The core driver provides Authentication Services, such as password verification, to target platforms.
The core driver also provides Identity Provisioning events, such as add, modify, and delete for users and groups, to target platforms. Platform Services uses these events to maintain user accounts and groups locally.
The core driver uses eDirectory objects to store its properties. Configuration information for the core driver is stored in the Driver object. Component configuration and user management information is stored in the ASAM System container object.
A writable replica of the partition holding the ASAM System container must reside on the LDAP host server used by a core driver.
A User object called the ASAM Master User is created during core driver installation. The core driver processes use ASAM Master User to perform an LDAP Bind for access to eDirectory.
The core driver provides
eDirectory access to platforms for Authentication Services, such as password verification
Provisioning events to Platform Services for the maintenance of local user accounts and groups
The Web interface that you use to configure and manage the driver
Management of the objects inside the ASAM System container
An audit trail of significant occurrences
You can run multiple core drivers to provide redundancy for Authentication Services and Identity Provisioning functions.
One core driver is designated as the primary core driver. Other core drivers are secondary core drivers. Only the primary core driver listens for events from eDirectory. The primary core driver also serves the Web interface and provides environmental information during the installation process for other core drivers.
The core driver includes seven components.
Object Services, Event Journal Services, Audit Services, Certificate Services, and Web Services are sometimes referred to collectively as the Provisioning Manager component of a core driver.
Object Services maintains the objects within the ASAM System container. Some of these objects store configuration information for the various driver components. Others represent users and groups of users that can be defined on target platforms. The object that contains these users and groups is called the Census.
Object Services on the primary core driver is notified by the Event Subsystem of events, such as add, modify, or delete, pertaining to users and groups of users in eDirectory. These events are used to maintain the Census.
To initially build and periodically ensure the integrity of the Census, Object Services examines specified portions of eDirectory for users and groups. This process is called a Trawl. You can use the Web interface to set the Trawl schedule. Only the primary core driver performs Trawls.
Census Search objects that you define using the Web interface describe which objects in eDirectory are included in the Census. Platform Set Search objects that you define using the Web interface describe which users and groups are managed for a given set of platforms.
For more information about Object Services and the Census, see Census Container. For more information about associating users and groups with sets of platforms, see Platform Set Objects.
Event Journal Services receives provisioning events from Object Services and makes them available to sets of platforms according to the rules you specify. Event Journal Services ensures that provisioning events for a platform are delivered, even if the platform is not always available.
Platforms can periodically connect to Event Journal Services to receive provisioning events, or they can maintain a persistent connection and receive events as they occur.
By defining multiple core drivers to provide events to platforms, you can provide for improved availability.
Audit Services maintains the Audit Log and Operational Logs for a core driver.
Certificate Services mints the certificates used by Secure Sockets Layer (SSL) to authenticate and secure connections between the components.
Web Services provides the secure Web interface for monitoring and administering the Identity Manager Fan-Out driver. The Web interface is provided through an iManager plug-in.
Authentication Services provides Platform Services with the time-critical interface to eDirectory. This interface is used for such functions as checking the passwords of users logging in to the platform. This interface is also used by the AS Client API.
By defining multiple core drivers to provide Authentication Services to platforms, you can provide for improved performance and availability.
Authentication Services supports platform communications using SSL and DES encryption.
The Event Subsystem uses Identity Manager to subscribe to eDirectory events and provides them to Object Services. Objects of interest must be replicated on the core driver server.