2.0 Integrating Identity Manager with Novell Sentinel

NOTE:Reporting and Notification Service (RNS) is deprecated in the current version of Identity Manager, although the Metadirectory engine continues to process RNS functions if you are currently using RNS. Nevertheless, we strongly recommend that you move to Novell® Audit or Novell® Sentinel™ because these auditing and reporting systems expand the functionality provided by RNS and RNS might not be supported in a future release of Identity Manager. For RNS documentation, see the DirXML 1.1a Administration Guide.

Novell Sentinel 5.x is a security information management and compliance monitoring solution that monitors, responds to, and reports on security and compliance events. Novell Sentinel easily integrates with Novell Identity Manager so you get automated, real-time security management and compliance monitoring across all systems and networks. The Novell Sentinel-Identity Manager framework provides automatic documenting and reporting of security, systems, and access events across the enterprise; built-in incident management and remediation; and the ability to demonstrate and monitor compliance with internal policies and government regulations.

The following diagram illustrates the Identity Manager logging and reporting architecture when integrated with Novell Sentinel.

Figure 2-1 Identity Manager and Novell Sentinel Integrated Architecture

To enable Identity Manager to log events to Novell Sentinel, you must do the following:

  1. Install and configure the Novell Sentinel server and Collector Wizard on your system.

    For complete information on installing the Novell Sentinel server and Collector Wizard, see the Novell Sentinel Installation Guide

    For a thorough discussion of the Novell Sentinel architecture, see “Sentinel Introduction” in the Novell Sentinel User’s Guide.

    For information on configuring the Novell Sentinel server, see the Novell Sentinel User’s Guide .

    For information on using the Novell Sentinel Collector Wizard, see the Novell Sentinel Wizard User’s Guide.

  2. Install the Novell Sentinel IDM Content Package (Sentinel_IDM_Content_Package.zip).

    The Novell Sentinel IDM Content package is available at Sentinel Collectors download site.

    For installation instructions, see the Novell Sentinel IDM Content Package Installation Guide.

    For information about the Novell Audit Collector, see the Novell Identity Manager 3 LOG 520 Collector Guide (Novell_Identity_Manager_3_LOG_520.pdf), provided in the \docs directory of the Novell Sentinel IDM Content package.

    NOTE:The automatic installation installs the Novell Sentinel IDM Server, IDM Connector, and IDM Collector on the same machine. If you want to install the Novell Sentinel IDM Server on a different machine than the IDM Collector, you must modify the sentinel-idm-connector.bat file.

    For more information, see Collector Pre-requisites in the Novell Identity Manager 3 LOG 520 Collector Guide (Novell_Identity_Manager_3_LOG_520.pdf).

  3. Configure the Novell Audit Collector.

    The Novell Audit Collector is installed with the Novell Sentinel IDM Content Package. This Collector parses Identity Manager events received through the Novell Sentinel IDM Connector.

    For information about the Novell Audit Collector, see the Novell Identity Manager 3 LOG 520 Collector Guide (Novell_Identity_Manager_3_LOG_520.pdf)

  4. Configure the Novell Sentinel Audit Server (Audit Proxy) and IDM Connector.

    The Novell Sentinel Audit Server (sentinel-idm-server.sh) and IDM Connector (sentinel-idm-connector.sh) are automatically installed with the Novell Sentinel IDM Content Package.

    For more information on installing Novell Sentinel Audit Server and IDM Connector, see Appendix E, “Sentinel IDM Connector” in the Novell Identity Manager 3 LOG 520 Collector Guide (Sentinel_IDM_Content_Package_Installation_Guide.pdf).

  5. Install and configure the Platform Agent.

    The Platform Agent (logevent) is the client piece of the Novell auditing architecture.It is automatically installed if either the Novell Identity Manager Metadirectory Server or Novell Identity Manager Connected System option is selected during the Identity Manager install.

    For more information on installing and configuring the Platform Agent, see Section 3.0, Installing and Configuring the Platform Agent.

  6. Select which Identity Manager events you want to log to Novell Audit.

    For more information, see Section 4.0, Managing Identity Manager Events.

  7. (optional) Secure the connection between Identity Manager and the Platform Agent.

    For more information, see Securing the Connection with Novell Sentinel.