Novell Home

Novell Identity Manager Driver for MVS RACF

A Component of the Identity Manager Integration Module for Mainframe

overview

Note: This driver includes functionality previously available in Novell Account Management 3 for Mainframe.

With the Identity Manager Driver for MVS RACF, you'll enjoy the following features and benefits:

Features
  • User provisioning
  • Password management
  • User self-service
  • Point-and-click customization
  • Role-based administration
  • System-wide auditing and reporting
  • Native script handling
  • Authentication redirection
Benefits
  • Increased operational efficiency
  • Support for compliance with industry regulations
  • Reduced administration and helpdesk costs
  • Reduced security risks
  • Empowered users
  • Enhanced performance of your operating systems
  • Reduced network computing costs

Identity Manager Driver for MVS RACF is a component of the Identity Manager Integration Module for Mainframe. This driver works with Identity Manager 2 (formerly DirXML®) and includes two provisioning options: the bi-directional driver and the fan-out driver. The bi-directional driver enables you to synchronize information to and from Identity Manager and a connected system. The fan-out driver enables you to synchronize information from Identity Manager to many different connected systems using a single driver. By unifying the bi-directional and fan-out drivers in a single integration module, Novell enables customers to choose the functionality most appropriate for their environment.

bi-directional driver

When you deploy the Identity Manager Driver 1.0 for MVS RACF driver, you are required to select a provisioning option. The bi-directional driver option provides interoperability between MVS RACF-supported systems and Novell eDirectory™. It uses extensible markup language (XML) to convert eDirectory commands and events into XML data that can be understood by RACF and vice versa.

Although RACF and eDirectory store and process information in very different ways, this driver ensures that vital user and group information stays synchronized across your entire enterprise. The data flow between RACF and eDirectory is bi-directional and fully customizable; you select whether the flow originates with eDirectory, RACF, both, or neither. This enables you to specify an authoritative source of user information based on your unique business methods and needs.

This driver consists of two components:

  • The RACF Event Subsystem
  • The driver shim

These two driver components work together to bridge your disparate information systems and keep the data in both systems up-to-date. The RACF Event Subsystem creates an interface between the driver shim and RACF while the driver shim transfers information from eDirectory to the RACF Event Subsystem. The driver shim can be installed either on an MVS server that is running the RACF Event Subsystem or on an eDirectory server, depending on your deployment strategy. The RACF Event Subsystem must be installed on each system that shares the RACF database.

fan-out driver

The fan-out driver provides delegated logic and control to your system administrators. You can process any Identity Manager data-change event with a script on the platform. The fan-out driver enables fan-out to hundreds of systems from a single driver. Authentication redirection provides login support for a universal password, accessing a central repository for login and password rules. Full bi-directional password synchronization is also supported.

The fan-out driver is the natural upgrade path from Novell Account Management. The same extensible scripts are supported to manage users and groups on target platforms, and the same Authentication Services API is supported. In future releases, the fan-out driver will provide tighter integration with Identity Manager, while continuing to provide the flexibility to manage all aspects of the user experience using extensible scripts.

The fan-out driver gives the logic control of what happens on the MVS RACF system to the MVS System Programmer. This is done by providing fully functioning REXX scripts that are executed on the MVS z/OS system based on eDirectory events; any attribute in eDirectory can be presented to the scripts for use in updating RACF or used by logic in the scripts. In fact, any TSO command can be issued from within the scripts. There is also a script writers' guide to help easily modify the existing scripts.

The fan-out driver has two components:

  • The core driver
  • Platform Services

The core driver provides event fan-out to target platforms running Platform Services. A single core driver can support many platforms running Platform Services, regardless of platform operating system.

system requirements

  • Identity Manager 3.0 and higher
  • Software required by Identity Manager 3.0
  • Any OS/390* or z/OS* release supported by IBM
  • RACF 1.9 or later
  • If you intend to install the driver shim on an MVS server, you must also install the Java Remote Loader, which requires Java on the MVS system.
    Important: Before you begin your installation, check the Novell Support Web site (http://support.novell.com) for the latest support pack and product update information, and review the Release Notes and Readme files.

    • Note on Fan-out: We are currently working on an update to the fan-out driver which will ship with the Integration Module for Mainframe in the very near future. Until that time, please visit http://support.novell.com for installations.

other requirements

  • Before installing Identity Manager Driver for MVS RACF in a production environment, you should have a clear deployment strategy in place to address your unique business needs.
  • Your installation and deployment team will need a collective knowledge of eDirectory, iManager, DirXML, MVS, RACF and XSLT as well as full administrative rights for both eDirectory and MVS.

Novell® Making IT Work As One

© 2009 Novell, Inc. All Rights Reserved.