IBM Security Identity Manager overview

IBM Security Identity Manager is an automated and policy-based solution that manages user access across IT environments, helping to drive effective identity management and governance across the enterprise. By using roles, accounts, and access permissions, it helps automate the creation, modification, and termination of user privileges throughout the entire user lifecycle. IBM Security Identity Manager can help increase user efficiency, reduce IT administration costs, enforce security, and manage compliance.

IBM Security Identity Manager centralizes the process of provisioning and accessing user accounts on the operating systems and applications in your organization. IBM Security Identity Manager provides a mechanism to initially set up a semi-passive virtual appliance and a high availability solution for providing an all-in-one identity virtual appliance. The virtual appliance helps to decrease the amount of time the user spends in deploying and configuring in their own product environment.

IBM Security Identity Manager helps companies automate the process of provisioning employees, contractors, and business partners in one or more organizations with access rights to the applications they need, whether in a closed enterprise environment or across a virtual or extended enterprise. IBM Security Identity Manager provides lifecycle management of user accounts on remote resources, with adapters and policy-based provisioning to enable access to the managed resources that an enterprise requires.

One or more IBM Security Identity Manager organizations contain users, who have membership in groups and have static or dynamic organization roles. More policies and workflows enable access to the entitlements to managed resources, and access control items grant rights to selected privileges. A system administrator has full access to all operational areas of IBM Security Identity Manager.

IBM Security Identity Manager virtual appliance overview

The IBM Security Identity Manager virtual appliance is a network appliance-based identity-management solution. IBM Security Identity Manager offers a virtual appliance to reduce the overall Time To Value (TTV) and greatly reduce the deployment time of the product. You can configure the virtual appliance for a cluster environment. You can configure a virtual appliance to connect to external database servers, directory servers, and other supported appliances. You can manage the configuration interfaces and capabilities to deploy and configure the products on the virtual appliance.

The IBM Security Identity Manager virtual appliance cluster is made of one primary node and other member nodes. All configuration changes such as hardware and software are done only on the primary node. There is only one primary node in the cluster. Even if the primary node itself goes down or must be taken down, the other nodes can continue to do the IBM Security Identity Manager functions. Changes to configuration details are not allowed until the primary node is reconnected in the cluster.

Note: IBM Security Identity Manager V7.0.0.2 on the virtual appliance does not support a direct upgrade or migration from previous versions of the IBM Security Identity Manager product.
The important features of the IBM Security Identity Manager virtual appliance are as follows:
  • IBM Security Identity Manager now has Security Identity Governance capabilities through the IBM Security Identity Governance (SIG) adapter.
  • A configuration wizard for the first time configuration of the IBM Security Identity Manager solution in stand-alone or cluster mode.
  • A dashboard for viewing system status such as system notifications, cluster status, component and application status, deployment statistics, and disk usage.
  • Analysis and diagnostics tools such as memory statistics, CPU usage, and performance metrics and service statistics for IBM Security Identity Manager.
  • Centralized management of IBM Security Identity Manager settings such as data tier components or external entities, and log files.
  • The controls for the system settings such as host name, date or time, and network settings.
  • Most of the features are configurable by using the graphical management interface.
  • Add member nodes that point to the primary node to process large number of IBM Security Identity Manager requests.
  • Remove a node from the cluster for any maintenance such as applying fix packs, upgrades, or failures.
  • Synchronization between two nodes.
  • Backing up a primary node for disaster recovery purposes.
  • External middleware components such as database server and directory server.
  • Manage application server certificates, upload feed files, configure mail server, configure Security Directory Integrator server, or Oracle server.
  • Configure Single Sign On to authorize the user to use multiple applications with the single sign-on facility.
  • Configure an external user registry with IBM Security Identity Manager to grant users of external user registry the authority to log on to IBM Security Identity Manager application.
  • Upload, download, or update files on the virtual appliance by using the Custom File Management feature from the Appliance Dashboard.
  • Upload library files and custom workflow extensions that can be used in IBM Security Identity Manager.
  • Update IBM Security Identity Manager properties by using the Update Property feature from the Appliance Dashboard.
  • Monitoring the status of all the nodes and the individual applications in the IBM Security Identity Manager virtual appliance cluster.
  • IBM Security Access Request Mobile App to manage accounts by using a mobile phone to communicate your requests from the IBM Security Identity Manager virtual appliance.
  • Send system audit events over emails.
  • SNMP monitoring can be used to monitor the IBM Security Identity Manager virtual appliance.
  • Enabling and simplifying workflow extension configuration.
  • Configure an external library.
  • Enable separate application interfaces for the virtual appliance and the application consoles.
  • Use of log file management.
  • Export and import configurations. You can also export, import, access, or download report files.
  • Download and view core dumps to diagnose or debug virtual appliance errors.
  • Manage hosts file.
  • Configure static routes.