Notice: quest.com will be retired soon. Please visit our new site at software.dell.com

Community

Here, you can find solutions, ask questions, share your knowledge and experience, get the latest information on new features and enhancements, download the latest releases, get expert tips and techniques, be in touch with the product teams, and much more.

Visit it now »

Identity Manager – Data Governance Edition

Protect Your Organization and Manage Access

Identity Manager - Data Governance Edition protects your organization by giving access control to the business owners who actually know who should have access to which sensitive data. Business owners are granted the power to analyze, approve and fulfill unstructured data access requests to files, folders and shares across NTFS, NAS devices and SharePoint.

Dell One Identity helps data owners (not IT) determine who should have access, and automates the request-and-approval workflow, keeping your company from being the next security headline, while reducing the burden on IT.

Features

  • Restricted Access – Define access policies for your organization to ensure that sensitive unstructured data is only accessible to approved users. Identity Manager – Data Governance Edition locks down sensitive data such as files, folders and shares across NTFS, NAS devices and SharePoint.
  • Data Owner Assignment – Determine and assign the appropriate owner of data for all future access requests by evaluating usage patterns and read and write access.
  • Simplified Auditing –  Identify user access to enterprise resources such as files, folders and shares across NTFS, NAS devices and SharePoint to provide key information during audit preparations. 
  • Automated Access Requests – Use built-in workflows to automatically direct access requests from the request portal to the appropriate data owner. Approved requests are automatically and correctly fulfilled, with no burden on IT.
  • Access Verification – Ensure that only approved users have access to specific resources, including those who have left the organization or department or whose roles have changed. Identity Manager – Data Governance Edition enables you to monitor user and resource activity, and configure and schedule a recertification process for data owners to verify and attest to employee access.
  • Personalized Dashboard – View trends, historic and current data access activity, and attestation status on a personalized dashboard with reports that can be used to prove compliance to auditors.
To add the automation of securing and classifying unstructured data, please see the Classification Module for Identity Manager - Data Governance Edition

Sys Reqs

Before installing Identity Manager Data Governance Edition 6.1, ensure your system meets the following minimum hardware and software requirements:

Data Governance Server

Note:

To configure a Data Governance server, the user must belong to the Administrators group of the computer hosting the server.

System Requirements:

  • 64-bit Windows Server OS (Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012
  • quad core CPU
  • 100GB free disk space
  • 16GB RAM

Software Requirements

  • .Net 4.0

Note: Dell only provides a 64-bit server for Data Governance. Ensure that the server installed on a given computer uses the correct architecture to match the installed operating system.

Account Requirements

  • You must be an administrator of the computer on which you are installing the Data Governance Server.
  • You must have the credentials of an account that can be used to create a database on the SQL server being used by the Data Governance Server.
  • You must have the credentials of an account that can be used as a Service Account for your managed domains.
Data Governance Activity DatabaseSystem Requirements:

Note: You can use your pre-existing Identity Manager database server to host the Activity Database.

  • quad core CPU
  • 100GB free disk space
  • 16GB RAM
AgentSystem Requirements:
  • Windows Server 2003 (R2), Windows Server 2008, or Windows Server 2008 (R2) (32 bit or non-Itanium 64 bit), Windows Server 2012 (Note: New Dynamic Access Control (DAC) features are not supported.)
  • 500 MHz+ Processor
  • 1024 MB RAM
  • 100 MB free disk space for every 1,000,000 files / folders scanned

Note: Real-time file system updates and resource activity tracking are not supported on versions of ONTAP NetApp filers earlier than 7.3.


Note: Additionally, the following Network Attached Storage Devices are supported as managed hosts, but must be scanned remotely: NetApp 7.3, 8.0 and 8.1, EMC Celera 5.6, EMC VNX 7.0. Windows 2008, Windows 2008 (R2), and Windows 2012 failover clusters are supported as remote managed hosts types. Resource activity tracking is not supported for clusters.

Note: When an agent is installed on Windows Server 2012 you must disable the following local policy: "User Account Control: run all Administrators in Admin Approval Mode.

Additional Software Report Requirement
  • For Data Governance reports to function, proper authentication checks must be performed. This is accomplished by configuring the job server service to logon as an Active Directory account associated with an Employee who has been assigned the Data Governance Administrator application role. This job server must be configured with the SMTP Host server mask to ensure it is the job server that runs the reports.

Web Portal Requirement

  • To access Identity Manager Data Governance Edition functionality in the Web Portal, you must configure IIS to use Integrated Authentication.
  • If the web server hosting the Identity Manager Web Portal is running on the same computer as the Data Governance server you must set the ‘ImpersonateWcfCalls’ IIS application setting to TRUE.
  • If the web server hosting the Identity Manager Web Portal is running on a different computer than the Data Governance server you must include entries in the ‘ExplicitlyAllowedIdentities.txt’ file for the IIS host computers ActiveDirectory account.

SharePoint Requirements

  • Scanning SharePoint Server 2010 is supported.
  • Standalone farms are not supported.
  • Farms configured with only Local Users/Groups are not supported.
  • Ensure that the service account configured for the SharePoint managed host is a SharePoint Farm Account (same account that is used to run the SharePoint timer service).

SharePoint Recommendations

  • Recommend installing the agent on a dedicated SharePoint 2010 Application Server in the farm and not on a Web Front server (to reduce processing load on the web front end server).
  • Recommend 100GB disk space on the SharePoint agent computer for data storage and scan post-processing activities. The space required is dependent on the number of sites, lists, and document libraries and the number of unique permissions gathered from the farm.
  • Recommend 8GB RAM for the SharePoint agent computer.

Screenshots

File System Activity

File System Activity

Users can see a list of the most active file system resources for which they are responsible.

Pending Attestations

Pending Attestations

Managers can see a list of the pending attestations awaiting their decisions.

Governed Data Dashboard

Governed Data Dashboard

Configurable dashboard displays enable managers to understand what data is being used the most and by whom.

Access Overview

Access Overview

Drill down detail enables managers to quickly see which roles have access to governed data.

User Access Overview

User Access Overview

Managers can view all the access a particular user has, in one easy glance.

Pending Requests

Pending Requests

Managers can view all the pending access requests awaiting their decisions. These requests are automatically directed through to the appropriate manager who is responsible for the data in question.

High Risk Overview

High Risk Overview

The High Risk Overview dashboard helps compliance and security officers see what data and resources are most at risk within their environments.

Account Comparison

Account Comparison

The top image shows an account comparison display where different groups have the same or similar access, whereas the lower report shows an account comparison display where two groups differ in their access.

Services

Support

Our flexible support offerings for Identity Manager are designed to accommodate the unique needs of your organization.

Standard Support (Included)

Our standard offering delivers an extensive range of services, available Monday through Friday, during Dell Support business hours in a single geographic region (North America, Europe or Asia Pacific).

Business Critical Support

Our 24X7 provides assistance around-the-clock, including weekends and public holidays. It’s an essential level of service if you have locations across multiple regions worldwide, and for critical operations – such as identity management – that can’t afford to wait until Standard Support hours become available.

Premier Support is Available

Our highest offering is for organizations with complex environments that require a closer relationship with our support team and a more proactive approach to technical assistance. With Premier Support, you receive a dedicated Support Account Manager that works directly with your organization to provide account coordination, planning, onsite visits, escalation management and reporting. Premier Support is available with either Standard or Business Critical Support.

back to top

Implementation

The time and cost of services required for successfully deploying the Identity Manager solution are far less than you might expect. By favoring configuration over customization, our solution inherently has fewer consulting requirements compared to other vendors – we can typically get our customers up and running with visible results and value within 6 to 12 months. In contrast, other enterprise-level identity and access management solutions require an inordinate amount of customizations (that seemingly never end), resulting in significantly higher consulting time and money.

Our consultants are seasoned experts who work with your team hand-in-hand in four key phases:

  • Assessment – map Identity Manager functionality to your unique technology environment and business requirements and create a detailed blueprint for the implementation
  • Design – build the architecture according to the blueprint
  • Configuration – set up the software so that it acts according to the design
  • Deployment – implement the software and roll it out in your environment

A pre-packaged offering for Enterprise IAM Requirements Discovery Workshop is available for Identity Manager.

back to top

Specialty

The Specialty Services available for Identity Manager are designed to provide you with any assistance you may require with pre and post-implementation activities to continuously raise the value of the software in your environment.

The following Specialty Services are available for Identity Manager:

  • Business Value Planning and Health Check Services
  • Custom Staff Augmentation Services

Services and offerings vary by region. If you are outside of North America, contact your Dell representative for information on Professional Services and the options in your region.

back to top