IBM Security Identity Governance and Intelligence, Version 5.2.3.1

Managing IBM Security Directory Integrator instances

IBM® Security Identity Governance and Intelligence uses IBM Security Identity Adapters to communicate with various managed resources. These adapters are deployed and run on instances of the Security Directory Integrator. The properties of the Security Directory Integrator or Dispatcher affect all of the adapters that run on the instance. Therefore, some adapters might need to run on separate instances of the Security Directory Integrator. Use this task to create and manage multiple instances of the Security Directory Integrator.

About this task

You can configure a maximum of 10 Security Directory Integrator instances. A new instance is assigned to the first available ID and port.

Changes that you make to the Directory Integrator instance are propagated to the nodes in a cluster by the node synchronization process.

Note: For Security Directory Integrator high availability, if the instance on the primary node becomes unavailable, the failover action is for Identity Governance and Intelligence to connect to the directory integrator instance on the secondary node. If the instance is unavailable on the secondary node, Identity Governance and Intelligence continues to try to connect to the instance on member nodes.

Before the virtual appliance routes the request, it checks the connections to the host, <host:port>.

For example, the instance SDI3 crashed on the primary node. Any request that is sent to SDI3 on the primary node is routed to instance SDI3 on one of the member nodes in the cluster. If instance SDI3 crashed on member node, any request that is sent to SDI3 on the member node is routed to another instance of SDI3. The instance can be on the primary node or on one of the member nodes in the cluster.

Procedure

  1. From the top-level menu of the Appliance Dashboard, click Configure > SDI Management. The Security Directory Integrator Management page displays a table with these column names.
    Instance ID
    Specifies the ID that was assigned to the instance when it was created. For example, the initial instance is SDI1.
    Instance Name
    Specifies the name of Security Directory Integrator instance. For example, SDIServer1.
    State
    Indicates whether the instance is started or stopped.
    Changes are Active
    Indicates whether the adapters in the Security Directory Integrator instance are functioning.
    Port
    Indicates the port that the instance listens on. For example, 1099. The following table shows the ports that are open in the firewall for every instance that is created.
    Table 1. Ports that are open in the firewall
    Instance Ports
    SDI1 1199, 1198, 1197, 1196, 1195, 1194.
    SDI2 2299, 2298, 2297, 2296, 2295, 2294.
    SDI3 3399, 3398, 3397, 3396, 3395, 3394.
    SDI4 4499, 4498, 4497, 4496, 4495, 4494.
    SDI5 5599, 5598, 5597, 5596, 5595, 5594.
    SDI6 6699, 6698, 6697, 6696, 6695, 6694.
    SDI7 7799, 7798, 7797, 7796, 7795, 7794.
    SDI8 8899, 8898, 8897, 8896, 8895, 8894.
    SDI9 9999, 9998, 9997, 9996, 9995, 9994.
    SDI10 11099, 11098, 11097, 11096, 11095, 11094.
    SSL Enabled
    Indicates whether secure communications are enabled for the Directory Integrator instance.

    The state is True if the virtual appliance is enabled for FIPS or if the Enable SSL check box was flagged in the Add Security Directory Integrator or Edit Security Directory Integrator windows.

  2. On the Security Directory Integrator Management page, do one of these actions.
    Table 2. Security Directory Integrator action items
    Action Button Description
    Add an instance New
    1. Click New to display the Add Security Directory Integrator Server window.
    2. Specify the name of the instance that you want to create.
    3. If you want to use secure communications, click the Enable SSL check box.
      Note: If the virtual appliance was enabled for FIPS, the check box is already flagged and grayed out. SSL is also enabled. You cannot clear the check box, unless FIPS is disabled.

      If the virtual appliance was not enabled for FIPS, the check box is enabled, and you can flag it to use SSL.

    4. Specify the minimum amount of memory that you want to assign to the instance in the Minimum Heapsize(MB) field. The minimum heapsize is, 256.
    5. Specify the maximum amount of memory that you want to assign to the instance in the Maximum Heapsize(MB) field. The maximum heapsize is, 4,096.
    6. Click Save Configuration.

    A message indicates that a new Security Directory Integrator server is being created. After the server instance is created, a system notification message is displayed and the instance is added to the table.
    Edit an instance Edit
    1. Select the instance.
    2. Click Edit to display the Edit Security Directory Integrator Server window.
    3. If you want to use secure communications, click the Enable SSL check box. If you want to disable secure communications, clear the check box.
      Note: If the virtual appliance was enabled for FIPS, the check box is already flagged and grayed out. SSL is also enabled. You cannot clear the check box, unless FIPS is disabled.

      If the virtual appliance was not enabled for FIPS, the check box is enabled, and you can flag it to use SSL.

    4. Use the up and down arrows to change the minimum amount of memory that you want to assign to the instance in the Minimum Heapsize(MB) field. The minimum heapsize is, 256.
    5. Use the up and down arrows to change the maximum amount of memory that you want to assign to the instance in the Maximum Heapsize(MB) field. The maximum heapsize is, 4,096.
    6. Click Save Configuration.

    A message indicates that the Security Directory Integrator server is being edited. After the server instance changes are complete, a system notification message is displayed that the instance update is successful.
    Delete an instance Delete
    1. Select the instance.
    2. Click Delete to display the Remove SDI Instance window.
    3. A confirmation message is displayed. Click Yesto delete the instance.

    A message indicates that the Security Directory Integrator server is being deleted. After the server instance is deleted, a system notification message is displayed that the instance is removed.
    Start an instance Start
    1. Select the instance.
    2. Click Start.

    A message indicates that the Security Directory Integrator server is starting. After the server instance is started, a system notification message is displayed that the instance started successfully.
    Stop an instance Stop
    1. Select the instance.
    2. Click Stop.

    A message indicates that the Security Directory Integrator server is stopping. After the server instance is stopped, a system notification message is displayed that the instance stopped successfully.
    Restart an instance Restart
    1. Select the instance.
    2. Click Restart.

    A message indicates that the Security Directory Integrator server is restarting. After the server instance is restarted, a system notification message is displayed that the instance was restarted successfully.
    Refresh the instance data Refresh Click Refresh to display the most recent version of the data, including changes that were made to the data since it was last refreshed.
    Troubleshoot instance problems, configure instance properties files, install adapters, and manage the instance certificates Manage
    1. Select the instance.
    2. Click Manage.
Parent topic: Virtual appliance administration