Novell Doc: Identity Manager 3.5.1 Driver for NT Domain - Where to Install the NT Domain Driver

2.1 Where to Install the NT Domain Driver

The NT Domain driver provides synchronization for a single domain. Multiple domains require multiple Identity Manager driver installations. Consider initially setting up synchronization for a single domain and then using Identity Manager’s driver export and import functionality to expedite synchronization setup for additional domains. See the Novell Identity Manager 3.5.1 Administration Guide for information about driver export and import.The NT Domain driver can be installed in any of the following configurations:

2.1.1 Installation: Remote Loader on the PDC

As shown in Figure 2-1, Installation Configuration: Remote Loader, you can install the Identity Vault and the Metadirectory engine on a Backup Domain Controller (BDC) or Member server. Then, install the NT Domain driver and the Remote Loader service on the Primary Domain Controller (PDC).

This configuration allows you to insulate the PDC, with the exception of the installation of two components that don’t require much disk space or many processing cycles.

It also allows the Identity Manager driver direct access to the PDC. From this position, the driver can manage any recovery scenarios independent of connection and API constraints.

Figure 2-1 Installation Configuration: Remote Loader

2.1.2 Installation: All Components on the PDC

As shown in Figure 2-2, Installation Configuration: All Components on the PDC, you can install the Identity Vault, the Metadirectory engine, and the NT Domain driver on the PDC.

This configuration is optimal for processing speed because all components are installed on the same computer. Additionally, it allows the Identity Manager driver direct access to the PDC. From this position, the driver can manage any recovery scenarios independent of connection and API constraints.

However, the PDC is often restricted territory. Placing the Identity Vault on the PDC might be prohibited by your corporate policy.

To set up all components on the PDC, see Installing the NT Domain Driver (Local Install).

Figure 2-2 Installation Configuration: All Components on the PDC

2.1.3 Installation: All Components on the BDC

As shown in Figure 2-3, Installation Configuration: All Components on the BDC, you can install the Identity Vault, the Metadirectory engine, and the NT Domain driver on the BDC.

This configuration insulates the PDC completely.

However, because the driver must communicate with the PDC, this configuration can create difficulties if the driver encounters any connection or other communication problems. For this reason, the previous configurations are recommended before this configuration.

To set up all components on the BDC, see Installing the NT Domain Driver (Local Install).

Figure 2-3 Installation Configuration: All Components on the BDC

2.1.4 Installation: Remote Installation on Windows and Other Platforms

As shown in Figure 2-4, Installation Configuration: Remote Loader and NT Driver on the PDC or BDC, you can install the Remote Loader and the NT driver on the PDC or the BDC, but install the Identity Vault and the Metadirectory engine on a separate server.

Figure 2-4 Installation Configuration: Remote Loader and NT Driver on the PDC or BDC

This configuration is attractive if your Identity Vault and Metadirectory engine (Identity Manager) installations are on a platform other than one of the supported versions of Windows.

Both Scenario 1 and Scenario 4 configurations eliminate the performance impact of hosting the Identity Vault and the Metadirectory engine on the PDC.