3.1 Staging a Project for the First Time

You should ensure that all the applications and Identity Manager systems are up and running in the next stage before moving the configurations. You can stage projects using either packages or configuration files, as necessary in your environment.

3.1.1 Staging Using Packages

The simplest, most efficient way to stage your Identity Manager project is by using the package functionality included in Identity Manager 4.0 and later.

We recommend using this approach because unlike configuration files, packages are configured to keep server-specific settings separate from the actual Identity Manager content. You move all your policies from one stage to the next, not your server configurations.

For more information about converting configuration files to packages, see Converting Configuration Files to Packages in this guide and Upgrading the Identity Manager Drivers in the NetIQ Identity Manager Setup Guide.

3.1.2 Staging Using Configuration Files

If you have Identity Manager 3.6, you may need to perform the staging process using configuration files. Because of the difficulty inherent in updating configuration files, we do not recommend using this process but instead you should convert your existing configuration files to packages.

3.1.3 First-Time Staging Process

To stage an Identity Manager project for the first time, complete the following steps:

Import any additional objects not modeled in Designer from eDirectory into an LDIF container. For more information on importing additional objects, see Importing Objects.
Compare and import any schema changes from the Identity Vault (eDirectory) to the schema in Designer:
1. Right-click ID Vault > Live > Schema > Compare.
2. In the Information pane, select Update Designer.
3. Click Reconcile.
4. Click OK.
(Optional) If you want to keep a backup of your first-stage project, you can export the existing project to an archive file:
1. Right-click the first-stage project and select Export Project.
2. Select the project you want to export.
3. Click Browse and specify the name of the archive file you want to use, then click OK.
4. Click Finish.
5. Click OK.
Copy the first-stage project to reuse it in the next stage:
1. In Designer, go to Window >Show View > Project.
2. Right-click the first-stage project and select Copy Project.
3. Enter the name for the second-stage project. We recommend you use a name that clearly indicates the project is used for the second stage of the staging process.
4. Click OK.
(Optional) After copying the existing first-stage project, you may want to rename the project to specify that the project is for the first stage. Complete the following steps to rename the first-stage project:
1. In the project view in Designer, right-click the first stage project and select Rename.
2. Specify a new name for the project and click OK.
In the project view, expand the second-stage project and double-click System Model.
Change the configuration of one of the Identity Vaults in your project.
1. In the Outline view or the Modeler, double-click the ID Vault.
2. In the Configuration page, change the Hostname, Admin Username, and Admin Password settings to match those of the Identity Vault you want to use for the second-stage project.
3. Click Test Connection to check the connectivity, then click OK.
4. If necessary, add more servers and associate those servers with the driver set.
(Optional) If your second-stage project uses one or more different connected systems, change the configuration of the connected system or systems of the second-stage Identity Vault. To change the system configuration, complete the following steps:
1. In the Modeler, double-click a driver or a driver line.
2. In the Driver Configuration page, change the authentication information in the Authentication tab.
3. In the Driver properties page, change the driver related information in the Driver Parameters tab.
4. The driver parameters depend on the servers on which the drivers reside. Ensure that you change the driver parameters on multiple servers if you have multiple servers running a driver.
(Optional) If your second-stage project uses a different connected system or different configuration settings for provisioning, change the GCVs for the drivers and driver sets of the second-stage Identity Vault as necessary.

GCVs should be the only changes that you make on the drivers and the driver set along with the configuration. Your policies won’t change if they are properly designed.
1. Update all the GCVs that change with the environment, as necessary.
2. Move or add new GCVs to any new servers added in Step 7.d.
To ensure the integrity of your project, run the Project Checker:
1. Click Window > Show View > Project Checker.
2. In the Project Checker view, click the Run the Project Checker icon .
3. Review the results and correct any issues. For more information about using the Project Checker, see Checking Your Projects in the NetIQ Designer for Identity Manager Administration Guide.
Compare and import any schema changes from Designer into the second-stage the Identity Vault (eDirectory):

Compare the schema in Designer with the eDirectory schema and deploy:
1. Right-click ID Vault > Live > Schema > Compare.
2. In the Information pane, select Update eDirectory.
3. Click Reconcile.
4. Click OK.
In the Modeler, right-click the Identity Vault and select Live > Deploy Additional Objects to deploy additional objects gathered in the Prerequisites.
To deploy the Identity Vault, right-click ID Vault > Live > Deploy.
Deploy the appropriate Security Equivalences and Exclude Admin Roles objects for each driver. See Section 2.7, Rights for more information.
Repeat Step 7 through Step 14 for each Identity Vault in your project.