立即与支持人员聊天
与支持团队交流

Classification Module 6.1.1 - What's New

Improved Performance when Collecting Security for Governed Resources

Improved Performance when Collecting Security for
Governed Resources
Once data is “governed”, the Data Governance Server will periodically query the agent responsible for scanning that data and retrieve detailed security information concerning it and any child data. The data is then placed in the Identity Manager central database to be used by policies and attestations and in various dashboards and views in the Web Portal.
Because these processes require fast access to data, collections are performed periodically and stored in the Identity Manager central database so it is readily available.

Collection Details

Previous Next

Improved Performance when Collecting Security for Governed Resources : Collection Details
The Data Governance Server acts as an intermediary between the agents and the databases where information is stored. It coordinates all agent deployments and communication, and manages the collection of security index data for each managed host. Based on a schedule, the server queries the agents for the detailed security for all governed resources and any child resources that have explicit security.

Collection Schedule

Previous Next

Improved Performance when Collecting Security for Governed Resources : Collection Schedule
The Data Governance Server attempts to spread the collection of detailed security out over time to provide load balancing for the server host computer and the Identity Manager central database. The algorithm used to schedule this collection is as follows:
Every 5 minutes the server determines the 5 managed hosts who have not had their security information collected over a certain period.
The server queries the database for a list of all governed resources for each of these managed hosts and executes security queries to the agents scanning these hosts.
As the results of these queries are returned to the server, the data is stored in the Identity Manager central database.
To increase performance, you can customize the algorithm with the following settings:
The cycle time that controls how often the server looks for managed hosts that need to have detailed security queried can be controlled with an App.Config setting called ‘CollectionCycleFrequency’. This value is in minutes. (Note: This period must be at least 6 hours).
The number of managed hosts to be queried for detailed security data at once can be controlled by the App.Config setting ‘CollectionBatchSize’.
The minimum period between collections for a particular managed host can be controlled with an App.Config setting called ‘MaxUpdateFrequency’. This value is in minutes.

Child Resources

Previous Next

Improved Performance when Collecting Security for Governed Resources : Child Resources
In addition to collecting directly applied security information for governed resource, the Data Governance Server also retrieve security information on any children of these governed resources where the child’s security differs from the parent. This allows detailed policies to be authored in Data Governance Edition such as, “The Everyone SID should not have Full Control permissions under any of my governed resources”.
For security policies and attestations, the system only needs to track the child resources with explicit permissions (directly applied) and not the complete set of child resources below a governed resource.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级