Key Manager Job Types
This section provides general descriptions of the types of jobs available in Key Manager.
add-authorizations
This job adds user keys to hosts in the managed environment. These jobs are created by Key Manager administrators adding authorizations between user accounts in the managed environment.
add-authorized-key
This job adds an authorized key to a user account in the managed environment. These jobs are created by Key Manager administrator actions that create or modify authorizations.
authorize-private-key-parent
Parent jobs for add-authorized-key jobs. These jobs are created when Key Manager administrators authorize private keys via the Key Manager API.
batch-action-job
When management actions are performed on large batches of objects, Key Manager launches a batch- action-job to perform the actions. A batch-action-job is launched for the following tasks: • Performing a Delete action on 100 or more external hosts.
blacklist-keys
This job blacklists keys with a given fingerprint. This job is triggered by a Key Manager administrator.
conf-deploy
This is a parent job for deploying a new SSH software configuration to a host. This job is triggered by a Key Manager administrator action to deploy new configurations to hosts in the managed environment
conf-deploy-host
This is a child job for deploying a new SSH software configuration to a host. This job may be triggered by Key Manager administrators deploying new configurations to hosts. This job may also be triggered as part of key relocation.
create-icb
This job creates a new ICB file that can be used for configuring agent-based hosts. This job is triggered by Key Manager administrators creating new ICB files.
discover
This parent job contains all the jobs run for a host as it is added to the managed environment. Typical discovery includes an initial discovery job, switching the host to the monitored state, and a full host scan.
discover-agent-host
This job performs host discovery on an agent-based host. Host discovery is run on hosts as they are added to the managed environment.
discover-host
The initial discovery job that is run on agentless hosts as they are added to the managed environment. During discovery, Key Manager configures the host for secure management connections, and discovers basic information about the host, such as its OS version, and installed SSH products.
generate-private-key
This job adds a private key to a user account in the managed environment. This job typically results from Key Manager administrator actions that create or modify authorizations.
graph-analysis
This job creates and stores graph data, which is used for visualizing users' access.
handle-agent-host
This job is run during each management connection of a agent-based host. It handles various tasks characteristic to agent-based hosts, such as providing the Key Manager agent with the time of the next management connection. Note that other jobs scheduled for agent-based hosts are run as separate jobs.
internal-applications-update
This job goes through all the applications whose membership has been defined using application association rules and sets the memberships in the database accordingly.
internal-calculate-statistics
This job calculates various statistics based on host, user, and SSH key information (particularly, information about key usage) found in the managed environment. internal-calculate-statistics jobs are scheduled automatically. The job interval is defined by the back-end setting How often to calculate general statistics. This job can also be manually started by Key Manager administrators.
The gathered statistics are shown on the Key Manager's System and Environment dashboards under the Home tab.
internal-expire-authorizations
This job checks if there are any authorizations set to expire less than one hour from now and schedules removal jobs for them ahead of the actual expiry. These jobs are then set to run exactly at the actual expiry time.
internal-process-manager
The once-a-minute watchdog job which takes care of cleaning up failed, cancelled, hanging jobs and hanging worker records. Since most internal jobs have a logic to prevent starting more than one job of the same type at the same time, this job is crucial in ensuring that hanging or crashed workers leaving behind unfinished job records doesn't block the periodic running of other internal operations.
The backend master process contains special logic to clean up previously created internal-process- manager records aggressively to ensure that the jobs keep running properly, which in turn ensures
internal-purge-alerts
This job deletes dismissed and resolved alert records which are older than the set limit. Default limit is 60 days.
internal-purge-jobs
This job periodically cleans up completed job records in order to keep the database size manageable. By default jobs records older than 60 days are deleted. Successfully completed internal jobs other than internal-reporting and internal-applications-update are fully cleaned up every time this job runs.
internal-purge-reporting-data
This job periodically cleans up old reporting data, the age of which exceeds the limit set in After how many days to purge reporting data results from database.
internal-reporting
This once-a-day job creates a large reporting data block by iterating through all the keys in the system and calculating counts for details such as per-application policy violations and such.
internal-reverse-ip-mapper
This job goes through the IP addresses seen during key activity scans and tries to get the corresponding hostnames for them. This is a separate background operation to avoid having to spend time in reverse DNS queries during a key activity scan.
internal-scheduler
This job is responsible for scheduling and starting all other periodic jobs, including host scans. Like internal-process-manager, it's started directly from the backend master process. It gets notified whenever host settings change, in which case it goes through the list of affected hosts and determines new effective settings for each of their periodic jobs. It also starts both host-specific and global periodic jobs according to the determined schedules.
listing-job
This job gathers object data in response to a command-line client list command that is executed in batch mode.
purge-database-objects
Job for purging log objects from the Key Manager Database. These jobs are created by Key Manager administrators when they approve purge requests. that all the other internal jobs keep running properly.
relocate-user-keys
The parent job for key relocation actions. This job typically contains a job for relocating user keys, and depending on the settings specified for key relocation, may include jobs for deploying configurations, and for removing old authorized keys. This job is triggered by a Key Manager administrator.
relocate-user-keys-host
This is a job for relocating user keys on a host. Usually a child job to the relocate-user-keys job. This job is triggered by a Key Manager administrator action to relocate keys on a host.
remove-authorization
This job removes authorizations from the managed environment. These jobs are typically created as a result of Key Manager administrators removing authorizations between user accounts in the managed environment.
remove-authorized-key
This job removes an authorized key from the managed environment.
remove-private-key
This job removes a private key from the managed environment.
renew-mgmt-key
This job renews the agentless management key of a host.
renew-private-key
This job renews a private key in the managed environment.
reverse-ip-mapper
This job attempts to associate DNS addresses to the IP addresses found in key-activity records. This job is scheduled to run at regular intervals. The job interval is defined by the back-end setting How often to reverse map key activity IPs.
scan-authorized-keys
This job performs an authorized-keys scan on a host in the managed environment. This job may be scheduled to run at regular intervals, defined by the host setting Authorized-key-scan interval. This job may also be manually started by a Key Manager administrator.
For more information about the actions performed by each type of host scan, see Scan Types.
scan-configs
This job performs a configuration scan on a host in the managed environment. This job may be scheduled to run at regular intervals, defined by the host setting Configuration-scan interval. This job may also be manually started by a Key Manager administrator.
For more information about the actions performed by each type of host scan, see Scan Types.
scan-full
This job performs a full scan on a host in the managed environment. This job may be scheduled to run at regular intervals, defined by the host setting Full-scan interval. This job may also be manually started by a Key Manager administrator.
For more information about the actions performed by each type of host scan, see Scan Types.
scan-host-key-activity
This job performs a key-activity scan on a host in the managed environment. This job may be scheduled to run at regular intervals, defined by the host setting Key-activity-scan interval. This job may also be manually started by a Key Manager administrator.
For more information about the actions performed by each type of host scan, see Scan Types.
send-email
This job sends automatic email notifications, such as alert notifications, to Key Manager administrators.
set-authorized-key-options
This job modifies the authorized-key-options (such as allow-from and command restrictions) of an authorized key.
to-managed-state-host
A job for switching a host to the managed state. Note that manually switching a host to the managed state does not create this job.
to-monitored-state-host
A job for switching a host to the monitored state. This job is typically run as part of host discovery. Note that manually switching a host to the monitored state does not create this job.
update-job-intervals
This job updates job-scheduling information about the hosts in the managed environment. Information such as intervals and timestamps for scheduled jobs are updated as part of this job. This job is triggered when settings for scheduled-job intervals are changed.