Introduction
Deploying Classification in Identity Manager
Classification Overview
Required Components
Component Workflow
Activating Classification
Configuring Classification: Taxonomies, Categories, and Rules
Install the Classification Components
Identify the Classification Service Account
Deploy the Classification Server
Deploy Classification Workers
Examining the Classification Deployment
Using the Classification Logs
Review Deployed Classification Workers
Review the Classification Service
Enable and Disable Automatic Classification on Specific Managed Hosts
Enabling Categorization on Folders (Security Index Roots)
Managing the File Types to be Classified
Restart or Upgrade Agents for Classification
Perform a Data Re-classification with PowerShell
Assign Classification Application Roles
An Overview of Classification Configuration
Steps Required to Implement Classification
Creating Taxonomies
Setting Up Manual Categorization
Implementing Rules for Automated Categorization
Working with Categorized Resources
An Overview of Rules
How Rules Affect Categorization
Writing XML Rules
Managing Rules in the Classification System
Associating Rules to Categories
Testing and Reviewing Automated Classification
Classifying Resources
When Do Categorization and Classification Occur?
Importing and Exporting Taxonomies
Working with a Taxonomy XML File
Managing the Life Cycle of Taxonomies and Categories
Advanced Rule Applications
Testing a Rule against a Resource
Testing all Rules Against a Resource
Viewing the Text from a Resource
Determining Why Categorizations Were Applied to a Resource
Viewing Categorized Resources
Making a Category Available to the Automated System
Working with the Categorization of Your Resources
Appendix A: PowerShell cmdlets
What Categories Can You Apply?
Working With Manually Categorized Resources
Working With Automatically Categorized Resources
Categorization Statistics and Views
Adding the PowerShell Snap-ins
Deploying the Classification Server and the Classification Worker
Troubleshooting Deployment
Managing Taxonomies
Appendix B: Oracle Configuration
Appendix C: Classifying Data with Data Governance Templates
Available Templates
Glossary
Required Components
Categorizing and classifying data through Identity Manager Data Governance Edition
requires the installation and configuration of the following components:
- Classification Server includes the services that manage the classification engine repository, the Gateway service, and the content service. When a Data Governance agent scans a managed host and recognizes a new resource to be classified, it pushes the data to the Classification server, which queues request to process data by the Worker Service.
- Classification Worker includes the rules engine and the file and SharePoint handlers. By default one of each is installed, but this can be configured and installed on any number of computers to manage scalability.
The rules engine processes data and looks for matches to the predefined rules. Based on the matches, the Worker service determines whether categories are applied to the resource or not.
- Secure Communication
For classification to be applied, Data Governance agents must be able to communicate securely to the Classification Server and Classification Worker. This is accomplished through installing the Classification Server and Classification Worker with an account with the required credentials. For details, see Identify the Classification Service Account.
- Synchronization with the Identity Manager database
When data is classified or assigned a category that has been deemed to cause governance, then the resource is updated and stored in the Identity Manager database.
Component Workflow
Contents
Agents discover resources during normal security scanning and notify the Classification Server. The Classification Server adds references to these resources to a queue where at some point a Classification Worker retrieves it for processing. The Classification Worker then retrieves the resource content from the agent and processes it to find any appropriate categorizations.
 |
Workflow Details
The following diagram details the process:
 |
- During a security scan an agent identifies a file to be classified and notifies the Classification Service.
- The Classification Service on the agent host computer forwards the request for classification to the Classification Server.
- The Classification Server posts the resource to be classified onto a queue for processing.
- One of the Classification Workers retrieves the resource to be classified from the queue and begins the classification process.
- A request for the resource content is dispatched to the Classification Service on the agent host for the agent responsible for this resource.
- The Classification Service proxies this request to the proper agent scanning the target host.
- The agent retrieves the content and streams it back to the Classification Service.
- The Classification Service returns the content to the Classification Worker for processing.
- All standard Classification/Categorization processing occurs and the results are written to the Classification Database and the Data Governance Server is notified.
Activating Classification
Contents
For a fully functional Classification deployment, you need to perform the following tasks:
- Install the Classification.msi included with the Classification download on the Data Governance server to make it ready for a Classification deployment.
- Enable the Classification component in the Designer and recompile the database. The classification component is located in the Designer under TargetSystem\ADS\QAM.Once you have completed this process, a Classification node will be available in the Navigation view in the Manager from which you can manage your Classification deployment.
The Classification Configuration Parameter is a node located under the Data Governance option. - Identify the Service Account that will be used for securing the classification services. Deploy a Classification server Deploy Classification worker Enable Classification on the required managed hosts Upgrade agents on any existing managed hosts where classification has been enabled
- Ensure that you have applied the correct application roles for classification analysts, business owners, compliance officers, and Data Governance administrators.
 |
Permissions will be required for managing taxonomies, viewing classification results, viewing the categorization results, creating taxonomies, modifying rules, and overriding manual or automatic classification. For details, see Assign Classification Application Roles. |