SUN Identity Manager 7.1
I have been working SUN IDM for some time now, and frankly SUN has made a deep impression on me. I'm not taking about the product, but SUN as an organization. The latest Gartner report shows SUN to be behind in terms of vision. Cant imagine what brought about that idea, but I guess Gartner are more qualified to judge than me. However, I believe SUN has a much stronger vision and purpose when it comes to Identity Management. Either that, or they are much more aggressive in advertising their ideas and innovations. Probably both.
INSTALLATION
The SUN IDM was a piece of cake to install. Minimal configuration with the DB (the provided sql scripts work great without much modification). Doesnt require a seperate Directory Server unlike IBM Tivoli IDM. And if you are installing it on Tomcat, just put it in the webapps folder.
I did some PoC work on Tivoli and Oracle Xellerate. Compared to either, SUN is definitely easier to install, well documented, and more feature packed. The extra feature being that SUN has merged Auditing and Identity Management into a single smooth package. And believe me, that is a major point of concern.
Our latest client had to choose between SUN and IBM IdM solutions, and they went for SUN cos the inclusion of Auditing was a major USP for them.
FRONT-END
The GUI is a bit confusing, after having worked on Tivoli (I'm not even bringing Oracle into the picture... Lord knows what mad rush to meet the deadline brought about their front-end). Tivoli gives you big large buttons, in-built GUI based workflow design, clear and concise help topics on their front-end. You would have to be a moron to go wrong with their GUI.
SUN seems to have crammed a lot of features into the same space. I am still addicted to the vertical + horizontal menu system of Tivoli. Sun uses a horizontal menu at the top, with drop boxes on each to present most of the options/commands.
The Organisational view of Tivoli is also better. It shows you the organisation in a tree structure, with distinct icons for Organisation, Organisation Units, Location etc. A first glance at the tree gives you a clear idea of the organisational structure.
The SUN icons are a lot smaller, and not so distinct. And there are no unique icons for OUs, Locations etc. Just a Directory Junction icon.
I think the SUN front-end can be made easier to understand and work with. Or probably it is my prejudiced eye. However, I do know it's going to be a tad difficult to train admins and hel;p-desk personnel to use the SUN IdM GUI.
Out of Box Operation
As expected, SUN delivers excellent OOB capabilities. I really liked the fact that most resources are managed using agentless mode. AD requires a Sun Gateway to be installed on a trusted system, but does not in any way sit upon AD. And custom applications, custom adapters are required, but of course.
We had the SUN Idm up and running for a demo in less than half an hour. Which is pretty impressive onsidering we ended up wasting a whole day setting up a Tivoli Idm demo. Even then we didnt manage to deploy it properly.
FEATURES
In the end, all Idm tools do the same thing. Some are easier to work with, some are easier to maintain. The really interesting feature I read about in SUN Idm 7.1 was the inclusion of Auditing. I have zero experience in this area. But I do know that most vendors sell Auditing and Compliance tools as a seperate suite, and I have always questioned the logic behind this. SUN seems to agree with me.
I have not tested this feature out, but I'm sure this will make a big difference in the future. In fact, one of our clients chose Sun over OBM specifically becos of the hype about the in built Auditing capability.
IBM Tivoli vs SUN Idm?
I really cant pick among the two. Both are strong products. SUN seems to hold more promise in the future because I like their plans and ideas that they are working towards. Plus, I'm a strong supporter of Open Source, and when SUN announced the OpenSSO, I became a fan of SUN. I can easily envision a future where SUN offer a true IAM single solution. Which will have Identity, Access, Auditing, Federation in one package.
Tivoli on the other hand is very stable. Easy to work with, fast learning curve. The only disappointment is that they seem to be out of new creative ideas, which could easily revolutionise a customer experience.
Friday, November 16, 2007
Thursday, August 09, 2007
Tivoli Identity Manager Installation
I have been working on the Tivoli Identity Manager for the last couple of months, and all things considered, without training, the learning curve has been steep. However, with time I have come to appreciate the power and features of this product, especially when combined with the Tivoli Directory Integrator.
INSTALLATION
The installation instructions seemed pretty straightforward when I read it. The only issues that came up were applying the fixpacks to all the components. The TIM Installer seems to be very particular in pointing out which components are not up-to-date. However, you can go ahead and install it anyway if you choose to ignore these warning messages. We didnt update the WebSphere as required, and TIM still worked fine.
We used the following components for our test bed:
IBM WebSphere App Server
IBM Directory Server
IBM DB2
IBM WebSphere Configuration
Fixpack was required as per our TIM documentation. However, as I mentioned earlier, we were able to run TIM without applying any fixpacks.
IBM Directory Server
Installed it. Then created a suffix entry in the DS. All user data (from TIM) is stored below this node. The easiest suffix to add is dc=com.
We used the DS Configuration Wizard (Start->Program Files->IBM Directory Server x.x). Selected manage suffixes. Added dc=com. (You can directly edit the ibmslapd.conf file (%DS HOME%/etc) and add the line ibm-slapdSuffix: dc=com where the suffixes are defined.)
Then, created a .ldif file with following entry:
dn: dc=com
dc: com
objectclass: top
objectclass: domain
Imported this file using the DS Configuration wizard.
IBM DB2
Installed DB2 and DB2 FP8. Ran the following commands.
db2 create db itimdb using codeset UTF-8 territory US
Used this Database (itimdb) in TIM configuration wizard.
No further configuration was necessary. However, one of the documents suggested the following configuration:
db2 update db cfg for itimdb using applheapsz 384
db2 update db cfg for itimdb using app_ctl_heap_sz 512
db2 connect to itimdb
db2 create bufferpool enrolebp size -1 pagesize 32k
db2set DB2_RR_TO_RS=YES
db2 force application all
db2stop
db2start
However, one of our test beds is running well without using the above commands.
This commands would probably help streamline TIM functioning and maybe used for tuning up the configuration.
Tivoli Identity Manager
Rebooted the system after completing the above steps.
Installed Tivoli Identity Manager.
After installation (but before it is complete) TIM asks for DB and LDAP details.
DB:
Database Name: itimdb
Admin ID: db2admin (this is the default DB2 admin id)
Admin password: (As specified during DB2 install)
User Id: enrole
User Password: @password123
NB: The TIM installation was supposed to create the user enrole. However due to some error, it was not created on our system, so we created it manually. If TIM had created it, the password would also have been enrole.
If the test does not succeed, check whether DB2 service is running. Also, if db2admin exists.
LDAP:
Principal DN: cn=root
Password: (As specified during DS installation)
Host Name: (Host name/IP address of system on which DS is installed)
Port: 389 (default for LDAP)
Number of hash buckets:1
Name of your Organisation: XYZ
Default Org Short Name: XYZ
Identity manager DN Location: dc=com
After a reboot, TIM was up and running. The first login was done using itim manager, password:secret.
Additionally we also used Tivoli Directory Integrator to setup agentless communication with the sytems being provisioned.
INSTALLATION
The installation instructions seemed pretty straightforward when I read it. The only issues that came up were applying the fixpacks to all the components. The TIM Installer seems to be very particular in pointing out which components are not up-to-date. However, you can go ahead and install it anyway if you choose to ignore these warning messages. We didnt update the WebSphere as required, and TIM still worked fine.
We used the following components for our test bed:
IBM WebSphere App Server
IBM Directory Server
IBM DB2
IBM WebSphere Configuration
Fixpack was required as per our TIM documentation. However, as I mentioned earlier, we were able to run TIM without applying any fixpacks.
IBM Directory Server
Installed it. Then created a suffix entry in the DS. All user data (from TIM) is stored below this node. The easiest suffix to add is dc=com.
We used the DS Configuration Wizard (Start->Program Files->IBM Directory Server x.x). Selected manage suffixes. Added dc=com. (You can directly edit the ibmslapd.conf file (%DS HOME%/etc) and add the line ibm-slapdSuffix: dc=com where the suffixes are defined.)
Then, created a .ldif file with following entry:
dn: dc=com
dc: com
objectclass: top
objectclass: domain
Imported this file using the DS Configuration wizard.
IBM DB2
Installed DB2 and DB2 FP8. Ran the following commands.
db2 create db itimdb using codeset UTF-8 territory US
Used this Database (itimdb) in TIM configuration wizard.
No further configuration was necessary. However, one of the documents suggested the following configuration:
db2 update db cfg for itimdb using applheapsz 384
db2 update db cfg for itimdb using app_ctl_heap_sz 512
db2 connect to itimdb
db2 create bufferpool enrolebp size -1 pagesize 32k
db2set DB2_RR_TO_RS=YES
db2 force application all
db2stop
db2start
However, one of our test beds is running well without using the above commands.
This commands would probably help streamline TIM functioning and maybe used for tuning up the configuration.
Tivoli Identity Manager
Rebooted the system after completing the above steps.
Installed Tivoli Identity Manager.
After installation (but before it is complete) TIM asks for DB and LDAP details.
DB:
Database Name: itimdb
Admin ID: db2admin (this is the default DB2 admin id)
Admin password: (As specified during DB2 install)
User Id: enrole
User Password: @password123
NB: The TIM installation was supposed to create the user enrole. However due to some error, it was not created on our system, so we created it manually. If TIM had created it, the password would also have been enrole.
If the test does not succeed, check whether DB2 service is running. Also, if db2admin exists.
LDAP:
Principal DN: cn=root
Password: (As specified during DS installation)
Host Name: (Host name/IP address of system on which DS is installed)
Port: 389 (default for LDAP)
Number of hash buckets:1
Name of your Organisation: XYZ
Default Org Short Name: XYZ
Identity manager DN Location: dc=com
After a reboot, TIM was up and running. The first login was done using itim manager, password:secret.
Additionally we also used Tivoli Directory Integrator to setup agentless communication with the sytems being provisioned.
MotoMing 2
K. Like I said, I just cant stop myself from harping about this phone, and I just love it. It's become a part of my daily life. I'm using it to listen to music on my way to work, manage my cash flow, remind me of my appointment, keep track of due tasks, and sometimes making calls... In fact, barring EDGE/WiFi and GPS, iPhone doesnt have a thing over MotoMing. OK, maybe a slight exaggeration, but heck, I got one of the coolest looking phones around and it isn't just a trophy piece.
Ever since MotoRazr arrived, I have been impressed by the innovative ideas that Moto keeps coming up with. Granted that the Razr has been recycled a tad too many times, but it's the model that turned Moto's fate around, at least in India.
Along with Razr, we got MotoPebl, not an altogether feature packed phone, but still a style statement. We got MotoFone, the indian phone. Only Moto could have made a style statement using just a simple LCD screen. And with a cost so low, you might just buy an extra piece to give to your two year old as a toy.
The Krazr, Slivr, Slidr, Rokr all represent milestones in the company's design ideology.
Well, nobody's perfect. My phone has definitely got a very low battery backup. Lasts only a day and a half (might as well be a day, cos I dont risk running my phone at half charge). The Linux OS seems to forget I installed Java apps and they seem to disappear every now and then, only to reappear after a few hours. Haven't really figured out that one yet.
The 50 item limit in the Real Player Playlist is something I'm not really happy with. It maybebecause of the 8MB system memory, though I am less inclined to lean towards that theory. And the flip is prone to getting scratched very easily. Something to keep in mind at all times. But hey, after shelling out Rs12k, I'm definitely more careful with my Ming as compared to my previous phone (an LG phone, the worst phone makers on the planet, even considering LG Chocolate).
Ever since MotoRazr arrived, I have been impressed by the innovative ideas that Moto keeps coming up with. Granted that the Razr has been recycled a tad too many times, but it's the model that turned Moto's fate around, at least in India.
Along with Razr, we got MotoPebl, not an altogether feature packed phone, but still a style statement. We got MotoFone, the indian phone. Only Moto could have made a style statement using just a simple LCD screen. And with a cost so low, you might just buy an extra piece to give to your two year old as a toy.
The Krazr, Slivr, Slidr, Rokr all represent milestones in the company's design ideology.
Well, nobody's perfect. My phone has definitely got a very low battery backup. Lasts only a day and a half (might as well be a day, cos I dont risk running my phone at half charge). The Linux OS seems to forget I installed Java apps and they seem to disappear every now and then, only to reappear after a few hours. Haven't really figured out that one yet.
The 50 item limit in the Real Player Playlist is something I'm not really happy with. It maybebecause of the 8MB system memory, though I am less inclined to lean towards that theory. And the flip is prone to getting scratched very easily. Something to keep in mind at all times. But hey, after shelling out Rs12k, I'm definitely more careful with my Ming as compared to my previous phone (an LG phone, the worst phone makers on the planet, even considering LG Chocolate).
Friday, August 03, 2007
MotoMing!
After pining away for a two whole months, finally got myself the MotoMing. And "hot damn!" its a feature packed powerhouse. K. I am one of those guys who crawl all over the net before buying anything with even a single little diode inside, and I pretty much did a biography on the Ming.
Heres a useful link btw: A1200 review
if you are planning to buy one (and I DO recommend this baby).
I wont go into the details of the phone. I dont think I can possibly give more details than the above link. But yeah, a few of my personal experiences.
One of the major concerns for me (and for a lot of people on the net apparently) was the low battery life. Realistically, mine lasts for about a day and a half. And I listen to a lot of music. And play a lot of games on it. But its not something that has bothered me too much considering the fact that the phone gets charged thru USB. So all I need to carry on me is a mini-USB wire (if ever such a need arises). So its pretty easy for me to charge my phone in office. Or at home for that matter, cos I've never really used the charger till now.
Another issue most people seemed to have was the lack of applications for this phone. They must have been talking about native application, or maybe I read some very old posts. But the number of JAVA applications available for this set was mind-boggling. And amazing games. I’ve got Need For Speed Underground, Midnight Pool and Age of Empires 2 on my phone. Can you beat that? Those are full fledged computer games. OK, so the mobile versions are smaller, but damn! I would have never thought I would be able to play NFS in 3D on a phone.
Check out these links:
MotorolaFans Full Screen Games
Motorola A1200 Apps
OK. One problem is that most of these applications require soft buttons on your phone and obviously the Ming doesn’t have any. So some of them are not really usable.
A couple of friends told me that the set was slow and the camera was awful. Well, I wouldn’t say that the set is slow, a bit laggish, but you would rarely notice. And the camera is OK. Definitely useless at night, but gives clear shots during the day. Especially outdoors. And 2MP packed into this little baby is something to be thankful about. No complaints from my side.
The MotoMing is easily the sexiest looking phone in its price range. And that’s not my verdict. A couple of my female friends told me. I tend to agree though. When I first saw it, it was love at first sight, and the love still carries thru. The beauty of the screen thru the transparent flap (which magnifies it a bit) is something you’ll only realize once you see it for yourself. Man, the concept of a transparent flap in itself is something that puts this phone beyond any of its counterparts. And the earpiece with the two thin wires running parallely…Motorola really knows how to build ‘em.
The flip is quite thick, and so far I haven’t really been worried about breaking it off. In fact, the phone itself is quite sturdy. Wouldn’t try dropping it though. If nothing, am sure the top would end up getting scratched.
Anyway, enough said. This phone is a winner. Its got some weak points, but one’s so inconsequential that I don’t even want to bother listing them here. You thinking of buying it, then go for it! It’s beautiful, sexy, feature loaded, and economical. i GOT MINE FOR Rs12K The nearest touch screen in this price range is the MotoRokr E6 (which happens to be pretty much a clone of MotoMing, albeit with a bigger body and no flip). In fact, I don’t see why people should pay more for the E6 when they are getting the same thing for about Rs1500 less and that too in a much more attractive body (I just cant stop harping about how beautiful the Ming is).
Truth is, MotoMing rocks!!!
Heres a useful link btw: A1200 review
if you are planning to buy one (and I DO recommend this baby).
I wont go into the details of the phone. I dont think I can possibly give more details than the above link. But yeah, a few of my personal experiences.
One of the major concerns for me (and for a lot of people on the net apparently) was the low battery life. Realistically, mine lasts for about a day and a half. And I listen to a lot of music. And play a lot of games on it. But its not something that has bothered me too much considering the fact that the phone gets charged thru USB. So all I need to carry on me is a mini-USB wire (if ever such a need arises). So its pretty easy for me to charge my phone in office. Or at home for that matter, cos I've never really used the charger till now.
Another issue most people seemed to have was the lack of applications for this phone. They must have been talking about native application, or maybe I read some very old posts. But the number of JAVA applications available for this set was mind-boggling. And amazing games. I’ve got Need For Speed Underground, Midnight Pool and Age of Empires 2 on my phone. Can you beat that? Those are full fledged computer games. OK, so the mobile versions are smaller, but damn! I would have never thought I would be able to play NFS in 3D on a phone.
Check out these links:
MotorolaFans Full Screen Games
Motorola A1200 Apps
OK. One problem is that most of these applications require soft buttons on your phone and obviously the Ming doesn’t have any. So some of them are not really usable.
A couple of friends told me that the set was slow and the camera was awful. Well, I wouldn’t say that the set is slow, a bit laggish, but you would rarely notice. And the camera is OK. Definitely useless at night, but gives clear shots during the day. Especially outdoors. And 2MP packed into this little baby is something to be thankful about. No complaints from my side.
The MotoMing is easily the sexiest looking phone in its price range. And that’s not my verdict. A couple of my female friends told me. I tend to agree though. When I first saw it, it was love at first sight, and the love still carries thru. The beauty of the screen thru the transparent flap (which magnifies it a bit) is something you’ll only realize once you see it for yourself. Man, the concept of a transparent flap in itself is something that puts this phone beyond any of its counterparts. And the earpiece with the two thin wires running parallely…Motorola really knows how to build ‘em.
The flip is quite thick, and so far I haven’t really been worried about breaking it off. In fact, the phone itself is quite sturdy. Wouldn’t try dropping it though. If nothing, am sure the top would end up getting scratched.
Anyway, enough said. This phone is a winner. Its got some weak points, but one’s so inconsequential that I don’t even want to bother listing them here. You thinking of buying it, then go for it! It’s beautiful, sexy, feature loaded, and economical. i GOT MINE FOR Rs12K The nearest touch screen in this price range is the MotoRokr E6 (which happens to be pretty much a clone of MotoMing, albeit with a bigger body and no flip). In fact, I don’t see why people should pay more for the E6 when they are getting the same thing for about Rs1500 less and that too in a much more attractive body (I just cant stop harping about how beautiful the Ming is).
Truth is, MotoMing rocks!!!
Subscribe to:
Posts (Atom)