SUN Identity Manager 7.1

I have been working SUN IDM for some time now, and frankly SUN has made a deep impression on me. I'm not taking about the product, but SUN as an organization. The latest Gartner report shows SUN to be behind in terms of vision. Cant imagine what brought about that idea, but I guess Gartner are more qualified to judge than me. However, I believe SUN has a much stronger vision and purpose when it comes to Identity Management. Either that, or they are much more aggressive in advertising their ideas and innovations. Probably both.

INSTALLATION
The SUN IDM was a piece of cake to install. Minimal configuration with the DB (the provided sql scripts work great without much modification). Doesnt require a seperate Directory Server unlike IBM Tivoli IDM. And if you are installing it on Tomcat, just put it in the webapps folder.

I did some PoC work on Tivoli and Oracle Xellerate. Compared to either, SUN is definitely easier to install, well documented, and more feature packed. The extra feature being that SUN has merged Auditing and Identity Management into a single smooth package. And believe me, that is a major point of concern.
Our latest client had to choose between SUN and IBM IdM solutions, and they went for SUN cos the inclusion of Auditing was a major USP for them.

FRONT-END
The GUI is a bit confusing, after having worked on Tivoli (I'm not even bringing Oracle into the picture... Lord knows what mad rush to meet the deadline brought about their front-end). Tivoli gives you big large buttons, in-built GUI based workflow design, clear and concise help topics on their front-end. You would have to be a moron to go wrong with their GUI.

SUN seems to have crammed a lot of features into the same space. I am still addicted to the vertical + horizontal menu system of Tivoli. Sun uses a horizontal menu at the top, with drop boxes on each to present most of the options/commands.

The Organisational view of Tivoli is also better. It shows you the organisation in a tree structure, with distinct icons for Organisation, Organisation Units, Location etc. A first glance at the tree gives you a clear idea of the organisational structure.
The SUN icons are a lot smaller, and not so distinct. And there are no unique icons for OUs, Locations etc. Just a Directory Junction icon.

I think the SUN front-end can be made easier to understand and work with. Or probably it is my prejudiced eye. However, I do know it's going to be a tad difficult to train admins and hel;p-desk personnel to use the SUN IdM GUI.

Out of Box Operation
As expected, SUN delivers excellent OOB capabilities. I really liked the fact that most resources are managed using agentless mode. AD requires a Sun Gateway to be installed on a trusted system, but does not in any way sit upon AD. And custom applications, custom adapters are required, but of course.
We had the SUN Idm up and running for a demo in less than half an hour. Which is pretty impressive onsidering we ended up wasting a whole day setting up a Tivoli Idm demo. Even then we didnt manage to deploy it properly.

FEATURES
In the end, all Idm tools do the same thing. Some are easier to work with, some are easier to maintain. The really interesting feature I read about in SUN Idm 7.1 was the inclusion of Auditing. I have zero experience in this area. But I do know that most vendors sell Auditing and Compliance tools as a seperate suite, and I have always questioned the logic behind this. SUN seems to agree with me.
I have not tested this feature out, but I'm sure this will make a big difference in the future. In fact, one of our clients chose Sun over OBM specifically becos of the hype about the in built Auditing capability.

IBM Tivoli vs SUN Idm?
I really cant pick among the two. Both are strong products. SUN seems to hold more promise in the future because I like their plans and ideas that they are working towards. Plus, I'm a strong supporter of Open Source, and when SUN announced the OpenSSO, I became a fan of SUN. I can easily envision a future where SUN offer a true IAM single solution. Which will have Identity, Access, Auditing, Federation in one package.
Tivoli on the other hand is very stable. Easy to work with, fast learning curve. The only disappointment is that they seem to be out of new creative ideas, which could easily revolutionise a customer experience.