4.1 Using Designer to Create and Configure the Driver

The following sections provide steps for using Designer to create and configure a new Sentinel driver.

4.1.1 Importing the Sentinel Driver Packages

Before you create the driver, verify that you have the Sentinel Driver packages updated and imported. If necessary, you may need to use the package update facility in Designer to import the Sentinel Driver packages.

You need to have the following packages:

  • Sentinel Active MQ Configuration (NOVLSENTAMQ)

  • Sentinel Sonic MQ Configuration (NOVLSENTSMQ)

  • Sentinel Base (NOVLSENTB)

IMPORTANT:You need to run the package update step and the import step separately for each package, starting with the Base package. If you do not do this, the Base package will be permanently unavailable.

To import the Sentinel Driver packages:

  1. In Designer, select Help > Check for Package Updates to install the Sentinel Driver packages.

  2. In the Outline View, right-click on Package Catalog and choose Import to import the packages.

4.1.2 Creating the Driver

After you have imported the Sentinel Driver packages, you are ready to create the driver:

  1. Select Sentinel in the Modeler view.

  2. Drag the icon for Sentinel onto the Modeler view. Sentinel is categorized under Enterprise in the palette on the right.

    Designer displays the Driver Configuration Wizard.

  3. Select Sentinel Base and click Next.

  4. Select Sentinel Active MQ Configuration (for Sentinel RD) or Sentinel Sonic MQ Configuration (for Sentinel) and click Next.

  5. Specify the name of the driver and click Next.

    Driver Name: Specify a name that is unique within the driver set.

  6. Indicate whether you want to connect to a remote loader and click Next.

    Connect to Remote Loader: Select no if this driver will run on the Metadirectory server without using the Remote Loader. Select yes if you want the driver to use the Remote Loader, either locally on the Metadirectory server or remotely on another server.

  7. (Conditional) If you chose to run the driver remotely, click Next, then fill in the fields listed below. Otherwise, skip to the next step.

    Remote Host Name and Port: Specify the hostname or IP address of the server where the driver’s Remote Loader is running.

    Driver Password: Specify the driver object password that is defined in the Remote Loader. The Remote Loader requires this password to authenticate to the Metadirectory server.

    Remote Password: Specify the Remote Loader’s password (as defined on the Remote Loader). The Metadirectory engine (or Remote Loader shim) requires this password to authenticate to the Remote Loader.

  8. Specify values for the Broker URL, Broker username, and Broker password, as follows:

    Broker URL: Specify the IP address of the Sentinel broker. The following are examples showing the expected values for the different versions of Sentinel. The ports listed are the default ports for the brokers.

    • Sentinel: tcp://brokeripaddress:10012

      For Sentinel, you must use tcp://.

    • Sentinel RD: ssl://brokeripaddress:61616

      For Sentinel RD, you must use ssl://.

    Broker Username: Specify the username used to authenticate to this broker. If you are connecting to a Sentinel system, use a random username. If you are connecting to a Sentinel RD system, you must use the username and password contained in the SENTINEL_HOME/config/activemqusers.properties file on the Sentinel RD server. The username is collectormanager.

    Broker Password: Specify the password of the user used to authenticate to the broker. If you are connecting to a Sentinel RD system, the collectormanager password is located in the SENTINEL_HOME/config/activemqusers.properties file.

  9. Click Next.

  10. On the Installation Summary screen, click Finish.

The driver configuration settings are explained in Section A.0, Driver Properties.

If you need to do additional configuration for the driver, you must access the properties page of the driver. If you do not have the Driver Properties page displayed:

  1. In Designer, open your project.

  2. In the Modeler, right-click the driver icon Driver icon or the driver line, then select Properties.

    This opens the properties page for the driver.

4.1.3 Using Designer to Deploy the Driver

After a driver is created in Designer, it must be deployed into the Identity Vault, because Designer is an offline tool. Plus, additional configuration procedures must be completed for the driver to work.

Deploying the Driver

  1. In Designer, open your project.

  2. In the Modeler, right-click the driver icon Driver icon or the driver line, then select Live > Deploy.

  3. If you are authenticated to the Identity Vault, skip to Step 5; otherwise, specify the follow information to authenticate:

    • Host: Specify the IP address or DNS name of the server hosting the Identity Vault.

    • Username: Specify the DN of the user object used to authenticate to the Identity Vault.

    • Password: Specify the user’s password.

  4. Click OK.

  5. Read through the deployment summary, then click Deploy.

  6. Read the successful message, then click OK.

  7. Click Define Security Equivalence to assign rights to the driver.

    The driver requires rights to objects within the Identity Vault. The Admin user object is most often used to supply these rights. However, you might want to create a DriversUser (for example) and assign security equivalence to that user. Whatever rights that the driver needs to have on the server, the DriversUser object must have the same security rights.

    1. Click Add, then browse to and select the object with the correct rights.

    2. Click OK twice.

  8. Click Exclude Administrative Roles to exclude users that should not be synchronized.

    You should exclude any administrative User objects (for example, Admin and DriversUser) from synchronization.

    1. Click Add, then browse to and select the user object you want to exclude.

    2. Click OK.

    3. Repeat Step 8.a and Step 8.b for each object you want to exclude.

    4. Click OK.

  9. Click OK.

Additional Configuration

There is additional configuration that must be completed before you start the Sentinel driver.

  • (Conditional) The connection factories must be created for Sentinel 6.1. Sentinel RD automatically creates the connection factories.

  • (Conditional) The SonicMQ message queues must be created, if you are using Sentinel 6.1. Sentinel RD automatically creates the messages queues for ActiveMQ.

  • The Identity Vault Collector must be installed and configured.

See Section 5.0, Configuring Account Tracking for instructions on how to create the connection factories and message queues. For the Identity Vault Collector installation instructions, see Section 7.0, Installing and Configuring the Identity Vault Collector.

4.1.4 Using Designer to Start the Driver

After the driver is created, you need to start the driver. However, you first need to configure and start the collector. To start the collector, see Section 7.5, Starting the Collector.

For details on starting the driver, see Section 7.6, Starting the Sentinel Driver.

IMPORTANT:The Identity Vault collector must be started before the driver is started. When the collector starts, the JNDI destinations are created. The driver looks for the JNDI destinations when it starts and if they do not exist, the driver cannot start.