24.6 Inspecting Drivers

You can use the Driver Inspector to view detailed information about the objects associated with a driver. This section is divided into the following categories:

24.6.1 Driver Inspector

To view the objects associated with a driver:

  1. In Identity Console, Select Drivers > Inspector > Driver Inspector tab.

  2. In the Driver field, specify the fully distinguished name of the driver that you want to inspect, or click the browse icon to browse to and select the desired driver.

  3. After you have selected the driver to inspect, click OK to display the Driver Inspector page.

    The page displays information about the objects associated with the selected driver. You can perform any of the following actions:

    • Delete: Removes the association between the driver and an object. Select the check box in front of the object you no longer want associated with the driver, click the icon, then click OK to confirm the deletion.

    • Refresh: Select the refresh icon this option to re-read all of the objects associated with the driver and refresh the information.

    • Show: Select the number of associations to display per page. You can select a predefined number (25, 50, or 100) or specify another number of your choice. The default is 10 associations per page. If there are more associations than the number displayed, you can use the arrow buttons to display the next and previous pages of associations.

    • Actions: Perform actions on the objects associated with the driver. Click Actions, then select one of the following options:

      • Show All Associations: Displays all objects associated with the driver.

      • Filter for Disabled Associations: Displays all objects associated with the driver that have a Disabled state.

      • Filter for Manual Associations: Displays all objects associated with the driver that have a Manual state.

      • Filter for Migrate Associations: Displays all objects associated with the driver that have a Migrate state.

      • Filter for Pending Associations: Displays all objects associated with the driver that have a Pending state.

      • Filter for Processed Associations: Displays all objects associated with the driver that have a Processed state.

      • Filter for Undefined Associations: Displays all objects associated with the driver that have an Undefined state.

      • Association Summary: Displays the state of all objects associated with the driver.

    • Object DN: Displays the DN of the associated objects.

    • State: Displays the association state of the object.

    • Object ID: Displays the value of the association.

24.6.2 Driver Cache Inspector

You can view the transactions in a driver’s cache file using Identity Console. The Driver Cache Inspector displays information about the cache file, including a list of the events to be processed by the driver.

  1. In Identity Console, Select Drivers > Inspector > Driver Cache Inspector tab.

  2. In the Driver field, specify the fully distinguished name of the driver whose cache you want to inspect, or click the browse icon to browse to and select the desired driver, then click OK to display the Driver Cache Inspector page.

    A driver’s cache file can be read only when the driver is not running. If the driver is stopped, the Driver Cache Inspector page displays the cache. If the driver is running, the page displays a Driver not stopped, cache cannot be read note in place of the cache entries. To stop the driver, click the button; the cache is then read and displayed.

    • Driver’s cache on Server: Lists the server that contains this instance of the cache file. If the driver is running on multiple servers, you can select another server in the list to view the driver’s cache file for that server.

    • Start/Stop Driver icons: Displays the current state of the driver and allows you to start or stop the driver. The cache can be read only while the driver is stopped.

    • Delete: Select entries in the cache, then click the icon to remove them from the cache file.

    • Actions: Allows you to perform actions on the entries in the cache file. Click Actions to expand the menu, then select one of the following options:

      • Clear all Cached Events: Enables you to clear all cached events.

      • Cache Summary: Summarizes all of the events stored in the cache file.

Viewing the Connected System Details for Drivers

To view the connected system details for a specific driver, perform the following actions:

  1. In Identity Console, click the Object Inspector module.

  2. Browse and select the specific driver object for which you want to display the connected systems.

  3. All the connected system details for the selected driver object will be displayed on your computer.

24.6.3 Out of Band Sync Cache Inspector

To view events in the Out of Band Sync cache:

  1. In Identity Console, Select Drivers > Inspector > Out of Band Sync Cache Inspector tab.

  2. In the Driver field, specify the fully distinguished name of the driver whose cache you want to inspect, or click the browse icon to browse to and select the desired driver, then click OK.

    A driver’s cache file can be read only when the driver is not running. If the driver is stopped, the Driver Cache Inspector page displays the cache. If the driver is running, the page displays a Driver not stopped, cache cannot be read note in place of the cache entries. To stop the driver, click the button; the cache is then read and displayed.

    • Cache filename: Displays the filename of the cache.

    • Driver’s cache on Server: Lists the server that contains this instance of the cache file. If the driver is running on multiple servers, you can select another server in the list to view the driver’s cache file for that server.

    • Start/Stop Driver icons: Displays the current state of the driver and allows you to start or stop the driver. The cache can be read only while the driver is stopped.

    • Delete: Select entries in the cache, then click the icon to remove them from the cache file.

    • Actions: Allows you to perform actions on the entries in the cache file. Click Actions to expand the menu, then select one of the following options:

      • Cache Summary: Summarizes all of the events stored in the cache file.

      • Clear All Cached Events: Enables you to clear all cached events.

24.6.4 Driver Manifest

The Driver Manifest is like a resume for the driver. It states what the driver supports, and includes a few configuration settings. The Driver Manifest should be provided by the driver developer. A network administrator usually does not need to edit the Driver Manifest. In case if the administrator wants to edit the driver manifest, can do so by selecting Drivers > Inspector > Driver Manifest > Enable XML Editing option.

24.6.5 Monitoring Driver’s Health

Driver health monitoring allows you to view a driver’s current state of health as green, yellow, or red, and to define the actions to perform in response to each of these health states.

You create the conditions (criteria) that determine each of the health states, and you also define the actions you performed whenever the driver’s health state changes. For example, if the driver’s health changes from a green state to a yellow state, you can perform such actions as restarting the driver, shutting down the driver, and sending an email to the person designated to resolve issues with the driver.

Using this module, you can perform the following tasks:

Modifying the Driver’s Health Conditions

You control the conditions that determine each health state. The green state is intended to represent a healthy driver, and a red state is intended to represent an unhealthy driver.

The conditions for the green state are evaluated first. If the driver fails to meet the green conditions, the yellow conditions are evaluated. If the driver fails to meet the yellow conditions, the driver is automatically assigned a red health state.

To modify the conditions for a state:

  1. In Identity Console, open the Driver Health Configuration page for a driver whose conditions you want to modify:

    1. Open the Identity Console home page.

    2. Select Drivers > Click on the appropriate Driver from the list > Inspector > Driver Health Configuration.

  2. Click the tab for the state (Green or Yellow) you want to modify.

    The tab displays the current conditions for the health state. Conditions are organized into groups, and logical operators, either AND or OR, are used to combine each condition and each group. Consider the following example for the green state:

    GROUP1
Condition1 and
Condition2
Or
GROUP2
Condition1 and
Condition2 and
Condition3

    In the example, the driver is assigned a green state if either the GROUP1 conditions or the GROUP2 conditions evaluate as true. If neither group of conditions is true, then the conditions for the yellow state are evaluated.

    The conditions that can be evaluated are:

    • Driver State: Running, stopped, starting, not running, or shutting down. For example, one of the default conditions for the green health state is that the driver is running.

    • Driver in Cache Overflow: The state of the cache used for holding driver transactions. If the driver is in cache overflow, all available cache has been used. For example, the default condition for the green health state is that the Driver in Cache Overflow condition is false and the default for the yellow health state is that the Driver in Cache Overflow condition is true.

    • Newest: The age of the newest transaction in the cache.

    • Oldest: The age of the oldest transaction in the cache.

    • Total Size: The size of the cache.

    • Unprocessed Size: The size of all unprocessed transactions in the cache.

    • Unprocessed Transactions: The number of unprocessed transactions in the cache. You can specify all transactions types or specific transaction types (such as adds, removes, or renames).

    • Transactions History: The number of transactions processed at various points in the Subscriber or Publisher channel over a given period of time. This condition uses multiple elements in the following format:

      <transaction type> <transaction location and time period > <relational operator> <transaction number>.

      • <transaction type>: Specifies the type of transaction being evaluated. This can be all transactions, adds, removes, renames, and so forth.

      • <transaction location and time period>: Specifies the place in the Subscriber or Publisher channel and the time period being evaluated. For example, you might evaluate the total number of transactions processed as Publisher reported events over the last 48 hours. By default, transaction history data is kept for two weeks, which means that you cannot specify a time period greater than two weeks unless you change the default Transaction Data Duration setting.

      • <relational operator>: Specifies that the identified transactions must be equal to, not equal to, less than, less than or equal to, greater than, or greater than or equal to the <transaction number>.

      • <transaction number>: Specifies the number of transactions being used in the evaluation.

      The following provides an example of a Transactions History condition:

      <number of adds> <as publisher commands> <over the last 10 minutes> <is less than> <1000>

    • Available History: The amount of transaction history data that is available for evaluation. The primary purpose for this condition is to ensure that a Transactions History condition does not cause the current state to fail because it does not have enough transaction history data collected for the time period being evaluated.

      For example, assume that you want to use the Transactions History condition to evaluate the number of adds as Publisher commands over the last 48 hours (the example shown in the Transactions History section above). However, you don't want the condition to fail if there is not yet 48 hours worth of data, which can be the case after the initial setup of the driver's health configuration or if the driver's server restarts (because transaction history data is kept in memory). Therefore, you create condition groups similar to the following:

      Group1 Available History <is less than> <48 hours> or Group2 Available History <is greater than or equal to> <48 hours> and Transactions History <number of adds> <as publisher commands> <over the last 48 hours> <is less than> <1000>

      The state evaluates to true if either condition group is true, meaning that a) there is less than 48 hours of data, or b) there is at least 48 hours of data and the number of adds as Publisher commands over the last 48 hours is less than 1000.

      The state evaluates to false if both conditions evaluate to false, meaning that a) there is at least 48 hours of data and b) the number of adds as publisher commands over the last 48 hours is greater than 1000.

  3. Modify the criteria as desired.

    • To add a new group, click the icon next to the Condition Groups.

    • To add a condition, click the icon next to the logical operators (AND/OR). Alternatively, you can also click on Add new condition link.

    • To reorder condition groups or individual conditions, select the check box next to the group or condition you want to move, then click the arrow buttons to move it up and down. You can also use the arrow buttons to move a condition from one group to another.

  4. Once done, save your changes by clicking the Save button.

  5. If you want to change the actions associated with the conditions you have set, continue with Modifying the Driver’s Health Actions.

Modifying the Driver’s Health Actions

You can determine the actions that you want performed when the driver health state changes. For example, if the state changes from green to yellow, you can shut down or restart the driver, generate an event, or start a workflow. Or, if the state changes from yellow to green, any actions associated with the green state are performed.

A health state’s actions are performed only once each time the conditions are met; as long as the state remains true, the actions are not repeated. If the state changes because its conditions are no longer met, the actions are performed again the next time the conditions are met.

  1. In Identity Console, open the Driver Health Configuration page for a driver whose actions you want to modify:

    1. Open the Identity Console home page.

    2. Select Drivers > Click the appropriate Driver from the list > Inspector > Driver Health Configuration.

  2. Click the Green, Yellow, or Red tab for the state whose actions you want to modify.

  3. Click the plus (+) icon next to the Actions heading to add an action, then select the type of action you want:

    • Start Driver: Starts the driver.

    • Stop Driver: Stops the driver.

    • Restart Driver: Stops and then starts the driver.

    • Clear Driver Cache: Removes all transactions, including unprocessed transactions, from the cache.

    • Send Email: Sends an email to one or more recipients. The template you want to use in the email message body must already exist. To include the driver name, server name, and current health state information in the email, add the $Driver$, $Server$, and $HealthState$ tokens to the email template and then include the tokens in the message text. For example:

      The current health state of the $Driver$ driver running on $Server$ is $HealthState$.

      IMPORTANT:To send emails to multiple users, separate each email address only with a comma (,). Do not use semi-colon instead of comma.

    • Write Trace Message: Writes a message to the Driver Health job's log file or the driver set's log file if the trace file is not configured on the Driver Health job.

    • Generate Event: Generates an event that can be used by Audit and Sentinel.

    • Execute ECMAScript: Executes an existing ECMAScript.

      For information about how to construct ECMA scripts, refer to Using ECMAScript in Policies in the NetIQ Identity Manager - Using Designer to Create Policies.

    • Start Workflow: Starts a provisioning workflow.

    • On Error: If an action fails, instructs what to do with the remaining actions, the current health state, and the Driver Health job.

      • Affect actions by: You can continue to execute the remaining actions, stop execution of the remaining actions, or default to the current setting. The current setting applies only if you have multiple On Error actions and you set the Affect actions by option in one of the preceding On Error actions.

      • Affect state by: You can save the current state, reject the current state, or default to the current setting. Saving the state causes the state’s conditions to continue to evaluate as true. Rejecting the state causes the state’s conditions to evaluate as false. The current setting applies only if you have multiple On Error actions and you set the Affect state by option in one of the preceding On Error actions.

      • Affect Driver Health Job by: You can continue to run the job, abort and disable the job, or default to the current setting. Continuing to run the job causes the job to finish evaluating the conditions to determine the driver’s health state and perform any actions associated with the state. Aborting and disabling the job stops the job’s current activity and shuts down the job; the job does not run again until you enable it. The current setting applies only if you have multiple On Error actions and you set the Affect Driver Health Job by setting in one of the preceding On Error actions.

  4. Once done, save your changes by clicking the Save button.

Creating a Custom State

You can create one or more custom states to perform actions independent of the driver’s current health state (green, yellow, red). If a custom state’s conditions are met, its actions are performed regardless of the current health state.

As with the green, yellow, and red health states, a custom state’s actions are performed only once each time the conditions are met; as long as the state remains true, the actions are not repeated. If the state changes because its conditions are no longer met, the actions are performed again the next time the conditions are met.

  1. In Identity Console, open the Driver Health Configuration page for a driver for which you want to create a custom state:

    1. Open the Identity Console home page.

    2. Select Drivers > Click on the appropriate Driver from the list > Inspector > Driver Health Configuration.

  2. Click the icon next to the driver’s health status icons (green, yellow and red)

  3. Follow the instructions in Modifying the Driver’s Health Conditions and Modifying the Driver’s Health Actions to define the custom state’s conditions and actions.

Modifying a Custom State

To modify custom states, perform the following steps:

  1. In Identity Console, open the Driver Health Configuration page for a driver for which you want to create a custom state:

    1. Open the Identity Console home page.

    2. Select Drivers > Click on the appropriate Driver from the list > Inspector > Driver Health Configuration.

  2. Click the icon next to the driver’s health status icons (green, yellow and red)

  3. Follow the instructions in Modifying the Driver’s Health Conditions and Modifying the Driver’s Health Actions to define the custom state’s conditions and actions.

Figure 24-6 Managing Driver Inspectors