Identity Governance allows you to archive data to an internal database or to an external database. Identity Governance automatically creates the internal database (igarc) at the time of installation, and that database is the default for archiving. We recommend that you use the default archive only in development environments. In your test (stage) and production enviroments, archive data to an external database, and rotate these archives as needed. Identity Governance supports the following databases as archive destinations:
Vertica
Oracle
PostgreSQL
MS SQL
NOTE:Identity Governance does not create reporting views for external databases. If you configure an external database as an archive destination, the view will contain only partial information.
If you want to create an archive destination and configure the database to use SSL communication, you must first create and configure the proper global configuration properties for your data store type and for the SSL type -- server authentication or mutual authentication. Use the table below to determine which configuration properties you need to create and the values for each.
Table 13-1 Global Configuration Properties and Value Types for Database and SSL Types
|
Database Type/SSL Type |
Configuration Property |
Value Type |
|---|---|---|
|
Vertica/Server |
com.netiq.iac.vertica.ssl.truststore.path |
Filename |
|
Vertica/Server |
com.netiq.iac.vertica.ssl.truststore.password |
Password |
|
Vertica/Mutual |
com.netiq.iac.vertica.ssl.truststore.path |
Filename |
|
Vertica/Mutual |
com.netiq.iac.vertica.ssl.truststore.password |
Password |
|
Vertica/Mutual |
com.netiq.iac.vertica.ssl.keystore.path |
Filename |
|
Vertica/Mutual |
com.netiq.iac.vertica.ssl.keystore.password |
Password |
|
Oracle/Server |
com.netiq.iac.oracle.ssl.truststore.path |
Filename |
|
Oracle/Server |
com.netiq.iac.oracle.ssl.truststore.type |
Type of truststore |
|
Oracle/Server |
com.netiq.iac.oracle.ssl.truststore.password |
Password |
|
Oracle/Mutual |
com.netiq.iac.oracle.ssl.truststore.path |
Filename |
|
Oracle/Mutual |
com.netiq.iac.oracle.ssl.truststore.type |
Type of truststore |
|
Oracle/Mutual |
com.netiq.iac.oracle.ssl.truststore.password |
Password |
|
Oracle/Mutual |
com.netiq.iac.oracle.ssl.keystore.path |
Filename |
|
Oracle/Mutual |
com.netiq.iac.oracle.ssl.keystore.type |
Type of truststore |
|
Oracle/Mutual |
com.netiq.iac.oracle.ssl.keystore.password |
Password |
|
PostgreSQL/Server |
com.netiq.iac.postgres.ssl.root.cert |
Contents of the certificate NOTE:Do not use a filename. |
|
PostgreSQL/Mutual |
com.netiq.iac.postgres.ssl.root.cert |
Contents of the certificate NOTE:Do not use a filename. |
|
PostgreSQL/Mutual |
com.netiq.iac.postgres.ssl.client.cert |
Contents of the certificate NOTE:Do not use a filename. |
|
PostgreSQL/Mutual |
com.netiq.iac.postgres.ssl.client.key |
Contents of the key NOTE:Do not use a filename. |
|
MS SQL/Server |
com.netiq.iac.mssql.ssl.server.cert |
Contents of the certificate NOTE:Do not use a filename. |
|
MS SQL/Server |
com.netiq.iac.mssql.ssl.password |
Password |
Use the information from this table to create and configure the required configuration properties for the archive destination you want to create.
NOTE:The configuration properties required for SSL communication could already exist in your environment. You can select Configuration > Advanced, then use the search feature to verify whether the configuration property you need is already configured as a global configuration setting.
To create and configure the proper global configuration properties for your archive destination and for the SSL type:
Log in as a Global Administrator.
Select Configuration > Advanced.
Next to Global Configuration Settings, click the plus sign (+).
Type the name of the configuration property you want to create, then click Add.
Type the value for the configuration property you want to create, then click Create.
Perform Step 3 through Step 5 for each property you need to create.
To configure an archive destination:
Select Data Administration > Maintenance.
Click Archive Destinations.
Click “+” to add an archive destination.
Click Current Archive Destination to specify the database as the archive location you want to use.
Provide the requested information.
Click Test Connection to verify your settings.
Click Save.