Driver Shim. A dynamically linked library ( Exchange55Shim.dll) loaded directly by Identity Manager or by the Remote Loader. The shim collects the changes to be sent from Exchange to the Identity Vault, communicates changes from the Identity Vault to Exchange, and operates as the link that connects the Identity Vault and Exchange.
Driver. A set of policies, filters, and objects that act as the connector between the Identity Vault and the driver shim. The Identity Manager Driver for Exchange is a bidirectional synchronization connector between Microsoft Exchange and an Identity Vault. This connector uses XML to convert Exchange objects to Identity Vault objects and vice versa.
The driver enables an application to publish events from an application to the directory, enables an application to subscribe to events from the directory, and synchronizes data between the directory and applications.
To establish a connection between the Metadirectory engine and Exchange, you specify the driver’s configuration and connection parameters, policies, and filter values.
Driver Object. A collection of channels, policies, rules, and filters that connect an application to an Identity Vault that is running Identity Manager.
Each driver performs different tasks. Policies, rules, and filters tell the driver how to manipulate the data to perform those tasks.
The Driver object displays information about the driver’s configuration, policies, and filters. This object enables you to manage the driver and provide Identity Vault management of the driver shim parameters.
Identity Vault. A hub, with other applications and directories publishing their changes to it. The Identity Vault then sends changes to the applications and directories that have subscribed for them. This results in two main flows of data:
The Publisher channel
The Subscriber channel
Publisher Channel. Reads information from your Exchange Server and submits that information to the Identity Vault via the Metadirectory engine.
The Publisher channel uses the Poll parameter to poll the Exchange server for changes to objects. If the Identity Manager Driver for Exchange detects changes in Exchange, the data between Exchange and the Identity Vault is synchronized. If the change was caused by data sent to Exchange from the Subscriber, no synchronization is necessary.
Subscriber Channel. Watches for additions and modifications to Identity Vault objects and creates changes on the Exchange server via the Metadirectory engine.
The Subscriber channel synchronizes changes made in the Identity Vault with data on the Exchange server. If an associated object is changed in the Identity Vault, the Subscriber channel updates the Exchange server with the new information.
You can use the driver to automate and maintain business processes in the following ways:
Automatically create Identity Vault objects from Exchange objects.
Synchronize bidirectional data between Exchange and an Identity Vault.
Maintain accurate and consistent Identity Vault IDs.
Enable integration between Exchange and multiple applications (for example, an Identity Vault, Lotus Notes*, Netscape*, SAP*, and Active Directory*) by using Identity Manager and an Identity Vault.
Manage Exchange distribution lists and remote objects.
You can configure the Identity Manager Driver for Exchange to use custom business logic in the form of policies to enhance your organization’s processes. Before installing and configuring the driver, you evaluate and define those processes. During installation, you configure the driver’s policies to automate these processes wherever possible.
Implementing the driver requires expertise in Exchange and Identity Manager. This document assumes that your expertise in Exchange is equivalent to one of the following:
An Exchange developer
An Exchange administrator
An application designer
An upgrade administrator
A database administrator
This document assumes that your expertise in Identity Manager is equivalent to an Identity Vault administrator or an Identity Manager administrator.
The driver supports the following events on the Publisher and Subscriber channels.
Table 1-1 Supported Events
|
Functionality |
Event |
|---|---|
|
Publisher |
Add Modify Delete Rename |
|
Subscriber |
Add Modify Delete Rename |
The driver also supports a defined query capability so that Identity Manager can query the synchronized application or directory.
Policies control the synchronization of the driver with the Identity Vault and the application, database, or directory. Policies help Identity Manager transform an event on a channel input into a set of commands on the channel output.
You can configure policies by using the Designer and iManager plug-ins for Identity Manager. The example driver configuration includes the following set of policies:
Table 1-2 Policies in the Sample Configuration File
For more information about creating policies, see Understanding Policies for Identity Manager 3.5.1 . and Policies in iManager for Identity Manager 3.5.1 .
The driver uses the Exchange DN for associations. A unique ID or unique user name is created for records relating to Exchange objects. However, Identity Manager does not need to share these same unique IDs.
The association attribute received from Exchange is unique to the Exchange application, based on each driver for Exchange that you install and enable. If other drivers are installed, they use an association specific to that application. The association attribute is multivalued. Therefore, if Identity Manager is being used to connect multiple applications, all of their associations can be stored on this attribute.
The unique ID association links an object in Exchange to its associated object in the Identity Vault. This association allows the driver to perform subsequent tasks on the appropriate object.
The Association field is stored on the Identity Vault object on the Identity Manager property page.