Chatta subito con l'assistenza
Chat con il supporto

Identity Manager 9.1.1 - Target System Synchronization Reference Guide

Target system synchronization with the Synchronization Editor Working with the Synchronization Editor Basics of target system synchronization Setting up synchronization
Starting the Synchronization Editor Creating a synchronization project Configuring synchronization
Setting up mappings Setting up synchronization workflows Connecting systems Editing the scope Using variables and variable sets Setting up start up configurations Setting up base objects
Overview of schema classes Customizing the synchronization configuration Checking the consistency of the synchronization configuration Activating the synchronization project Defining start up sequences
Running synchronization Synchronization analysis Setting up synchronization with default connectors Updating existing synchronization projects Script library for synchronization projects Additional information for experts Troubleshooting errors when connecting target systems Configuration parameters for target system synchronization Configuration file examples

Exporting a synchronization configuration

Synchronization projectsClosed created for a test database, for example, can be transported to a live database. You use the Database TransporterClosed to do this. To use the synchronization project in the target database, check the connection credentials and change the synchronization configuration to match the target database’s requirements.

Prerequisite

  • The schema of both One Identity Manager databases are identical. Customized schema extensions used in the mapping exist in both databases.

To transport a synchronization project to another One Identity Manager database

  1. Create a transport package for the synchronization project using the Database Transporter.
    1. Set the Transport synchronization projects option.

    2. To select the synchronization project, click Select.

      • Enable the synchronization project in the tree view and click OK. Multi-select is possible.

    3. Click Next.

      This exports the data.

    NOTE: The transport package does not contain a root object, scheduledClosed process plansClosed, or assignments of schedules to start up configurations.

  2. Import the transport package into the target database with the Database Transporter.

    On the Import configuration page, configure the import.

    1. If there is a synchronization project in the target database already, configure here, which changes are imported into the target database.

      • Do not change the start up configuration settings: Specifies whether start up configurations, variables, and variable sets are imported.

        Set this option so that changes to these objects are not overwritten in the target database. If this option is not set, changes made to these objects in the target database are overwritten by the transport package.

      • Details: Shows an overview of all the objects with their change status. Click Details to show the overview.

        To show details of the modification, expand the respective node in the Objects column. To exclude certain object changes from the import package, disable the object.

    2. Click Next.

    Then the transport package data is imported.

    After importing is complete, the database is compiled.

  3. Modify the synchronization project in the target database.

    1. Modify the One Identity Manager database connection data and update the schema.

    2. Check the target system connection data and the variable set.

    3. Configure the base object.

    4. Assign a schedule to the start up configuration.

    5. Configure the synchronization log.

    6. Make any other necessary changes to the settings.

    7. Run a consistency check.

    8. Activate the synchronization project.

For more information about creating and importing transport packages, see the One Identity Manager Operational Guide.

Detailed information about this topic

Operations for provisioning and single object synchronization

In order to provision object modifications and perform single object synchronizationClosed, you must specify which synchronization workflowClosed should be used for this task. When setting up the synchronization using the default project templatesClosed, the required single object operations will be created. If you create your own provisioning processes or would like to include customClosed tables in the provisioning or single object synchronization, then you need to define your own single object operations.

To define single object operations

  1. Select the Process Orchestration > ProvisioningClosed process operations category in the DesignerClosed.

  2. Select the menu item Object > New.

  3. Edit the operation properties.

  4. Save the changes.

  5. Use this operation in the pre-script to generate the provisioning process or process for single object synchronization as a parameter for script DPR_GetAdHocData.

Table 83: Single object operations
Property Description
Name Name of the operation.
Synchronization workflow WorkflowClosed that is to be used for provisioning or single object synchronization.
System connection Target systemClosed connection of the target system to be used.
Table Table for which the operation has been defined. Provisioning or single object synchronization can only be run for the objects in this table.
Display name Operation display name in the One Identity Manager tools' user interface.
Description Text field for additional explanation.
Processing status Only used internally by One Identity Manager.

Load balancing during provisioning and single object synchronization

You can accelerate provisioning and single object synchronizationClosed by distributing processes over several Job servers. To do this, you use the base objects to specify, which Job servers will handle the objects in parallel.

Load balancing can be implemented to manage spikes in data traffic, for example, when a college semester begins, numerous accounts must be added and provisioned in the target system.

If a property of a user account is changed after restructuring in the target system, you can use single object synchronization to select all the affected user accounts and load the changed property into the One Identity Manager database.

There are specific Job servers configured for cases like this. For each base object, a server function is defined and assigned to the Job serverClosed. All Job servers with this attribute run provisioning and single object synchronization processes in parallel.

NOTE: You should not implement load balancing for provisioning or single object synchronization on a permanent basis. Parallel processing of objects might result in dependencies not being resolved because referenced objects from another Job server have not been completely processed.

Once load balancing is no longer required, ensure that the synchronization serverClosed runs the provisioning processes and single object synchronization.

To configure load balancing for a target system

  1. Configure the servers and declare them as Job servers in One Identity Manager.

    • Job servers that share processing must have the No process assignment option enabled.

    • Assign the standard server function of the respective target system to these Job servers.

    All Job servers must be able to access the same target system as the synchronization server for the respective base object. For more information about setting up the synchronization server, see the administration guides for connecting to target systems.

  2. Use the Synchronization EditorClosed to create a server function for the target system's base object.

    1. On the base object's main data form, click next to the Service function field.

    2. Enter a name for the server function.

    3. Enable all the Job servers to which the server function will be assigned.

      Only enable the Job servers that can access the same target system as the base object's synchronization server.

    4. Click OK.

To use the synchronization server without load balancing.

  • In the Synchronization Editor, remove the server function from the base object.
Restrictions

Load balancing is only used if the number of maximum instances for the run process taskClosed or process componentClosed is set to 0 or >1.

If the maximum number of instances on the process task or process component is set to 1 or -1, load balancing cannot take place. This affects processes, which use the following process tasks:

  • AdHocProjectionSingle
  • AdHocProjectionSinglex86
  • UpdateProjectionSingle
  • UpdateProjectionSinglex86

These process tasks are used, for example, by different provisioning processes for the HCL Domino and Google Workspace target system types.

For more information about these process tasks, see the One Identity Manager Configuration Guide.

Detailed information about this topic

Automatically create and update synchronization projects

You can create synchronization projectsClosed automatically. This can be particularly useful if you want to set up synchronization projects for different Active Directory domains, which require the same configuration. A new synchronization project is generated from the command line or with a Windows PowerShell CmdLet using the configuration of a reference project. The reference project's configuration is supplied in a configuration file. which you can modify. You can define variable settings, like the target system to connect or password, in parameters, which are used passed values when the command is called.

Existing synchronization projects for which patches are available can be updated in the same way. A configuration file is made available using a reference project that contains a list of all the patches that are to be applied. Only patches that do not require any user input can be applied.

To set up automatic creation of synchronization projects:

  1. Enable expert mode in the Synchronization EditorClosed.

  2. Create the reference project using the project wizard.

    1. Create a new synchronization project.

      • (Optional) If a remote connection is going to be used for automatically creating synchronization projects, establish a remote connection when the reference project is set up.

    2. Click Save configuration on the last page of the project wizard.

    3. Select a repository for the configuration file and give it a name.

      The file is saved as a Synchronization Editor workspace file with the extension sews.

    4. End the project wizard.

  3. CustomizeClosed the synchronization configuration in the configuration file.

    • Check the saved settings and adjust the values.

    • Create the parameters for changeable settings.

  4. To create synchronization projects with this configuration

  5. To automatically create synchronization projects, use scripts which run the Synchronization Editor Command Line Interface or the Synchronization Editor ModuleClosed for Windows PowerShell.

To set up automatic updating of synchronization projects:

  1. Enable expert mode in the Synchronization Editor.

  2. Create the configuration file.

    1. Open the reference project.

    2. (Optional) If a remote connection is going to be used to automatically update the synchronization project, establish the connection now.

    3. Select Edit > Update synchronization project from the menu.

    4. Optional: Select the patches to be applied under Available patches. Select at least one patch or milestone. Multi-select is possible.

    5. Click Save configuration.

    6. Select a repository for the configuration file and give it a name.

      The file is saved as a Synchronization Editor workspace file with the extension sews.

  3. Customize the synchronization configuration in the configuration file.

    • Check the saved settings and adjust the values.

    • Create the parameters for changeable settings.

  4. To update synchronization projects with this configuration:

    • Open up the Synchronization Editor Command Line Interface.

      - OR -

    • Load the Synchronization Editor Module for Windows PowerShell.

  5. To automatically update synchronization projects, use scripts which run the Synchronization Editor Command Line Interface or the Synchronization Editor Module for Windows PowerShell.

TIP: A configuration file created for setting up new synchronization projects can also be used for updating synchronization projects. Add the necessary editor and parameters to the configuration file.

Detailed information about this topic
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione