Chat now with support
Chat with Support

Identity Manager 8.1.2 - Data Archiving Administration Guide

Declaring the database source in the One Identity Manager History Database

Declare the One Identity Manager database to be used for transferring data to the One Identity Manager History Database. Use the HistoryDB Manager to set up access to the source databases.

To declare the source database

  1. Start the HistoryDB Manager and enter the connection data.
  2. Select History | Base Data | Source databases.
  3. Select the source database in the result list and edit the master data.
    Table 1: Data for Source Database
    Property Meaning
    Server

    Name of the database server where the One Identity Manager database is installed.

    The server name can be queried in the One Identity Manager database using the following statement:

    select @@SERVERNAME

    If the server can be reached through a specific port, enter the port as follows.

    Server name, port

    NOTE: If you are providing a linked server, enter its name here. For more information, see Advanced configuration for transferring data.

    Database Name of the One Identity Manager database.
    Database ID

    Database ID of the One Identity Manager database. This ID corresponds to the UID of the database entry in the One Identity Manager database.

    NOTE: Using the Object Browser, connect to the One Identity Manager database and copy from the table DialogDatabase and the value of the UID_Database column. Insert the value in Database ID.

    Use integrated Windows authentication

    If you use integrated Windows authentication, the data transfer takes place with the One Identity Manager Service user account. You need to take certain installation prerequisites into account in order to use this authentication procedure. For more information, see Installing and updating a One Identity Manager History Database.

    Database user

    SQL Server login user for data transfer.

    This data is only required if the One Identity Manager History Database and One Identity Manager database are on different servers and there is not linked server. For more information, see Advanced configuration for transferring data.

    Password

    Password for the SQL Server login.

    This data is only required if the One Identity Manager History Database and One Identity Manager database are on different servers and there is not linked server. For more information, see Advanced configuration for transferring data.

    Start and end of the recordings These date specifications are automatically set and updated when the recordings are imported.
  4. Save the changes.

Archiving procedure setup

All entries logged in One Identity Manager are initially saved in the One Identity Manager database. The proportion of historical data to total volume of a One Identity Manager database should not exceed 25 percent. Otherwise performance problems may arise. You must ensure that log entries are regularly removed from the One Identity Manager database and archived.

The following methods are provided for regularly removing recorded data from the One Identity Manager database:

  • Data can be transferred directly from the One Identity Manager database into a One Identity Manager History Database. This is the default procedure for data archiving. Select this method if the servers on which the One Identity Manager database and the One Identity Manager History Database are located have network connectivity.

  • The data is deleted from the One Identity Manager database after a certain amount of time without being archived.

Figure 2: Transferring records to the One Identity Manager History Database

All records in the History Database database that are triggered by an action are grouped together into a process group based on an ID number, the GenProcID, for direct transfer to a One Identity Manager. The exported process groups along with the associated records are deleted from the One Identity Manager database once the export has been successfully completed.

The following conditions have to be met for direct transfer to a One Identity Manager History Database:

  • This section of the records is configured for export.

  • The retention period for all records that belong to a process group has ended, not taking into account whether the section is labeled for export or not.

  • There are no processes enabled with the process group GenProcID in the DBQueue, Job queue or as planned operations.

  • For the triggered action, there is at least one record in the section to be exported.

Both databases for archiving records in a One Identity Manager History Database - the One Identity Manager database and the One Identity Manager History Database - have to be configured.

Selecting an archiving procedure in the One Identity Manager database

Select the basic procedure by setting the Common | ProcessState | ExportPolicy configuration parameter.

  • If the configuration parameter is disabled, the data remains in the One Identity Manager database.

  • If the configuration parameter is enabled, the selected procedure is applied.

    • HDH: The files are transferred directly to the One Identity Manager History Database after a specified time period has expired.

    • NONE: The data is deleted in the One Identity Manager database after the specified time period has expired.

After selecting the basic procedure, you can specify whether data is exported or deleted for each section of records individually. You use configuration parameters to make the choice for each section.

Table 2: Configuration parameter for handling logged data
Configuration parameter Meaning

Common | ProcessState | PropertyLog | IsToExport

Exports the data changes. If this configuration parameter is not set the information is deleted once the retention period has expired.

Common | ProcessState | ProgressView | IsToExport

Exports the data in the process information. If this configuration parameter is not set the information is deleted once the retention period has expired.

Common | ProcessState | JobHistory | IsToExport

Exports the information in the process history. If this configuration parameter is not set the information is deleted once the retention period has expired.

Specifying data retention periods

Once the retention period has ended, the recorded data is either exported or deleted from the One Identity Manager database depending on which archiving method has been chosen. A longer retention period should be selected for sections whose records will be exported than for those that will be deleted.

NOTE: If you do not specify a retention period, the records in this section will be deleted daily from the DBQueue Processor database within the daily One Identity Manager maintenance tasks.

The recordings are not exported until the retention period for all sections has expired and no other active processes for the process group (GenProcID) exist in the DBQueue, process history or as planned operation.

You use configuration parameters to define the data retention periods for the individual sections.

Table 3: Configuration parameter for retention periods
Configuration parameter Meaning

Common | ProcessState | PropertyLog | LifeTime

This configuration parameter specifies the maximum retention period in the database for log entries from change tracking.

Common | ProcessState | ProgressView | LifeTime

This configuration parameter specifies the maximum length of time that log data from process information can be kept in the database.

Common | ProcessState | JobHistory | LifeTime

This configuration parameter specifies the maximum retention period in the database for log entries from process history.

Example 1

Records are transferred directly to the One Identity Manager History Database. The following configurations are selected for each section:

Configuration Process Information Process History Data Changes
Export data No No Yes
Retention period 3 days 4 days 5 days

This results in the following sequence:

Time Process Information Process History Data Changes
Day 3 Data is deleted from the One Identity Manager database No action No action
Day 4 - Data is deleted from the One Identity Manager database No action
Day 5 - - Data is transferred to the One Identity Manager History Database and then deleted from the One Identity Manager database
Example 2

Records are transferred directly to the One Identity Manager History Database. The following configurations are selected for each section:

Configuration Process Information Process History Data Changes
Export data Yes No Yes
Retention period 3 days 4 days 5 days

This results in the following sequence:

Time Process Information Process History Data Changes
Day 3 No action because the retention period has not ended for all sections. No action No action
Day 4 No action because the retention period has not ended for all sections. Data is deleted from the One Identity Manager database No action
Day 5 Data is exported and then deleted - Data is transferred to the One Identity Manager History Database and then deleted from the One Identity Manager database
Related Documents