A Forum reader recently asked:
“We are at the beginning stage of implementing Identity Manager 3 in our environment. We have the choice of installing IDM on either Windows 2003 server or an OES Linux server. Does anybody here have any preference of which one we should use? Pros and cons? “
And here are some suggestions from a few Forum participants …
I would consider a SLES server or an OES Linux server, instead of Windows, if only because of the required reboots for security patches. Converesly, eDirectory tools (DSTrace, DSRepair, etc.) are somewhat more GUI on Windows than on Linux. There are trade-offs here.
I’d go for the SLES server, personally. Windows works OK, but its file system performance is not what you will get with SLES, and you can bog down IDM / eDirectory waiting for the file system.
The other thing I like with SLES is being able to use “tail -f” on driver log files while a driver is running, which Windows will only let you read if the driver is shut down.
You can get tail.exe from the win2k3 reskit tools, which works on win32 (tail -f mylogfile.txt). I do that with all my remote loader logs on rdp sessions, where I won’t be able to see the debug screen otherwise.
Do you already have OES in your environment? If you do and are familiar with supporting it, then I’d go OES. (We have an eDir(NW) to eDir(OES) driver that has been running for over 6 months now without issue). If you don’t already have OES in your environment, then factor in what you’re going to need to do to ramp up your support staff for supporting Linux, backing up Linux, patching Linux, etc. Most likely you already have Windows in your environment and use standard practices for dealing with the above issues.
We actually chose OES Linux for our IDM implementations because it allowed us to ramp up our support for the OS without directly impacting users (e.g., OES File and Print, etc.). Typically, if you have issues with IDM servers, it will cause much less direct user impact – which can be nice if you’re learning.
I would go with the SLES server for most of the reasons already listed here. The major comment I’d add is that unless you have a specific reason to want OES over straight SLES, go with straight SLES.
Running on SLES allows you to run eDirectory as an application. If you deploy on OES, eDirectory is a part of the package, and you are locked into the OES patch mechanism, etc. iManager and eDirectory are easy to install stand-alone on a Linux box. For a dedicated eDirectory/IDM server, the benefit of having iManager and eDirectory already installed is not worth the associated pain of dealing with the added OES complexity and the patch system, IMHO.
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.