As previously indicated, Identity Manager comes with a number of services that you must install and configure. Although it’s not recommended for a production environment, you can install and configure all needed services on a single server. Or you can deploy one service per server, or anything in between.
Workload is the main factor in designing Identity Manager deployments. The more traffic you can disperse, the better potential throughput your applications can have.
Figure 1-3 illustrates one possible deployment strategy, with one server for the Metadirectory service, one server for the Web-based administration service, one server for the secure logging service, and one server for User Application and Provisioning services.
Figure 1-9 Identity Manager Deployment Strategies
How you deploy Identity Manager services depends on service workload. For instance, you can install Identity Manager’s Metadirectory service on one server that communicates with the connected systems. You only need to install the Metadirectory engine on one server running eDirectory.
Because of potential heavy throughput with iManager, you might not want to install the Web-based administration service with the Metadirectory service. If you do install iManager on the same server as Identity Manager, install iManager first, then Identity Manager and its plug-ins.
If you already have iManager 2.6 installed on a server, you only need to run the Identity Manager installation and install the Identity Manager plug-ins for iManager. If you are installing the User Application and Provisioning services, you must also run the User Application installation and install only the User Application plug-ins for iManager. You will need to do this for either the User Application or the User Application with Provisioning Module (they are two separate products).
If you are doing a substantial amount of provisioning, we recommended that the User Application be installed on its own server. You can also set up clustering if needed. MySQL 5.0.27-max is included with the User Application, and if it is deployed as part of the User Application install or as part of the User Application with Provisioning Module install, you do not need to set up another database service.
However, the secure logging service does not include a specific database, and both the secure logging service and the User Application/Provisioning services require a database. You can set up one database to serve both applications, or you can set up independent databases for each service. This depends on how much provisioning you perform and on the logging service workload.
NOTE:If you want to set up Oracle 9i or 10g on a separate (remote) server, you need to install Oracle and configure the Application Server to provide a remote connection to the database.
You can use the
option during the Identity Manager install if you don’t want to install eDirectory services and the Metadirectory engine on a connected system server. The Remote Loader also provides a secure communication path between the Metadirectory engine and the driver by using SSL technology. Keep this in mind when connecting systems to Identity Manager.For more information on planning your Identity Manager system, see Section 2.0, Planning.