IBM Security Directory Integrator 7.2: Completing the security perimeter

The former Tivoli Directory Integrator provides real-time synchronization between identity data sources

Threat-aware identity management is key to securing your IT organization's protective perimeter. One of the tasks that are needed to achieve effective identity management is the ability to implement real-time synchronization between various identity data sources. See how IBM® Security Directory Integrator, one of the two components of IBM Directory, performs this task.

Share:

developerWorks security editors, IBM staff, IBM

Security icon imageThis article is brought to you by the editors of the developerWorks Security site.



20 January 2014

A key component to the IBM identity and access management strategy is the capability to enable identity as part of a new security perimeter to protect your IT ecosystem; providing a set of tools to implement threat-aware identity management.

As you can see in Figure 1, integration of threat-aware identity services completes the IBM Security Intelligence strategy:

Figure 1. Identity enablement takes its place as part of the total security perimeter
Diagram that shows how identity enablement takes its place as part of the total security perimeter

Identity and access intelligence

Thumbnail image of white paper cover about identity and access intelligence

Identity and access management infrastructures are becoming a major source of security intelligence information. EMA analysts published a new report that describes the nature of identity and access intelligence and the factors that drive this aspect of security evolution. To learn about this aspect of IT security, download and read "Identity and Access Intelligence: Transforming Enterprise Security."

An important tool to embed the identity component into the total security encampment is the IBM Security Directory Integrator, part of the two-product IBM Directory offering (along with IBM Security Directory Server).

IBM Security Directory Integrator 7.2 is an open-architecture, integration solution that synchronizes and exchanges information across multiple applications, directories, and databases, providing a single authoritative enterprise-level view of identity or generic data. It can be deployed by using one of two licensing options:

  • IBM Security Directory Integrator Identity Edition is licensed under a User Value Unit licensing metric.
  • IBM Security Directory Integrator General Purpose Edition is licensed under a Processor Value Unit licensing metric.

The two options offer the same functionality.

Less look a little deeper into the functionality that is offered by Security Directory Integrator.

A little background on IBM Security Directory Integrator

The IBM Security Directory combination is designed to simplify identity silos and cloud integrations. Security Directory Integrator plays its role in this combination through helping you build an authoritative data infrastructure by integrating data from directories, databases, collaborative systems, applications, and other data sources.

Security Directory Integrator supports the following platforms:

  • AIX 7.1 and 6.1 Power systems.
  • Windows Server 2012 Standard Edition x86-64.
  • Windows Server 2008 R2 Enterprise Edition x86-64.
  • Red Hat Enterprise Linux 5 Advances platform System z, x86-64.
  • Red Hat Enterprise Linux Server 6 System z, x86-64.
  • SUSE Linux Enterprise Server 10/11 System z, x86-64.
  • Solaris 10 (SPARC) and 11 (SPARC).

The major security tasks that Security Directory Integrator helps you tackle include:

  • Unifying identity silos into an authoritative identity store with integration templates and tools.
  • Solving virtual directory scenarios with a hybrid approach that simplifies directory migration and coexistence.
  • Implementing an open synchronization architecture that supports multi-vendor IT infrastructures.
  • Managing identity infrastructure in private and public clouds.
  • Reducing cost and improving return on investment of directory integrations.
  • Providing broad support for platforms, operating systems, protocols, and standards.

How does Security Directory Integrator do these tasks?

Unify identity silos

Security Directory Integrator:

  • Uses a federated directory server feature to correlate identities and reconcile data.
  • Provides a GUI for configuration, customization, and maintenance of synchronization rules to transform, move, and synchronize data.
  • Eases tasks such as data migration and transformation to other file formats and synchronization between two or more systems by supporting scheduled synchronization and event-driven workflows.
  • Creates authoritative data spaces to expose only trustworthy data and offers an operations monitoring administrative console.
  • Offers connectors for rapid integration so you can create custom connectors in Java™ and JavaScript™.

Solve virtual directory scenarios

Security Directory Integrator can help you solve virtual directory scenarios by creating a centralized data store of silos of data while federating authentication to the original data sources. It also provides a foundation to meet many service level agreement requirements.

Implement open synchronization architecture

Security Directory Integrator is simple and quick to deploy; the simplicity makes it easier to deliver an open synchronization architecture. Some of the capabilities of the product include:

  • Scalability, from small to large deployments.
  • Integration of both meta-directory and point-to-point solutions.
  • Support for a decentralized architecture that eliminates deploying and maintaining a centralized, proprietary data store.

Reduce cost and improve return on investment

Security Directory Integrator takes advantage of your existing infrastructure and can virtually eliminate the need for extra programming. It provides a white pages application and social networking capabilities and supports user management in the cloud through REST APIs (Representational State Transfer). Plus, it can read and write to a system that provides a facility for a cross-domain identity management interface (SCIM).

Now look at what's new in version 7.2.


What's new in version 7.2

IBM Security Directory Integrator continues to enhance its capabilities as a key integration framework. There are several new features.

Federated Directory Server helps create a single authoritative source of data that traditionally exists in various source silos such as databases, directories, flat files, and applications. Using a configurable unique attribute, identities can be correlated to reconcile the data from various data sources to create a unique set of data. With this capability, Security Directory Integrator solves various use cases of virtual directory space by using a hybrid approach. It creates a centralized data store but also still provides the capability for managing and authenticating users at original sources where the information was created.

The Federated Directory Server also helps you rapidly deploy various applications (IBM Security Access Manager, WhitePages) through a single point of access. The single point of access (using the highly scalable infrastructure IBM Security Directory Server as the backbone) helps applications meet service level agreements regardless of the speed of the original data source.

Support of system for cross-domain identity management (SCIM) enables more rapid deployment of an identity infrastructure for cloud ecosystems. SCIM provides support for user management in the cloud through a REST interface rather than using the traditional Lightweight Directory Access Protocol (LDAP) calls. The SCIM client connector enables IBM Security Directory Integrator to read and write to a system that provides an SCIM interface.

We mentioned earlier that Security Directory Integrator and Server make up the combined solution, IBM Directory. Figure 2 illustrates some of the new capabilities of the latest version of IBM Directory.

Figure 2. New features in the latest version of IBM Directory
Diagram that shows new features in the latest version of IBM Directory

Makes an excellent solution in combination

As already mentioned, the latest version of IBM Security Directory Integrator is version 7.2. The latest version of its IBM Directory partner product is IBM Security Directory Server 6.3.1.

Security Directory Server function is to provide a platform for enterprise security initiatives and a trusted identity data infrastructure for authentication. It uses LDAP and offers:

  • Industry-standard architecture and broad platform support for a range of operating systems and applications and various heterogeneous environments.
  • Strong scalability and flexibility to support hundreds of millions of entries by using IBM DB2® technology and a built-in proxy-server.
  • Availability to support an identity data infrastructure for global online applications such as consumer-driven web services.
  • The ability to help you mange identities in the cloud.
  • Robust auditing and reporting that provides insight with connectivity to IBM QRadar® SIEM and greater visibility into a repository with sample reports.

In combination, Security Directory Integrator and Security Directory Server:

  • Provide a Federated Directory Server for integrating a wide variety of silos of data sources through the new GUI and standard integration assets.
  • Create a hierarchical structure of an enterprise that enables people searches and easier interaction by using a new WhitePages application.
  • Simplify cloud user management through SCIM support.
  • Enable integration with IBM QRadar SIEM for obtaining insight into LDAP transactions; this integration enhances audit capabilities and helps to understand compliance posture.
  • Enhance reporting by providing LDAP report samples.
  • Extend LDAP bind by using unique attributes such as email.
  • Improve performance for subtree searches for large and complex setup.

Explore how IBM Security Directory Integrator and Server can help you fill any gaps in your security intelligence perimeter by following the connections in Resources.

Resources

Learn

Get products and technologies

Discuss

  • Get involved in the developerWorks community. Connect with other developerWorks users while you explore the developer-driven blogs, forums, groups, and wikis.

Comments

developerWorks: Sign in

Required fields are indicated with an asterisk (*).


Need an IBM ID?
Forgot your IBM ID?


Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.

 


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name



The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.

 


All information submitted is secure.

Dig deeper into Security on developerWorks


static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=Security
ArticleID=960505
ArticleTitle=IBM Security Directory Integrator 7.2: Completing the security perimeter
publish-date=01202014