Installation Locations

The driver itself must run on one of the supported Windows platforms. However, you don't need to install the DirXML engine on this same machine. Using the Remote Loader, you can separate the engine and the driver, allowing you to balance the load on different machines or accommodate corporate directives.

The AD driver can run in any of the following three scenarios:

• Single Server

  A single Windows domain controller hosts eDirectory, the DirXML engine, and the driver.

  This configuration works well for organizations that want to save on hardware costs. It is also the highest-performance configuration because there is no network traffic between Identity Manager and Active Directory.

  However, hosting eDirectory and Identity Manager on the domain controller increases the overall load on the controller and increases the risk that the controller may fail. Domain controllers play a critical role in Microsoft networking and many organizations are more concerned about the speed of the domain authentication and the risks associated with a failure on the domain controller than about the cost of additional hardware.

  図 1
  Single Server Installation
  

• Dual Server

  Dual server configurations can be set up in two ways. The first configuration places eDirectory, the DirXML engine, and the driver on a separate computer from the Active Directory domain controller, leaving the domain controller free of any Identity Manager DirXML software.

  図 2
  Dual Server Configuration (1)
  

  The second configuration places eDirectory and the DirXML engine on one computer and the driver and Remote Loader on the Active Directory domain controller.

  図 3
  Dual Server Configuration (2)
  

  Both configurations eliminate the performance impact of hosting eDirectory and the DirXML engine on the domain controller. The first configuration is attractive if corporate policy disallows running the driver on your domain controller. The second solution is attractive if your eDirectory and Identity Manager installations are on a platform other than one of the supported versions of Windows.

• Triple Server

  A three-server configuration can be used if you have platform requirements and domain controller restrictions in place. It's more complicated to set up this configuration, but it accommodates the constraints of some organizations.

  図 4
  Triple Server Configuration
  

Driver Architecture

The Active Directory Driver consists of several pieces which operate together to synchronize Active Directory with Identity Manager. The following table contains a description of each of these pieces, and where they fit in the driver architecture:

Component	Description
Driver Shim	The driver shim is a library, loaded directly by DirXML or by the remote loader, which collects the changes to be sent to eDirectory from Active Directory, and communicates changes from eDirectory to Active Directory. The shim operates as the link which connects DirXML and Active Directory. The driver shim is addriver.dll.
Driver	The driver is the set of policies, filters, and objects which acts as the connector between DirXML and the driver shim. Using objects in eDirectory, the driver stores the configuration information required by DirXML to communicate with the driver shim, as well as the policies and filters which customize changes.

The installation scenario you select determines how the driver shim is installed. If you choose to install the driver shim on the same machine as DirXML, the driver shim is called by DirXML directly. If you choose to install the driver shim on another machine, you must use the remote loader. Installing the driver shim in each of these scenarios is discussed in Installing the Driver Shim on the Identity Manager Server and Installing the Driver Shim to Use the Remote Loader respectively.

Regardless of the configuration, installing the driver component is the same, and is discussed in Importing a Driver Configuration.