2.2 Where to Install the PAM Driver

The PAM driver shim must run on one of the supported Windows or Linux platforms. However, you don’t need to install the Identity Manager engine on this same machine. Using a Remote Loader, you can separate the engine and the driver shim, allowing you to balance the load on different machines or accommodate corporate directives.

The installation scenario you select determines how the driver shim is installed. If you choose to install the driver shim on the same machine as Identity Manager (where the Identity Manager engine and the Identity Vault are located), Identity Manager calls the driver shim directly. If you choose to install the driver shim on another machine, you must use the Remote Loader.

2.2.1 Local Installation

A single Windows or Linux server can host the Identity Vault, the Identity Manager engine, and the driver and another Windows or Linux/Unix server can host PAM Manager.

Figure 2-1 A Local Configuration

This configuration works well for organizations that want to save on hardware costs.

2.2.2 Remote Installation on Windows or Linux Platforms

If you have platform restrictions in place, you can use a three-server configuration. You can install the Remote Loader and driver shim on one, the Identity Vault and the Identity Manager engine on a second server, and PAM Manager on the third server.

Figure 2-2 A Remote Configuration