SecurID® Governance & Lifecycle Blog

Subscribe to the official SecurID Governance & Lifecycle community blog for information about new product features, industry insights, best practices, and more.

RSA Identity Governance & Lifecycle Webinar #2 (Aug 19) Recording and Presentation

JamiePryer
Employee (Retired) Employee (Retired)
Employee (Retired)
1 0 369

Hey all,

Thanks to those who could join, links below to watch back and the presentation is attached too. 

Please note that the "live" recording didnt work, so we have 2 recordings to cover what we discussed:

1) New Webservices features by Sean Miller

2) Datareach by Balaji Muralidharan‌ and Pradeep Kadambar

 

We are always looking to make this huddle better, so keep the feedback coming and leave your comments below.

Huge thanks to Sean Miller‌, Balaji Muralidharan‌ and Pradeep Kadambar‌ for joining me with their live Demos, plusAndrew Weadock‌, Christopher Williams and Michael Dalton‌ for their help and Q&A.

Actions/Asks:

  1. We would love to hear your feedback on this webinar. 1 positive and 1 piece of constructive crititism would be great in the comments below please.eg. Did the format work? was the audio ok? did you like the Q&A? How was the demo? what could make this better? etc..
  2. If you would like to join me on a webinar, let me know: jamie.pryer@rsa.com
  3. if you have any ideas/suggestions of what you would like to hear on a webinar, let me know or reply below
  4. If anyone wants to have a [free] 1-1 Telematry and Product review (roughly 1hour), let me know: jamie.pryer@rsa.com 

 

Watch the DataReach demo here: 

Jamie Pryer's Zoom Meeting - Zoom 

 

Watch the Webservices demo here:

Big thanks to Sean Miller‌ for creating this for us.


Next Webinar:

This is going to be a roadmap from Aaron Beaudoin - dont forget that you must register here and complete the Zoom form: RSA Identity Governance & Lifecycle Huddle - Sept 2019 

 

 

Q&A Summary:

  1. [Webservices] When we upgrade to 7.1.1 will we loose all the white listed IPs or will they still exist?

    • They will exist still, nothing is lost.
  2. [Webservices] For the token response. Is it possible to have it returned in json or xml? 

    • Do you mean for the loginUser command specifically?
  3. [Webservices] When will the new webservice UI be for us to deploy?

    •  It is available in 711 P02.  The larger UI changes I demonstrated will be part of the Ardmore release
  4. [Datareach] Can you manage Oracle databases via Datareach? 
    • Yes, DataReach can collect privileged access from Oracle and any other database that has JDBC compliant Java driver. Additionally, DataReach also have provisioning and de-provisioning capabilities using single connect to each database type.
  5. [Webservices] It looks really nice. Is there any new commands? I am looking for an easy way to find AD group members. 
    • We have a number of new commands but there should already be a findUserGroups and findAccounts commands
  6. [Datareach] To Balaji Muralidharan - you have plan to add file share to DataReach? 
    • At this point in time, no. Our roadmap currently includes cyberark, web services collection and we are looking into some cloud applications as well.
  7. [Datareach] Are the endpoint management only for servers? What about workstations? 
    • Endpoints can be servers or workstations.
  8. [Datareach] Could you please explain how DataReach would integrate with PAM solution Currently we have thycotic integration.
    • DataReach currently has plugins that connect to PAM solution like Thycotic, HasiCorp Vault, ManageEngine Password Manger Pro and these interact with the PAM solution using the API provided by the vendor. DataReach also supports encrypted CSV files in case you do not have a PAM solution deployed.
  9. [General] When is Ardmore release planned? 7.1.1 P2 was officially released couple of day back i remember?
    •  We’re looking early in 2020, but with all releases, dates / content  may vary.  Next session we will have Aaron  on with us and we will be covering road map.  Should have some more data for you in that session.
  10. [Datareach] Does DataReach have support for postgres EDB? 
    • As long it has a JDBC driver we will be able to collect & prov
  11. [Datareach] Can the host be in different environment like PRod, UAT or Test? 
    • As long as you have the host data, you can concect. But being a policy controls and best-practices kind of guy, I would always recommend keeping those environments separate.
    • [Pradeep] Additionally, if the prod, UAT and test environments are segregated at the network level, you can deploy the light weight agents on any machine in that network and target he endpoints without the need to open up firewall for each of the target systems.
  12. [Datareach] Is there an additional cost for DataReach? 
    • Yes, DataReach is a solution offered by our Professional Services Team and does require a small engagement to deploy.
  13. [Datareach] Is IBM iSeries included?
    1.  IBM unix flavors or what exactly is the IBM series mean sorry?
  14. [Datareach] Does DataReach require ServiceNow to function? 
    1. No it does not.
    1. [Pradeep] No, ServiceNow CMDB is an optional plugin to retrieve host information. The more simple solution is to use a CSV based file to feed in the target hosts.
  15. [Datareach] Are we going to be shown how you configure the collections? This is just showing the data already onboarded.
    • [Pradeep] The DataReach solution is provided with preconfigured collectors. The collector is no different from any database collector (Oracle) that you might be using today.
  16. [Webservices] Thanks, Sean. We are using findUserGroup and findAccounts and findGroupmembership. But it is not easy to find the group membership for an account, since findgroupmembership using user_id not user_name. 
    • Sounds like a good improvement   I'll open a ticket to track that.  RSA Ideas is a great place to post suggestions like this
  17. [Datareach] It seems that DataReach fits correctly in large environment/numbers. What is the point from which we can suggest to start to use the DataReach? Middle env? Large env? 10 database? 100? 
    • I would start doing this after 50 however we are happy to discuss more, as each client is different.
  18. [Datareach] What is the main differenct between Multi App Config & Datareach? 
    • with multiapp you need to have diff application with DR you can have single app ...and DataReach has provisioning caapability with single connector
  19. [Datareach] How long does DataReach app run to handle a load like 5000 DB. Does this put in a temp table from where IGL collects?
    • Yes it does, that temp table can be created on a diff schema than IGL DB or it can be configured to a DB of your choice. It does parallel connections, java multi threaded application

      [Pradeep] In our test labs, 6000 databases have taken on an average 7 minutes to collect accounts, roles and role membership information.

  20. [Datareach] How does the DataReach provisioning work? What type of AFX connector is used? Does IGL sends the provision request to AFX which in turns forwards to DataReach? If you have 1000 AIX systems, we will use one connector for those AIX, if we have 200 oracle and 300 SQL DB, we will use two conenctors one for oracle & one for sql db

    • [Pradeep]  DataReach uses standard AFX Java code based connector type and hence all provisioning requests go through AFX
  21. [Datareach] How upgrade of RSA IG&L and Endpoint (Linux/DB) impact DataReach setup? 
    • since its java code based connector, it does not impact datarech when upgrading
  22. [Datareach] miliseconds for collections?
    •  for one oracle db which resides in the same network segment it takes about 200-400 ms to connect, to collect data it takes about 100ms and to close connection it takes about 40 ms.. THis is for a single oracle db
    • [Pradeep] In our test labs, 6000 databases have taken on an average 7 minutes to collect accounts, roles and role membership information. For 1000 databases the number is about 25 seconds on an average.