Tivoli Identity Manager Architecture

The Tivoli Identity Manager Server application runs on IBM WebSphere Application Server and communicates with adapters on remote systems.The Tivoli Identity Manager application runs on a single-server configuration with the WebSphere Application Server base product. However, Tivoli Identity Manager can also run in a larger cluster configuration that is composed of one or more WebSphere Application Servers and of a deployment manager that manages a cluster.

Tivoli Identity Manager stores transactional and historical data in a database server. For example, the Tivoli Identity Manager provisioning processes use a relational database to maintain their current state and their history. A type 4 Java Database Connectivity driver (JDBC™ driver) connects the Tivoli Identity Manager Server to a database. The DB2 and Microsoft SQL type 4 JDBC drivers are bundled with the Tivoli Identity Manager installation program. For an Oracle database, you must obtain this JDBC driver (ojdbc14.jar) from your Oracle Database Server installation.

Along with using a relational database, Tivoli Identity Manager stores the current state of the managed identities in an LDAP directory, including user account and organizational data. It is always recommended that Tivoli Identity Manager has its own database and LDAP server, due to the high volume of data exchange between these two components and Tivoli Identity Manager Server.

Finally, an HTTP server, such as IBM HTTP Server, and an IBM WebSphere Web server plug-in enable browser-based access to the Tivoli Identity Manager Server.

 Click on the figure to zoom

 

The above fig illustrates that Tivoli Identity Manager supports the use of two type of adapters:

Agent-based adapters, which must reside on the managed resource to administer accounts. Communication between adapter and Tivoli Identity Manager Server is usually through DAML protocol. So, these adapters are often called DAML-based adapters.

Agentless adapters can reside on a remote server to administer accounts. For example, the UNIX/Linux adapter is an agentless adapter.

IBM Tivoli Directory Integrator is an optional installation component that is used for hosing of agentless, RMI-based (Remote Method Invocation) adapters. The tool is also used for complex HR feeds (a load of person data into Tivoli Identity Manager) from typical resources or from multiple resources. Tivoli Directory Integrator can be installed on a separate server (usually called Adapter server),or it can be co-located on the same server that runs WebSphere Application Server and Tivoli Identity Manager Server.

The RMI Dispatcher is a Tivoli Directory Integrator component that enables the Tivoli Identity Manager Server to communicate with a Tivoli Directory Integrator-based adapter using RMI. The RMI Dispatcher is the request handler inside Tivoli Directory Integrator for the Tivoli Directory Integrator-based adapters. The RMI Dispatcher is not installed with the base Tivoli Directory Integrator product and must be installed separately in order for the Tivoli Directory Integrator-based adapters to run.