A global map showing cybersecurity data points and red location markers with a prominent red shield and padlock icon in the center.

Virtual Appliance in ISC: Core Functions Explained Guide

Date Posted:

Category:

Security

Author:

Dhanushri

A global map showing cybersecurity data points and red location markers with a prominent red shield and padlock icon in the center.

Virtual Appliance in ISC: Core Functions Explained Guide

Date Posted:

Category:

Security

Author:

Dhanushri

A global map showing cybersecurity data points and red location markers with a prominent red shield and padlock icon in the center.

Virtual Appliance in ISC: Core Functions Explained Guide

Date Posted:

Category:

Security

Author:

Dhanushri

Core functionalities of Virtual Appliance (C.A.P.R.I.L.Q)

Virtual Appliance common functionalities are connector - execution, Aggregation, Provisioning, Rules Execution, IQ Service communication, Logging, Queue Process.

Connector Execution

VA - runs on local infrastructure and executes operations like CRUD - Create, Read, Update, Delete. It runs the java-based connector codes to interact with the local sources like Active Directory, JDBC.

Aggregation

It is the process of getting the accounts, entitlements, data from the local sources into ISC for access management.

Types of aggregation

  1. Account Aggregation - Account data collection and linking to ISC identities.

  2. Entitlement Aggregation - Access data collection and linking to ISC identities.

  3. Delta Aggregation - Updates the changed accounts data and access data.

Provisioning

By outbound only connectivity, user onboarding and entitlement changes can be automatically provisioned via VA.

Joiner, Mover, Leaver process of a user can trigger this automated provisioning. The provisioning task failures can be viewed and rectified in the user interface itself.

Rules Execution

Without any formal review process, the connector rules are executed on VA. By accessing local data’s and manipulating the values for doing the complex calculations to fulfill the custom requirements which are totally needed and not available in the user interface. In cases like automatically do entitlement aggregation after the create account operation is triggered.

Types of connector rules

  • Before and after rule operations in AD.

  • JDBC Build map rule and Provision rule.

  • SAP Build map rule and Provision rule.

  • SAP HR Provisioning modify rule.

  • Web Service after operation rule and Before operation rule.

IQ Service Communication

IQ Service acts as a translator for Linux based VA and Windows based application Active Directory. The interaction starts by VA by polling the queue and sends the information through port 5050 with the TLS encryption for secure communication. Then IQ service processes the requests and communicates with the target system AD. The AD responds to it; the results are sent back to ISC via VA.

The only requirement is to install the IQ service in windows server with network connectivity with the AD.

Logging

Logging services involves two basic components, ccg.log-connector based and VA-agent. Log-internal heartbeat, credentials, jobs. VA logs are managed automatically but the storage has to be below 80%.

Queue Process

When account aggregation, group aggregation like activities is initiated ISC adds it in the AWS based Simple Queue Service. By making outbound only calls corresponding VA polls the queue and process the task by communicating with the target system and sends the result back to the ISC, it manages the load for the VA’s.

Conclusion

Thus, the Virtual Appliance plays a significant role through these core functionalities connector - execution, Aggregation, Provisioning, Rules Execution, IQ Service communication, Logging, Queue Process in delivering the scalable, secure governance solutions to organization and helps it in ensuring the right person has right access at right time.


Stay tuned to our blog to see more posts about

Sailpoint products implementation and its related updates.

Stay tuned to our blog to see more posts about

Sailpoint products implementation and its related updates.

Category:

Security

Stay tuned to our blog to see more posts about

Sailpoint products implementation and its related updates.

Stay tuned to our blog to see more posts about

Sailpoint products implementation and its related updates.

Category:

Category:

Security

Security

Get your

Tailored Quote for your

Organisation

Get your

Tailored Quote for your

Organisation

Core functionalities of Virtual Appliance (C.A.P.R.I.L.Q)

Virtual Appliance common functionalities are connector - execution, Aggregation, Provisioning, Rules Execution, IQ Service communication, Logging, Queue Process.

Connector Execution

VA - runs on local infrastructure and executes operations like CRUD - Create, Read, Update, Delete. It runs the java-based connector codes to interact with the local sources like Active Directory, JDBC.

Aggregation

It is the process of getting the accounts, entitlements, data from the local sources into ISC for access management.

Types of aggregation

  1. Account Aggregation - Account data collection and linking to ISC identities.

  2. Entitlement Aggregation - Access data collection and linking to ISC identities.

  3. Delta Aggregation - Updates the changed accounts data and access data.

Provisioning

By outbound only connectivity, user onboarding and entitlement changes can be automatically provisioned via VA.

Joiner, Mover, Leaver process of a user can trigger this automated provisioning. The provisioning task failures can be viewed and rectified in the user interface itself.

Rules Execution

Without any formal review process, the connector rules are executed on VA. By accessing local data’s and manipulating the values for doing the complex calculations to fulfill the custom requirements which are totally needed and not available in the user interface. In cases like automatically do entitlement aggregation after the create account operation is triggered.

Types of connector rules

  • Before and after rule operations in AD.

  • JDBC Build map rule and Provision rule.

  • SAP Build map rule and Provision rule.

  • SAP HR Provisioning modify rule.

  • Web Service after operation rule and Before operation rule.

IQ Service Communication

IQ Service acts as a translator for Linux based VA and Windows based application Active Directory. The interaction starts by VA by polling the queue and sends the information through port 5050 with the TLS encryption for secure communication. Then IQ service processes the requests and communicates with the target system AD. The AD responds to it; the results are sent back to ISC via VA.

The only requirement is to install the IQ service in windows server with network connectivity with the AD.

Logging

Logging services involves two basic components, ccg.log-connector based and VA-agent. Log-internal heartbeat, credentials, jobs. VA logs are managed automatically but the storage has to be below 80%.

Queue Process

When account aggregation, group aggregation like activities is initiated ISC adds it in the AWS based Simple Queue Service. By making outbound only calls corresponding VA polls the queue and process the task by communicating with the target system and sends the result back to the ISC, it manages the load for the VA’s.

Conclusion

Thus, the Virtual Appliance plays a significant role through these core functionalities connector - execution, Aggregation, Provisioning, Rules Execution, IQ Service communication, Logging, Queue Process in delivering the scalable, secure governance solutions to organization and helps it in ensuring the right person has right access at right time.


Next Blog

Next Blog