

FTPJobDestination handles the process steps that are queued in the FileJobGate (FileJobProvider or FTPJobProvider) and returns the results to the Job provider.

Following parameters are available:

  • Backup transferred files (BackupFiles)

    If this option is set, all the file are moved to a directory "Backup" irrespective of errors. In the default case (not set) only files with errors are saved.

  • Check file index (CheckInputIndex)

    If this option is set, the file name index is checked to see if has increased in size. Files with the same or a lower index are not processed. This option is not set by default.

  • Max.number of process trees in one transfer file (MaxListCount)

    This setting specifies the maximum number of process steps that can be grouped together in one file. This allows limiting of the file size.

  • Use encoding (UseEncryption)

    The data is encoded when written to file.

    NOTE: The encryption setting must be configured the same in the Job provider and associated Job destination.

  • Notification procedures (EventTypes)

    The FileJobProvider supports three different methods of acquiring information about new data. The notification methods can be combined when separated by commas.

    Table 207: Supported Notification Procedures
    Method Description
    Timer Querying newly added data is done in a specified time interval.
    HTTP The provider queries the parent Jon server over HTTP and processes the added data after it has answered.
    FSEvent Queries newly added data after a file system event.

    Example:

    TIMER,FSEVENT

  • HTTP notification destination computer (HostName)

    Enter the name of the target computer here that will receive the queries if the "HTTP" notification methods are used.

  • Port for HTTP notification (Port)

    Enter the transfer port here if the "HTTP" notification method are used.

  • Monitoring interval for input directory (TimerInterval)

    Enter the time interval in milliseconds if the "timer" notification method is used.

  • Directory for receiving input (InputDirectory)

    The module reads and processes the process files (*.fjg) in this directory.

    NOTE: It is necessary to ensure that the Job provider and associated Job destination use the same directory. The input and output directories are correspondingly reversed.

  • Destination directory (OutputDirectory)

    The processed files are written to this directory.

  • List of subdirectories (SubDirectories)

    A list of directory names separated by a pipe character "|" can be entered here. All the directories are then monitored and processed correspondingly. The following directory structure is expected:

    SubDirectories = "ServerA|ServerB"

    ...

    Request

    ServerA

    ServerB

    Response

    ServerA

    ServerB

    where Request and Response are directories enter in the parameters "InputDirectory" and "OutputDirectory".

    NOTE: Only the "Timer" notification method can be used. The notification methods "HTTP" and "FSEvent" are not available!

  • Automatic identification of subdirectories (AutoSubDirectories)

    If this option is enabled, the module automatically processes all the files in the subdirectories. Processing is not recursive.

  • Job provider ID (ProviderID)

    If several Job providers are processed by the One Identity Manager Service, enter the name of the Job provider to use. If this is empty the first Job provider is used.

  • FTP server (FTPServer)

    Enter the name or the IP address of the FTP Server.

  • FTP port (FTPPort)

    If the FTP server does not use the default port 21 for FTP transfer, you can enter the appropriate port.

  • FTP user account (FTPUser)

    Enter the user account with which the FTPJobProvider logs on onto the FTP Server.

  • FTP password (FTPPassword)

    Enter the user account password for the FTP login.

Related Topics
Related Documents