Novell® NsureTM Identity Manager is a service that synchronizes data among servers in a set of connected systems by using a robust set of configurable policies. Identity Manager uses the Identify Vault to store shared information, and uses the DirXML® engine for policy-based management of the information as it changes in the vault or connected system. Identity Manager runs on the server where the Identity Vault and the DirXML engine are located.
A connected system is any system that can share data with Identity Manager through a driver. Active Directory is a connected system.
Identity Vault is a persistent database powered by eDirectoryTM and used by Identity Manager to hold data for synchronization with a connected system. The vault may be viewed narrowly as a private datastore for Identity Manager or more broadly as a meta-directory that holds enterprise-wide data. Data in the vault is available to any protocol supported by eDirectory, including NCPTM (the traditional protocol used by such utilities as ConsoleOne® and iManager), LDAP, and DSML.
Because the vault is powered by eDirectory, Identity Manager can be easily integrated into your corporate directory infrastructure by using your existing directory tree as the vault.
The DirXML engine is the core server that implements the event management and policies of Identity Manager. The engine runs on the Java* Virtual Machine in eDirectory.
A driver implements data sharing policy for a connected system. You control the actions of the driver by using iManager to define the filters and policy. For Active Directory, a driver implements policy for a single domain.
A driver shim is the component of a driver that converts the XML-based Identity Manager command and event language (XDS) to the protocols and API calls needed to interact with a connected system. The shim is called to execute commands on the connected system after the Output Transform has been run. Commands are usually generated on the Subscriber channel but can be generated by command write-back on the Publisher channel.
The shim also generates events from the connected system for the Input Transform. A driver shim can be implemented either in Java class or as a native Windows* .dll file. The shim for Active Directory is ADDriver.dll.
ADDriver.dll is implemented as a native Windows .dll file. ADDriver uses several different Windows APIs to integrate with Active Directory. These APIs typically require some type of login and authentication to succeed. Also, the APIs might require that the login account have certain rights and privileges within Active Directory and on the machine where ADDriver.dll executes.
If you use the Remote Loader, ADDriver.dll executes on the server where the Remote Loader is running. Otherwise, it executes on the server where the DirXML engine is running.
A Remote Loader enables a driver shim to execute outside of the DirXML engine (perhaps remotely on a different machine). The Remote Loader is typically used when a requirement of the driver shim is not met by the DirXML server. For example, if the DirXML engine is running on Linux, the Remote Loader is used to execute the Active Directory driver shim on a Windows server.
The Remote Loader is a service that executes the driver shim and passes information between the shim and the DirXML engine. When you use a Remote Loader, you install the driver shim on the server where the Remote Loader is running, not on the server where the DirXML engine is running. You can choose to use SSL to encrypt the connection between the DirXML engine and the Remote Loader.
When you use the Remote Loader with the Active Directory driver shim, two network connections exist: