Simplified, Robust and Speedy Novell Identity Manager Implementation with Designer, Analyzer and iManager

Simplified, Robust and Speedy Novell® Identity Manager Implementation with IDM ToolsDesigner, Analyzer, and iManager

Yogesh RaoProduct [email protected]

Vivek Thakyal Senior Software [email protected]

© Novell, Inc. All rights reserved.2

Agenda

• Introduction• Analyzer Background • Analyzer New Features• Designer Background• Designer 3.5 New Features• Designer Upcoming Features• iManager Background• iManager New Features• Question and Answer

Introduction


Novell® Identity Manager Solution

Development Process– Interview System Owners– Write Business Rules– Analyze and Scrub Data– Model the Applications– Deploy to Test setup– Write Policies– Test Policies– Deploy to Production– Document the Project– Administration


Novell® Identity Manager Solution

Focus Areas for Designer, Analyzer, and iManager– Interview System Owners– Write Business Rules– Analyze and Scrub Data– Model the Applications– Deploy to Test setup– Write Policies– Test Policies– Deploy to Production– Document the Project– Administration

Analyzer

Designer

iManager

Analyzer Introduction



Data Analysis and Compliance Process



A project based on Eclipse with tools for:

• Data Analysis

• Data Cleansing

• Data Reconciliation

• Data Reporting


Availability

• Currently available as a part of Compliance management Platform

• Available as a part of Novell® Identity Manager code name – Dorado edition

Analyzer New Features


New Features in Analyzer

• Script Metrics – Test Data

• Script Metrics – Clean Data

• Matching Improvements

• SSL Connection to MySQL Database


Script Metrics

• More flexible and powerful than Regular Expressions

• Write scripts in ECMAScript, Ruby, and Python

• Write metrics spanning across multiple attributes

• Use the same script to clean data


Script Metrics


Matching Improvements

• Better handling for multi-valued and duplicate records• Duplicate matches displayed in a separate tab


SSL Connection to MySQL Database

• Analyzer can now connect to an external MySQL database using SSL

• Analyzer uses the database as a repository for all imported data.

Designer Introduction



1. Model application

2. Deploy to Test setup

3. Write Policies

4. Test Policies

5. Deploy to Production

6. Document the project



• Eclipse based desktop application

• Offline design and modeling capabilities

• Policy creation, management, and simulation

• Rich editors with undo/redo and global cut, copy, paste

• Powerful Test, Debug and Deploy capabilities

• Extensive support for User Application objects

• Support for creating Provisioning work-flows

• Support for Version Control



A powerful visual toolkit for designing the identity environment.• Graphically configure complex systems• Model “What if” scenarios• Automatically generate documentation• Leverage re-usable configurations to reduce deployment time


Stages

Designer 3.5 New Features


New Features in Designer 3.5

• Basic Support for Staging

• Designer as an RCP application

• Performance Improvements

• Role Based Entitlements

• Schema Compare

• Support for Novell® Identity Manager 3.6.1

• Support for Role Based Provisioning Module 3.7


Support for Staging

• Staging helps you to move projects from the design stage to the test environment and then the production environment

• Basic support for moving Novell® Identity Manager projects from one stage to another

• Store additional objects in LDIF format – Even objects not modeled in Designer can be stored– Import additional objects from an Identity Vault or an LDIF file– Export additional objects to an Identity Vault or an LDIF file


Support for Staging

Deploy Security Equivalences from LDIF file

– Security Equivalence objects present in the LDIF container can be deployed and associated with drivers


Designer as an RCP Application

Eclipse Rich Client Platform (RCP)

What does it mean to the Designer product?

• A better way of building Eclipse based applications

– Greater control over User Interface and Branding

– Greater control over plug-ins to be included in the product

• Choose what plug-ins should be included versus include everything, then remove what you don't need



What are the benefits?

• Improved and simplified User Interface

• Logically grouped menus items

• Removal of unnecessary menus, views, and perspectives



What are the benefits?

• Extracted size is 617 MB vs 805 MB

• Start up is significantly faster

• Performance improvements across many actions

• Leaner installer and faster installation


Performance Improvements

Improved eDirectory™ Browse performance over VPN

Minutes

Network Connection : VPN, Max Speed: 256 Kbps

Results may vary depending on the connection speed and system configuration of the system used

Re-Authentication

Browse 100 leaf objects

Browse 100 containers

0 2 4 6 8 10 12

Designer 3.5Designer 3.5.1



Improved eDirectory™ Browse performance over VPN

Minutes



Manage eDirectory

ID Vault > Deploy Context

Browse - Import Dialog

0 0.5 1 1.5 2 2.5 3

Designer 3.5Designer 3.5.1



• Improved deploy performance for Provisioning objects

• Better performance while deploying large number of objects

• On a particular test setup where deploy for 800 roles used to fail, we were able to deploy 1800 roles after the performance improvement code changes


Role-Based Entitlements

You can now create and edit Role-Based Entitlement Policies in Designer



• You can associate entitlements with policies• Users matching the criteria defined in the policies will

be granted the entitlements associated with that policy



• User can be assigned dynamically or statically to the policy

• Users can also be statically excluded from a policy


Schema Compare

• Compare the Identity Vault schema in Designer with the schema in your production environment

• View and reconcile the differences in schema

• Resolve conflicts on individual classes and attributes


Schema Compare


Support for Novell® Identity Manager 3.6.1

New and updated driver configuration files


Support forNovell® Identity Manager 3.6.1

Structured Configuration Values to support SAP driver fan-out• A new type of Configuration Values in Designer• A great way to group repeating sets of Configuration Values• Create a template with the repeating set of values and then

create instances of that template with the click of a button


Support for Roles Based Provisioning Module 3.7Support for Resources

• New Resource editor is now available

• Define categories, owners, and trustees

• Define grant and revoke approval processes for a resource

• New Resources Category list in the DAL editor


Support for Roles Based Provisioning Module 3.7New Team Editor

• Supports the new Team object class

• Supports creating a team for a particular domain

• Deprecated attributes removed from the Team editor


Support for Roles Based Provisioning Module 3.7Migration Support for migrating older versions of User Application Drivers to 3.7

Designer Upcoming Features


Upcoming Features in Designer

• Modeler Clutter Reduction

• Package Manager

• More Performance Improvements


Modeler Clutter Reduction

Enhanced Domain Groups


Modeler Clutter Reduction

• A new view has been added to the Domain Groups

• Shows the connection for the selected driver only

• Gives a preview of the applications within a Domain Group

• Makes projects with large number of drivers manageable

• Makes Domain Groups more usable

• Cleaner looking Modeler diagrams


Package Manager

• A new way for

– Creating

– Distributing

– Managing

• Novell® Identity Manager content



Improved Import/Deploy performance over VPN

Minutes



Import 2 Entitlement, 3 JDBC Drivers

Deploy 2 Entitlement, 3 JDBC Drivers

Compare 2 Entitlement, 3 JDBC Drivers

0 5 10 15 20 25 30

Designer 3.5Designer 4.0



Improved Import/Deploy performance over VPN

Minutes



Import two AD Drivers

Deploy two AD Drivers

Compare 2 AD Drivers

0 10 20 30 40 50 60

Designer 3.5Designer 4.0

iManager Introduction


iManager


iManager Introduction

• A web-based administration tool

• Provides a global view of the network from one browser-based tool

• Helps manage Novell® Open Enterprise Server, Novell Identity Manager, Novell eDirectory™ and other services

• A single point of administration for directory objects, schema, partitions, replicas and many other network resources.

iManager New Features


WAR File Deployment

• iManager can now be installed on an existing tomcat installation

• In order to remove installation dependencies on tomcat and Java runtime environment

• Speed up distributing security vulnerability fixes


Future Directions

• Dashboard view: A concept for making the plug-ins widgetized, displaying widgets on the dashboard

– Spring & GWT into iManager

• Multiple Tree administration

Question and Answer

Unpublished Work of Novell, Inc. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

Documents

Simplified, Robust and Speedy Novell Identity Manager Implementation with Designer, Analyzer and iManager