Data synchronization
IBM Verify Identity Governance stores most of its operational data in an LDAP directory. Examples of operational data include information about the people and accounts that are managed by IBM Verify Identity Governance, the policies that are defined in IBM Verify Identity Governance, and other information.
IBM Verify Identity Governance provides the ability for users to
run reports about this operational data. For example:
- As an auditor, you might want to run a report that lists all of the people who are in violation of a corporate policy.
- As an administrator, you might want to run a report that lists all of the accounts that are inactive for the last six months.
- As a manager, you might want to run a report that lists all of the accounts that are owned by people in your department.
The reporting architecture requires that data reside in a database. The IBM Verify Identity Governance data synchronization feature copies the operational data from the LDAP directory to a database, making it available to be included in reports.
Running data synchronization
Data synchronization can be run in the following ways:
- Full data synchronization
- This approach synchronizes all of the operational data. That is,
the full data synchronization process starts by deleting all of the
data it previously copied into the database. Then, it copies all of
the operational data from the LDAP directory to the database. The
full data synchronization can be run in the following ways:
- On demand
- As an administrator, you can log in to IBM Verify Identity Governance, and run the full data synchronization process.
- On a recurring schedule
- As an administrator,
you can configure IBM Verify Identity Governance to
automatically run the full data synchronization process on a specified
recurring schedule. For example, you can configure IBM Verify Identity Governance to
run the full data synchronization process at these times:
- Every Sunday night at midnight.
- The 15th day of every month.
- Incremental data synchronization
- This approach synchronizes only the operational data that changed since the last time the data was synchronized. Unlike the full data synchronization, the incremental data synchronization does not delete all of the data it previously copied into the database. Rather, it updates the database to reflect the changes that occurred in the LDAP directory since the last time the data was synchronized. Incremental data synchronization requires enabling the LDAP change log feature.
- Report Data Synchronization Utility
- This approach is identical to the full data synchronization. The only difference is that it can be run from a computer that is not part of the deployed IBM Verify Identity Governance environment. That is, the first two approaches must be run on a computer in which IBM Verify Identity Governance is installed. The Report Data Synchronization Utility can be run on any computer, provided the computer meets the hardware and software requirements of the utility.