4.1 Using Designer to Create and Configure the Driver

The following sections provide steps for using Designer to create and configure a new Sentinel driver. For information about using iManager to accomplish these tasks, see Section 4.2, Using iManager to Create and Configure the Driver.

4.1.1 Using Designer to Import the Driver Configuration File

Importing the Sentinel driver configuration file creates the driver in the Identity Vault and adds the policies needed to make the driver work properly.

  1. Verify that you have updated Designer. For more information, see Installing the 3.0.1 Designer Auto Update.

  2. In Designer, open your project.

  3. In the Modeler, right-click the driver set where you want to create the driver, then select New > Driver to display the Driver Configuration Wizard.

  4. In the Driver Configuration list, select Sentinel, then click Run.

  5. On the Import Information Requested page, fill in the following fields:

    Driver Name: Specify a name that is unique within the driver set.

    Broker Type: Select the type of broker you are using. The broker type is determined by the version of Sentinel you are using.

    • Sentinel: Sentinel/Sonic MQ

    • Sentinel RD: Sentinel RD/ActiveMQ

    Broker URL: Specify the IP address of the Sentinel broker. The following are examples for the different versions of Sentinel. The ports listed are the default ports for the brokers.

    • Sentinel: tcp://brokeripaddress:10012

    • Sentinel RD: ssl://brokeripaddress:61616

    Broker Username: Specify the username used to authenticate to this broker. If you are connecting to a Sentinel system, use a random username. If you are connecting to a Sentinel RD system, you must use the username and password contained in the ../config/activemqusers.properties file. The username is collectormanager.

    Broker Password: Specify the password of the user used to authenticate to the broker. If you are connecting to a Sentinel RD system, the password is located in the ../config/activemqusers.properties file.

    Driver is Local/Remote: Select Local if this driver will run on the Metadirectory server without using the Remote Loader. Select Remote if you want the driver to use the Remote Loader, either locally on the Metadirectory server or remotely on another server.

  6. (Conditional) If you chose to run the driver remotely, click Next, then fill in the fields listed below. Otherwise, skip to Step 7.

    Remote Host Name and Port: Specify the hostname or IP address of the server where the driver’s Remote Loader is running.

    Driver Password: Specify the driver object password that is defined in the Remote Loader. The Remote Loader requires this password to authenticate to the Metadirectory server.

    Remote Password: Specify the Remote Loader’s password (as defined on the Remote Loader). The Metadirectory engine (or Remote Loader shim) requires this password to authenticate to the Remote Loader.

  7. Click Next to import the driver configuration.

  8. Click Configure to make additional configuration changes, or click Close to finish.

    If you require additional configuration for the driver, click Configuration to open the properties page of the driver. This is where the driver parameters are stored. For detailed information about all driver parameters, see Section A.0, Driver Properties.

4.1.2 Using Designer to Configure the Driver Settings

The information specified on the Import Information Requested page is the minimum information required to import the driver. However, the base configuration might not meet your needs.

  • You might need to change whether the driver is running locally or remotely.

  • You might need to change which broker the driver connects to.

The driver configuration settings are explained in Section A.0, Driver Properties.

If you need to do additional configuration for the driver, you must access the properties page of the driver. If you do not have the Driver Properties page displayed:

  1. In Designer, open your project.

  2. In the Modeler, right-click the driver icon Driver icon or the driver line, then select Properties.

    This opens the properties page for the driver.

4.1.3 Using Designer to Deploy the Driver

After a driver is created in Designer, it must be deployed into the Identity Vault, because Designer is an offline tool. Plus, additional configuration procedures must be completed for the driver to work.

Deploying the Driver

  1. In Designer, open your project.

  2. In the Modeler, right-click the driver icon Driver icon or the driver line, then select Live > Deploy.

  3. If you are authenticated to the Identity Vault, skip to Step 5; otherwise, specify the follow information to authenticate:

    • Host: Specify the IP address or DNS name of the server hosting the Identity Vault.

    • Username: Specify the DN of the user object used to authenticate to the Identity Vault.

    • Password: Specify the user’s password.

  4. Click OK.

  5. Read through the deployment summary, then click Deploy.

  6. Read the successful message, then click OK.

  7. Click Define Security Equivalence to assign rights to the driver.

    The driver requires rights to objects within the Identity Vault. The Admin user object is most often used to supply these rights. However, you might want to create a DriversUser (for example) and assign security equivalence to that user. Whatever rights that the driver needs to have on the server, the DriversUser object must have the same security rights.

    1. Click Add, then browse to and select the object with the correct rights.

    2. Click OK twice.

  8. Click Exclude Administrative Roles to exclude users that should not be synchronized.

    You should exclude any administrative User objects (for example, Admin and DriversUser) from synchronization.

    1. Click Add, then browse to and select the user object you want to exclude.

    2. Click OK.

    3. Repeat Step 8.a and Step 8.b for each object you want to exclude.

    4. Click OK.

  9. Click OK.

Additional Configuration

There is additional configuration that must be completed before you start the Sentinel driver.

  • (Conditional) The connection factories must be created for Sentinel 6.1. Sentinel RD automatically creates the connection factories.

  • (Conditional) The SonicMQ message queues must be created, if you are using Sentinel 6.1. Sentinel RD automatically creates the messages queues for ActiveMQ.

  • The Identity Vault Collector must installed and configured.

See Section 5.0, Configuring Account Tracking for instructions on how to create the connection factories and message queues. For the Identity Vault Collector installation instructions, see Section 7.0, Installing and Configuring the Identity Vault Collector.

4.1.4 Using Designer to Start the Driver

After the driver is created, you must start the driver. Identity Manager is an event-driven system, so after the driver is started, it waits for events for events to occur.

IMPORTANT:The Identity Vault collector must be started before the driver is started. When the collector starts, the JNDI destinations are created. The driver looks for the JNDI destinations when it starts and if they do not exist, the driver cannot start. To start the collector, see Section 7.5, Starting the Collector.

To start the driver after the additional configuration is completed and the Identity Vault Collector is created:

  1. In Designer, open your project.

  2. In the Modeler, right-click the driver icon Driver icon or the driver line, then select Live > Start Driver.

For information about management tasks with the driver, see Section 10.0, Managing the Driver.