NES SQL Database Overview
Connected Worker Platform records configuration information about the Connected Worker Platform components in the NES database. When configuration changes are made, the system records information in the appropriate SQL tables.
The NES database name is Nymi.instance_name, where instance_name is the instance name that was specified in the NES Setup wizard. For example, Nymi.NES. If an instance name was not specified, the default database name is Nymi.NESg2.admin.
The NES SQL database contains several schemas that are named and grouped according to the type of stored data.
Date and time values appear in UTC (Coordinated Universal Time) timezone.
The following figure shows the structure of the NES database, including the relationship between each schema, the primary keys, and foreign keys.
adm and nub Schemas
Transactional tables that contain the current record of the information for each Connected Worker Platform component.
Table Name | Purpose |
---|---|
adm.ApplicationSettings | Contains a entry for each NES policy and the values that are currently assigned to each settings in the policy. |
adm.AuditColumnValue | Legacy table. |
adm.AuditKeyEvent | Legacy table. |
nub.ExternalAuthenticator | Contains an entry for Nymi Band that contains an external authenticator. |
nub.NymiBand | Contains current information about each Nymi Band that has been enrolled on the NES server. |
nub.PrivateKeyStore | Contains a entry for each private key that is stored in the Microsoft keystore. |
nub.UserCore | Contains an entry for each user and the current value of each user property. |
nub.UserOtp | Contains a entry for each private key that is stored in the Microsoft keystore. |
dbo.__MigrationHistory
Transactional table that stores information about SQL database migrations that occur during an NES upgrade.
lku Schema
Lookup tables that contain a list of acceptable values settings that appear in the adm.ApplicationSettings table, and are selected by an NES Administrator in the properties page of the policy in the NES Administrator Console.
Table Name | Purpose |
---|---|
lku.AuditEventsOfInterest | Legacy option. |
lku.EnrollmentDestination | Contains a list of acceptable values for the Enrollment Destintation setting. |
lku.OtpSubject | Legacy option. |
lku.Requirement | Contains a list of acceptable values for the NfcUIDCapture setting. |
lku.AuditLogoutTimeout | Contains a list of acceptable values for the Auto Logout Timeout setting. |
lku.EventType | Contains a list of acceptable values for events. |
xrf.UserOtp Schema
Legacy transactional table that contains information about each OTP that is created for a user.
audit Schemas
Log tables that record each event that occurs as a result of a change in a transaction table. The audit schemas contain the same columns as each corresponding transactional table as well as 4 additional columns that identify the time of the event, the type of event, the system user, and the schema entry identifier. Stores information about changes (creation, updates and deletions) that result in changes to the nub and adm table objects. These changes are tracked as events. There is one row for each event type and a single change can results in several recorded events types. Accessing the data in the audit tables enables users to gather useful information for audit and compliance purposes. The following sections provide detailed information about the contents of each audit table.
This table contains enrollment information that pertains to NES users. Each attribute name that is listed in the Column Name is prefaced with Identity. For example, identity.EventTime.
Column Name | Description |
---|---|
EventTypeID | ID that denotes the type of event. There are several types of events:
|
EventTypeID (continued) |
|
UserCoreID | ID of the user that is associated with the Nymi Band, as it appears in the audit.UserCore table. When an NES Administrator disassociates a Nymi Band from a user in the NES Administrator Console, the UserCoreId value is as NULL for the associated Update and Delete Event Type entries in the table. |
Username | Active Directory account that logged in to the Nymi Band Application to perform the enrollment. |
InitialTapNymiBandId | The NFC UID for the first Nymi Band tap in the Nymi Band Application. |
ConfirmTapNymiBandId | The NFC UID for the second Nymi Band tap in the Nymi Band Application. |
CreatedAt | Date and time that the object entry was created in the table. |
ModifiedAt | Date and time that the object entry was modified in the table. |
ModifiedBy | User account that modified the object entry in the table. For example, when the user performs an enrollment, the AD user account for the user appears. |
DisconnectUserCoreId | The ID of the previously assigned Nymi Band user. |
HardwareID | The serial number of the Nymi Band. |
This table contains information that pertains to NES users. Each attribute name that is listed in the Column Name is prefaced with Identity. For example, identity.EventTime.
Column Name | Description |
---|---|
Identity | Unique identifier for the schema entry. |
EventTime | Date and time associated with the event that is defined by EventType. |
EventType | Type of event, denoted by a single character. There are three
event types:
|
SystemUser | Account that is specified as the Application Pool Identity for the NES application pool. |
ID | ID of the user in the audit.UserCore table. |
Domain | Domain of the user. |
Username | Login name of the user. |
MiscNote | Displays the value that appears in the
Notes field in the properties of the
user account. Values that can appear:
|
CreatedAt | Date and time that the object entry was created in the table. |
ModifiedAt | Date and time that the object entry was modified in the table. |
ModifiedBy | User account that modified the object entry in the table. For example, when the user performs an enrollment, the AD user account for the user appears. When an NES Administrator modifies the Notes field for the properties of the user in the NES Administrator Console, then the AD user account for the NES Administrator appears. |
This table contains audit log data pertaining to Nymi Band events. Each attribute name that is listed in the Column Name is prefaced with Identity.
Column Name | Description |
---|---|
Identity | Unique identifier for the schema entry. |
EventTime | Date and time associated with the event that is defined by EventType. |
EventType | Type of event, denoted by a single character. There are three
event types:
|
SystemUser | Account that is specified as the Application Pool Identity for the NES application pool. |
ID | ID of the Nymi Band in the audit.NymiBand table. |
UserCoreId | ID of the user that is associated with the Nymi Band, as it appears in the audit.UserCore table. When an NES Administrator disassociates a Nymi Band from a user in the NES Administrator Console, the UserCoreId value is as NULL for the associated Update and Delete Event Type entries in the table. |
NymiBandID | MAC address of the Nymi Band. The NymiBandID is randomly generated at the time of enrollment, and changes on re-enrollment. |
NfcUID | NFC address of the Nymi Band. |
AuthorisationID | N/A. The value appears as NULL. |
HardwareID | Nymi Band serial number. |
SymmetricKeyID | SymmetricKey ID that was created on the Nymi Band. Values that can appear:
|
EncryptionIV | Encryption Initialization Vector that is used to support encrypting the password for a user. A value appears in this field when the Nymi Lock Control option is enabled in the default policy at the time that user enrolled the Nymi Band. |
EncryptedPassword | Encrypted password for a user. A value appears in this field when the Nymi Lock Control option is enabled in the default policy at the time that the user enrolled the Nymi Band. |
IsActive | Status of the Nymi Band as set in the
NES Administrator Console. Values that can
appear:
|
IsPrimary | Status of the Nymi Band as set in the
NES Administrator Console. Values that can
appear:
|
HasFingerprint | Status of the fingerprint enrollment for the Nymi Band. Values that can appear:
|
EnrollmentStatus | N/A. The value appears as NULL. |
MiscNote | Displays the value that appears in the Notes field in the properties of the Nymi Band. |
BandSubordinateCaCert | N/A. The value appears as NULL. |
BandCert | N/A. The value appears as NULL. |
UserCert | N/A. The value appears as NULL. |
BandLabel | The Band Label name given to the Nymi Band during enrollment, when the Display Band Label on Nymi Bands option is enabled. The value is NULL when the Display Band Label on Nymi Bands option was disabled at the time of enrollment. |
FirmwareVersion | Firmware version on the Nymi Band at time of enrollment. |
CreatedAt | Date and time that the object entry was created in the table. |
ModifiedAt | Date and time when the object entry was modified in the table. |
ModifiedBy | The user who modified the object. |
EvidianEnrollmentCompleted | Status of the enrollment of Nymi Band
on an Evidian EAM Controller. Values that
can appear:
|
IsSynced | Status of application of the latest individual user policy settings to the associate user. Values that can appear:
|
IndividualUserPolicyId | ID of the individual user policy that is assigned to the user or NULL if the user does not have an assigned individual user policy. |
SeosId | SEOS ID of the Nymi Band, which Nymi assigns to the Nymi Band during the manufacturing process or NULL if the Nymi Band is not SEOS-enabled. |
StaticMacAddress | Default Nymi Band ID, which Nymi assigns to the Nymi Band during manufacturing. |
TSetTime | Time when the Nymi Band Application performed the set_time operation on the Nymi Band, during the enrollment process or when the user logged into the Nymi Band Application. Authenticated Bluetooth taps use this time during the process of validating the user that is associated with the Nymi Band. |
IsBandEnrolledHere | Status of the Nymi Band enrollment on
this NES. Values that can
appear:
|
This table contains audit log data pertaining to NES application settings that are defined in the each NES policy. Each attribute name that is listed in the Column Name is prefaced with Identity.
Column Name | Description |
---|---|
Identity | Unique identifier for the schema entry. |
EventTime | Date and time associated with the event that is defined by EventType. |
EventType | Type of event, denoted by a single character. There are three
event types:
|
SystemUser | Account that is specified as the Application Pool Identity for the NES application pool. |
ID | The database ID of application settings on audit.ApplicationSettings table. |
IsActive | Status of the policy as set in the NES Administrator Console. Values that can appear:
|
Description | Name of the policy that contains the setting. |
AutoLogoutTimeoutSeconds | Length of time after which the Nymi Band Application automatically disconnects an idle user. |
NfcUIDCaptureRequirement | Status of the requirement to capture the NFC UID of the Nymi Band during enrollment. The value is always M (Mandatory). |
FingerprintRequirement | Legacy option that defines the status of the requirement to capture the fingerprint of the user during enrollment. The value is always M (Mandatory). |
PassworthAuthOption | Status of the option to allow authentication by corporate
credentials. Values that can appear:
|
FingerprintOption | Legacy option that defines the status of the fingerprint capture option. The value is always 1 (enabled). |
LockControlSupportOption | Status of the option to allow Nymi Lock Control. Values that can
appear:
|
DoorSecurityOption | N/A |
AdCheckUserStatus | Status of the Check User Status setting. Values that can
appear:
|
AdCacheUserStatus | Status of the Cache User Status
setting. Values that can appear:
|
AdCacheExpiryTimeSeconds | Expiry time of user status cache in seconds. When the Cache User Status setting is disabled, NULL appears. |
ManualOtpOption | Legacy option. |
ManualNeaOtpOption | Legacy option. |
LockWhenAway | Status of the Lock When Away setting
for Nymi Lock Control. Values that can
appear:
|
MonitorProximity | Legacy option. |
KeepUnlockedWhenPresent | Status of the Keep Unlocked When
Present setting for Nymi Lock Control. Values that can
appear:
|
CheckProximityForUnlock | Legacy option. |
LockProximitySphera | Proximity distance for Nymi Lock Control that is defined in the adm.ApplicationSettings table. Nymi recommends that you leave the default value of 3. |
UnlockProximitySphera | Proximity distance for Nymi Lock Control that is defined in the adm.ApplicationSettings table. Nymi recommends that you leave the default value of 2. |
ProximityLockCountdown | Starting time for the countdown timer in seconds, that Nymi Lock Control displays to the user when the Nymi Band moves out of close proximity to the Bluetooth adapter. |
BandLabelOnBandEnabled | Status of the Display Band Label on Nymi
Bands setting. Values that can appear:
|
BandLabelOnBandCustomizationEnabled | Status of the Allow Band Label
Customization setting. Values that can appear:
|
CreatedAt | Date and time that the object entry was created in the table. |
ModifiedAt | Date and time when the object entry was modified in the table. |
ModifiedBy | User who modified the object entry in the table. |
EnrollmentDestination | Status of the Enrollment Destination
setting. Values that can appear:
|
SDCTEnabled | Legacy option. |
SDRemindersEnabled | Legacy option. |
UnlockWhenPresent | Status of the Unlock When Present
setting for Nymi Lock Control. Values that
can appear:
|
LivenessDetectionEnabled | Status of the LivenessDetectionEnabled
setting. Values that can appear:
|
HealthAttestation | Legacy option. |
TemperatureReporting | Legacy option. |
SeosTimeout | Legacy option. |
HapticFeedbackOnBandEnabled | Status of the
HapticFeedbackonBandEnabled setting.
Values that can appear:
|
FAR | Status of the FAR setting. Values that
can appear:
|
TInterval | Used for authenticated Bluetooth tap operations. The time interval for PAC message rotation. Default: 1 second |
DmNBANESTime | Used for authenticated Bluetooth tap operations. Midpoint time difference between the Nymi Band Application and NES. For a domain-joined enrollment terminal this time is the estimated time accuracy inherent in the Network Time Protocol (NTP, IETF RFC 1305) used by Windows to synchronize time between computers. |
DvNBANESTime | Used for authenticated Bluetooth tap operations. Variation time difference between the Nymi Band Application and NES. For a domain-joined enrollment terminal this time is the estimated time accuracy inherent in the Network Time Protocol (NTP, IETF RFC 1305) used by Windows to synchronize time between computers. |
DmNBANBTime | Used during PAC verification for authenticated Bluetooth tap operations. Midpoint time difference between the Nymi Band and the Nymi Band Application, which results from the inherent delay in sending the set_time message to the Nymi Band. |
DvNBANBTime | Used during PAC verification for authenticated Bluetooth tap operations. Variation time difference between the Nymi Band and the Nymi Band Application, which results from the inherent delay in sending the set_time message to the Nymi Band. |
DmClockDrift | Used during PAC verification for authenticated Bluetooth tap operations. Clock drift value for the Nymi Band. |
DvClockDrift | Used during PAC verification for authenticated Bluetooth tap operations. Clock drift value for the Nymi Band. |
DmIntent | Intent delay time that is applied to PAC verification activities for authenticated Bluetooth tap operations. |
DvIntent | Intent delay time that is applied to PAC verification activities for authenticated Bluetooth tap operations. |
AllowReEnrollment | Status of the AllowReEnrollment
setting. Values that can appear:
|
AllowReenrollementOfActiveNymiBand | Status of the
AllowReenrollementOfActiveNymiBand
setting. Values that can appear:
|
This table contains audit log data pertaining to external user authentication events. Each attribute name that is listed in the Column Name is prefaced with Identity.
Column Name | Description |
---|---|
Identity | Unique identifier for the schema entry. |
EventTime | Date and time associated with the event that is defined by EventType. |
EventType | Type of event, denoted by a single character. There are three
event types:
|
SystemUser | Account that is specified as the Application Pool Identity for the NES application pool. |
ID | ID of the object entry in the audit.ExternalAuthenticator table. |
PublicKey | Base-64 pem encoded public key on the Nymi Band. |
BandExternalAuthenticatorid | ID of the external authenticator. |
NymiBandId | ID of the associated Nymi Band in the audit.NymiBand table. |
Name | Name of the application that created the External Authenticator.
Values that can appear:
|
MiscNote | Additional information. |
CreatedAt | Date and time that the object entry was created in the table. |
PrivateKeyWO | N/A. |
PrivateKeyStoreID | UUID and the key ID of the private key in the Microsoft keystore. |
HapticFeedbackonBandEnabled | Status of the
HapticFeedbackonBandEnabled setting.
Values that can appear:
|
ModifiedAt | Date and time when the object was modified. |
ModifiedBy | The user who modified the object, which is the account that was logged into the Nymi Band Application at the time the external authenticator was created or removed on the Nymi Band. |
Stores information about all the NEA certificate creation events, when a certificate is issued to the Nymi Band Application and all other NEAs. Each attribute name that is listed in the Column Name is prefaced with Identity.
Column Name | Description |
---|---|
ID | Unique identifier for the schema entry. |
NotBefore | Date before which the certificate is not valid. |
NotAfter | Date after which the certificate is not valid. |
SerialNumber | Serial number of the certificate. |
RequesterTime | Date and time that the application requested the certificate. |
RequesterDomain | Domain of the user that was logged into the application at the time of the certificate request. |
RequesterUserName | User name of the user that was logged into the application at the time of the certificate request. |
RequesterIp | IP address of the machine from which the request originated. |
Stores information about all the configured individual user policies. Each attribute name that is listed in the Column Name is prefaced with Identity.
Column Name | Description |
---|---|
Identity | Unique identifier for the schema entry. |
EventTime | Date and time associated with the event that is defined by EventType. |
EventType | Type of event, denoted by a single character. There are three
event types:
|
SystemUser | Account that is specified as the Application Pool Identity for the NES application pool. |
ID | ID of the object entry in the audit.ExternalAuthenticator table. |
IndividualUserPolicyTypeID | ID that denotes the type of the Individual User Policy. There are two types:
|
Name | Name that the policy creator assigned to the individual policy. |
Note | Text that appears in the Note field for the individual policy. |
LivenessDetectionEnabled | Status of the LivenessDetectionEnabled
setting. Values that can appear:
|
PassworthAuthOption | Status of the option to allow authentication by corporate
credentials. Values that can appear:
|
CreatedAt | Date and time that the object entry was created in the table. |
ModifiedAt | Date and time when the object was modified. |
ModifiedBy | The user who modified the object, which is the account that was logged into the Nymi Band Application at the time the external authenticator was created or removed on the Nymi Band. |
HapticFeedbackonBandEnabled | Status of the HapticFeedbackonBandEnabled setting.
Values that can appear:
|
FAR | Status of the FAR setting. Values that
can appear:
|
AllowReEnrollment | Status of the AllowReEnrollment
setting. Values that can appear:
|
AllowReenrollementOfActiveNymiBand | Status of the
AllowReenrollementOfActiveNymiBand
setting. Values that can appear:
|
Comments
0 commentsPlease sign in to leave a comment.