Novell Doc: Identity Manager 3.0.1 Installation Guide - Recommended Deployment Strategies

1.6 Recommended Deployment Strategies

As previously indicated, Identity Manager comes with seven services that you must install and configure. Although it’s not recommended for a production environment, you can install and configure all seven services on a single server. Or you can deploy one service per server, or anything in between.

Workload is the main factor in designing Identity Manager deployments. The more traffic you can disperse, the better potential throughput your applications can have.

In Figure 1-3, we recommend one server for the Metadirectory service, one server for the Web-based administration service, one server for the secure logging service, and one server for user application and workflow-based provisioning service.

Figure 1-11 Recommended Approaches To Identity Manager Deployment

Metadirectory Service

How you deploy Identity Manager services depends on service workload. For instance, you can install Identity Manager’s Metadirectory service on one server that communicates with the connected systems. You only need to install the Metadirectory engine on one server running eDirectory.

Because of potential heavy throughput with iManager, you might not want to install the Web-based administration service with the Metadirectory service. If you do install iManager on the same server as Identity Manager, install iManager first, then Identity Manager and its plug-ins.

Web-Based Administration Service

If you already have iManager 2.5 or 2.6 installed on a server, you only need to run the Identity Manager installation and install the Identity Manager plug-ins for iManager. If you are installing the User Application and workflow system service, you must also run the User Application installation and install only the User App plug-ins for iManager. You will need to do this for either the User Application or the User Application with Provisioning installations (they are two separate products).

User Application and Secure Logging Services

If you are performing a substantial amount of provisioning, we recommended that the User Application be installed on its own server. You can also set up clustering if needed. MySQL 4.1.12 is included with the User Application, and if it is deployed as part of the User Application install or as part of the User Application with workflow-based provisioning install, you do not need to set up another database service.

However, the secure logging service does not include a specific database, and both the secure logging service and the end-user application/workflow provisioning service require a database. You can set up one database to serve both applications, or you can set up independent databases for each service. This depends on how much provisioning you perform and on the logging service workload.

NOTE:If you want to setup Oracle 9i or 10g on a separate (remote) server, you will need to install Oracle, and configure the Application Server to provide a remote connection to the database.

Using the Remote Loader Configuration

You can use the Connected System option during the Identity Manager install if you don’t want to install eDirectory services and the Metadirectory engine on a connected system server. The Remote Loader also provides a secure communication path between the Metadirectory engine and the driver using SSL technology. Keep this in mind when connecting systems to Identity Manager.