Micro Focus File Dynamics is a new product designed to address the ever-changing definition and requirements of network data management. With File Dynamics, you have the means to not only provision, manage, and dispose of network storage, but also to rectify the location of sensitive files, protect and quickly recover content located on High-Value targets within the network file system, and much more.
File Dynamics performs network file system management tasks through inherent Microsoft network components such as the Active Directory, along with added components. All of these are summarized below.
Microsoft Active Directory stores the identity information about the users and groups that File Dynamics manages. When File Dynamics is installed, it adds or modifies user and group attributes so that they can be managed through File Dynamics.
When a user in Active Directory is added, moved, renamed, or deleted, it is known as a directory “event.”
Identity-Driven policies within File Dynamics indicate what user or group actions to enact when an event in Active Directory takes place or a Management Action is invoked by an administrator.
Automated actions include creating user or collaborative storage when a new user is added to Active Directory, moving storage when a user is moved from one organizational unit or group to another, and archiving or deleting storage when a user is removed.
Examples of invoked Management Actions include retroactively applying policies, permissions, attributes, and quotas to existing user storage, or performing some administrative corrective action or operation on a large set of users, groups, or containers.
File Dynamics lets you create the following types of Identity-Driven policies:
User Home Folder: Manages the life cycle of the users’ home folder from the create, rename (name change), move (change in departments), and delete (deprovisioning with vaulting).
User Profile Path: Manages the users’ Windows profile path.
User Remote Desktop Services Home Folder: Manages the users’ remote desktop home folder.
User Remote Desktop Services Profile Path: Manages the users’ remote desktop profile path.
Container: Manages storage for all of the users in an Active Directory container.
Group: Manages storage for an Active Directory group.
Auxiliary: Manages one or more additional storage locations in association with one of the four user policy types.
Multi-Principal Group Storage: Allows for multiple groups to access a shared group folder, with each group having different sets of permissions to the group folder.
Through Target-Driven policies, File Dynamics performs management tasks through policies associated directly with a network share or folder. Target-Driven policies include Data Location policies, Content Control policies, Workload Policies, and Epoch Data Protection policies.
Data Location Policies: These policies are the means of copying folders and their contents to a target parent folder. There is an option to remove the files from the source location after they have been copied. For example, if you were doing a server consolidation or moving data from a server to a NAS device (or vice versa), you could easily do so using Data Location policies.
Content Control Policies: Similar to Identity-Driven file grooming, Target-Driven Content Control policies remove files according to file type, age, size, last accessed date, and more. From any file path, you can either vault files to a new location or delete the files altogether. For example, you could use this feature to easily delete temporary files and, in the process, make much more disk space available on your storage devices.
Workload Policies: These policies provide the ability to import externally-generated files, such as security reports from Micro Focus File Reporter, and then rectify the location of sensitive files for regulatory compliance or optimization.
Epoch Data Protection Policies: Epoch Data Protection policies allow customers to maintain nearline standby views of High-Value Target folders stored in the network file system. Administrators known as “data owners” can view and access the archive of the High-Value Target as it existed at a selected point in time. In essence, it is a “time machine” for the data and associated permissions on the High-Value Targets. If files become lost, corrupted, or encrypted through a ransomware attack, a data owners can recover the files and permissions from the Epoch.
Security Notification Policies: These policies enable administrators to be notified of any changes in access permissions to High-Value Targets These changes in permissions include a user being given a new or updated permission to a specific folder, or a user being granted access permissions to a folder by being added to a group. Access permission updates are determined by the Phoenix Agent through a scheduled scan. Notifications are sent to administrators via email.
Lockdown Policies: Once you have established the proper access permissions for a High-Value Target, you can establish the baseline of access permissions for the High-Value Target that will be strictly enforced through a Lockdown policy. When unauthorized access permission changes are made to the High-Value Target, the new permissions are removed and the original permissions are restored.
Fencing Policies: These policies let you set limits on how access permissions may change over time. Using a set of to define a “fence,” the policy specifies Active Directory containers, users, or groups that might conceivably be given permissions to a High-Value Target in the future without an issue or should never be given permissions in the future, as in restrictions specified in GDPR.
The Engine performs actions based on events in Active Directory and the defined File Dynamics policies. These actions include provisioning, moving, grooming, deleting, renaming, and archiving and recovering files and permissions. There is only a single Engine per forest and it can be installed on a domain controller or a member server. The Engine runs as a native NT service on Windows.
The Event Monitor monitors changes to Active Directory based on create, move, rename, delete, add member to group, and delete user from group events. You install one Event Monitor per domain, and it can run on a domain controller or a member server. If you install the Event Monitor on a domain controller, the Event Monitor always monitors the local server for changes in the domain. If the Event Monitor is installed on a member server, it identifies the closest available domain controller and monitors it for changes in the domain. The Event Monitor runs as a native NT service on Windows.
File System Agents perform copying, moving, grooming, deleting, and vaulting through directives from the Engine. For optimum performance, Agents should be installed on all servers with storage managed by File Dynamics. The File System Agent runs as an NT native service on Windows.
The Phoenix Agent is responsible for all security scanning and remediation required by the Security Lockdown and Security Fencing policies. Additionally, through Epoch Data Protection policies managed by the Engine, Phoenix Agents execute all of the Epoch Data Protection archiving and recovery tasks. The Phoenix Agent runs as an NT native service on Windows.