NetIQ Documentation: Identity Manager 3.6.1 Staging Best Practices Guide

1.1 What is Staging

Software products need testing before they are deployed in an IT environment. Staging is a process of development and testing software products. Staging provides users the flexibilty to validate applications in real time to ensure uniformity across all stages.

Identity Manager staging is similar to any software deployment process. Nearly all the Identity Manager projects operate in more than two stages, such as development, testing, and the production environment.

Figure 1-1 Staging Movement

Figure 1-1 shows a basic representation of the movement of Identity Manager projects across different stages. Three projects are developed and tested in three individual setups and then connected in the next stage. The scale of projects grows with stages, but not necessarily the scale of an individual driver.

Managing the movement of a tested solution across different stages and ensuring that nothing is left out can be challenging for Identity Management consultants and customers. When Identity Manager projects are moved from one stage to another, moving driver configurations becomes critical. To successfully stage Identity Manager projects, certain other configurations must also be taken care of. Novell Identity Manager Best Practices Staging Guide provides step-by-step procedures to move your Identity Management solutions from one stage to the subsequent stages. The guide helps you to reduce complexity in your Identity Manager deployment process, by helping you to test your Identity Manager project at multiple stages before it is live.

In the following sections, you will find Designer at the center of discussion. As you already know, Designer is critical to the Identity Manager project development, for developing policies, drivers, PRDs, and so on. Designer is highly capable of bringing/creating the Identity Manager configurations required for running an Identity Manager project and then deploying the configuration on another Identity Manager deployment. You must make certain other changes that are discussed in this guide. Designer can also export Identity Manager environments into a single configuration file and use the file later in a different environment. You can also use any version control system to distribute projects.

Before you begin to use this guide, you should be familiar with Identity Manager and Designer. As you create projects, you should have a uniform Identity Vault design across all the states so that common objects are available. Some objects are moved automatically by Designer, but others should be moved explicitly to make them available in the next stage. See Section 2.0, Preparing for Staging for more information.

Moving authorizations across stages is a key issue for an Identity Vault security model. eDirectory™ authorizations are assigned to individual objects or to a collection of objects. These authorizations play an important role in the object security because they determine the permission to access the object to which they have been assigned. eDirectory authorizations can be performed through Access Control Lists (ACLs) or Security Equivalances/Exclude Roles. Drivers, jobs, RBEs, and so on should have enough permissions to successfully perform the desired operations. See Section 2.0, Preparing for Staging for more information.