Novell Home

Novell Identity Manager 3.6 Integration Module for Mainframes

Overview

The Identity Manager 3.6 Integration Module for Mainframes combines the flexibility of the Fan-Out Driver with the Identity Manager policy options supported by the bidirectional driver. With these choices, you have the full range of capabilities to satisfy your authentication and data provisioning needs.

Features
  • User provisioning
    • Event–and poll-based publishing
    • Role-based entitlements and approval workflow
    • Provisioning to hundreds of platforms with a single driver
  • Password management
    • Administrative password resets from platform
    • Administrative password resets to platform
    • Enforcement of Universal Password rules on platform login
    • Password failure email notification support
  • User self-service
  • Point-and-click customization
  • iManager plug-In
  • Role-based administration
  • System-wide auditing and reporting
  • Native script handling
    • Event-triggered Rexx scripts for provisioning
    • Customizable shell scripts to handle all data to be synchronized
  • Authentication redirection
  • Bidirectional synchronization of data without requiring Java or a separate Remote Loader
    • Data publishing from platform to Identity Manager
    • Data subscribing from Identity Manager to platform
    • Password synchronization
    • End user password replication to and from platform
  • Customizable schema to integrate all aspects of Linux and UNIX account administration
  • No LDAP configuration required
  • APIs to simplify programmatic directory access
Benefits
  • Increased operational efficiency
  • Support for compliance with industry regulations
  • Reduced administration and helpdesk costs
  • Reduced security risks
  • Empowered users
  • Enhanced performance of your operating systems
  • Reduced network computing costs

Identity Manager Driver 3.6 Integration Module for Mainframes includes two provisioning options: bidirectional and Fan-Out. The bidirectional driver enables you to synchronize information to and from Identity Manager and a connected system. The Fan-Out driver enables you to synchronize information from Identity Manager to many different connected systems using a single driver. By unifying the bidirectional and Fan-Out drivers in a single integration module, Novell enables customers to choose the functionality most appropriate for their environment.

Bidirectional Driver

When you deploy any of the Identity Manager Drivers for Mainframes, you are required to select a provisioning option. The bidirectional driver option provides interoperability between Novell eDirectory™ and the following z/OS based security applications:

  • RACF (supported z/OS version)
  • Top Secret versions 8, 9, 12

The Bidirectional Driver uses extensible markup language (XML) to convert eDirectory commands and events into XML data that can be understood by RACF and Top Secret. As user information is added, modified or deleted in eDirectory, the bidirectional driver ensures that all changes are reflected in any connected system. Likewise, as RACF and Top Secret database information is added, modified or deleted, the bidirectional driver seamlessly and automatically updates eDirectory.

Fan-Out Driver

The Fan-Out Driver enables you to synchronize information from Identity Manager to many different connected systems using a single driver. Its support includes interoperability between Novell eDirectory and the following z/OS based security applications:

  • RACF (supported z/OS version)
  • Top Secret version 8
  • ACF/2 versions 9, 12

The Fan-Out Driver offers delegated logic and control to your system administrators. You can process any Identity Manager data-change event with a script on the platform. Authentication redirection provides login support for a universal password, accessing a central repository for login and password rules. Full bidirectional password synchronization is also supported.

The Fan-Out Driver is the natural upgrade path from Novell Account Management. The same extensible scripts are supported to manage users and groups on target platforms, and the same Authentication Services API is supported.

The Fan-Out Driver has two components:

  • The Core Driver
  • Platform Services

The Core Driver provides event fan-out to target platforms running Platform Services. A single Core Driver can support many platforms running Platform Services, regardless of platform operating system.

The Fan-Out Driver runs on any of the z/OS connected platforms supported by the bidirectional driver.

System Requirements

  • Identity Manager 3.5.1 and higher
  • Software required by Identity Manager 3.6
  • Any of the supported platforms mentioned above
  • If you intend to install the driver shim on a z/OS server, you must also install the Java Remote Loader, which requires Java on the z/OS system

Other Requirements

  • Before installing Identity Manager Driver for Mainframes in a production environment, you should have a clear deployment strategy in place to address your unique business needs.
  • Your installation and deployment team will need a collective knowledge of eDirectory, iManager, Identity Manager, z/OS, the target security application (RACF, Top Secret or ACF/2), and XSLT as well as full administrative rights for both eDirectory and z/OS.

© 2009 Novell, Inc. All Rights Reserved.