HDS Connector Overview
Capabilities
This connector enables you to use File Access Manager to access and analyze data stored in HDS and do the following:
-
Analyze the structure of your stored data.
-
Monitor user activity in the resources.
-
Classify the data being stored.
-
Verify user permissions on the resources, and compare them against requirements.
-
Manage access fulfillment - automated granting and revoking of access - according to rules set in File Access Manager.
-
Identity collector – collect IAM users, groups and roles and the connections between them.
Refer to the File Access Manager documentation for a full description.
Connector Overview
Activity Monitor
File Access Manager uses the HNAS File System Audit to monitor file system events. Once the audit is configured on the HNAS EVS, HNAS starts collecting events, and displays them in a Windows Event Log-like interface.
The File Access Manager HDS Activity Monitor remotely connects to the HNAS every 5 seconds to read and process new events, which it then sends to central servers every predefined interval.
The system generates events on HNAS only on shares or folders enabled for auditing. HNAS lets you define the event types and logged in users to monitor the Advanced Security Settings > Auditing tab of a share or folder.
Important
Events received from HNAS contain the full physical path of the file, and not the share path. The Activity Monitor periodically correlates all shares and share mapping to physical paths, and translates the physical paths of events to their corresponding share paths. If the physical path is mapped to more than one share, the event is duplicated in all the matching share paths.
Permissions Collector
File Access Manager must first run a crawl process to discover shares and folders on the HNAS.
The File Access Manager Permissions Collector service connects remotely to these shares and folders, and analyzes their permissions.
Monitored Activities
The following activities are monitored by the HDS connector:
-
Create File - A new file was created.
-
Create Folder - A new folder was created.
-
Create from Move - A “Create Folder” event generates this event on the newly created folder.
-
Create from Rename - A “Rename Folder” event generates this event on the newly created folder.
-
Delete File - A file was deleted.
-
Delete Folder - A folder was deleted.
-
Move File - A file was moved.
-
Move Folder - A folder was moved.
-
Permission Change File - A file’s permissions were changed.
-
Permission Change Folder - A folder’s permissions were changed.
-
Read File - A file was read.
-
Rename File - A file was renamed.
-
Rename Folder - A folder was renamed.
-
Write File - A file was modified.
HDS Installation Flow Overview
To install the HDS connector:
-
Configure all the prerequisites.
-
Add a new HDS application in the Business Website.
-
Install the relevant services:
-
Activity Monitor - This is the activity collection engine, used by all connectors that support activity monitoring.
-
Permissions Collector
If you are using EC2 login, the collector should be installed on the EC2 instance.
-
Data Classification Collector
-
Important
Installing the permissions collector and data classification services is optional and should only be installed by someone with a full understanding of File Access Manager deployment architecture. The File Access Manager Administrator Guide has additional information on the architecture.
Supported Versions
HDS supports the File System Audit in HNAS version 11 and above.
Permissions Collections and Data Classification supports all HNAS versions.