16 Planning to Install the Remote Loader

Planning to Install the Remote Loader 133

16

Planning to Install the Remote Loader

This section provides information that helps you prepare for installing the Remote Loader and the Java Remote Loader.

Š Section 16.1, “Checklist for Installing the Remote Loader,” on page 133

Š Section 16.2, “Understanding the Remote Loader,” on page 134

Š Section 16.3, “Understanding the Installation Program,” on page 136

Š Section 16.4, “Using 32-bit and 64-bit Remote Loader on the Same Computer,” on page 136

Š Section 16.5, “Prerequisites and Considerations for Installing the Remote Loader,” on page 136

Š Section 16.6, “System Requirements for the Remote Loader,” on page 138

16.1 Checklist for Installing the Remote Loader

NetIQ recommends that you complete the steps in the following checklist:

Checklist Items

‰

1. Learn about the interaction among Identity Manager components. For more information, see Section 3.3.3, “Remote Loader,” on page 28.

‰

2. Decide which servers you want to use for your Identity Manager components. For more information, see Section 5.3, “Recommended Installation Scenarios and Server Setup,” on page 44.

‰

3. Ensure that the Identity Manager engine has been installed. For more information, see Part IV, “Installing the Identity Manager Engine, Drivers, and Plug-ins,” on page 113.

‰

4. Review the considerations for installing the Remote Loader to ensure that the computers meet the prerequisites. For more information, see Section 16.5, “Prerequisites and Considerations for Installing the Remote Loader,” on page 136.

‰

5. Review the hardware and software requirements for the computers that will host the Remote Loader. For more information, see Section 16.6, “System Requirements for the Remote Loader,” on page 138.

‰

6. (Conditional) To install the Remote Loader on a server that doesn’t host the Identity Manager engine, ensure that you can establish a secure connection to the engine. For more

information, see Section 18.1, “Creating a Secure Connection to the Identity Manager Engine,” on page 145.

‰

7. Decide whether you want to install a 32-bit or 64-bit version of the Remote Loader. For more information, see Section 16.4, “Using 32-bit and 64-bit Remote Loader on the Same Computer,” on page 136.

‰

8. Decide whether you should use the Remote Loader or Java Remote Loader. For more information, see Section 16.2.3, “Understanding the Java Remote Loader,” on page 136.

16.2 Understanding the Remote Loader

The Remote Loader allows you to run Identity Manager drivers on connected systems that do not host the Identity Vault and Identity Manager engine. The .Net Remote Loader works on Windows-based systems only.

The Remote Loader is capable of hosting Identity Manager application shims contained in platform-specific files through JNI, as well as the more-common Identity Manager application shims contained in agnostic JAR files. The Remote Loader can run on any platform. However, platform-specific shims must be run on their native platform (for example, .so files on Linux/Unix).

16.2.1 Understanding Shims

The Remote Loader uses shims to communicate with the application on a managed system. A shim is the file or files that contain the code to process the events that are synchronizing between the Identity Vault and the application. Before using the Remote Loader, you must configure the

application shim to connect securely with the Identity Manager engine. You must also configure both the Remote Loader and the Identity Manager drivers.

For more information, see Chapter 18, “Configuring the Remote Loader and Drivers,” on page 145.

‰

9. Install the Remote Loader:

Š For a guided installation, see Section 17.1, “Using the Wizard to Install the Remote Loader,” on page 141.

Š For a silent installation, see Section 17.2, “Performing a Silent Installation of the Remote Loader,” on page 142.

‰

10. (Conditional) To install the Java Remote Loader, see Section 17.3, “Installing Java Remote Loader,” on page 143.

‰

11. Review the parameters for configuring a driver instance. For more information, see Section 18.2, “Understanding the Configuration Parameters for the Remote Loader,” on page 148.

‰

12. To configure a driver instance in the Remote Loader, see one of the following sections:

Š Section 18.3, “Configuring the Remote Loader for Driver Instances on UNIX or Linux,” on page 156

Š Section 18.4, “Configuring the Remote Loader for Driver Instances on Windows,” on page 157

Š Section 18.5, “Configuring the Java Remote Loader for Driver Instances,” on page 160

‰

13. Prepare your drivers for the Remote Loader. For more information, see Section 18.6,

“Configuring Identity Manager Drivers to Work with the Remote Loader,” on page 161.

‰

14. Start the driver instance in the Remote Loader. For more information, see Section 19.1,

“Starting a Driver Instance in the Remote Loader,” on page 163.

‰

15. Verify that the REmote Loader and driver are communicating with the Identity Manager engine and the connected system. For more information, see Section 18.7, “Verifying the

Configuration,” on page 162.

‰

16. Install the rest of the Identity Manager components, including the identity applications and Identity Reporting.

Checklist Items

Planning to Install the Remote Loader 135

16.2.2 Determining When to Use the Remote Loader

You can install the Identity Manager engine, Identity Vault, and the driver shim on the same server.

The Identity Manager engine runs as part of an eDirectory process. The Identity Manager drivers can run on the server with the Identity Manager. They also can run as part of the same process as the Identity Manager engine. However, in the following scenarios, you might want the Identity Manager driver to run as a separate process on the server that hosts the Identity Manager engine:

Š To protect the Identity Vault from any exceptions encountered by the driver shim.

Š To improve the performance of the server running the Identity Manager engine, by offloading driver commands to the remote application or database.

Š To run additional drivers on servers that do not host the Identity Manager engine.

In these scenarios, the Remote Loader provides a communication channel between the Identity Manager engine and the driver. For example, you install an LDAP driver on the same server as the Identity Manager engine and the Identity Vault. Then you install the Active Directory (AD) driver on a different server with the Remote Loader. To allow the drivers to access the application and

communicate with the Identity Vault, install the Remote Loader on both servers, as shown in the following figure.

NetIQ recommends that you use the Remote Loader configuration for use with your drivers where possible. Use the Remote Loader even in cases where the application is on the same server as the Identity Manager engine.

16.2.3 Understanding the Java Remote Loader

The Java Remote Loader provides the flexibility to load a driver shim on computers with UNIX or Linux servers that the native Remote Loader does not support. The Java Remote Loader is a Java application, which runs on any system with a compatible, supported JRE and Java Sockets.

To open the application, run the shell script named dirxml_jremote. For more information, see Section 18.5, “Configuring the Java Remote Loader for Driver Instances,” on page 160.

16.3 Understanding the Installation Program

As a convenience, this installation program bundles several of the components that provide the underlying framework for your Identity Manager solution. You can choose to install all components on the same server or on individual servers. In addition to the Remote Loader, you can select the drivers that you want to install on the connected system. The installation kid provides the following

installation options, depending on the operating system of the target server:

Linux or UNIX servers

Š Remote Loader 32-bit version, 64-bit version, or both

Š Java Remote Loader Wiindows servers

.NET Remote Loader on the supported operating systems

16.4 Using 32-bit and 64-bit Remote Loader on the Same Computer

By default, the installation program detects the version of the operating system then installs the corresponding version of the Remote Loader. You can install both the 32-bit and 64-bit Remote Loader on a 64-bit operating system:

Š If you are upgrading a 32-bit Remote Loader installed on a 64-bit operating system, the process upgrades the 32-bit Remote Loader to the latest version and also installs the 64-bit Remote Loader.

Š If you choose to have both a 32-bit and a 64-bit Remote Loader on the same computer, the audit events are generated only with the 64-bit Remote Loader. If a 64-bit Remote Loader is installed before installing a 32-bit Remote Loader, the events are logged to the 32-bit cache.

16.5 Prerequisites and Considerations for Installing the Remote Loader

Before installing the Remote Loader, NetIQ recommends that you review the following considerations:

Š Install the Remote Loader on a server that can communicate with the managed systems. The driver for each managed system must be available with the relevant APIs.

Š You can install the Remote Loader on the same computer where you installed the Identity Manager engine.

Š You can install both 32-bit and 64-bit Remote Loader on the same computer.

Planning to Install the Remote Loader 137

Š You can install Java Remote Loader on platforms that do not support the native Remote Loader.

For more information about supported platforms, see “Operating System” on page 139.

Š You can install .NET Remote Loader on any of the supported Windows operating systems running .NET Framework 3.5.1, at a minimum.

Š (Conditional) To connect Identity Manager to Active Directory, you must install Remote Loader and the driver for Active Directory on a server that is a member server or a domain controller.

You do not need to install eDirectory and Identity Manager on the same server as the connected system. The Remote Loader sends all of the events from Active Directory to the Identity

Manager server. The Remote Loader then receives any information from the Identity Manager server and passes that to the connected application.

Š NetIQ recommends that you use the Remote Loader configuration with your drivers where possible. Use the Remote Loader even in cases where the connected system is on the same server as the Identity Manager server engine.

When you run the driver shim in the Remote Loader configuration, the following advantages apply:

Š Memory and processing isolation between driver shims allows for better performance and monitoring of the Identity Manager solution.

Š Patching and upgrading the driver shim does not impact eDirectory or other drivers.

Š Protects eDirectory from fatal issues that could occur in the driver shim.

Š Distributes the load from the driver shims to other servers.

Š The following drivers support the Remote Loader capability:

Š Active Directory

Š Privileged User Management

Š Remedy

Š SalesForce.com

Š SAP Business Logic

Š SAP GRC (CMP only)

Š SAP HR

Š SAP Portal

Š SAP User Management

Š Integration Module V2.0 for Sentinel

Š SharePoint

Š SOAP

Š Top Secret

Š WorkOrder

Š The following drivers do not support Remote Loader:

Š Bidirectional eDirectory

Š eDirectory

Š Entitlements Services

Š Role Service

Š User Application

For more information about the Identity Manager Remote Loader, see “The Many Faces of Remote Loader in IDM”.

16.6 System Requirements for the Remote Loader

This section provides requirements to help you set up the server hosting the Remote Loader, .Net Remote Loader and Java Remote Loader.

16.6.1 Remote Loader 32-bit and 64-bit

Category Requirement

Processor Pentium* III 600MHz, at a minimum

Memory 512 MB for the Remote Loader

Planning to Install the Remote Loader 139

In document NetIQ Identity Manager Setup Guide (Page 133-139)