Novell Doc: Novell Identity Manager 3.5.1 Administration Guide

3.1 Overview

There are two different ways to configure the installation of the Metadirectory engine. Figure 3-1 illustrates the first way. It shows that the Identity Vault, Metadirectory engine, and the driver shim all are installed and running on the same server. The driver shim is configured to communicate with the application and the Metadirectory engine.

Figure 3-1 All Components Installed on the Same Server

Figure 3-2 illustrates both configurations. The LDAP driver is installed on the same server as the Metadirectory engine and the Identity Vault. The SIF and Active Directory drivers are installed on different servers with the Remote Loader. The Remote Loader allows the driver to access the application without having the Identity Vault and Metadirectory engine installed on that same server.

Figure 3-2 A System Using the Remote Loader

The Remote Loader enables the Metadirectory engine to exchange data with the Identity Vault as different processes and in different locations, including the following:

As a separate process on the server where the Metadirectory engine is running: The Metadirectory engine runs as part of an eDirectory™ process. The Identity Manager drivers can run on the server where the Metadirectory engine is running. In fact, they can run as part of the same process as the Metadirectory engine.

However, for strategic reasons and to simplifying troubleshooting, you might want the Identity Manager driver to run as a separate process on the server.

If the driver is running as a separate process, the Remote Loader provides a communication channel between the Metadirectory engine and the driver.
On a server that is not running the Metadirectory engine:

Some of the Identity Manager drivers are unable to run where the Metadirectory engine is running. The Remote Loader enables you to run the Metadirectory engine in one environment while running an Identity Manager driver on a server in a different environment. For example, you cannot run the Active Directory driver on a NetWare® server. The Metadirectory engine can run on the NetWare server while the Remote Loader runs on an Active Directory server.
- Scenario: Separate Servers. The Metadirectory engine is running on a NetWare server. You need to run the Identity Manager Driver for Active Directory. This driver is unable to run on a NetWare server because it must run in an Active Directory environment. You install and run the Remote Loader on a Windows 2003 server. The Remote Loader provides a communication channel between the Active Directory driver and the Metadirectory engine.
- Scenario: Non-Host. The Metadirectory engine is running on Solaris*. You need to communicate with a NIS system where you want to provision user accounts. That system usually doesn’t host the Metadirectory engine. You install the Remote Loader and the Identity Manager Driver for NIS on the NIS system. The Remote Loader on the NIS system runs the NIS driver and enables the Metadirectory engine and the NIS driver to exchange data.

Novell® recommends that you use the Remote Loader configuration for use with your drivers where possible. Use the Remote Loader even in cases where the connected system is on the same server as the Metadirectory engine. The following benefits occur by running the driver with the Remote Loader configuration:

eDirectory is protected from any exceptions encountered by the driver shim.
It improves the performance of the server running the Metadirectory engine, by offloading driver commands to the remote application or database.
It allows you to run additional drivers on the server where the Metadirectory engine is not installed.