2.1 Components for Data Collection Services

The Data Collection Services has the following components:

Component	Description
Data Collection Service	Service that collects information from various sources within an organization. The Data Collection Service includes three subservices: The Managed System Data Collector uses a pull design model to retrieve data from one or more Identity Vault data sources. The collection runs on a periodic basis, as determined by a set of configuration parameters. To retrieve the data, the collector calls the Managed System Gateway Driver. The IDM Event-Driven Data Collector uses a push design model to gather event data that the Data Collection Service Driver captures. The Application Data Collector retrieves data from one or more non-managed applications by calling a REST endpoint written specifically for each application. Non-managed applications are applications within your enterprise that are not connected to the Identity Vault. NOTE:This page can be accessed directly from the Identity Application user interface from this release onwards. Data Collection Services will not be a part of the Reporting page from this release onwards.
Data Collection Service Driver	Driver that captures changes to objects stored in an Identity Vault, such as accounts, roles, resources, groups, and team memberships. The Data Collection Service Driver registers itself with the Data Collection Service and pushes change events (such as data synchronization, add, modify, and delete events) to the Data Collection Service. The information that the driver captures records changes to these objects: User accounts and identities Roles and role levels (hierarchical relationships between roles) Groups NOTE:Identity Reporting does not support dynamic groups and only generates reports on static group data. Group memberships Provisioning Request Definitions (PRDs) Separation of Duties (SoDs) definitions and violations User entitlement associations Resource definitions and resource parameters Role and resource assignments Identity Vault entitlements, entitlement types, and driver
Managed System Gateway Driver	Driver that collects information from managed systems. To retrieve the managed system data, the driver queries the Identity Vault. The driver retrieves the following information: List of all managed systems List of all accounts for the managed systems Entitlement types, values, and assignments (groupings), and user account profiles for the managed systems NOTE:This driver is not supported for Standard Edition.
Security Service	Service that controls access to all other services within Identity Reporting. The Security Service includes these key components: A stand-alone authentication service that provides several functions through REST, including programmable authentication, token validation, token expiration notification, and attribute retrieval for an identity. An authentication module within the core service that performs internal functions such as performing authentication within the scope of the core service and retrieving additional identity attributes. An authorization module within the core service that controls what an authenticated user can do with reporting resources. This module defines access control policies for resources and determines the permissions based on attributes of the authenticated user, access control policy, and the resource being accessed.
Sentinel Log Management for Identity Governance and Administration	Captures log events associated with actions performed in several NetIQ products, including Identity Reporting, the identity applications, and the Identity Vault. These events are stored in the public schema within the warehouse. You have the option to create a Sentinel link. For information about setting up the Sentinel link, see Sentinel Link Overview Guide.
Identity Vault Data Sources	Repositories for identity information. Identity Reporting allows you to report on state information in the Identity Vault, such as which users have been provisioned with particular resources, or which users have been assigned to particular roles. You can report on current and past data from the Identity Vault. The Identity Vault Data Sources page allows you to specify which Identity Vaults you want to report on, and provide information about where Identity Reporting can find these vaults. You can include data sources for one or more Identity Vaults on the Identity Vault Data Sources page.
Managed Systems and Applications	A system in an enterprise that is connected to the Identity Vault with an Identity Manager driver. Identity Reporting allows you to report on state information about the managed systems. For example, the reports allow you to determine that a particular user known to the Identity Vault exists in Active Directory. Identity Reporting allows you to report on current and past data from managed systems.