8.3 Configuring the BCC Drivers

  1. Start your Internet browser and enter the URL for iManager.

    The URL is http://server_ip_address/nps/iManager.html. Replace server_ip_address with the IP address or DNS name of the server that has iManager and the Identity Manager preconfigured templates for iManager installed.

  2. Specify your administrator username and password, specify the tree where you want to log in, then click Login.

  3. In iManager, click Identity Manager > Identity Manager Overview.

  4. Browse to select the Identity Manager server in this cluster that the driver set is associated with.

    This is the node in the cluster where you installed the Identity Manager engine and eDirectory driver.

  5. If a BCC driver set does not exist for this cluster, create it now.

    1. On the Identity Manager Overview page, click Driver Sets > New.

    2. Type the name of the driver set you want to create for this cluster.

      For example, specify Cluster1 BCC Driver Set, where Cluster1 is the name of the cluster where you are configuring a driver instance.

    3. Browse to select the context that contains the cluster objects for the cluster where you are configuring a driver instance.

      For example, cluster1.clusters.siteA.example

    4. Deselect (disable) the Create a new partition on this driver set option, then click Next.

  6. On the Driver Set Overview page, click Drivers > Add Driver from the drop-down menu.

  7. Verify that the driver set for the cluster is specified in an existing driver set text box, then click Next.

    If the driver set does not exist, go to Step 5 and create it.

  8. Browse to select the server in this cluster that has Identity Manager installed on it, then click Next.

  9. Open the Show drop-down menu and select All Configurations.

  10. Select one of the BCC preconfigured driver template files from the Configurations drop-down menu, then click Next.

    • To create a cluster resource synchronization driver instance, select the BCCClusterResourceSynchronization.xml file.

    • To create a user object synchronization driver instance, select the UserObjectSynchronization.xml file.

  11. Fill in the values on the wizard page as prompted, then click Next.

    Each field contains an example of the type of information that should go into the field. Descriptions of the information required are also included with each field.

    • Driver name for this driver instance: Specify a unique name for this driver to identify its function.

      The default name is BCC Cluster Sync. We recommend that you indicate the source and destination clusters involved in this driver, such as Cluster1toCluster2 BCC Sync.

      If you use both preconfigured templates, you must specify different driver names for each of the driver instances that represent that same connection. For example, Cluster1toCluster2 BCCCR Sync and Cluster1toCluster2 BCCUO Sync.

    • Name of SSL Certificate to use: Specify a unique name for the certificate such as BCC Cluster Sync. The certificate is created later in the configuration process in Creating SSL Certificates, after you have created the driver instance.

      In a single tree configuration, if you specify the SSL CertificateDNS certificate that was created when you installed OES 2 on the Identity Manager node, you do not need to create an additional SSL certificate later.

      IMPORTANT:You should create or use a different certificate than the default (dummy) certificate (BCC Cluster Sync KMO) that is included with BCC.

    • IP address or DNS name of other IDM node: Specify the DNS name or IP address of the Identity Manager server in the destination cluster for this driver instance. For example, type 10.10.20.21 or servername.cluster2.clusters.siteB.example.

    • Port number for this connection: You must specify unique port numbers for each driver instance for a given connection between two clusters. The default port number is 2002 for the cluster resource synchronization and 2001 for the user object synchronization.

      You must specify the same port number for the same template in the destination cluster when you set up the driver instance in that peer cluster. For example, if you specify 2003 as the port number for the resource synchronization driver instance for Cluster1 to Cluster 2, you must specify 2003 as the port number for the Cluster 2 to Cluster 1 resource synchronization driver instance for the peer driver you create on Cluster2.

    • Full Distinguished Name (DN) of the cluster this driver services: For example, cluster1.clusters.siteA.example.

    • Fully Distinguished Name (DN) of the landing zone container: Specify the context of the container where the cluster pool and volume objects in the other cluster are placed when they are synchronized to this cluster.

      This container is referred to as the landing zone. The NCP server objects for the virtual server of a BCC-enabled resource are also placed in the landing zone.

      IMPORTANT:The context must already exist and must be specified using dot format without the tree name. For example, siteA.example.

  12. Make the IDM Driver object security equivalent to an existing User object:

    The IDM Driver object must have sufficient rights to any object it reads or writes in the following containers:

    • The Identity Manager driver set container.

    • The container where the Cluster object resides.

    • The container where the server objects reside.

      If server objects reside in multiple containers, this must be a container high enough in the tree to be above all containers that contain server objects. The best practice is to have all server objects in one container.

    • The container where the cluster pool and volume objects are placed when they are synchronized to this cluster.

      This container is referred to as the landing zone. The NCP server objects for the virtual server of a BCC enabled resource are also placed in the landing zone.

    • In a multiple-partition business continuity cluster, the container where the User objects reside that need to be synchronized between the eDirectory partitions.

    You can do this by making the IDM Driver object security equivalent to another User object with those rights.

    IMPORTANT:If you choose to include User object synchronization, exclude the Admin User object from being synchronized.

    1. Click Define Security Equivalences, then click Add.

    2. Browse to and select the desired User object, then click OK.

    3. Click Next, and then click Finish.

  13. Repeat Step 1 through Step 12 above on the peer clusters in your business continuity cluster.

    This includes creating a new driver and driver set for each cluster. Remember that you create the User Synchronization only on the peer clusters that are actually communicating with each other between the partitions.

  14. After you have configured the BCC IDM drivers on every node in each cluster, you must upgrade the drivers to the Identity Manager 3.6x architecture.

    Do the follow to upgrade each BCC driver set you created in Configuring the BCC Drivers

    1. In iManager, click Identity Manager, then click Identity Manager Overview.

    2. Search for the driver sets that you have added, then click the driver set link to bring up the Driver Set Overview.

    3. Click the red Cluster Sync icon, and you should be prompted to upgrade the driver.