Data Access Security Virtual Appliance Cluster Creation

Data Access Security requires the use of virtual appliances to establish connectivity to applications and sources on customer premises within your data centers or your virtual private cloud environment. In addition, it is required to use specialized virtual appliances to perform Data Classification operations for all types of applications.

Data Classification Virtual Appliances

Data Access Security's Data Classification engine identifies and categorizes data based on data sensitivity, its impacts, and the importance of the data to the business. Data Classification enables organizations to identify business-critical information and “crown jewels”, such as intellectual property, as well as sensitive and regulated data, that need to be tightly governed to comply with regulations.

In order to take advantage of Data Classification within their environments, Admins must create and deploy a dedicated VA cluster and VAs using the Data Access Security - Data Classification Collector cluster type.

You can create a dedicated cluster in one of two ways:

• Creating a cluster through the Data Access Security Application Configuration wizard.
• Creating a cluster through Identity Security Cloud following the steps in Deploying Virtual Appliances and selecting the Data Access Security - Data Classification Collector cluster type.

Data Classification Cluster Creation with Application Configuration

1. In the Data Classification configuration step in the Application Configuration Wizard, use the Data Collection Cluster dropdown to select an existing one to be used by the applications.

   

2. If there are no available clusters in the dropdown or if the clusters are being used to capacity and you would like to associate the configured applications to a new cluster, select the plus (+) icon next to the cluster dropdown to add another cluster.

3. A confirmation message is displayed asking you to confirm the operation. Upon approval, a new cluster is created with a default name of “DAS data classification collector cluster”. Subsequent clusters will have a number added to their name to differentiate the ones previously created.

On-Prem Connectivity Virtual Appliances

Data Access Security can connect to applications and unstructured data storage solutions that reside in data centers and a virtual private cloud. This enables organizations to holistically govern access of sensitive data. Data Access Security Resource Discovery enables organizations to map data where data resides across multiple different applications, systems, and storage solutions.

In order to take advantage of Data Access Security Resource Discovery within their environments, Admins must create a dedicated VA Cluster and VAs using the Data Access Security - Resource Collector cluster type.

You can create a dedicated cluster in one of two ways:

• Creating a cluster through the Data Access Security Application Configuration wizard.
• Creating a cluster through Identity Security Cloud following the steps in Deploying Virtual Appliances and selecting the Data Access Security - Resource Collector cluster type.

Note

To create a Data Classification cluster for on-prem applications, refer to the Data Classification cluster creation.

Note

Only on-premise applications require Resource Collection Virtual Appliance to perform the resource discovery tasks.

Crawler Cluster Creation with Application Configuration

1. In the Crawler configuration step in the Application Configuration Wizard, use the Resource Collection Cluster dropdown to select an existing one to be used by the applications.

   

2. If there are no available clusters in the dropdown or if the clusters are being used to capacity and you would like to associate the configured applications to a new cluster, select the plus (+) icon next to the cluster dropdown to add another cluster.

3. A confirmation message is displayed asking you to confirm the operation. Upon approval, a new cluster is created with a default name of “DAS crawler collector cluster.” Subsequent clusters will have a number added to their name to differentiate the ones previously created.

Cluster Creation with Identity Security Cloud

To create a dedicated VA cluster and VAs, complete the steps in Deploying Virtual Appliances and select the relevant type of Data Access Security cluster.

Any clusters that were previously created through the Data Access Security Application Wizard, mentioned above, will automatically appear here.

Creating and Configuring Your Virtual Appliance

After configuring the new VA Cluster, add VAs for this cluster by completing the steps in Creating Virtual Appliances.

Note

Create new VAs to associate them with the Data Access Security VA clusters. Do not associate existing Identity Security Cloud VAs with Data Access Security clusters. VAs cannot migrate across cluster types.

A VA Cluster can contain one or more VAs. We recommend adding multiple VAs to support redundancy and high-availability, as well as scale per performance.

A VA Cluster can service multiple applications and can be associated with one or more applications. There is no need to create a separate cluster for each application, as there is no coupling between applications and clusters.

All application types, including cloud applications, require a Data Classification Collection VA to perform Data Classification data collection tasks.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.