In this scenario, at least two Identity Manager servers use the same driver set where one server is installed on AWS cloud and the other server is installed on the enterprise premise. This includes full replica servers that use the Identity Vault replication channel to synchronize the identities through VPN connection. The Identity Manager server that is running on the enterprise network or AWS cloud synchronizes the identities across their respective connected applications.
Figure 12-2 Hybrid Scenario Using Multi-Server Driver Set Connection
This configuration uses VPN connection only for synchronizing the delta changes between the Identity Manager servers on either side.
This is a variant of multi-server driverset scenario and includes a filtered read-write replica of the data partition on the server in the AWS cloud. For driverset partition, you should always use full replica partition on either side.
Figure 12-3 Hybrid Scenario Using Controlled Replication
This scenario adds more control over the attributes to synchronize. For example, you can prevent sensitive attributes from synchronizing with the Identity Manager server on AWS cloud.