Novell Identity Manager
Encyclopedia
Novell
Identity Manager (aka, IDM) is Novell's implementation of Identity Management
software. Previously known as DirXML the product utilizes XML
-based configuration files to determine the product's implemented functions. With synchronization capabilities out of the box including various directories, database
s, phone systems, operating system
s, and HR systems, IDM strives to ease the administrative efforts of large enterprises by preventing administrative effort duplication. IDM 3.6.1 was released June 4, 2009.
systems including the following: Novell eDirectory
, Avaya
, PeopleSoft
, Oracle Database
, SAP
HR and User Management, Lotus Domino, Novell GroupWise
, MySQL
, any JDBC
-compliant database, any LDAP
-compliant directory, NIS
, SIF, SOAP
, Microsoft Active Directory
, Microsoft Windows NT
, RACF, ACF2
and many others including various Unix
and Linux
user databases.
For those supported systems drivers and configuration files have been pre-built and made ready for user customization. While a large number of systems are supported out of the box the possibility of integrating with other systems is there through customized drivers and configurations.
The current release of Identity Manager also provides integration with Novell's Security Information and Event Management (SIEM)
product called Novell Sentinel. Among other things the integration lets Sentinel understand which of various users and roles are tied to a single person. This means that while a single person may have multiple usernames across various systems they can all be tied back to one individual because IDM sends the relevant relationships to Sentinel.
are also available for free use on both Novell's and others' websites. Searching these online forums for previously-resolved issues can speed up implementation and troubleshooting of new or existing drivers. A popular and fast way to do this searching along with browsing previous forum posts is through Google Groups
. NNTP
news readers such as Mozilla Thunderbird
are also recommended to maintain offline searchable copies of forum posts.
Novell also offers traditional pay-per-issue support options for its customers along with a consulting option to completely implement a new system.
Novell's partners are a viable alternative to using Novell support directly and may be a more cost-effective method of receiving answers that were not found via the free channels.
has been an option since IDM 2. This option appeals to many administrators because it only requires a computer with a web browser and network access to perform all tasks associated with IDM. Because the configuration files are XML-based they can be imported and exported from anywhere in the world or edited directly in iManager's pages.
A newer method of administration, and especially, deployment, is now available through a product known as Designer. A free companion to IDM, Designer is written in Eclipse
and runs on either a Linux or Windows workstation. Because it is a fat client
it does not need to be connected to any networks to make changes to drivers though it does need to deploy changes for them to take effect. Designer is made to speed up the process of deploying new drivers and modifying and testing existing drivers by removing the multiple-click requirement that comes with any web interface, and offering quicker access to driver configuration settings. As of Designer 3.0, Designer also provides Subversion based version control
. This simplifies development of an IDM implementation in a team environment, and also provides access to a history of changes made to IDM objects.
Along with changing and deploying entire environments Designer offers the added benefit of real-time testing of drivers before they are placed in production. An operation document can be fed into Designer and run through the driver's configuration and policies to see what will come out after the processing takes place. It is this output that would be used to make changes on either the eDirectory or application system. Because the test operation document is XML, just like the IDM configurations, the document can be easily viewed in a text editor or web browser before and after the simulation operation.
Novell
Novell, Inc. is a multinational software and services company. It is a wholly owned subsidiary of The Attachmate Group. It specializes in network operating systems, such as Novell NetWare; systems management solutions, such as Novell ZENworks; and collaboration solutions, such as Novell Groupwise...
Identity Manager (aka, IDM) is Novell's implementation of Identity Management
Identity management
Identity management is a broad administrative area that deals with identifying individuals in a system and controlling access to the resources in that system by placing restrictions on the established identities of the individuals.Identity management is multidisciplinary and covers many...
software. Previously known as DirXML the product utilizes XML
XML
Extensible Markup Language is a set of rules for encoding documents in machine-readable form. It is defined in the XML 1.0 Specification produced by the W3C, and several other related specifications, all gratis open standards....
-based configuration files to determine the product's implemented functions. With synchronization capabilities out of the box including various directories, database
Database
A database is an organized collection of data for one or more purposes, usually in digital form. The data are typically organized to model relevant aspects of reality , in a way that supports processes requiring this information...
s, phone systems, operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s, and HR systems, IDM strives to ease the administrative efforts of large enterprises by preventing administrative effort duplication. IDM 3.6.1 was released June 4, 2009.
Supported applications
IDM supports its own and a large number of third-partyThird-party software component
In computer programming, a third-party software component is a reusable software component developed to be either freely distributed or sold by an entity other than the original vendor of the development platform...
systems including the following: Novell eDirectory
Novell eDirectory
Novell eDirectory is an X.500-compatible directory service software product initially released in 1993 by Novell for centrally managing access to resources on multiple servers and computers within a given network...
, Avaya
Avaya
Avaya Inc. is a privately held computer networking, information technology and telecommunications company that is a global provider of business communications systems. The international head quarters is in Basking Ridge, New Jersey, United States...
, PeopleSoft
PeopleSoft
PeopleSoft, Inc. was a company that provided Human Resource Management Systems , Financial Management Solutions , Supply Chain and customer relationship management software, as well as software solutions for manufacturing, enterprise performance management, and student administration to large...
, Oracle Database
Oracle Database
The Oracle Database is an object-relational database management system produced and marketed by Oracle Corporation....
, SAP
SAP R/3
SAP R/3 is the former name of the main enterprise resource planning software produced by SAP AG. It is an enterprise-wide information system designed to coordinate all the resources, information, and activities needed to complete business processes such as order fulfillment or billing.- History of...
HR and User Management, Lotus Domino, Novell GroupWise
Novell GroupWise
GroupWise is a messaging and collaborative software platform from Novell that supports email, calendaring, personal information management, instant messaging, and document management. The platform consists of the client software, which is available for Windows, Mac OS X, and Linux, and the server...
, MySQL
MySQL
MySQL officially, but also commonly "My Sequel") is a relational database management system that runs as a server providing multi-user access to a number of databases. It is named after developer Michael Widenius' daughter, My...
, any JDBC
Java Database Connectivity
Java DataBase Connectivity, commonly referred to as JDBC, is an API for the Java programming language that defines how a client may access a database. It provides methods for querying and updating data in a database. JDBC is oriented towards relational databases...
-compliant database, any LDAP
Lightweight Directory Access Protocol
The Lightweight Directory Access Protocol is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network...
-compliant directory, NIS
Network Information Service
The Network Information Service, or NIS is a client–server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network...
, SIF, SOAP
SOAP
SOAP, originally defined as Simple Object Access Protocol, is a protocol specification for exchanging structured information in the implementation of Web Services in computer networks...
, Microsoft Active Directory
Active Directory
Active Directory is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems. Server computers on which Active Directory is running are called domain controllers....
, Microsoft Windows NT
Windows NT
Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. It was a powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix. It was intended to complement...
, RACF, ACF2
ACF2
ACF2 is a commercial discretionary access control software security system developed for MVS , VSE and VM by SKK, Inc. Barry Schrager, Eberhard Klemens, and Scott Krueger combined to develop ACF2 at London Life Insurance in London, Ontario in 1978...
and many others including various Unix
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
and Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
user databases.
For those supported systems drivers and configuration files have been pre-built and made ready for user customization. While a large number of systems are supported out of the box the possibility of integrating with other systems is there through customized drivers and configurations.
The current release of Identity Manager also provides integration with Novell's Security Information and Event Management (SIEM)
Security Information Management
Security information management is the industry-specific term in computer security referring to the collection of data into a central repository for trend analysis...
product called Novell Sentinel. Among other things the integration lets Sentinel understand which of various users and roles are tied to a single person. This means that while a single person may have multiple usernames across various systems they can all be tied back to one individual because IDM sends the relevant relationships to Sentinel.
Documentation and Support
Documentation for IDM is available online at Novell's documentation website for free. Various online forumsInternet forum
An Internet forum, or message board, is an online discussion site where people can hold conversations in the form of posted messages. They differ from chat rooms in that messages are at least temporarily archived...
are also available for free use on both Novell's and others' websites. Searching these online forums for previously-resolved issues can speed up implementation and troubleshooting of new or existing drivers. A popular and fast way to do this searching along with browsing previous forum posts is through Google Groups
Google Groups
Google Groups is a service from Google Inc. that supports discussion groups, including many Usenet newsgroups, based on common interests. The service was started in 1995 as Deja News, and was transitioned to Google Groups after a February 2001 buyout....
. NNTP
Network News Transfer Protocol
The Network News Transfer Protocol is an Internet application protocol used for transporting Usenet news articles between news servers and for reading and posting articles by end user client applications...
news readers such as Mozilla Thunderbird
Mozilla Thunderbird
Mozilla Thunderbird is a free, open source, cross-platform e-mail and news client developed by the Mozilla Foundation. The project strategy is modeled after Mozilla Firefox, a project aimed at creating a web browser...
are also recommended to maintain offline searchable copies of forum posts.
Novell also offers traditional pay-per-issue support options for its customers along with a consulting option to completely implement a new system.
Novell's partners are a viable alternative to using Novell support directly and may be a more cost-effective method of receiving answers that were not found via the free channels.
Implementation and administration
There are a number of ways to develop, configure, or reconfigure an IDM implementation. Using Novell's own iManagerIManager
iManager is a web-based file manager for Unix-based servers.It comes with Open Novell Enterprise Server software and OpenSuSE Enterprise Server software. It can be used to monitor and configure software and hardware over the network....
has been an option since IDM 2. This option appeals to many administrators because it only requires a computer with a web browser and network access to perform all tasks associated with IDM. Because the configuration files are XML-based they can be imported and exported from anywhere in the world or edited directly in iManager's pages.
A newer method of administration, and especially, deployment, is now available through a product known as Designer. A free companion to IDM, Designer is written in Eclipse
Eclipse (software)
Eclipse is a multi-language software development environment comprising an integrated development environment and an extensible plug-in system...
and runs on either a Linux or Windows workstation. Because it is a fat client
Fat client
A fat client is a computer in client–server architecture or networks that typically provides rich functionality independent of the central server...
it does not need to be connected to any networks to make changes to drivers though it does need to deploy changes for them to take effect. Designer is made to speed up the process of deploying new drivers and modifying and testing existing drivers by removing the multiple-click requirement that comes with any web interface, and offering quicker access to driver configuration settings. As of Designer 3.0, Designer also provides Subversion based version control
Revision control
Revision control, also known as version control and source control , is the management of changes to documents, programs, and other information stored as computer files. It is most commonly used in software development, where a team of people may change the same files...
. This simplifies development of an IDM implementation in a team environment, and also provides access to a history of changes made to IDM objects.
Along with changing and deploying entire environments Designer offers the added benefit of real-time testing of drivers before they are placed in production. An operation document can be fed into Designer and run through the driver's configuration and policies to see what will come out after the processing takes place. It is this output that would be used to make changes on either the eDirectory or application system. Because the test operation document is XML, just like the IDM configurations, the document can be easily viewed in a text editor or web browser before and after the simulation operation.