Analyzes in migRaven Analyzer Informed decisions are better decisions.

migRaven.24/7 Based on the selected resource (e.g. a DFS drive), Analyzer clearly displays essential information on the data structure and the Active Directory. Data is classified and authorizations checked. This helps Administrators, data owners and possibly also users to gain an understanding of the data structures or their own data and to make informed decisions.

  • The Best Practice Analysis shows the permission levels and identifies inheritance breaks and direct permissions. [detail]
  • The Obsolete Data Analysis returns the number of directories and files and their total size that have exceeded a certain age. [detail]
  • The Accounts Report creates an exportable list of all direct and indirect permissions of a user account. [detail]
  • The Data heat map provides information about the distribution of files according to age and directory depth. [detail]
  • File Type Analysis you can search specifically for certain file types and their storage space usage. [detail]
  • The analysis Data usage by departments provides information about the use of storage space by people, departments and groups. The analysis also provides valuable Notes on possible data owners of a directory. [detail]

Could you answer these questions today?

  • How many objects do we have and can the target platform handle this amount of objects?
  • What file types do we have and are they compatible with the target platform?
  • How are the permissions organized and are they compatible with the target platform?
  • Which records are accessed most frequently (hot) and less frequently (cold)?
  • What should be migrated to the new platform?
  • What and how much can be archived or deleted beforehand?
  • Who determines what data when asked? (data owner)

Key figure Data Owner

If obsolete data disappears from the productive area of ​​the file server, in most cases IT administration becomes active. However, this situation is absurd because only the department or the file owner (data owner) is aware of the data content and can make a clear statement about the relevance and further use of files.

However, with the growing structures of thousands of files, the question of data owners within directories is anything but trivial.

Reliable identification of the data owner

In migRaven.24/7 the number of files per user is displayed in the File Owner tab. The user with the most files created is either the Data Owner himself or at least knows who it is from the circle of colleagues.

If the data owner of a directory has been determined, the data owner rights can be assigned to the corresponding user on the directory in one click. This gives the data owner the opportunity to give himself an overview of the files and the structure and can decide whether

  • certain directories are obsolete,
  • Permissions are no longer appropriate,
  • Archiving policies should be assigned to the directory.

Obsolete Data Analysis

The beginning of each optimization is the analysis of the current state: This report shows you therefore quickly and clearly, what is difficult to do with Windows on-board resources: Where in directories have deposited large amounts of data and how old this or the structure containing them are. In doing so, you set yourself from which period of time data should be considered obsolete or at least outdated and then see how many of the directories and files that exist on a share are correct or how large the occupied space of these files is. In addition, these values ​​are presented in relation to the total amount of data - often with the result that 70% and more of the data could have been archived or deleted long ago.

Thanks to the Obsolete Data Report, you can purposefully take action against these mountains of data and thus increase the efficiency of all users in handling the file system.

Reality in companies with 1000 + employees: On average, about 70% of all data in the production systems are older than 2 years.

Dates older than 2 years

The Obsolete Data Report from migRaven.24/7 shows you quickly and clearly what is difficult to do with Windows on-board resources: Where in directories have deposited large amounts of data and how old this or the structure containing them are.

awareness

The situation described is also in yours Company, if it has existed for some years, most likely Reality. With the Obsolete Data Report you can be certain that your previous data management has worked.

The obsolete data analysis also shows where the unused data has been stored.

20.05.2019 | 36: 07 minutes | Presentator: Thomas Gomell

Best Practice Analysis

The best practice analysis provides the administrator with detailed, important key figures regarding the Microsoft best practices compliance of the authorizations on der imported resource. Easily find out where, for example, permissions are too deep (more than 3 levels), inheritance is interrupted or users are directly authorized. This information is indispensable when preparing for a file server restructuring or when cleaning up the Active Directory!

Permission levels

In order to make the administration of authorizations as simple as possible, permissions should not be set too low. In doing so, level 3 of the directory structure has proved to be the optimal directory depth. Because every explicit level below level 1 makes it necessary that list permissions are also set up so that the user can even get to the actual directory. The report shows you in detail how deep the permissions in your environment are, and the resulting average level of privilege.

Permissions into the 13. Level - Too deep and overly complex authorization structures are unfortunately the rule in many IT environments.

Inheritance interruption

The break in inheritance should be avoided just like deny permissions. Even if it may seem sensible in certain situations, this procedure provokes additional effort in the further life cycle of the system, e.g. if it becomes necessary to inherit authorizations. The report shows you all broken inheritance. It is recommended that you always work according to the Least Privilege Principle: Ialways only grant as many authorizations as are actually required. This makes it necessary to reverse the view when assigning authorizations. Rights are not set from above, but from below. This means that, for example, on the level above an explicitly assigned Modify right, you only need list authorizations for this to work.

Directly entitled persons

Another recommendation is to use groups to assign authorizations. Groups make it possible to assign rights for many users in the first place. Because Access Control Lists (ACL) are basically limited and performance problems can easily arise if too many ACLs available. The report shows how many users who are not administrators are directly authorized in an environment. According to best practice, you should work according to the AG-DL (or G, or U) -P principle: The account is assigned to a role group (G), this into authorization groups (DL) - this in turn becomes a member of the P (ACL). 

However, it makes sense to dispense with the role group in certain cases, eg if the user combination is only needed for a single directory. Exactly then one uses A - () - DL-P - the users become the direct member in the authorization group. This ensures that no users are authorized directly in an ACL.

Orphaned ACE

Orphaned ACEs occur when an account is deleted from the AD without removing the ACE entries. This is not a technical problem, but a "blemish" which of course also affects the reporting.

21.01.2019 | 52: 34 minutes | Presentator: Thomas Gomell
TOP