RSA IGL Datareach - Technical Info

Document created by Mohit Verman Employee on Jul 6, 2020Last modified by Pradeep Kadambar on Dec 11, 2020
Version 29Show Document
  • View in full screen mode

Architecture

 

Components

Master Controller is the component responsible for serving as a central configuration point. All agent configurations, drivers, certificates and data to be collected are centrally managed on the Master Controller. The Master Controller is also responsible for collating the data collected by all the agents, error handling and piping data to the Oracle database.

Agents are responsible for collecting data from endpoints. These endpoints can be any JDBC compliant database, UNIX or Windows systems.

Database stores all the data and metadata collected from the target systems.  All the pruning and data validation stored procedures are contained in this database. Data Reach requires an Oracle 11g or above database for staging the collected data. This can be a standalone Oracle database, or the database used by RSA IGL.

Plugins provide optional integrations with third party system for host configurations (CMDB), credentials (PAM) and ticketing systems for error handling. The plugin architecture allows Data Reach to maintain a small footprint and features added as needed.

 

3rd Party Integrations

Host List Providers (Targets)

Credential Providers (Credentials)

Error Handlers (Error Reporting)

 

Deployment Types

Single Server In this scenario, all 3 components are installed directly on your IGL application server.

Agent, Local Database In this scenario, the master controller and the database are installed on the IGL application server, while agents are deployed throughout your environment.

Agent, Dedicated Database In this scenario, agents are deployed throughout your environment.  The dedicated Oracle database instance separate from IGL must be provided by the organization. In this deployment, the master controller can be installed on any of the systems.

Feature Releases

Dec, 2020 - Out of the box collection package for MongoDB accounts.

 

Jul, 2020 - Out of the box collection package for Solaris accounts and group entitlements.

 

Jun, 2020 - Support for CyberArk Central Credential Provider (CCP) as a supported credential provide plugin.

 

Jan, 2020 - Out of the box collection package for AIX accounts and group entitlements.

 

Dec, 2019 - Multi Windows provisioning service.

Roadmap

Q1 2021

AWS Bulk Collections Support - Data Reach will support collection of IAM data from multiple accounts under a one or more organizations. This will allow accounts to be dynamically available for collections. The collections will support the following data elements

  • Accounts
  • Account Policies (Inline and Managed)
  • Groups
  • Group Policies (Inline and Managed)
  • Group Members
  • Roles
  • Role Policies (Inline and Managed)
  • Policies

 

Q2 2021

AWS Bulk Provisioning Support

Attachments

    Outcomes