Please review this section carefully for a high-level overview of the tasks and considerations you will encounter during the installation of the Core Driver. This information will help you later as you determine which steps are relevant to your particular installation scenario(s).
Verify that you meet minimum system requirements. For details, see Section 4.3, Requirements.
To improve your readiness, complete the worksheet in Section 4.4, Installation Planning Worksheet before you begin. You can refer to it during the installation process.
Obtain the Core Driver distribution package for your target operating system from the Novell downloads site. In other words, you will need the package that is designed for the operating environment in which Identity Manager is running.
Always check the Novell Support Web Site for the latest support pack and product update information. Check the Release Notes and Readme files for the version you are installing for any special actions that might be required.
Topics in this section include:
The release of Identity Manager 3.6.1 ends support for NetWare. Therefore, if you wish to upgrade a Core Driver running in a NetWare environment, you will need to migrate to one of the other supported environments (Linux, Solaris, Windows).
You can do this by completing one of the following step-by-step installation tasks for upgrading a Core Driver, depending on your environment:
As you follow these steps, bear in mind that any information you provide about a Core Driver during this task should reflect the identity, settings and configuration of the Core Driver you are migrating from NetWare.
For additional information related to NetWare migration, see Migrating Certificate Authority.
If you meet one of the following conditions, you will need to install the LDAP Client SDK libraries prior to the Core Driver installation:
You are installing the 64-bit Linux Fan-Out Core Driver
You are installing the Core Driver on a Linux or Solaris system not hosting eDirectory
To install and configure the LDAP Client SDK:
Download the installation package labeled from the Novell Developer Site suitable for your system architecture.
Install the package according to the instructions that accompany it.
Setup your runtime library path to include the newly installed files:
On Linux, you may modify your /etc/ld.so.conf to include the additional path. For example:
/opt/novell/ndk/novell-cldap-devel-2007.10.04-1linux64/lib64/
Alternatively, you can modify the LD_LIBRARY _PATH environment variable to include your path:
LD_LIBRARY_PATH=/opt/novell/ndk/novell-cldap-devel- 2007.10.04-1linux64/lib64/:$LD_LIBRARY_PATH export LD_LIBRARY_PATH
Be sure to modify your logon profile and Core Driver startup script to include this.
During software installation, you will be asked if you are establishing a primary Core Driver or adding a secondary Core Driver. Following are some guidelines for determining how to respond:
You must have on primary Core Driver. If you are installing a Core Driver for the first time, it will automatically be designated as the primary.
The primary Core Driver must have access to a read/write replica of the entire ASAM System container and all User and Group objects defined by the Census.
Secondary drivers can service authentication requests and deliver events to connected platforms but will not perform tasks such as trawls or update enterprise objects in the Census. Therefore, the primary Core Driver must be active and running in order to provide connected platforms with new provisioning information.
For additional information on assessing secondary driver requirements, see Section 5.4, Performance Tuning.
The Identity Manager 3.6.1 Fan-Out Driver is compatible with Identity Manager 3.5. However, if you do install it on an Identity Manager 3.5 system, you will need to take the extra step of manually installing the Fan-Out driver’s schema extensions.
If you are running eDirectory on Linux or Solaris, locate the /fan-out/Schema/fanout.sch schema definition file from the installation media and run the ndssch utility with the following command:
ndssch admin.acme fanout.sch
If you are running eDirectory on Windows, follow these steps:
Open Novell eDirectory Services from the Windows Control Panel.
Select the entry in the list and click the button.
Select and click .
Enter your administrative user name, context and password.
Enter the file \fan-out\Schema\fanout.sch from your installation media and click .
Secondary drivers can service authentication requests and deliver events to connected platforms but will not perform tasks such as trawls or update enterprise objects in the Census. Therefore, the primary Core Driver must be active and running in order to provide connected platforms with new provisioning information.
A Quick Start guide for installing the Fan-Out Driver is available for each target platform. Although this Administration Guide includes detailed procedures for all installation scenarios, you may find the Quick Start helpful in focusing on primary steps. The quick starts, listed below, are available at the Identity Manager 3.6.1 Drivers Documentation Web site.
Fan-Out Driver Installation Quick Start for Linux and UNIX Systems
Fan-Out Driver Installation Quick Start for Midrange Systems
Fan-Out Driver Installation Quick Start for Mainframe Systems
Be sure to pre-install the LDAP SDK Libraries if you meet one of the unique conditions discussed in Installing the LDAP Client SDK Libraries
During software installation, you will be asked if you are establishing a primary Core Driver or adding a secondary Core Driver. For guidelines, see Specifying Primary and Secondary Core Drivers.
If you install version 3.6.1 of the Identity Manager Fan-Out Driver on an Identity Manager 3.5 system, you will need to manually install driver’s schema extensions as discussed in Fan-Out Driver Schema Extensions for Identity Manager 3.5.
To complete the Core Driver installation you will use one of two available application interfaces for configuration:
iManager Newer versions of this standard Novell Web interface include a Fan-Out Driver application plug-in for driver configuration. The Core Driver software includes a copy of this plug-in in case you have an older version of iManager. The installation instructions include steps for installing this plug-in after you have run the initial installation software.
Designer This interface, which comes as part of the Identity Manager 3.6.1 product, is an offline tool you can use to plan and model large deployments of the Fan-Out Driver. Designer includes its own Fan-Out Driver application plug-in, which is already installed as part of the Designer interface. For more information on Designer, see Section 6.4, Applications For Configuration.
Once you have installed the Core Driver and completed its initial configuration in iManager, you still won’t be able to test the installation until you have installed Platform Services on the system(s) you will connect to. This will involve an additional software installation and configuration on each of these systems. Therefore, you may want to preview Part IV of this Administration Guide, “Platform Services Administration,” for details about this additional process.
Installation of the Core Driver will create an ASAM directory in the file system on each server that includes any of its components. Access to each copy of this directory should be restricted to the driver itself and its administrators to ensure protection of sensitive identity information.
Following is a general overview of the process for installing the Core Driver.
NOTE: This section is provided to help you prepare for installation. More detailed instructions are provided later in Section 5.2, Step-By-Step Installation Instructions.
Read Section 5.1.1, Essentials and Section 5.1.2, Other Advance Considerations.
Know in advance which of the following installation scenarios you wish to perform:
New installation of a primary Core Driver running on Linux, Solaris or Windows
New installation of a secondary Core Driver running on Linux, Solaris or Windows
Upgrade of an existing Core Driver running in “Local” mode (default, not using Remote Loader) running on Linux, Solaris or Windows
Upgrade of an existing Core Driver running in “Remote” mode (already using Novell Remote Loader) running on Linux, Solaris or Windows
Upgrade of an existing Core Driver running on NetWare
Run the Core Driver installation program and respond to the prompts. This will install the Core Driver software components also known as the Driver Shim.
If required, install the iManager plug-in for the Fan-Out Driver Web application.
Using iManager and the plug-in, create objects in the Identity Vault to support the Core Driver. This includes importing an XML default configuration file that comes with the Core Driver installation software.
Populate your Census with the users and groups that you will use for your initial testing.
This includes defining Census Search objects and then running a Census Trawl. For details about this procedure, see Configuring the Census.
Assign users of the Fan-Out Web program (in iManager) the rights they need.
For details, see Rights Required for Web Application Use.
If you will use the Fan-Out driver to connect to Linux or UNIX platforms, define the UID/GID sets that you will use for your initial testing. For details, see Configuring Linux/UNIX UID/GID Sets.
Define the Platform Sets that you will use for your initial testing. For details, see Configuring Platform Sets.
You must define at least one UID/GID Set before you can define a Platform Set.
Define the platforms that you will use for your initial testing. For details, see Configuring Platforms.
Use iManager to start the Core Driver object in Identity Manager.
Use system tools to start the Driver Shim in the local operating environment.
Install and configure the desired Platform Services to match the platforms you defined in iManager during the previous steps.
IMPORTANT: This step involves individual software installations and configurations on each system you will connect to with the Fan-Out Driver. For detailed information about this separate process, see Part IV of this Administration Guide, “Platform Services Administration.”
After testing, install additional Core Drivers for performance and redundancy according to the guidelines in Section 5.4, Performance Tuning.
Before the 90-day evaluation period expires, activate the Identity Manager Fan-Out Driver.
You can use the driver for evaluation purposes for 90 days. The driver will not work thereafter unless it has been activated. For details, see Section 5.3, Activating the Driver After Evaluation.
Fully deploy the Fan-Out Driver throughout your enterprise as you gain confidence and experience.