Chat now with support
Chat with Support

Identity Manager 8.0 - Installation Guide

About this Guide One Identity Manager Overview Installation Prerequisites Installing the One Identity Manager Installing and Configuring the One Identity Manager Service Updating the One Identity Manager Installing and Updating a One Identity Manager Application Server Installing, Configuring and Maintaining the Web Portal Installing the Operations Support Web Portal Installing and Updating the Manager Web Application Logging into One Identity Manager Tools Troubleshooting Appendix: One Identity Manager Authentication Modules Appendix: Creating a One Identity Manager Database for a Test or Development Environment from a Database Backup Appendix: Manager Web Application Extended Configuration Appendix: Machine Roles and Installation Packages Appendix: Settings for a New SQL Server Database

Configuring a One Identity Manager Database for Testing, Development or Production

Configuring a One Identity Manager Database for Testing, Development or Production

Use the staging level of the One Identity Manager database to specify whether a test database, development database or a live database is being dealt with. A number of configuration settings are controlled by the staging level. These are set when you modify the staging level.

Table 26: Database Settings for Development, Test and Live Environments
Setting Database Staging Level
Development Environment Test Environment Live Environment

Color of the One Identity Manager tools status bar.

none

Green

Yellow

Maximum DBQueue Processor runtime

20 minutes

40 minutes

120 minutes

Maximum number of slots for DBQueue Processor

3

5

Maximum number of slots according to the hardware configuration

To modify a database staging level

  1. Open the Launchpad and select Database staging level. This starts the Designer database editor.
  2. Select the database and change the value of the property Staging level to "Test environment", "Development system" or "Development system".
  3. Select Database | Commit to database... in the Designer and click Save.

The DBQueue Processor configuration settings are configured for normal operations and must not be modified normally. The number of configuration settings is reduced in the case of test and development environments because there may be more databases on one server.

If you have to change the settings for test or development environments on performance grounds, you must modify the following configuration parameter settings in the Designer.

Table 27: Configuration Parameters for the DBQueue Processor
Configuration parameter Meaning
QBM\DBQueue\CountSlotsMax

This configuration parameter specifies the number of maximum slots available.

Enter the value 0 to use the maximum number of slots according to the hardware configuration.

QBM\DBQueue\KeepAlive

This configuration parameter regulates the maximum runtime of the central dispatcher. Tasks on slots currently in use are still processed when the timeout expires. Then the slot database schedules are stopped and the central dispatches exits.

The lowest permitted value for runtime is 5 minutes; the highest value is 720 minutes.

Related Topics

Encrypting Data in a Database

In certain circumstances, it is necessary to store encrypted information in the One Identity Manager database.

  • Specify the encryption method to use by setting the configuration parameter "Common\EncryptionScheme" in the Designer.
    Table 28: Values of Configuration Parameter "Common\EncryptionScheme"
    Value Description

    RSA

    RSA encryption with AES for large data (default).

    FIPSCompliantRSA

    FIPS certified RSA with AES for large data. This method is used if encryption must match the FIPS 1040-2 standard. The local security policy "Use FIPS compliant algorithms for encryption, hashing, and signing" must be enabled.

    NOTE: If you have not set the configuration parameter "Common\EncryptionScheme", RSA is used.

  • Encryption is carried out by the program "Crypto Configuration". With this program an encryption file is created and the contents of the database columns that are effected are converted. The encrypted data is stored in the database table DialogDatabase.

NOTE: It is recommended that you create a backup before encrypting the database information in a database. Then you can restore the previous state if necessary.

Detailed information about this topic

Creating a New Database Key and Encrypting Database Data

Creating a New Database Key and Encrypting Database Data

NOTE: It is recommended that you create a backup before encrypting the database information in a database. Then you can restore the previous state if necessary.

To create a new database key and encrypt the One Identity Manager database

  1. Open Launchpad and select Encrypt database. This starts the program "Crypto Configuration".

  2. Click Next on the start page.
  3. Enter valid connection credentials for the One Identity Manager database on the New database connection page and click Next.
  4. Select Create or change database key on the Select action page and click Next.
  5. Select There was no encryption yet on the Private key page and click Next.
  6. Create a new key on the New private key page.
    1. Click Create key.
    2. Select the directory path for saving the file using the file browser and enter a name for the key file.
    3. Click Save.

      The key file (*.key) is created. The file browser is closed. Path and file name are displayed under <Private key>.

    4. Click Next.

      This establishes which data is encrypted.

  7. The data is displayed on the Convert database page.
    1. Click Convert.
    2. Confirm the following two security questions with Yes.

      The data encryption is started. Conversion progress is displayed.

    3. Click Next.
  8. Click Finish on the last page to end the program.
Related Topics

Modifying a Database Key and Encrypting Database Data

Modifying a Database Key and Encrypting Database Data

NOTE: To change a database key, you need the key file with the old database key. The key is change and saved in a new key file.

NOTE: It is recommended that you create a backup before encrypting the database information in a database. Then you can restore the previous state if necessary.

To change a database key and encrypt the One Identity Manager database

  1. Open Launchpad and select Encrypt database. This starts the program "Crypto Configuration".
  2. Click Next on the start page.
  3. Enter valid connection credentials for the One Identity Manager database on the New database connection page and click Next.
  4. Select Create or change database key on the Select action page and click Next.
  5. Load the existing key on the Private key page.
    1. Select Encryption was enabled.
    2. Click Load key.
    3. Select the file (*.key) with the old database key using the file browser.
    4. Click Open.

      The file browser is closed. Path and file name are shown.

    5. Click Next.
  6. Create a new key on the New private key page.
    1. Click Create key.
    2. Select the directory path for saving the file using the file browser and enter a name for the key file.
    3. Click Save.

      The key file (*.key) is created. The file browser is closed. Path and file name are displayed under <Private key>.

    4. Click Next.

      This establishes which data is encrypted.

  7. The data is displayed on the Convert database page.
    1. Click Convert.
    2. Confirm the following two security questions with Yes.

      The data encryption is started. Conversion progress is displayed.

    3. Click Next.
  8. Click Finish on the last page to end the program.
Related Topics
Related Documents