5.5 Understanding Cloud Bridge

NOTE:Micro Focus supports Cloud Bridge only in Identity Governance as a Service deployments.

In Identity Governance as a Service environments, Cloud Bridge is a data transfer bridge between Identity Governance in the cloud and data sources in on-premises environments. The Cloud Bridge Agent is the entity that responds to the Identity Governance collection and fulfillment commands and directs them to the proper data source for execution.

The Cloud Bridge Data Center configurations will be provided as part of your Identity Governance tenancy based on the information you provide in the technical questionnaire. Data Centers are conceptual representation of your Cloud Bridge Agent instance. Download the Data Center configuration files from the portal and follow the instructions to configure Cloud Bridge agents on your local systems, and then configure Identity Governance Data Source Connections and Data Sources as needed to connect to your on-premises data sources. If you need to collect data from multiple data centers, you will need to install a Cloud Bridge agent in each on-premises data center. For more information about Cloud Bridge workflow and system requirements, see Identity Governance as a Service Quick Start.

To start using the Cloud Bridge agent to collect data from on-premises data centers, authorized administrators will need to perform the following tasks:

  1. Log in as a Customer or Data Administrator.

  2. Click Data Sources > Data Centers to view previously configured data centers.

  3. Create data source connections:

    1. Select Data Sources > Data Center Connections.

    2. Click +.

    3. Add a name and description.

    4. Use the Data Centers drop down to select the data center in which the Data Source Connection resides.

    5. Save the data source connection.

    6. Repeat the above steps to create additional data source connections to the same data center or another data center. Note that each data source connection has a unique ID.

  4. Create data sources with Cloud Bridge data source connection:

    1. Click Data Sources > Identities or Data Sources > Applications.

    2. Click + and select a collector template.

    3. Enable the Cloud Bridge connection and specify a data source connection. Note that the User Name and Password are no longer configurable.

    4. Specify other fields as required and save the collector configuration.

  5. At the command prompt on the server where you installed Cloud Bridge agent, enter the following command to create credentials for a data source connection:

    docker-compose exec agent java -jar ./daas-remote.jar credential create -i unique_id -u username -p password daas-remote.yml

  6. On the collector page, click Test Connection below the Service Parameters fields to test the credentials.

  7. (Conditional) If authentication fails, delete the credentials and repeat Step 5. To delete credentials, enter the following command:

    docker-compose exec agent java -jar ./daas-remote.jar credential delete -i unique_id

    NOTE:Use the above command to delete expired credentials or delete credentials for collectors that are no longer in use.

  8. Test collection. For more information, see Section 5.6.3, Testing Collections.

  9. Collect and publish data.