Page 1 AUTHORIZED DOCUMENTATION Installation Guide Novell ® Identity Manager 3.6.1 January 05, 2010 www.novell.com Identity Manager 3.6.1 Installation Guide...
Page 2 Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Page 3 Novell Trademarks For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/ trademarks/tmlist.html). Third-Party Materials All third-party trademarks are the property of their respective owners.
Page 4 Identity Manager 3.6.1 Installation Guide...
Page 5: Table Of Contents
Contents About This Guide Part I Planning 1 Setting Up a Development Environment 2 Creating a Project Plan Discovery Phase ............15 2.1.1 Defining Current Business Processes .
Page 6 Installing Identity Manager in Clustering Environment ....... 64 8 Activating Novell Identity Manager Products Purchasing an Identity Manager Product License .
Page 7 11.2 System Requirements ............73 12 In-place Upgrade Versus Migration 12.1 In-place Upgrade .
Page 8 17 Uninstalling Designer A Documentation Updates July 31, 2009 ............. 103 A.1.1 What’s New .
Page 9: About This Guide
Chapter 5, “Where to Get Identity Manager,” on page 43 Chapter 6, “System Requirements,” on page 45 Chapter 7, “Installing Identity Manager,” on page 55 Chapter 8, “Activating Novell Identity Manager Products,” on page 65 Part III, “Upgrading,” on page 69 Chapter 10, “What’s New,” on page 71 Chapter 11, “Supported Versions for Upgrades and System Requirements,”...
Page 10 Identity Manager Roles Based Provisioning Module Documentation Web site (http://www.novell.com/documentation/idmrbpm361/index.html). Documentation Conventions In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path. ® A trademark symbol ( , etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark.
Page 11: Part I Planning
Identity Manager implementation. For more information about partnership options, see the Novell Solution Partner Web site (http://www.novell.com/partners/). Novell Education also offers courses that address Identity Manager implementation. Chapter 1, “Setting Up a Development Environment,” on page 13 Chapter 2, “Creating a Project Plan,” on page 15 Chapter 3, “Technical Guidelines,”...
Page 12 Identity Manager 3.6.1 Installation Guide...
Page 13: Setting Up A Development Environment
Setting Up a Development Environment Before you begin the planning phase of the Identity Manager deployment, you must be familiar with the Identity Manager products so you can create a useful plan. Setting up a development environment where you can test, analyze, and develop your Identity Manager solution allows you to learn about each component of Identity Manager and find unforeseen issues and complications that can arise.
Page 14 Identity Manager 3.6.1 Installation Guide...
Page 15: Creating A Project Plan
Creating a Project Plan This planning material provides an overview of the type of activities that are usually part of an Identity Manager project, from its inception to its full production deployment. Implementing an identity management strategy requires you to discover what all of your current business processes are, what are the needs for these processes, who the stakeholders are in your environment, and then design a solution, get buy-in from stakeholders, and test and roll out the solution.
Page 16: Defining Current Business Processes
2.1.1 Defining Current Business Processes Identity Manager automates business processes to easily manage identities in your environment. If you do not know what the current business processes are, you cannot design an Identity Manager solution that automates those processes. You can use the Architecture mode of Designer to capture your current business processes and display them graphically.
Page 17: Defining How The Identity Manager Solution Affects The Current Business Processes
Example of Business Processes Figure 2-1 The next step is in Section 2.1.2, “Defining How the Identity Manager Solution Affects the Current Business Processes,” on page 2.1.2 Defining How the Identity Manager Solution Affects the Current Business Processes After you have defined your current business processes, you need to decide which processes you want to incorporate into an Identity Manager solution.
Page 18: Identifying The Key Business And Technical Stakeholders
2.1.3 Identifying the Key Business and Technical Stakeholders Identifying all stakeholders involved in the Identity Manager solution is important for the success of the solution. In most companies, there is not just one person you can contact who understands all business and technical aspects of the business processes.
Page 19: Requirements And Design Analysis Phase
® basic knowledge of directories, Novell eDirectory , Novell Identity Manager, and XML integration in general. After you have completed the discovery phase, proceed to the Section 2.2, “Requirements and Design Analysis Phase,”...
Page 20: Define The Business Requirements
After the requirements analysis, you can establish the scope and project plan for the implementation, and determine if any prerequisite activities need to occur. To avoid costly mistakes, be as complete as possible in gathering information and documenting requirements. Here is a list of possible requirements: Data model showing all systems, authoritative data sources, events, information flow, data format standards, and mapping relationships between connected systems and attributes within...
Page 21: Analyze Your Business Processes
It might be advantageous to divide the deployment into phases that enable implementation of a portion of the deployment earlier and other portions of the deployment later. You can do a phased deployment approach as well. It should be based on groups of people within the organization.
Page 22: Design An Enterprise Data Model
What operations/events/actions are to be ignored? How is the data to be transformed and mapped to Identity Manager? Interviewing key people can lead to other areas of the organization that can provide a more clear picture of the entire process. After you have gathered all of this information, you can design a correct enterprise data model for your environment.
Page 23: Proof Of Concept
The development of this model begins by answering questions such as the following: What types of objects (users, groups, etc.) are being moved? Which events are of interest? Which attributes need to be synchronized? What data is stored throughout your business for the various types of objects being managed? Is the synchronization one-way or two-way? Which system is the authoritative source for which attributes? It is also important to consider the interrelationships of different values between systems.
Page 24: Production Pilot
You need to have the data model that you completed in the analysis and design phases. You should also have a proposed record matching and data format strategy defined in order to prepare the data correctly. With the data model and format strategy defined, you can: Create production data sets appropriate for loading into the Identity Vault (as identified in the analysis and design activities).
Page 25: Production Deployment
2.7 Production Deployment The production deployment phase puts all of the plans into action and the Identity Manager solution is created in the live environment. Use the production rollout plan to put the different pieces of the Identity Manager solution into place. This might take one night or it might be spread across a longer period of time.
Page 26 Identity Manager 3.6.1 Installation Guide...
Page 27: Technical Guidelines
Server with eDirectory iManager Server Novell Sentinel Server Identity Manager is very customizable. The following sections contain technical best practices guidelines to help set up and configure the Identity Manager solution that works best for your environment. Variables that affect how these guidelines apply to your environment include the type of hardware you have for your servers, how your WAN is configured, and how many objects are being synchronized.
Page 28: Management Tools Guidelines
This document contains information only about Designer and iManager. The User Application uses a Web-based administration page that is not discussed here. For more information about the User Application, see “Administering the User Application” (http://www.novell.com/documentation/ idmrbpm361/agpro/data/agpropartadminapp.html) in the User Application Administration Guide.
Page 29: Metadirectory Server Guidelines
The Remote Loader provides added flexibility for your Identity Manager solution. For more information, see the Identity Manager 3.6.1 Remote Loader Guide. Metadirectory Sever Figure 3-3 User Designer iManager Application Server Administration Workstation Metadirectory Server with eDirectory iManager Server Novell Sentinel Server Technical Guidelines...
Page 30: Edirectory Guidelines
Guide. For considerations for each driver, see the Identity Manager Drivers documentation Web site (http:// www.novell.com/documentation/idm36drivers/index.html). Driver-specific information is provided in each driver guide. 3.3 eDirectory Guidelines eDirectory is the Identity Vault that stores the objects that are synchronized through the Identity Manager solution.
Page 31: Replicating The Objects That Identity Manager Needs On The Server
NOTE: When creating a Driver Set object, the default setting is to create a separate partition. ® Novell recommends creating a separate partition on the Driver Set object. For Identity Manager to function, the server is required to hold a full replica of the Driver Set object. If the server has a full replica of the location where the Driver Set object is installed, the partition is not required.
Page 32: Using Scope Filtering To Manage Users On Different Servers
To prevent separate instances of a driver from trying to synchronize the same users, you need to use scope filtering to define which users each instance of the driver should synchronize. Scope filtering means that you add rules to each driver to limit the scope of the driver’s management to specific containers.
Page 33 The following illustration shows an Identity Vault with three containers that hold users: Marketing, Finance, and Development. It also shows an Identity Management container that holds the driver sets. Each of these containers is a separate partition. Example Tree for Scope Filtering Figure 3-4 ACME Identity Vault ACME...
Page 34: User Application
Two Servers with Overlapping Replicas, without Scope Filtering Figure 3-5 Marketing Development Finance Finance JBassad JBassad Identity Management Identity Management Identity Identity Manager Manager Driver Set Server A Driver Set Server B Server A Server B GroupWise Server A GroupWise Server B Without scope filtering, both GroupWise drivers try to manage user JBassad...
Page 35: Auditing And Reporting Guidelines
3.5 Auditing and Reporting Guidelines If you need auditing and reporting as part of the Identity Manager solution, you need to implement Identity Audit or Novell Sentinel . It is recommended that you run Identity Audit or Sentinel on its...
Page 36 Sentinel Figure 3-8 User Designer iManager Application Server Administration Workstation Metadirectory Server with eDirectory iManager Server Novell Sentinel Server Identity Manager 3.6.1 Installation Guide...
Page 37: Part Ii Installation
Chapter 5, “Where to Get Identity Manager,” on page 43 Chapter 6, “System Requirements,” on page 45 Chapter 7, “Installing Identity Manager,” on page 55 Chapter 8, “Activating Novell Identity Manager Products,” on page 65 Chapter 9, “Troubleshooting Identity Manager,” on page 67 Installation...
Page 38 Identity Manager 3.6.1 Installation Guide...
Page 39: Basic Identity Manager System Checklist
Basic Identity Manager System Checklist The are many different ways to configure Identity Manager to take advantage of all of its features. Figure 4-1 represents a basic configuration of Identity Manager, which provisions users by synchronizing data. No matter how Identity Manager is configured, you always start with a basic system.
Page 40: Prerequisites
For more information, see the eDirectory 8.8 documentation Web site (http://www.novell.com/ documentation/edir88/index.html). Install Novell iManager 2.7.3 on the same server. For more information, see the iManager documentation Web site (http://www.novell.com/documentation/imanager27/index.html). Download the Identity Manager product. For instructions on how to access the Identity Manager software, see Chapter 5, “Where to Get Identity Manager,”...
Page 41: Driver Configuration With The Remote Loader
For specific information about your driver, see the Identity Manager 3.6.1 Drivers Documentation Web site (http://www.novell.com/documentation/idm36drivers/). (Optional) Enable entitlements on the driver. Verify that you have the correct policies in place to execute the entitlement. For more information, see Identity Manager 3.6.1 Entitlements...
Page 42 You can add Identity Audit or Novell Sentinel to your Identity Manager solution for auditing and reporting. For more information about Identity Audit, see the Identity Manager 3.6.1 Integration Guide for Identity...
Page 43: Where To Get Identity Manager
(http://download.novell.com). 2 In the Product or Technology menu, select Novell Identity Manager, then click Search. 3 On the Novell Identity Manager Downloads page, click the Download button next to a file you want. 4 Follow the on-screen prompts to download the file to a directory on your computer.
Page 44 Provisioning Module comes on a separate ISO image and is purchased separately. See the User Application Installation Guide (http://www.novell.com/documentation/idmrbpm37/) for more information. Your Identity Manager purchase also includes Designer for Identity Manager, a powerful and flexible administration tool that dramatically simplifies configuration and deployment.
Page 45: System Requirements
System Requirements ® The components of Novell Identity Manager can be installed on multiple systems and platforms. Figure 6-1 shows which platforms and systems are supported. System Requirements for the Identity Manager Components Figure 6-1 Windows Vista Windows XP Pro. SP2 openSUSE 10.3...
Page 46: Edirectory And Imanager
8.8.5 or later (32-bit or 64-bit) iManager 2.7.3 For system requirements for eDirectory, see the Novell eDirectory 8.8 SP5 Installation Guide (http:/ /www.novell.com/documentation/edir88/index.html). For system requirements for iManager, see the iManager 2.7 Installation Guide (http://www.novell.com/documentation/imanager27/index.html). 6.2 Metadirectory Server The Metadirectory server processes the events from the drivers, whether they are configured using the Remote Loader or not.
Page 47: Supported Processors
Red Hat 5.0 or later (32-bit and 64-bit) SLES 10 SP1 or later SPs (32-bit and 64-bit) SLES 11 (32-bit and 64-bit) Novell Sentinel Solaris 10 (32-bit and 64-bit) Server 6.1 AIX 5.3 (64-bit) OES 2 SP1 and SP2 (32-bit...
Page 48: Server Operating Systems
64-bit mode. Red Hat 5.0 or later (32-bit and 64-bit) The Metadirectory server runs in either 32-bit or 64-bit mode. Novell recommends that you apply the latest OS patches via the manufacturer’s automated update facility before you install Identity Manager.
Page 49: Remote Loader
64-bit iManager 2.7.3 Server Novell Sentinel Server 6.1 If you have installed the Metadirectory engine as a 32-bit application on a 64-bit operating system, you cannot install the 64-bit Remote Loader on the same machine. The libraries for the 32-bit Metadirectory engine and the 64-bit Remote Loader have the same names.
Page 50: User Application
Red Hat 5.0 or later (32-bit and 64-bit) The Remote Loader runs in either 32-bit or 64- bit mode. Novell recommends that you apply the latest OS patches via the manufacturer’s automated update facility before you install Identity Manager.
Page 51: Workstations
Identity Manager 3.6.1 Integration Guide for Identity Audit. For configuration uniformitarian about Sentinel with Identity Manager, see the Identity Manager 3.6.1 Reporting Guide for Novell Sentinel. For system requirement information about Identity Audit, see the Identity Audit Guide (http://www.novell.com/ documentation/identityaudit/index.html). For system requirement information about Novell Sentinel, see the Novell Sentinel Installation Guide (http://www.novell.com/documentation/...
Page 52: Workstation Platforms
8.8.5 or later 32-bit and 64-bit iManager 2.7.3 Server Novell Sentinel Server 6.1 There are three different items that affect workstations: Section 6.6.1, “Workstation Platforms,” on page 52 Section 6.6.2, “iManager and Web Browsers,” on page 53 6.6.1 Workstation Platforms Table 6-3 contains a list of the supported workstation platforms for Designer and iManager.
Page 53: Imanager And Web Browsers
Platforms Details SUSE Linux Enterprise Server 10 SP1/SP2 Apply the latest patches via the automated update facility. 6.6.2 iManager and Web Browsers The supported version of iManager for Identity Manager 3.6.1 is iManager 2.7.3. It runs all of the plug-ins required to configure and administer Identity Manager. The supported Web browsers for managing Identity Manager are: Internet Explorer* 6 SP2 Internet Explorer 7...
Page 54 Identity Manager 3.6.1 Installation Guide...
Page 55: Installing Identity Manager
Install Folder: Specify a location on the workstation where Designer should be installed. Create Shortcuts: Select whether the shortcuts are placed on your desktop and in your Desktop Menu. 4 Refer to Designer 3.5 for Identity Manager 3.6 Administration Guide (http://www.novell.com/ documentation/designer35/admin_guide/data/front.html) for further information. 7.2 Installing the Metadirectory Server For Linux\UNIX platforms you can install the Metadirectory Server as or a nonroot user.
Page 56 Novell Identity Manager Metadirectory Server: This option requires the Identity Vault to be installed on this server. It extends the schema for Identity Manager, ® installs the Metadirectory engine, the Identity Manager drivers, and the Novell Audit Agent. Novell Identity Manager Connected System Server: This option does not require the Identity Vault to be installed on this server.
Page 57: Nonroot Installation Of The Metadirectory Server
Novell Identity Manager Web-based Administration Server: Select this option if you have iManager installed on this server. It installs the iManager plug-ins for Identity Manager. Utilities: Installs utilities used to help configure the drivers for the connected systems. Not all drivers have utilities. If you are not sure if you need this, select it. It does not use much disk space.
Page 58: Silent Installation Of The Metadirectory Server
IDM3.6.1_platform/setup/utilities 5 Activate Identity Manager. For more information, see Chapter 8, “Activating Novell Identity Manager Products,” on page 6 Create and configure the driver objects. This information is contained in each driver guide. For more information, see the Identity Manager Drivers documentation (http://www.novell.com/...
Page 59: Installing The Remote Loader
7.3.1 Requirements The Remote Loader requires that each driver’s connected system is available and the relevant APIs are provided. Refer to the Identity Manager Driver documentation (http://www.novell.com/ documentation/idm36drivers) for operating system and connected system requirements that are specific to each driver.
Page 60: Installation Procedure
Lotus Notes* PeopleSoft* 5.2 Remedy* ARS SAP* HR SAP User Management Scripting SOAP WorkOrder Manual Task Services Null Services LoopBack The drivers listed in Table 7-2 are not capable of using the Remote Loader. No Remote Loader Capabilities Table 7-2 eDirectory Entitlements Service Role Service...
Page 61 Select Components: Select the connected system server and utilities to install the Remote Loader. Novell Identity Manager Metadirectory Server: Select this option only if you are installing the Metadirectory server. This option requires the Identity Vault to be installed on this server. For more information, see Section 7.2, “Installing the...
Page 62: Silent Installation Of The Remote Loader
Installing 32-Bit Remote Loader on 64-Bit Operating System By default 64-bit Remote Loader is installed. To install a 32-bit Remote Loader, do the following: On Windows: 1 Browse the file in the 32bit_RL_Install.properties IDM3.6.1_Win:Windows\setup\ folder and set the RL_32BIT_INSTALL_ON_64BIT property values to true as follows: RL_32BIT_INSTALL_ON_64BIT=true 2 In the command prompt, change the directory path to IDM 3.6.1 installation folder (say, C:\IDM3.6.1\windows\setup) and enter one of the following commands:...
Page 63: Installing The Java Remote Loader On Unix, Linux, Or Aix
“Configuring the Remote Loader for Linux\UNIX by Creating a Configuration File” in the Identity Manager 3.6.1 Remote Loader Guide. 7.4 Installing the Roles Based Provisioning Module To install the Roles Based Provisioning Module, see the Installation Guide (http://www.novell.com/ documentation/idmrbpm361/index.html) for the Roles Based Provisioning Module. Installing Identity Manager...
Page 64: Installing A Custom Driver
7.7 Installing Identity Manager in Clustering Environment If you deploy Identity Manager in a clustered environment, Novell supports Identity Manager running in the cluster, although in most situations, the cluster itself is not supported. The following two scenarios describe the extent of support given: If you run the Identity Manager engine or remote loader on SUSE Linux Enterprise Server (SLES), and use Heartbeat to manage High Availability, everything is supported.
Page 65: Activating Novell Identity Manager Products
After you purchase a product license, Novell sends you a Customer ID via e-mail. The e-mail also contains a URL to the Novell site where you can obtain a credential. If you do not remember or do not receive your Customer ID, call the Novell Activation Center at 1-800-418-8373 in the U.S. In all other locations, call 1-801-861-8373 (You will be charged for calls made using the 801 area code.).
Page 66: Viewing Product Activations For Identity Manager And For Drivers
5 Click to browse for and select a driver set in the tree structure. 6 On the Identity Manager Overview page, click the driver set that contains the driver to activate. 7 On the Driver Set Overview page, click Activation > Installation. 8 Select the driver set where you want to activate an Identity Manager component, then click Next.
Page 67: Troubleshooting Identity Manager
Troubleshooting Identity Manager Keep in mind the following information when you install Identity Manager: On AIX 5.3, IDM 3.6.1 installation hangs if NFS mounts are down. This behavior is also applicable for the instances where the IDM installer iso is on the same machine (AIX) and any mounted partition is down.
Page 68 Identity Manager 3.6.1 Installation Guide...
Page 69: Part Iii Upgrading
Upgrading I I I The following sections contain information about upgrading your existing Identity Manager solution: Chapter 10, “What’s New,” on page 71 Chapter 11, “Supported Versions for Upgrades and System Requirements,” on page 73 Chapter 12, “In-place Upgrade Versus Migration,” on page 75 Chapter 13, “Performing an In-place Upgrade,”...
Page 70 Identity Manager 3.6.1 Installation Guide...
Page 71: What's New
What’s New Section 10.1, “Support for 64-Bit Operating Systems,” on page 71 Section 10.2, “Support for 32-Bit Remote Loader Installation on 64-Bit Operating Systems,” on page 71 Section 10.3, “Identity Manager Driver for SAP Portal,” on page 71 Section 10.4, “Updated Identity Manager Driver for SAP HR and Identity Manager Driver for SAP User Management,”...
Page 72 Identity Manager 3.6.1 Installation Guide...
Page 73: Supported Versions For Upgrades And System Requirements
Supported Versions for Upgrades and System Requirements Section 11.1, “Supported Versions for Upgrades,” on page 73 Section 11.2, “System Requirements,” on page 73 11.1 Supported Versions for Upgrades The table indicates the supported upgrades for the previous versions of Identity Manager. Supported Versions for Upgrades Table 11-1 Installed Versions...
Page 74 Identity Manager 3.6.1 Installation Guide...
Page 75: In-Place Upgrade Versus Migration
In-place Upgrade Versus Migration There are two different ways to upgrade: in-place upgrade or migration. Each method has advantages and disadvantages, and there are scenarios where only one method can be used. Section 12.1, “In-place Upgrade,” on page 75 Section 12.2, “Migration,” on page 76 Section 12.3, “Multiple Servers Associated with a Single Driver Set,”...
Page 76: Migration
12.2 Migration A migration is installing Identity Manager 3.6.1 on a new server, then migrating the existing data to this new server. Follow the Chapter 4, “Basic Identity Manager System Checklist,” on page 39 verify that the installation is complete. The advantages are: There is minimal downtime for the drivers The disadvantages are:...
Page 77: Performing An In-Place Upgrade
Upgrade eDirectory to 8.8.5 or later on the server running Identity Manager. For more information, see the eDirectory Installation Guide (http://www.novell.com/documentation/ edir88/index.html). (Conditional) If your platform is Linux, UNIX, or Solaris, there are additional steps the must be completed to add files to the correct location. For more information, see Section 13.3, “Adding...
Page 78 Start the drivers associated with this server. For more information, see Section 13.10, “Starting the Drivers,” on page 87 If you are using Novell Sentinel , you must update to Novell Sentinel 6.1. For more information about upgrading Sentinel, see the Sentinel Installation Guide (http:// www.novell.com/documentation/sentinel6/pdfdoc/sentinel60_installationguide.pdf).
Page 79: Creating A Backup Of The Current Configuration
13.1 Creating a Backup of the Current Configuration Before upgrading, it is important to create a backup of the current configuration of your Identity Manager system. There are no additional steps required if you are using the User Application. All User Application configuration is stored in the User Application driver.
Page 80: Creating An Export Of The Drivers
5 On the toolbar, select Project > Import Project > Identity Vault. 6 Specify a name for the project, then either use the default location for your project or select a different location. 7 Click Next. 8 Specify the Identity Vault connection information: Host Name: Specify the IP address or DNS name of the Identity Vault server.
Page 81: Stopping The Drivers
3 Click the Driver Set object that holds the driver you want to upgrade. 4 Click the driver you want to upgrade, then click Export. 5 Click Next, then select Export all contained policies, linked to the configuration or not. 6 Click Next, then click Save As.
Page 82: Adding Files To The Correct Location On Linux/Unix Platforms
6e On the Driver Configuration page under Startup Options, select Manual, then click OK. 6f Repeat Step 6a through Step 6e for each driver in your tree. 13.3 Adding Files to the Correct Location on Linux/UNIX Platforms When you do an in-place upgrade from eDirectory 8.7.3 to eDirectory 8.8.5, the installation places the eDirectory files in different locations.
Page 83: Upgrading Designer
1 Create a backup of the Remote Loader configuration files. The default location of the files is as follows: Windows: C:\Novell\RemoteLoader\remoteloadername-config.txt Linux: Create your own configuration file in the path of rdxml. 2 Verify that the drivers are stopped. For instructions, see Section 13.2, “Stopping the Drivers,”...
Page 84: Overlaying The New Driver Configuration File Over The Existing Driver
6 (Conditional) If there is a problem with the configuration file, copy the backup file created in Step 1. Otherwise, continue with Step 7 Start the Remote Loader service or daemon for each driver. Windows: In the Remote Loader Console, select the Remote Loader instance, then click Start.
Page 85: Driver
13.7.2 Using iManager to Overlay the New Driver Configuration File over the Existing Driver 1 In iManager, select Identity Manager > Identity Manager Overview. 2 Browse to and select the location in the tree to search for Driver Set objects, then click the search icon 3 Click the Driver Set object.
Page 86: Using Imanager To Restore Custom Policies And Rules To The Driver
3 Browse to and select the customized policy, then click OK. 4 Specify the name of the customized policy, then click OK. 5 Click Yes in the file conflict message to save your project. 6 After the Policy Builder opens the policy, verify that the information is correct in the copied policy.
Page 87: Deploying The Converted Project
For information on starting the driver, see Section 13.10, “Starting the Drivers,” on page There is no policy simulator in iManager. To test the policies, cause events to happen that make the policies execute. For example, create a user, modify a user, or delete a user. 10 After you verify that the policies work, move the driver to the production environment.
Page 88 6b Browse to and select the location in the tree to search for Driver Set objects, then click the search icon 6c Click the Driver Set object. 6d In the upper right corner of the driver icon, click Edit properties. 6e On the Driver Configuration page, under Startup Options, select Auto start or select your preferred method of starting the driver, then click OK.
Page 89: Performing A Migration
The User Application driver must be migrated in Designer. For more information, see the Roles Based Provisioning Module Migration Guide (http://www.novell.com/ documentation/idmrbpm361/index.html). Create a new Roles Service driver. The Roles Service driver is not migrated. If you have an existing Role Service driver for version 3.6.1, you must create a new driver for version...
Page 90: Adding The New Server To The Driver Set
Remove the old server from the driver set. For more information, see Section 14.3, “Removing the Old Server from the Driver Set,” on page If you are using Novell Sentinel , you must update to Novell Sentinel 6.1. For more information about upgrading Sentinel, see the Sentinel Installation Guide (http:// www.novell.com/documentation/sentinel6/pdfdoc/sentinel60_installationguide.pdf).
Page 91: Changing The Server-Specific Information In Designer
Driver parameters Driver set data You can do this in Designer or iManager. If you use Designer, it is an automated process. If you use iManager, it is a manual process. You should use iManager if you are migrating from an IDM server earlier than 3.5 version to an IDM server greater than or equal to 3.5.
Page 92: Removing The Old Server From The Driver Set
6 Click the upper right corner of the driver, then click Edit properties. 7 You must copy or migrate all server-specific driver parameters, global configuration values, engine control values, named passwords, driver authentication data, and driver startup options that contain the old server’s information to the new server’s information. Global configuration values and other parameters of the driver set, such as max heap size, Java settings, and so on, must have identical values as those of the old server.
Page 93: Decommissioning The Old Server
1 Remove the eDirectory replicas from this server. For more information, see “Deleting Replicas” (http://www.novell.com/documentation/edir88/edir88/data/fbgciaad.html) in the eDirectory Administration Guide (http://www.novell.com/documentation/edir88/pdfdoc/ edir88/edir88.pdf). 2 Remove eDirectory from this server. For more information, see TID 10056593, “Removing a Server From an NDS Tree Permanently” (http://www.novell.com/support/php/ search.do?cmd=displayKC&docType=kc&externalId=10056593&sliceId=&docTypeID=DT_ TID_1_1&dialogID=35218849&stateId=0%200%2035214815). Performing a Migration...
Page 94 Identity Manager 3.6.1 Installation Guide...
Page 95: Part Iv Uninstalling Identity Manager
Uninstalling Identity Manager If you need to uninstall Identity Manager, use the procedures in the following sections in order. Chapter 15, “Removing Objects from eDirectory,” on page 97 Chapter 16, “Uninstalling the Metadirectory Server and Drivers,” on page 99 Chapter 17, “Uninstalling Designer,” on page 101 Uninstalling Identity Manager...
Page 96 Identity Manager 3.6.1 Installation Guide...
Page 97: Removing Objects From Edirectory
For more information, see Keeping eDirectory Healthy (http://www.novell.com/ documentation/edir88/edir88/data/a5ziqam.html) in the Novell eDirectory 8.8 Administration Guide. 2 Log in to iManager as an administrator user with full rights to the eDirectory tree. 3 Select Partitions and Replica > Merge Partition.
Page 98 Identity Manager 3.6.1 Installation Guide...
Page 99: Uninstalling The Metadirectory Server And Drivers
Execute the uninstall script ( ) located at Uninstall Identity Manager.exe C:\Program Files\Novell\Identity Manager\Uninstall_Identity_Manager For 64-bit Windows, use one of the following methods: Access the Control Panel on the Windows server. If the server is Windows Server 2003, click Add or Remove Programs. If the server is Windows Server 2008, click Programs and Features.
Page 100 100 Identity Manager 3.6.1 Installation Guide...
Page 101: Uninstalling Designer
Uninstalling Designer Uninstalling Designer is very similar to uninstalling the Metadirectory server and driver. For Windows, select Add or Remove Programs in the control panel. For Linux/UNIX, execute the uninstall script located at ~/designer/UninstallDesigner/ Uninstall_Designer_for_Identity_Manager Uninstalling Designer...
Page 102 102 Identity Manager 3.6.1 Installation Guide...
Page 103: A Documentation Updates
Documentation Updates The documentation was updated on the following dates: A.1 July 31, 2009 Updates were made to the following sections. The changes are explained below. Section A.1.1, “What’s New,” on page 103 A.1.1 What’s New The following update was made in this section: Location Change Section 10.3, “Identity...
Page 104 104 Identity Manager 3.6.1 Installation Guide...

Novell IDENTITY MANAGER 3.6.1 Installation Manual

About this Guide

Part I Planning

1 Setting up a Development Environment

2 Creating a Project Plan

3 Technical Guidelines

Part II Installation

4 Basic Identity Manager System Checklist

5 Where to Get Identity Manager

6 System Requirements

7 Installing Identity Manager

8 Activating Novell Identity Manager Products

9 Troubleshooting Identity Manager

Part III Upgrading

10 What's New

11 Supported Versions for Upgrades and System Requirements

12 In-Place Upgrade Versus Migration

13 Performing an In-Place Upgrade

14 Performing a Migration

Part IV Uninstalling Identity Manager

15 Removing Objects from Edirectory

16 Uninstalling the Metadirectory Server and Drivers

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Novell IDENTITY MANAGER 3.6.1

Summary of Contents for Novell IDENTITY MANAGER 3.6.1

Table of Contents