Maintaining Permissions Collection and Data Classification Collector Agents

Maintaining Permissions Collection and Data Classification Collector Agents

 

About Permissions Collection and Data Classification Collector Agents

In a distributed environment, Central Permissions Collection (CPC) and Central Data Classification (CDC) services are typically implemented in an engine/agent configuration, with a main engine for each of the services (CPC and CDC) located in the central File Access Manager installation site, and individual Permission Collection and Data Classification agents installed near the endpoints they interact with. This implementation is best suited for an environment where some endpoints may be located far from the central File Access Manager site, in hybrid cloud/on-premise environments, or in large-scale environments with a significant number of endpoints.

This article discusses how to maintain the collector agents. For information about maintaining the engine services, see Maintaining Core Services in File Access Manager.

A single Permissions Collection or Data Classification agent can only execute one task at a time. Multiple tasks scheduled to run on a single Permissions Collection or Data Classification will be executed sequentially. Having multiples collectors associated to a single CPC/CDC will distribute the crawl/permissions collection among the collectors, thus reducing the execution time of the task.

Single Permissions Collection/Data Classification collector associated with a single CPC/CDC service:

CPCCDAgentSingle.png

 

Multiple Permissions Collection/Data Classification collectors associated with a single CPC/CDC service:

 CPCCDAgentMultiple.png

 

Prerequisites

Permissions Collection or Data Classification collector agents require the RabbitMQ service to communicate with the CPC/CDC central service/engine. Verify that RabbitMQ is present and running before proceeding with this task, by opening the File Access Manager Server Installer. Follow the instructions in the Maintaining RabbitMQ in File Access Manager document to install RabbitMQ if it is not already present.

Installing Collector Agents

  1. Open the File Access Manager Collector Manager on the server where you intend to install the PC/DC collector.
    Note: The File Access Manager Collector Manager is located in the installers folder, that is, the folder where you extracted the File Access Manager Installer zip file; it is under the Collectors folder (for example, C:\File Access Manager 8.0 Installers\Collectors)
  2. In the Server Name/IP field, enter the host name or IP address of the server on which the File Access Manager Collector Agent Configuration Manager service is running.
  3. Set the Port to default 8000.
  4. Enter a user name for a user that has admin privileges, in the format <domain name>\User Name. Alternatively, you can enter user name wbxadmin.
  5. Enter the password for the user and click Next.
  6. To add a collector to a Central Permissions Collection (CPC) service, click the drop-down in the Central Permission Collection section; select the CPC service and click Add.
  7. Click Next to install the collector for the CPC service.
  8. To add a collector to a Central Data Classification (CDC) service, click the drop-down in the Central Data classification section; select the CDC service and click Add.
  9. Click Next to install the collector for the CDC service.
  10. Click Finish to exit the server installer.
  11. Check the logs folder, which is located in the same location as the Collector Manager install, for further information about the installation of the collector.
  12. If you encounter errors, try to troubleshoot the error, or contact SailPoint for further assistance. You will be required to send the install log to analyze the issue.
  13. Repeat these steps to install as many collectors as you need. There is no limit on the number of collectors that can be associated with a single CPC/CDC service.

Next Steps

In the File Access Manager Admin Client, open an application configuration and select the CPC/CDC that you just installed the collectors for. Then launch the crawler or Permission collection task to start the process in the “rabbit” mode.

Moving Collector Agents

If you want to move a Permissions Collection or Data Classification collector agent, you must uninstall it from the current server, then install it on the new server. Follow the steps listed in the Uninstalling Collector Agents section to uninstall the collector agent from the old server, and the steps listed in the Installing Collector Agents section to install the collector agent on the new server.

Uninstalling Collector Agents

  1. Open the SecurityIQ Collector Manager on the server where the the Permissions Collection/Data Classification collector is currently installed.
  2. In the Server Name/IP field, enter the host name or IP address of the server on which the SecurityIQ Agent Configuration Manager service is running .
  3. Set the Port to default 8000.
  4. Enter a user name for a user that has admin privileges, in the format <domain name>\User Name. Alternatively, you can enter user name wbxadmin.
  5. Enter the password for the user and click Next.
  6. In the next window, a list of installed collectors is shown. Select the collector you want to uninstall and click Uninstall Product.
  7. In the next window, you will see status information on the collector being uninstalled.
  8. Click Finish to exit the server installer on the server.
  9. Check the logs folder, which is located in the same location as the Collector Manager install, for further information about the uninstallation of the collector.
  10. If you encounter errors, try to troubleshoot the error, or contact SailPoint for further assistance. You will be required to send the install log to analyze the issue.

Uninstalling Collector Agents Manually

If you are unable to uninstall a Permissions Collection/Data Classification collector from a server using the steps provided above, follow these steps to manually uninstall the collector from the server:

  1. Delete the Permissions Collection/Data Classification service manually:
    1. Open services.msc.
    2. Right-click on the Permissions Collection/Data Classification collector service and click on Properties.
    3. Copy the name value shown for Service name
    4. Open a command prompt as an administrator and run the command
      sc.exe delete "<service name>"
      (For example, sc.exe delete "PermissionCollector_CPC_1 Collector 1_1012")
    5. Refresh the services.msc and verify that the Permissions Collection/Data Classification collector process does not appear.
  2. Delete the Registry entries for the collector service.
    1. Open the registry editor (regedit).
    2. Browse to the locations listed below, and delete any keys and subkeys related to the Permissions Collection/Data Classification collector.
      Note: Make a backup of the keys before deleting by right-clicking on the key and clicking Export.
      Keys must be deleted entirely, along with the subkeys.
      • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PermissionCollector ***
        OR
        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DataClassificationCollector ***
      • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PermissionCollector ***
        OR
        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DataClassificationCollector ***
      • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\**
      • HKEY_LOCAL_MACHINE\SOFTWARE\whiteboxSecurity\whiteOPS\Components\**
      • HKEY_CLASSES_ROOT\Installer\Products\**
  3. Uninstall the Permissions Collection/Data Classification collector from the server:
    1. Go to the Control Panel and uninstall the File Access Manager Central Permission Collector - CPC_* Collector * or the File Access Manager Central Data Classification - CDC_* Collector * program.
      Note: You can skip this step, if a program is not found.
  4. Delete the Permissions Collection/Data Classification collector installation folder from the server.
    1. Make a backup of the installation folder C:\Program Files\SailPoint\File Access Manager\Central Permissions Collection - CPC_* Collector * or C:\Program Files\SailPoint\File Access Manager\Central DataClassifiction Collection - CPC_* Collector *.
      Note: This step assumes the installation is located in C:\Program Files\File Access Manager. You can navigate to the appropriate installation folder in your environment.
    2. Delete the folder.
  5. Delete the collector entry from the database.
    1. Run this SQL query:
      select * from [whiteops].[install_service] where technical_name='PermissionCollector'
      or
      select * from [whiteops].[install_service] where technical_name='DataClassification'
    2. From the result of the above query, find the row that corresponds to the service that you are currently working on. Follow these steps if you are not sure.
      1. Take the value of the column "server_id" from the above result and execute the query
        Select * from [whiteops].[install_server]
      2. Match the server_id with the server id from this result and confirm the row to be acted on.
    3. Run this query to delete the collector entry from the database:
      delete from [whiteops].[install_service] where id=<id of the collector service>
  6. Open the File Access Manager Collector Manager and confirm that the Permissions Collection/Data Classification collector does not appear under the installed products.
  7. Open the Health Center and confirm that the collector service does not appear under the Permission Collection/Data Classification tab.
Version history
Revision #:
9 of 9
Last update:
‎Aug 23, 2019 04:55 PM
Updated by: