The release of Micro Focus Storage Manager 5.1 for Active Directory introduces some impressive new capabilities designed to ease the management of your ever-growing network-stored data. With the ability to now manage data across Active Directory forests, flexibility in how provisioned home folders are named, provisioned group folders owned by multiple groups with access permissions specific to their group membership, and more, this is a release that Storage Manager for Active Directory customers are going to want to deploy right away.
This article provides an overview of each of the new features in Micro Focus Storage Manager 5.1 for Active Directory. For a more detailed explanation of these new features, refer to the Micro Focus Storage Manager 5.1 for Active Directory Administration Guide.
Event Monitor Scope
Past versions of the Storage Manager Event Monitor would monitor not only Active Directory events pertaining to user- and group network-stored data, but also non-applicable events as well. For example, the Event Monitor would monitor Group objects as they were created by Microsoft Exchange for distribution lists. Monitoring events such as these would burden the Event Monitor and could slow down the response time for Storage Manager to take action following applicable network file system events.
The new Event Monitor Scope feature lets you “scope” the segments of the forest or domain that the Event Monitor will monitor by specifying what areas of the forest or domain to include and exclude. A scoped segment of the forest to include might be specific containers or groups.
Managed Path Naming Attribute
No longer dependent on the name of the
sAMAccountName attribute value, which might or might not be a descriptive name of the user or group, you can now choose from among multiple attributes for the user or group folder name.
For some organizations, having the default
sAMAccountName attribute as the means of naming home folders is not desirable. A school that generates student accounts using an account provisioning system for example, might generate a student account and
sAMAccountName such as SA74556, rather than a more descriptive name such as William Sanders. To allow Storage Manager to create a home folder with a name like WSanders, rather than SA74556, you can now select a different attribute from the drop-down list.
Once you have saved the policy, you can use an account provisioning system such as NetIQ Identity Manager to automatically populate the selected attribute with the desired folder name and then Storage Manager will automatically provision the home folder based on this attribute setting. Using the example above, the home folder name would be WSanders rather than SA74556.
For existing users whose home folders you would like to change to a new attribute value, you would follow the same procedures, followed by performing an Enforce Policy Path Management Action.
Multi-Principal Group Storage Policies
This new policy type allows for multiple groups to access a shared group folder, with each group having different sets of permissions to the group folder.
Each group’s access to these folders is dependent on the security group object’s security principal. For example, one group’s access could be RO, another’s could RW, and another’s could be FUL. Based on their support for multiple security principals, these folders are known as “Multi-Principal Managed Paths,” and they are issued through new policy types known as “Multi-Principal Collaborative Storage” policies.
Multi-Principal Managed Paths are owned and accessed by Active Directory security groups with the same group prefix name separated by a suffix separator, and then distinguished by a unique security separator.
Cross-Forest Data Management
With the release of Storage Manager 5.0 for Active Directory earlier this year, we introduced the ability to migrate user and group data from one Active Directory forest or domain to another using the Active Directory to Active Directory Cross-Empire Data Migration subsystem. One of the requirements for doing so is establishing a trust relationship between Active Directory forests or domains.
With the release of version 5.1, we allow you to leverage the trust relationship to manage data between the two forests or domains. The User and Group objects must reside in the primary forest, but these objects’ data can be managed in the secondary forest’s network file system.
For example, a User Home Folder policy assigned to User objects in Forest A can be set to a target path in Forest B. Similarly, data residing in the file system of Forest A can me moved, copied, or vaulted to Forest B through an operation.
Faster Data Copying
In version 5.0, we were able to speed up data copying and migrations through multi-threaded copying. For version 5.1, we’ve extended this copying capability to any management task involving data movement.
Downloading the Software
Storage manager 5.1 for Active Directory is available for download here. If you already have Storage Manager 5.0 for Active Directory, you will not need an updated license. You will need to update your Agents and the SMAdmin administrative interface. If you want to utilize the new Event Monitor Scope feature, you will need to update the Event Monitor.