Technical overview

Edit online

Detailed technical overview of IBM Verify Identity Governance.

Overview

IBM Verify Identity Governance solution consists of a Verify Identity Governance application running on IBM WebSphere Liberty server. It offers the following deployment form factors:
  • Software Stack
  • Virtual Appliance
  • Container

Software Stack architecture

The software deployment for IVIG uses WebSphere Liberty instead of the traditional WebSphere traditional server used in ISVG.

You must install IBM Java 8 (https://www.ibm.com/support/pages/ibm-java-sdks-websphere-liberty) and the IBM MQ local and shared Queue Managers prior to moving to IVIG. Also, an LDAP and a database server must already exist and be configured (database created, suffix created, etc.).

The optional Spark and Dispatcher pieces are available as additional downloads from IBM Passport Advantage.

Virtual Appliance architecture

The IBM Verify Identity Governance - Virtual Appliance is a network appliance-based identity-management solution. IBM Verify Identity Governance - Virtual Appliance offers a virtual appliance to reduce the overall Time To Value (TTV) and greatly reduce the deployment time of the product. You can configure the virtual appliance for a cluster environment.

IBM Verify Identity Governance provides a mechanism to initially set up a semi-passive virtual appliance and a high availability solution for providing an all-in-one identity solution. The virtual appliance helps to decrease the amount of time the user spends in deploying and configuring in their own product environment.

You can configure a IBM Verify Identity Governance - Virtual Appliance to connect to external database servers, directory servers, and other supported appliances. You can manage the configuration interfaces and capabilities to deploy and configure the products on the virtual appliance.

The IBM Verify Identity Governance - Virtual Appliance cluster is made of one primary node and other member nodes. All configuration changes such as hardware and software are done only on the primary node. There is only one primary node in the cluster. Even if the primary node itself goes down or must be taken down, the other nodes can continue to do most of the IBM Verify Identity Governance functions. In such a scenario, some features, such as the Governance Risk dashboard, which depends on he Spark engine running on primary node will not work. Changes to configuration details are not allowed until the primary node is reconnected in the cluster.

Container architecture

The container deployment builds on the existing framework from ISVG v10.0.2, and includes a new set of Spark pods for Identity Analytics.

At a minimum, a container deployment requires the IVIG and MQ Shared pods.

Typically, one or more of LDAP, PostgreSQL, and the Dispatcher are deployed as pods. If desired, they can also all be run externally.

With the Enterprise or Compliance Licenses, a new Job (risk-start) creates and manages a Spark cluster to implement the new Analytics component.