2.2 Recommended Installation Scenarios and Server Setup

This section helps you determine the installation order and server setup in a single-server or in a distributed environment.

2.2.1 Deciding When to Install SLM for IGA

Sentinel is the preferred audit event destination for Identity Manager. Identity Manager provides event forwarding capabilities to Sentinel by configuring Sentinel Link using Sentinel Event Source Management (ESM). If you are already using Sentinel for auditing or as an integration framework for tracking identities, you might choose to use your existing Sentinel for auditing events instead of installing SLM for IGA.

Regardless of whether you choose to reuse your existing Sentinel server or perform a new installation of SLM for IGA shipped with Identity Manager, you must configure the Sentinel server as a source of audit data. You do this by creating a data synchronization policy on the Sentinel server in the Identity Manager Data Collection Services page for auditing events. For more information, see About the Data Sync Policies tab in the Administrator Guide to NetIQ Identity Reporting.

2.2.2 Considerations for Installing in a Distributed Setup

Review the following considerations to help you plan your installation:

Component Stickiness

Component

Independent Installation

Notes

Identity Manager Engine

Yes

 

Identity Applications

Yes

Must have its own OSP. Identity Applications and OSP must be installed on the same computer.

IMPORTANT:Identity Manager does not support a remotely installed OSP. If you are upgrading to this version, you must use OSP that is installed with Identity Applications upgrade and then copy the OSP settings from your existing OSP server to the new server where OSP are installed. For more information, see Post-Upgrade Tasks for Identity Applications Components.

Identity Reporting

Yes

Can have its own OSP. The installer supports a locally or a remotely installed OSP for installing or upgrading Identity Reporting.

OSP

No

The installer does not support a remotely installed OSP for Identity Applications. You must install OSP and Identity Applications on the same computer.

IMPORTANT:If you are upgrading to this version, you must use OSP that is installed with Identity Applications upgrade and then copy the OSP settings from your existing OSP server to the new server where OSP is installed. For more information, see Post-Upgrade Tasks for Identity Applications Components.

SSPR

Yes

The installer supports a standalone installation and an upgrade of SSPR.

If you are installing or upgrading SSPR in a Standard Edition, NetIQ recommends that you install or upgrade SSPR on a standalone server. In other words, SSPR must not be installed on the same server as Identity Reporting.

IMPORTANT:If you are upgrading to this version where Identity Applications and SSPR are deployed on different servers, and you want to restore the existing SSPR settings to the new server where SSPR is installed, ensure that you modify the SSPR settings on the new SSPR server by using the ConfigUpdate utility. For more information, see Post-Upgrade Tasks for Identity Applications Components.

Identity Applications Database

Yes

 

Reporting Database

Yes

 

Sentinel Log Management for Identity Governance and Administration (Sentinel Log Management)

Yes

 

Server Setup

In a typical production environment, you might install Identity Manager on seven or more servers, as well as on client workstations. For example:

Computer setup

Component setup

All in One (Only recommended for demo /POC setup)

Install and configure all components on one computer (Identity Manager Engine, Identity Applications, Identity Reporting, OSP, SSPR, Identity Applications Database, and Reporting Database) and Sentinel Log Management on a separate computer.

Distributed setup

Server 1

  • Identity Vault

  • Identity Manager Engine

Server 2

Identity Applications and OSP (can be clustered)

Server 3

Identity Reporting (OSP)

Server 4

SSPR

Servers 5 and 6

Identity Manager databases for:

  • Identity applications

  • Identity Reporting

Server 7

Sentinel Log Management

NOTE:From the 4.7 release onward, installing Identity Manager on a server with multiple instances of Identity Vault is no longer supported.