11.5 Identity Manager Server Guidelines

You can have one or more Identity Manager servers in your Identity Manager solution, depending on the server workload. The Identity Manager server requires that eDirectory be installed as shown in Figure 11-3. You can add a Remote Loader server, not represented in the figure, to help with the workload or configuration of your environment.

11.5.1 Considerations for Installing Drivers with the Identity Manager Engine

Many variables affect the performance of the server where you install the Identity Manager engine, including the number of drivers running on the server. When planning where to install the drivers, NetIQ provides the following recommendations:

  • In general, the number of drivers running on the server depends on the load that the drivers place on the server. Some drivers process a large quantity of objects while other drivers do not.

  • If you plan to synchronize millions of objects with each driver, limit the number of drivers on the server. For example, deploy fewer than 10 drivers of these drivers.

  • If you plan to synchronize 100 objects or fewer per driver, you might be able to run more than 10 drivers on the server.

  • To create a baseline on server performance which helps you determine the optimum number of drivers, use the health monitoring tools in iManager. For more information about the health monitoring tools, see Monitoring Driver Health in the NetIQ Identity Manager Driver Administration Guide.

11.5.2 Considerations for Installing Drivers with the Remote Loader

Drivers must run on the same server as the connected application. For example, to configure the Active Directory driver, the server in Figure 11-3 must be a member server or a domain controller. If you do not want to install eDirectory and Identity Manager on a member server or domain controller, then you can install the Remote Loader on a member server or a domain controller. The Remote Loader sends all of the events from Active Directory to the Identity Manager server. The Remote Loader receives any information from the Identity Manager server and passes that to the connected application.

The Remote Loader provides added flexibility for your Identity Manager solution. For more information, see Deciding Whether to Use the Remote Loader in the NetIQ Identity Manager Driver Administration Guide.

Figure 11-3 Identity Manager Sever

There are many variables that affect the performance of the server. The standard recommendation is that you have no more than ten drivers running on an Identity Manager server. However, if you are synchronizing millions of objects with each driver, you might not be able to run ten drivers on a server. On the other hand, if you are synchronizing 100 objects per driver, you can probably run more than ten drivers on one server.

Setting up the Identity Manager solution in a lab environment gives you the opportunity to test how the servers will perform. You can use the health monitoring tools in iManager to obtain a baseline and then be able to make the best decisions for your environment. For more information about the health monitoring tools, see Monitoring Driver Health in the NetIQ Identity Manager Driver Administration Guide.

For considerations for each driver, see the Identity Manager Drivers documentation Web site. Driver-specific information is provided in each driver guide.