NetIQ Identity Manager is a service that synchronizes data among servers in a set of connected systems by using a robust set of configurable policies. Identity Manager uses Identity Vault to store shared information, and uses Identity Manager engine for policy-based management of the information as it changes in the vault or connected system. Identity Manager runs on the server where Identity Vault and Identity Manager engine are located.
A connected system is any system that can share data with Identity Manager through a driver. A Multi-Domain Active Directory is a connected system.
The Identity Vault is a persistent database powered by eDirectory and used by Identity Manager to hold data for synchronization with a connected system. The vault can be viewed narrowly as a private data store for Identity Manager or more broadly as a metadirectory that holds enterprise-wide data. Data in the vault is available to any protocol supported by eDirectory, including the NetWare Core Protocol (NCP), which is the traditional protocol used by iManager, LDAP, and DSML.
Because the vault is powered by eDirectory, Identity Manager can be easily integrated into your corporate directory infrastructure by using your existing directory tree as the vault.
The Identity Manager engine is the core server that implements the event management and policies of Identity Manager. The engine runs on the Java Virtual Machine in the Identity Vault.
The Multi-Domain Active Directory driver provisions and synchronizes objects and password across multiple domains in a forest. The driver addresses the need for configuring multiple driver instances to synchronize with multiple domains. The driver also supports PowerShell Cmdlets that eliminates the need of installing separate PowerShell and Exchange services.
A driver shim is the component of a driver that converts the XML-based Identity Manager command and event language (XDS) to the protocols and API calls needed to interact with a connected system. The shim is called to execute commands on the connected system after the Output Transformation runs. Commands are usually generated on the Subscriber channel but can be generated by command write-back on the Publisher channel.
The shim also generates events from the connected system for the Input Transformation policy. A driver shim can be implemented either in Java class or as a native Windows DLL file. The shim for Multi-Domain Active Directory driver is DXMLMADDriver.dll.
DXMLMADDriver.dll is implemented as a .NET Windows DLL file.
A Remote Loader enables a driver shim to execute outside of the Identity Manager engine, remotely on a different machine. The Remote Loader is a service that executes the driver shim and passes the information between the shim and the Identity Manager engine. The Multi-Domain Active Directory driver shim requires the .NET Remote Loader 64-bit version.
The .NET Remote Loader is an Identity Manager service that executes the driver shim and passes the information between the driver shim and the Identity Vault. Install the driver shim on the server running the .NET Remote Loader. This server should be a member server that belongs to a domain in the same forest.
You can create a secure communication between the .NET Remote Loader and the Identity Manager engine. For more information, see Creating a Secure Connection to the Identity Manager Engine
in the NetIQ Identity Manager Driver Administration Guide.
When you use the .NET Remote Loader with the driver shim, two network connections exist:
Between the Identity Manager engine and the .NET Remote Loader
Between domain controller and the driver shim