1.1 Identity Manager Server Components

Required for all installations

An Identity Manager Server installation comprises of the following components.

1.1.1 Identity Manager Server

The Identity Manager Server executes tasks within Identity Manager. It comprises of Identity Vault, Identity Manager Engine, and Identity Manager drivers.

To support the Identity Manager Server operations, the installation program installs a supported version of Oracle Java Runtime Environment (JRE). To install the Identity Manager Server components, use the Identity Manager Engine installation option of the installation program.

Identity Vault

When you install Identity Manager Engine, the installation process creates and configures a connection to Identity Vault. Identity Manager uses Identity Vault as the default repository of all identity data. Identity data includes current state of managed identities, including user account and organizational data.

Identity Manager Engine

The Identity Manager engine processes all data changes that occur in the Identity Vault or a connected application. The server on which the Identity Manager engine runs is referred to as the Identity Manager server.

Identity Manager Drivers

The Identity Manager Server handles provisioning of users, and manages connected system accounts and groups through drivers. A driver is the software interface to a connected system.

Identity Manager Drivers run as part of the Identity Manager Server architecture. A driver acts as a gateway to a native endpoint type system technology. For example, computers running Active Directory Services can be managed only if the Active Directory driver is installed either on the Identity Manager server or the target application server with which the Identity Manager server can communicate. Drivers manage the objects that reside on the connected systems. Managed objects include accounts, groups, and optionally, endpoint-type specific objects.

A driver translates Identity Manager Engine actions into changes on the connected system, such as “Create a new email account on a Microsoft Exchange connected system.” Every driver that is configured in Identity Manager has an associated event cache file (TAO file). Events are cached in the cache file before a driver processes them. By default, the cache files are placed in Identity Vault’s DIB (Data Information Base) directory.

Identity Manager provides several in-built drivers (Java, native, .NET) to manage connections with different types of connected systems. Identity Manager also provides the ability to develop a custom driver to enable data synchronization to a variety of other systems such as a home-grown application or a repository that has no technology interface and cannot leverage out-of-box drivers.

1.1.2 Remote Loader

Drivers can be installed locally on the Identity Manager Server or with a Remote Loader. A Remote Loader loads drivers and communicates with the Identity Manager engine on behalf of drivers installed on remote servers. If the application runs on the same server as the Identity Manager engine, you can install the driver on that server. However, if the application does not run on the same server as the Identity Manager engine, you must install the driver on the application’s server. To help with the workload or configuration of your environment, you can install Remote Loader on a server separate from the servers that have Tomcat and the Identity Manager server. For more information about Remote Loader, see Determining When to Use the Remote Loader in the NetIQ Identity Manager Driver Administration Guide.

Use the Identity Manager Remote Loader Server installation option to install the Remote Loader service and the driver instances in the Remote Loader.

1.1.3 Fanout Agent

Identity Manager Fanout Agent is an installation component used by Java Database Connectivity (JDBC) Fanout driver to create multiple JDBC Fanout driver instances. The Fanout driver provisions users, groups, and password to multiple databases with minimal effort. This eliminates the need for the Identity Manager administrator to configure multiple JDBC drivers using the same policies to provision multiple databases of the same type. You can centrally manage user accounts and have them automatically created, configured, maintained, and removed when appropriate. For more information, see the NetIQ Identity Manager Driver for JDBC Fanout Implementation Guide.

To install Fanout Agent, use the Identity Manager Fanout Agent installation option of the installation program.

1.1.4 iManager

NetIQ iManager is a browser-based tool that provides a single point of administration for many Novell and NetIQ products, including Identity Manager. You can use iManager to perform administrative tasks such as managing Identity Manager Server options or driver attributes, which you cannot manage in Identity Manager Identity Applications. For more information about iManager, see the NetIQ iManager Administration Guide. After you install the Identity Manager plug- ins for iManager, you can manage Identity Manager and receive real-time health and status information about your Identity Manager system.

With iManager, you can perform similar tasks as performed with Designer and also monitor the health of your system. NetIQ recommends that you use iManager for administrative tasks. Use Designer for configuration tasks that require changes to packages, modeling, and testing prior to deployment.

Identity Manager requires the installation of Identity Manager plug-ins with iManager. Identity Manager provides a single installer to install the iManager client and Identity Manager plug-ins. You can install iManager on the Identity Manager server or on a separate computer.

To install iManager, use the iManager Web Administration installation option of the installation program.

HINT:After learning about the components, you must develop a good understanding of how they are installed and configured for use in a production environment.