1.2 RSA Driver Concepts
1.2.1 Synchronizing Data
The Identity Manager Driver for RSA synchronizes data between an Identity Vault and RSA Authentication Manager. The driver can run anywhere that a Metadirectory server or Identity Manager Remote Loader is running if you are connecting to RSA Authentication Manager 7.1. If you are connecting to RSA Authentication Manager 6.1, the driver can only run on a Metadirectory server or Identity Manager Remote Loader installed on a Microsoft Windows server running RSA Authentication Manager 6.1.
The driver uses RSA APIs to bidirectionally synchronize changes between an Identity Vault and the connected RSA Authentication Manager.
1.2.2 How the RSA Driver Works
Channels, filters and policies control data flow.
Publisher and Subscriber Channels
The RSA driver supports Publisher and Subscriber channels:
-
The Publisher channel reads information from RSA Authentication Manager and submits that information to an Identity Vault via the Metadirectory engine.
By default, the Publisher channel checks for new RSA events every 3 minutes, processing up to 1000 entries at a time, starting with the first unprocessed entry.
-
The Subscriber channel watches for additions and modifications to Identity Vault objects and issues RSA commands that make changes to RSA Authentication Manager.
Filters
Identity Manager uses filters to control which objects and attributes are shared. The default filter configurations for the RSA driver allow objects and attributes to be shared, as illustrated in the following figure:
Figure 1-1 RSA Driver Filters
Policies
Policies are used to control data synchronization between the driver and an Identity Vault.
The following table provides information on default policies. These policies and the individual rules they contain can be customized as explained in Section 6.0, Synchronizing Data.
Table 1-1 Default Policies