A key component to the IBM identity and access management strategy is the capability to enable identity as part of a new security perimeter to protect your IT ecosystem; providing a set of tools to implement threat-aware identity management.
As you can see in Figure 1, integration of threat-aware identity services completes the IBM Security Intelligence strategy:
Figure 1. Identity enablement takes its place as part of the total security perimeter
An important tool to embed the identity component into the total security encampment is the IBM Security Directory Integrator, part of the two-product IBM Directory offering (along with IBM Security Directory Server).
IBM Security Directory Integrator 7.2 is an open-architecture, integration solution that synchronizes and exchanges information across multiple applications, directories, and databases, providing a single authoritative enterprise-level view of identity or generic data. It can be deployed by using one of two licensing options:
- IBM Security Directory Integrator Identity Edition is licensed under a User Value Unit licensing metric.
- IBM Security Directory Integrator General Purpose Edition is licensed under a Processor Value Unit licensing metric.
The two options offer the same functionality.
Less look a little deeper into the functionality that is offered by Security Directory Integrator.
A little background on IBM Security Directory Integrator
The IBM Security Directory combination is designed to simplify identity silos and cloud integrations. Security Directory Integrator plays its role in this combination through helping you build an authoritative data infrastructure by integrating data from directories, databases, collaborative systems, applications, and other data sources.
Security Directory Integrator supports the following platforms:
- AIX 7.1 and 6.1 Power systems.
- Windows Server 2012 Standard Edition x86-64.
- Windows Server 2008 R2 Enterprise Edition x86-64.
- Red Hat Enterprise Linux 5 Advances platform System z, x86-64.
- Red Hat Enterprise Linux Server 6 System z, x86-64.
- SUSE Linux Enterprise Server 10/11 System z, x86-64.
- Solaris 10 (SPARC) and 11 (SPARC).
The major security tasks that Security Directory Integrator helps you tackle include:
- Unifying identity silos into an authoritative identity store with integration templates and tools.
- Solving virtual directory scenarios with a hybrid approach that simplifies directory migration and coexistence.
- Implementing an open synchronization architecture that supports multi-vendor IT infrastructures.
- Managing identity infrastructure in private and public clouds.
- Reducing cost and improving return on investment of directory integrations.
- Providing broad support for platforms, operating systems, protocols, and standards.
How does Security Directory Integrator do these tasks?
Unify identity silos
Security Directory Integrator:
- Uses a federated directory server feature to correlate identities and reconcile data.
- Provides a GUI for configuration, customization, and maintenance of synchronization rules to transform, move, and synchronize data.
- Eases tasks such as data migration and transformation to other file formats and synchronization between two or more systems by supporting scheduled synchronization and event-driven workflows.
- Creates authoritative data spaces to expose only trustworthy data and offers an operations monitoring administrative console.
Solve virtual directory scenarios
Security Directory Integrator can help you solve virtual directory scenarios by creating a centralized data store of silos of data while federating authentication to the original data sources. It also provides a foundation to meet many service level agreement requirements.
Implement open synchronization architecture
Security Directory Integrator is simple and quick to deploy; the simplicity makes it easier to deliver an open synchronization architecture. Some of the capabilities of the product include:
- Scalability, from small to large deployments.
- Integration of both meta-directory and point-to-point solutions.
- Support for a decentralized architecture that eliminates deploying and maintaining a centralized, proprietary data store.
Reduce cost and improve return on investment
Security Directory Integrator takes advantage of your existing infrastructure and can virtually eliminate the need for extra programming. It provides a white pages application and social networking capabilities and supports user management in the cloud through REST APIs (Representational State Transfer). Plus, it can read and write to a system that provides a facility for a cross-domain identity management interface (SCIM).
Now look at what's new in version 7.2.
What's new in version 7.2
IBM Security Directory Integrator continues to enhance its capabilities as a key integration framework. There are several new features.
Federated Directory Server helps create a single authoritative source of data that traditionally exists in various source silos such as databases, directories, flat files, and applications. Using a configurable unique attribute, identities can be correlated to reconcile the data from various data sources to create a unique set of data. With this capability, Security Directory Integrator solves various use cases of virtual directory space by using a hybrid approach. It creates a centralized data store but also still provides the capability for managing and authenticating users at original sources where the information was created.
The Federated Directory Server also helps you rapidly deploy various applications (IBM Security Access Manager, WhitePages) through a single point of access. The single point of access (using the highly scalable infrastructure IBM Security Directory Server as the backbone) helps applications meet service level agreements regardless of the speed of the original data source.
Support of system for cross-domain identity management (SCIM) enables more rapid deployment of an identity infrastructure for cloud ecosystems. SCIM provides support for user management in the cloud through a REST interface rather than using the traditional Lightweight Directory Access Protocol (LDAP) calls. The SCIM client connector enables IBM Security Directory Integrator to read and write to a system that provides an SCIM interface.
We mentioned earlier that Security Directory Integrator and Server make up the combined solution, IBM Directory. Figure 2 illustrates some of the new capabilities of the latest version of IBM Directory.
Figure 2. New features in the latest version of IBM Directory
Makes an excellent solution in combination
As already mentioned, the latest version of IBM Security Directory Integrator is version 7.2. The latest version of its IBM Directory partner product is IBM Security Directory Server 6.3.1.
Security Directory Server function is to provide a platform for enterprise security initiatives and a trusted identity data infrastructure for authentication. It uses LDAP and offers:
- Industry-standard architecture and broad platform support for a range of operating systems and applications and various heterogeneous environments.
- Strong scalability and flexibility to support hundreds of millions of entries by using IBM DB2® technology and a built-in proxy-server.
- Availability to support an identity data infrastructure for global online applications such as consumer-driven web services.
- The ability to help you mange identities in the cloud.
- Robust auditing and reporting that provides insight with connectivity to IBM QRadar® SIEM and greater visibility into a repository with sample reports.
In combination, Security Directory Integrator and Security Directory Server:
- Provide a Federated Directory Server for integrating a wide variety of silos of data sources through the new GUI and standard integration assets.
- Create a hierarchical structure of an enterprise that enables people searches and easier interaction by using a new WhitePages application.
- Simplify cloud user management through SCIM support.
- Enable integration with IBM QRadar SIEM for obtaining insight into LDAP transactions; this integration enhances audit capabilities and helps to understand compliance posture.
- Enhance reporting by providing LDAP report samples.
- Extend LDAP bind by using unique attributes such as email.
- Improve performance for subtree searches for large and complex setup.
Explore how IBM Security Directory Integrator and Server can help you fill any gaps in your security intelligence perimeter by following the connections in Resources.
- Resources for the topic in this article
(some resources might still refer to product as Tivoli Directory
- Visit the IBM Security Directory Integrator site.
- Visit the IBM Security Directory Server site.
- Read how to synchronize data across multiple repositories with Tivoli Directory Integrator data sheet.
- Discover how developers can increase the resiliency of integrations in the IBM Redpaper ebook Robust Integration with Tivoli Directory Integrator.
- Download Tivoli Directory Integrator for a no-charge evaluation.
- Start your journey to implement IT security through pragmatic, intelligent, and risk-based practices at Security on developerWorks.
- Explore developerWorks IT security from a different perspective: Look at the weekly Security on developerWorks newsletter.
- Dive into cloud application development at cloud computing on developerWorks; an important component to build into cloud application development is security.
- Follow developerWorks on Twitter.
- Watch developerWorks demos that range from product installation and setup demos for beginners, to advanced functionality for experienced developers.
Get products and technologies
- Evaluate IBM products in the way that suits you best: Download a product trial or try a product online.
- Get involved in the developerWorks community. Connect with other developerWorks users while you explore the developer-driven blogs, forums, groups, and wikis.