Real Life Identity Management Integration Challenges and Solutions
On one of the previous blog post by Ross Mason, "To ESB or Not to ESB", he did a great job in outlining the two basic integration architectures: "Enterprise Service Bus" and "Hub and Spoke". Included in the Blog is a good overview of the benefits and considerations that are relevant for each architectural choice.
A key implementation consideration for SOA enabled architecture such as An ESB is the capability to maintain pace with the integration needs of the organization.
The reason this is important is that we live in very dynamic IT world where business needs and system can change with the next bright idea. If your organization responds too slowly, then you are putting your organization at risk by not being able to compete effectively in the market place.
To truly be competitive, your organization must adapt to the ever changing, and complex world of technology integration. The reality is that you no longer have months to design and additional months to deliver integration services to the organization.
In the real world there is a good chance that you have an existing Identity Management System already deployed. It is also quite likely it’s either a hub and spoke implementation or a system that has not been updated in quite some time.
So how do you maintain and extend an existing identity management system? What are the basic choices you have for managing your current environment and, extending it into an SOA enabled architecture?
If you have come to this “fork” in the road then there are two obvious choices available.
- Rip and Replace the existing solution
- Continue to add on to your proprietary hub and spoke solution
Both of these choices will work but they are not ideal for any number of reasons (Expense, Time to Delivery, Continuing investment in Legacy environment). So what are the alternatives and how can I use SOA concepts to maintain services and support the organizations growth:
“How can I maintain and extend my current environment in an SOA enabled environment”?
There is a readily available answer for this question and in this blog we will present a real life demonstration of how this can be accomplished.
In the next part of the blog we are going to walk through a real life example of using a SOA enabled (hybrid approach) to provisioning and de-provisioning cloud SAAS accounts.
Scenario
The scenario that is being presented is that the organization has an existing Hub and Spoke identity provisioning implementation using Novell’s Identity Manager. There is also a need and a desire to implement a SOA enabled provisioning and de-provisioning system.
Note: While the demo showing integration capabilities with Novell Identity Manager; there is no specific limitation that requires any of the Novell Identity Manager components.
The SOA provisioning and de-provisioning system
The provisioning and de-provisioning scenario we are going to demonstrate is based on the scenario that an organization has an existing identity management implementation that needs to control accounts on two large SAAS(Software as a Service) Salesforce.com and NetSuite.
Components
The components used in the demonstration are as follows components:
- Novell’s eDirectory (LDAP)
- Novell’s Identity Manager
- GreyTower Connector for Novell’s IDM (JMS)
- GreyTower Provisioning System (Built w/ OEM Mule)
- Apache ActiveMQ
This video will demonstrate the capability to create account in both SAAS services by simply assign users to roles using an administrative tool called iManager. This first video demonstrates account creation in both salesforce.com and Netsuite.
Later, we will be posting a second video to compliment this subject that will demonstrate controlling multiple user accounts.
