The following diagram shows the components of the Identity Manager reporting architecture:
Figure 1-1 Reporting Architecture
Each of the major components is described below:
Table 1-1 Major Components of the IDM Reporting Architecture
Component |
Description |
---|---|
Identity Reporting Module |
Browser-based application that generates reports by making calls to the Reporting Service. |
Predefined Reports |
The reporting module provides a set of predefined report definitions you can use to generate reports. In addition, it gives you the option to import custom reports defined in a third-party tool. For details on the predefined reports, see Using Identity Manager Reports. |
Report Packaging Tool |
To facilitate the process of creating new reports, Novell provides the Novell Identity Manager Report Packaging Tool. You can customize reports in iReport and use the Reporting Packaging Tool to package them for use within the reporting module. |
Reporting Service |
Service that retrieves the data needed for report generation from the Identity Information Warehouse, which contains all report management information (such as report definitions and schedules), database views, and configuration information required for reporting. To produce reports, the Reporting Service invokes the JasperReports engine, which compiles and executes report definitions according to schedules defined by the Report Administrator. |
Identity Information Warehouse |
Repository for the following kinds of information:
The Identity Information Warehouse stores its data in the Security Information and Event Management (SIEM) database. |
Data Collection Service |
Service that collects information from various sources within an organization. The Data Collection Service includes three subservices:
|
Data Collection Service Driver |
Driver that captures changes to objects stored in an Identity Vault, such as accounts, roles, resources, groups, and team memberships. The Data Collection Service Driver registers itself with the Data Collection Service and pushes change events (such as data synchronization, add, modify, and delete events) to the Data Collection Service. The information captured records changes to these objects:
|
Managed System Gateway Driver |
Driver that collects information from managed systems. To retrieve the managed system data, the driver queries the Identity Vault. The data retrieved includes the following:
|
Security Service |
Service that controls access to all other services within the reporting module. The Security Service includes these key components:
|
Event Auditing Service (EAS) |
Captures log events associated with actions performed in several Novell products, including the reporting module, the Roles Based Provisioning Module (RBPM), the Role Mapping Administrator (RMA), and eDirectory. These events are stored in the public schema within the warehouse. You have the option to forward these events to Sentinel. If you choose to forward events, you can then use Sentinel to create a more holistic view of all of the activity within your enterprise. Sentinel lets you assimilate logs and other security information from various heterogeneous input sources, giving you visibility and accountability into the various activities within the enterprise. |
Identity Vault Data Sources |
Repositories for identity information. The Identity Reporting Module allows you to report on state information in the Identity Vault, such as which users have been provisioned with particular resources, or which users have been assigned to particular roles. You can report on current and past data from the Identity Vault. The Identity Vault Data Sources page allows you to specify which Identity Vaults you want to report on, and provide information about where the reporting module can find these vaults. You can include data sources for one or more Identity Vaults on the Identity Vault Data Sources page. |
Managed Systems |
A system in an enterprise that is connected to the Identity Vault with an Identity Manager driver. The Identity Reporting Module allows you to report on state information about the managed systems. For example, the reports allow you to determine that a particular user known to the Identity Vault exists in Active Directory. The Identity Reporting Module allows you to report on current and past data from managed systems. |
Applications |
Any non-managed application running in an enterprise. A non-managed application is an application that is not connected to the Identity Vault. To include information from a non-managed application, you need to implement a REST endpoint, as outlined in Section 13.2, Non-Managed Application REST API. You also need to configure a custom data source for the application on the Non-Managed Application Data Sources page within the reporting module, as described in Section 9.3, Defining the Settings for Non-Managed Applications. |
The following diagram shows the components of the EAS architecture:
Figure 1-2 EAS Architecture
EAS provides these connectors for capturing events from various Novell data sources:
Syslog SSL Connector
Syslog UDP Connector
Audit Connector
Different Novell applications use different connectors:
The Role Mapping Administrator (RMA) can be configured to use the Audit Connector or the Syslog SSL Connector.
Identity Manager and eDirectory can be configured to use the Audit Connector or the Syslog SSL Connector.
RBPM uses the Audit Connector.
When you configure EAS to work with the reporting module, you need to provide ports for these connectors on the
page within the user interface for the reporting module.