August 17, 2009
This document provides important information related to Novell® Analyzer for Identity Manager. It includes the following sections:
Analyzer is an Eclipse*-based Identity Manager project that provides a set of tools aimed at ensuring that general internal policies are adhered to for data quality, which includes data analysis, data cleansing, data reconciliation, and data monitoring/reporting. Customers can use Analyzer to analyze, enhance, and control all data stores throughout their enterprise.
Three phases—Analyze, Enhance, and Control—are particularly important when designing Identity Management solutions. Before implementing an Identity Management solution, designers spend a significant amount of time analyzing the identity data, cleansing the identity data, and modeling business rules to create identity data replication and synchronization policies that guarantee the data remains in a reliable state. Additionally, after an Identity solution is put into place, customers must verify and reconcile that the these processes are performing as intended to maintain consistent and reliable data.
The goal of Analyzer is to provide a set of tools to resolve data quality issues and improve the Identity Manager deployment process. Industry analysts note that Identity Management projects spend three to eight times more on design and implementation than on the cost of the software on design and implementation. Analyzer directly attacks these project-related costs by providing a powerful environment for cleaning and preparing identity data in order to streamline identity infrastructure implementations.
Novell is developing Analyzer under an iterative development model. At the end of each iteration Novell releases a milestone build that encompasses the goals of that milestone. These milestones provide customers with access to the product throughout the development cycle so they can participate in directing development decisions over time.
Review the following system requirements before installing Analyzer.
Minimum video resolution: 1024x768 (1280x1024 recommended)
Memory: 512 MB minimum (1 GB recommended)
Processor: 1 GHz or higher
Analyzer requires one of the following operating systems:
SUSE® Linux Enterprise Desktop 10 SP2
SUSE Linux Enterprise Server 10 SP2
Windows* XP or Vista
Gettext Utilities (Linux* installation only)
The following Identity Manager drivers have been tested with Analyzer 1.0, both locally and remotely where applicable:
NOTE:The JDBC driver has been tested with the following databases: DB2*, Informix*, MySQL*, Oracle*, PostgreSQL, SQL Server*, and Sybase*.
For information about installing and configuring a Remote Loader for the drivers that require it, see the Identity Manager Remote Loader documentation.
The following issues exist in the Analyzer 1.1 environment:
Over the course of its development, Analyzer has gone through some significant architectural and model changes. Because of this, projects created with pre-release versions of Analyzer might not work properly with the released Analyzer.
To avoid difficulty, specify a new workspace for the released Analyzer and do not mix old projects with new projects. When you use the internal Analyzer database, this ensures that you are not mixing pre-release data tables and formats with the released Analyzer data tables.
If you use an external MySQL database as your Analyzer database, clean out any pre-release data before using it with the released Analyzer. To do this, use your preferred database management tool to delete the following database tables before starting the released Analyzer for the first time:
DSTable_ver where ver is a version number
AnalysisTable_ver where ver is a version number
All tables with an enf_ prefix
Alternatively, you can create a new MySQL database for use with the released Analyzer.
Please note the following issues when using the Data Browser:
Limit Attributes in Data Set Definition: Novell recommends restricting data set definitions to fewer than 10 attributes for optimal Data Browser performance. Creating data set definitions with more than 10 attributes causes the Data Browser performance to deteriorate significantly.
Painting Issues: When returning from the Multi-Value Edit dialog box to a cell with multiple values, Analyzer does not repaint the table cursor correctly.
To correct the display, move to another cell with a click or an arrow key, then move back to the original cell.
Sorting Issues: Integer columns sort as strings instead of integers. For example, 100 sorts before 90. Also, sorting is case sensitive. For example, “Bob” sorts before “andy”.
Empty Column in Flat File Data Import: Thefield is always empty in a data set instance imported from a flat file. You can ignore it.
Windows Vista* has implemented a new User Account Control feature that prevents applications from running as Administrator unless you specifically allow it.
To run Analyzer in Vista, right-click the Analyzer shortcut and choose the option to. You can also choose to disable .
If you quickly stop and restart Analyzer, the Analyzer Database might not reinitialize properly. To avoid this problem, wait approximately thirty seconds before restarting Analyzer.
If Analyzer starts and the Analyzer Database is not initialized correctly, selectin the Project View to reinitialize the database.
Analyzer allows you to change its internal database from the default HSQLDB to a MySQL database. You can configure database settings in> > > . When using an external MySQL database, be aware of the following issue:
Extended and Double-Byte Characters: The MySQL database uses the default character set from the operating system for encoding table fields. If an extended or double-byte character is not recognized by the default character set, Analyzer displays ??? in the Data Browser. To avoid this, set the operating system’s default character set to UTF-8, or to a character set that includes all the extended or double-byte characters that Analyzer might import.
To use the SAP user driver, you must install the sapjco.jar library in Analyzer, and install the librfc32.dll and sapjcorfc.dll into the Windows %systemroot% folder (typically C:\windows\system32).
Restart Analyzer after installing these files.
The Analyzer DB2 driver requires the following two libraries to function properly. You can download these libraries from IBM*.
Analyzer does not prevent users from modifying anything in a data set. If a user with appropriate rights to the source application modifies a value, for example a GUID or DN, Analyzer does not attempt to determine if the modification will cause a problem when written out to the source application.
To avoid causing unintended problems in the source application, users should be careful when modifying data and sending those modifications to the source application.
When attempting to push updated data to the source application from Analyzer’s Data Browser (by clicking), you might get an error indicating there was a problem with the update operation. However, the Data Browser’s modified data indicators in the data table change to indicate that the updates were successful.
If this occurs, the data updates might have been unsuccessful. Re-import the data from the source application to make sure you know the true state of the data before making any other data modifications.
Problems with the update operation occur primarily when adding a value to a multi-valued attribute.
The IDS Trace view consumes significant resources. You should only open the IDS Trace view when you need the information.
The IDS Trace level is set to 3 by default in order to track connection problems and errors. This trace level can cause performance issues with data browsing. You can modify this setting by clicking thebutton in the IDS Trace view.
The following issues can prevent Analyzer from displaying data set content in the Data Browser view:
Analyzer 1.0 does not support SQL reserved words as column names for data sets (For example, group or select.) If a column name is an SQL reserved word, no data displays in the Data Browser view. To avoid this, exclude the column (attribute) with a reserved-word name from the data set.
By default, Analyzer’s Subscriber channel is enabled so that you can perform data set queries. However, if a connection profile was synchronized from Designer with the Subscriber channel disabled, it remains disabled for Analyzer. If your data sets do not have any data, confirm that the connection profile’s Subscriber channel is enabled in Analyzer.
To do this, right-click the desired connection profile, then select. In the connection profile properties, select > > . Make sure that is set to (default).
Thebutton in the Configuration Wizard dialog boxes is not functional. If you need to make a change to the connection profile on which you are working, either cancel the wizard and start over, or finish configuring the connection profile and make the change in connection properties.
Analyzer performs its data analysis solely based on the attribute name, and does not take the class name into account. Therefore, if you map attributes from different classes to the same application attribute, the Analysis tests only the first mapped attribute it encounters. For example, in the following schema map, Analyzer tests only the name attribute mapped to the Group class, and ignores the mapping in the User class.
Class = Group |___ Attribute = gname ---> name
Class = User |___ Attribute = uname ---> name
This issue might also exist with the preconfigured schema maps that Analyzer includes with its drivers. The mappings might be correct to the attribute name, but not the class name.
If you delete multiple Analyzer projects simultaneously, the error log might record several exception messages. These messages are benign and do not indicate any problem with Analyzer or with the delete operation.
The Pattern Frequency analysis metric does not work properly with data that includes the following characters. If you attempt to do a pattern frequency analysis on a data set that has values that contain any of these characters, the analysis fails and returns an empty result.
If you modify a data value in a data set instance so that it includes an apostrophe (‘), Analyzer generates a Java* exception error when attempting to save the changes back to the application. This occurs when using either the HSQL database or an external MySQL database for Analyzer.
If connections do not import properly from Designer, the likely problem is that the server configuration associated with the driver set in Designer is incorrect or incomplete. For example, when you create a new driver set in Designer, the default server DN is server.context. If you attempt to import connection information that includes invalid information like this, the import fails.
Before importing connection information from Designer, make sure that the server information is valid.
On Linux systems with CUPS printers, the JasperReports* framework is unable to print reports directly from the Report Viewer. However, you can save the report as a PDF file, then print it from a PDF reader.
When importing a large data set instance or running an SQL query on a large data set instance, clickingin the progress dialog box does not work. To cancel the operation, you can either let the operation complete or shut down and restart Analyzer.
The Connection Wizard uses some dynamic help pages from which Designer is unable to properly reference the Analyzer help pages. Because of this, when you click thebutton you get general Eclipse help rather than dialog-specific help for the Connection Wizard.
The first three pages and the final Summary page in the Connection Wizard are static pages that properly display the Analyzer help. Use the help from these pages to get all the help information for the Connection Wizard.
If you have deleted values in the Data Browser that have not been updated to the application, the deleted values are still considered when running a Matching Analysis.
The Identity Vault schema does not support multiple classes with the same name. Some application schemas, such as Notes, do support duplicate class names. If you want to import an application schema that includes duplicate class names, you should first consolidate the duplicate class names into a single class that contains the attributes from all duplicate classes.
If you cannot resolve the duplicate classes in the application schema, you can manually resolve the duplicate class names in Analyzer by doing the following:
WARNING:This procedure is not recommended and can cause inconsistencies in the Identity Vault schema. It should only be used if absolutely necessary.
Open the IDS Trace view (> > ).
In the Project view, right-click the appropriate connection, then select.
This captures the application schema in the IDS Trace. If the IDS trace does not capture the entire schema, increase the IDS Trace window size by clicking theicon, then increasing the setting.
Open the Navigator view (> > ).
In the Navigator view, expand the appropriate project, then browse to> .
Double-click the appropriate schema file (*ShimConfig.xml) to open it in an XML editor.
If there are multiple shim config files, you can identify the application associated with each file by opening the file and looking at the contents of the <class-name>, <auth-id>, and <auth-context> tags.
In the XML editor, search for the following elements. If they do not exist, add them to the schema immediately above the closing </shim-config> tag.
<app-schema-def> <schema-def> ... </schema-def> <app-schema-def>
In IDS Trace, locate the <NDS> tag, then paste the contents of the <NDS> tag into the <schema-def> tag in the *ShimConfig.xml file.
Make sure you do not include the <NDS> as part of what you copy and paste into the *ShimConfig.xml.
Search for any duplicate <ClassDef> elements in the schema definition and consolidate all attribute definitions <attr-def> under a single <ClassDef> element.
Save the changes to the schema file (Ctrl+S), then restart Analyzer.
If you are using HSQL as the back end database for Analyzer, matching is case sensitive. If you are using MySQL the back end database is case insensitive.
When Analyzer is installed on Windows and you have CM Synergy installed, browsing for files causes Analyzer to shutdown. You cannot have CM Synergy and Analyzer installed on the same machine.
The CM Synergy install overwrites one of the Windows native libraries that Analyzers uses.
A list of all currently open Analyzer bugs is available in Bugzilla by using the following Analyzer Bugzilla query.
The following sources provide information about Analyzer:
Analyzer is part of the Novell Compliance Management Platform product.
This product includes software developed by IBM Corp. using the Eclipse platform (all rights reserved) and the Apache* Software Foundation. Novell is an Eclipse Foundation Member.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE HYPERSONIC SQL GROUP, OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This software consists of voluntary contributions made by many individuals on behalf of the Hypersonic SQL Group.
Copyright© 2006, Sun Microsystems, Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
Neither the name of the Sun Microsystems, Inc. nor the names of contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to the Novell Export Web site for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2007-2008 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at the Novell Patent Web site and one or more additional patents or pending patent applications in the U.S. and in other countries.
For a list of Novell trademarks, see the Novell Online Trademark List.
All third-party trademarks are the property of their respective companies.