Main components

Main components in the IBM Verify Identity Governance solution include the Identity Manager Server and required and optional middleware components, including adapters that provide an interface to managed resources.

In a cluster configuration, main components include:

Figure 1. Main components
Main components

For more information about configuration alternatives, see the Identity Manager Installation Guide.

Components include:

Database server products
IBM Verify Identity Governance stores transactional and historical data in a database server, a relational database that maintains the current and historical states of data.

Computers that communicate with the database require a Java™ Database Connectivity driver (JDBC driver). For example, a JDBC driver enables a IBM Verify Identity Governance Server to communicate with the data source. IBM Verify Identity Governance supports a JDBC type 4 driver to connect a Java-based application to a database.

The supported database products are IBM® DB2® Database and Oracle database. The information about type 4 JDBC drivers for each database product are as follows:
IBM DB2 Database
DB2 supports a Type 4 JDBC driver. The DB2 type 4 JDBC driver is bundled with the IBM Verify Identity Governance installation program.
Oracle database
The Oracle database supports a Type 4 JDBC driver. The IBM Verify Identity Governance installation program prompts for the location and name of this JDBC driver.

Before you install the IBM Verify Identity Governance Server, obtain this JDBC driver from your Oracle Database Server installation in the ORACLE_HOME\jdbc\lib\ directory. Alternatively, you can download the driver from this website: http://www.oracle.com/technetwork/database/features/jdbc/index-091264.html

For WebSphere® Application Server version 7.0, the JDBC driver is ojdbc6.jar.

For more information about supported database server products, see .

Directory server products
IBM Verify Identity Governance stores the current state of the managed identities in an LDAP directory, including user account and organizational data.

IBM Verify Identity Governance supports the following products: .

  • IBM Security Directory Server
  • Oracle Directory Server Enterprise Edition

See .

IBM Security Directory Integrator
IBM Security Directory Integrator synchronizes identity data in different directories, databases, and applications. IBM Security Directory Integrator synchronizes and manages information exchanges between applications or directory sources.
WebSphere Application Server
WebSphere Application Server is the primary component of the WebSphere environment. WebSphere Application Server runs a Java virtual machine, providing the runtime environment for the application code. The application server provides communication security, logging, messaging, and Web services.

The Identity Manager application can run on a single-server configuration with the WebSphere Application Server base server. Identity Manager can also run in a larger cluster configuration. The configuration can have one or more WebSphere Application Servers and a deployment manager that manages the cluster.

HTTP server and WebSphere Web Server plug-in
An HTTP server provides administration of IBM Verify Identity Governance through a client interface in a web browser. IBM Verify Identity Governance requires the installation of a WebSphere Web Server plug-in with the HTTP server. The WebSphere Application Server installation program can separately install both the IBM HTTP Server and WebSphere Web Server plug-in.
IBM Verify Identity Governance adapters
An adapter is a program that provides an interface between a managed resource and the Identity Manager Server. Adapters function as trusted virtual administrators on the target platform for account management. For example, adapters do such tasks as creating accounts, suspending accounts, and modifying account attributes.
A Identity Manager adapter can be either agent-based or agentless:
Agent-based adapter
You install adapter code directly onto the managed resource with which it is designed to communicate.
Agentless adapter
Deploys its adapter code onto the Identity Manager Server and the system that hosts Security Directory Integrator. The adapter code is separate from the managed resource with which it is designed to communicate.
Note: For agentless adapters, the SSH process or daemon must be active on the managed resource.