Main components
Main components in the IBM Verify Identity Governance solution include the Identity Manager Server and required and optional middleware components, including adapters that provide an interface to managed resources.
In a cluster configuration, main components include:
For more information about configuration alternatives, see the Identity Manager Installation Guide.
Components include:
- Database server products
- IBM Verify Identity Governance stores
transactional and historical data in a database server, a relational database that maintains the
current and historical states of data.
Computers that communicate with the database require a Java™ Database Connectivity driver (JDBC driver). For example, a JDBC driver enables a IBM Verify Identity Governance Server to communicate with the data source. IBM Verify Identity Governance supports a JDBC type 4 driver to connect a Java-based application to a database.
The supported database products are IBM® DB2® Database and Oracle database. The information about type 4 JDBC drivers for each database product are as follows:- IBM DB2 Database
- DB2 supports a Type 4 JDBC driver. The DB2 type 4 JDBC driver is bundled with the IBM Verify Identity Governance installation program.
- Oracle database
- The Oracle database supports a Type 4 JDBC driver. The IBM Verify Identity Governance installation program prompts for the location and
name of this JDBC driver.
Before you install the IBM Verify Identity Governance Server, obtain this JDBC driver from your Oracle Database Server installation in the ORACLE_HOME\jdbc\lib\ directory. Alternatively, you can download the driver from this website: http://www.oracle.com/technetwork/database/features/jdbc/index-091264.html
For WebSphere® Application Server version 7.0, the JDBC driver is ojdbc6.jar.
For more information about supported database server products, see .
- Directory server products
- IBM Verify Identity Governance stores the
current state of the managed identities in an LDAP directory, including user account and
organizational data.
IBM Verify Identity Governance supports the following products: .
- IBM Security Directory Server
- Oracle Directory Server Enterprise Edition
See .
- IBM Security Directory Integrator
- IBM Security Directory Integrator synchronizes identity data in different directories, databases, and applications. IBM Security Directory Integrator synchronizes and manages information exchanges between applications or directory sources.
- WebSphere Application Server
- WebSphere Application Server is the primary component of the WebSphere environment. WebSphere Application Server runs a Java
virtual machine, providing the runtime environment for the application code. The application server
provides communication security, logging, messaging, and Web services.
The Identity Manager application can run on a single-server configuration with the WebSphere Application Server base server. Identity Manager can also run in a larger cluster configuration. The configuration can have one or more WebSphere Application Servers and a deployment manager that manages the cluster.
- HTTP server and WebSphere Web Server plug-in
- An HTTP server provides administration of IBM Verify Identity Governance through a client interface in a web browser. IBM Verify Identity Governance requires the installation of a WebSphere Web Server plug-in with the HTTP server. The WebSphere Application Server installation program can separately install both the IBM HTTP Server and WebSphere Web Server plug-in.
- IBM Verify Identity Governance adapters
- An adapter is a program that provides an interface between a managed resource and the Identity Manager Server. Adapters function as trusted virtual
administrators on the target platform for account management. For example, adapters do such tasks as
creating accounts, suspending accounts, and modifying account attributes.A Identity Manager adapter can be either agent-based or agentless:
- Agent-based adapter
- You install adapter code directly onto the managed resource with which it is designed to communicate.
- Agentless adapter
- Deploys its adapter code onto the Identity Manager Server and the system that hosts Security Directory Integrator. The adapter code is separate from the managed resource with which it is designed to communicate.
Note: For agentless adapters, the SSH process or daemon must be active on the managed resource.