IBM® Security Identity Manager is
an automated and policy-based solution that manages user access across
IT environments, helping to drive effective identity management and
governance across the enterprise. By using roles, accounts, and access
permissions, it helps automate the creation, modification, and termination
of user privileges throughout the entire user lifecycle. IBM Security Identity Manager can help
increase user efficiency, reduce IT administration costs, enforce
security, and manage compliance.
IBM Security Identity Manager centralizes
the process of provisioning and accessing user accounts on the operating
systems and applications in your organization. IBM Security Identity Manager provides
a mechanism to initially set up a semi-passive virtual appliance and
a high availability solution for providing an all-in-one identity virtual appliance.
The virtual appliance helps
to decrease the amount of time the user spends in deploying and configuring
in their own product environment.
IBM Security Identity Manager helps companies
automate the process of provisioning employees, contractors, and business
partners in one or more organizations with access rights to the applications
they need, whether in a closed enterprise environment or across a
virtual or extended enterprise. IBM Security Identity Manager provides
lifecycle management of user accounts on remote resources, with adapters
and policy-based provisioning to enable access to the managed resources
that an enterprise requires.
One or more IBM Security Identity Manager organizations
contain users, who have membership in groups and have static or dynamic
organization roles. More policies and workflows enable access to the
entitlements to managed resources, and access control items grant
rights to selected privileges. A system administrator has full access
to all operational areas of IBM Security Identity Manager.
IBM Security Identity Manager virtual appliance overview
The IBM Security Identity Manager virtual appliance is a network
appliance-based identity-management solution. IBM Security Identity Manager offers a virtual appliance to
reduce the overall Time To Value (TTV) and greatly reduce the deployment
time of the product. You can configure the virtual appliance for
a cluster environment. You can configure a virtual appliance to
connect to external database servers, directory servers, and other
supported appliances. You can manage the configuration interfaces
and capabilities to deploy and configure the products on the virtual appliance.
The IBM Security Identity Manager virtual appliance cluster
is made of one primary node and other member nodes. All configuration
changes such as hardware and software are done only on the primary
node. There is only one primary node in the cluster. Even if the primary
node itself goes down or must be taken down, the other nodes can continue
to do the IBM Security Identity Manager functions.
Changes to configuration details are not allowed until the primary
node is reconnected in the cluster.
Note: IBM Security Identity Manager V7.0.0.2 on the virtual appliance does
not support a direct upgrade or migration from previous versions of
the IBM Security Identity Manager product.
The
important features of the
IBM Security Identity Manager virtual appliance are as
follows:
- IBM Security Identity Manager now
has Identity Governance capabilities
through the IBM Security Identity Governance (SIG)
adapter.
- A configuration wizard for the first time configuration of the IBM Security Identity Manager solution
in stand-alone or cluster mode.
- A dashboard for viewing system status such as system notifications,
cluster status, component and application status, deployment statistics,
and disk usage.
- Analysis and diagnostics tools such as memory statistics, CPU
usage, and performance metrics and service statistics for IBM Security Identity Manager.
- Centralized management of IBM Security Identity Manager settings
such as data tier components or external entities, and log files.
- Control of system settings such as host name, date or time, and
network settings.
- Most of the features are configurable by using the graphical management
interface.
- Add member nodes that point to the primary node to process large
number of IBM Security Identity Manager requests.
- Remove a node from the cluster for any maintenance such as applying
fix packs, upgrades, or failures.
- Synchronization between two nodes.
- Backing up a primary node for disaster recovery purposes.
- External middleware components such as database server and directory
server.
- Manage application server certificates, upload feed files, configure
mail server, configure Security Directory Integrator server, or
Oracle server.
- Configure Single Sign On to authorize the user to use multiple
applications with the single sign-on facility.
- Configure an external user registry with IBM Security Identity Manager to grant
users of external user registry the authority to log on to IBM Security Identity Manager application.
- Upload, download, or update files on the virtual appliance by
using the Custom File Management feature from
the Appliance Dashboard.
- Upload library files and custom workflow extensions that can be
used in IBM Security Identity Manager.
- Update IBM Security Identity Manager properties
by using the Update Property feature from the Appliance
Dashboard.
- Monitoring the status of all the nodes and the individual applications
in the IBM Security Identity Manager virtual appliance cluster.
- IBM Security Identity Manager Mobile App to
manage accounts by using a mobile phone to communicate your requests
from the IBM Security Identity Manager virtual appliance.
- Send system audit
events over emails.
- SNMP monitoring
can be used to monitor the IBM Security Identity Manager virtual appliance.
- Enabling and simplifying
workflow extension configuration.
- Configure an external
library.
- Enable separate
application interfaces for the virtual appliance and
the application consoles.
- Use of log file
management.
- Export and import
configurations. You can also export, import, access, or download report
files.
- Download and view
core dumps to diagnose or debug virtual appliance errors.
- Manage hosts file.
- Configure static
routes.