NetIQ Identity Manager is a service that synchronizes data among servers in a set of connected systems by using a robust set of configurable policies. Identity Manager uses the Identity Vault to store shared information, and uses the Identity Manager engine for policy-based management of the information as it changes in the vault or connected system. Identity Manager runs on the server where the Identity Vault and the Identity Manager engine are located.
A connected system is any system that can share data with Identity Manager through a driver. Any RESTful service is a connected system for this driver.
The Identity Vault is a persistent database powered by eDirectory and used by Identity Manager to hold data for synchronization with a connected system. The vault can be viewed narrowly as a private data store for Identity Manager or more broadly as a metadirectory that holds enterprise-wide data. Data in the vault is available to any protocol supported by eDirectory, including the NetWare Core Protocol (NCP), which is the traditional protocol used by iManager, and LDAP.
Because the vault is powered by eDirectory, Identity Manager can be easily integrated into your corporate directory infrastructure by using your existing directory tree as the vault.
The Identity Manager engine is the core server that implements the event management and policies of Identity Manager. The engine runs on the Java Virtual Machine in eDirectory.
A driver shim is the component of a driver that converts the XML-based Identity Manager command and event language (XDS) to the protocols and API calls needed to interact with a connected system. The shim is called to execute commands on the connected system after the Output Transformation runs. Commands are usually generated on the Subscriber channel but can be generated by command write-back on the Publisher channel.
The REST driver packages are available on the Package Update site. When you create a driver with packages in Designer, Designer creates a set of policies and rules suitable for synchronizing with the REST driver.
The REST driver packages are:
NETQRESTBASE: A mandatory package for the REST driver containing basic driver settings with handlers, to establish connection with the connected application.
NETQRESTDCFG: An optional package with some basic default configuration, can be modified as required to connect with the connected application accordingly.
NETQRESTJSON: Contains the default JSON policies for converting XDS to JSON format and vice versa.
NETQRESTPWD: Contains the policies for password synchronization.
A Remote Loader enables a driver shim to execute outside of the Identity Manager engine (perhaps remotely on a different machine). The Remote Loader is a service that executes the driver shim and passes information between the shim and the Identity Manager engine.
For the REST driver, install the driver shim on the server where the Remote Loader is running. You can choose to use SSL to encrypt the connection between the Identity Manager engine and the Remote Loader. For more information, see Configuring the Drivers to Run in Remote Mode with SSL
in the NetIQ Identity Manager Setup Guide for Linux or Configuring the Remote Loader and Drivers
in the NetIQ Identity Manager Setup Guide for Windows.