Chat now with support
Chat with Support

Identity Manager 8.1.4 - Target System Synchronization Reference Guide

Target system synchronization with the Synchronization Editor Working with the Synchronization Editor Basics of target system synchronization Setting up synchronization
Starting the Synchronization Editor Creating a synchronization project Configuring synchronization
Setting up mappings Setting up synchronization workflows Connecting systems Editing the scope Using variables and variable sets Setting up start up configurations Setting up base objects
Overview of schema classes Customizing the synchronization configuration Checking the consistency of the synchronization configuration Activating the synchronization project Defining start up sequences
Running synchronization Synchronization analysis Setting up synchronization with default connectors Updating existing synchronization projects Script library for synchronization projects Additional information for experts Resolving errors when connecting target systems Configuration parameters for target system synchronization Configuration file examples Glossary

Load balancing during provisioning and single object synchronization

You can accelerate provisioning and single object synchronizationClosed by distributing processes over several Job servers. To do this, you use the base objects to specify, which Job servers will handle the objects in parallel.

Load balancing can be implemented to manage spikes in data traffic, for example, when a college semester begins, numerous accounts must be added and provisioned in the target system.

If a property of a user account is changed after restructuring in the target system, you can use single object synchronization to select all the affected user accounts and load the changed property into the One Identity Manager database.

There are specific Job servers configured for cases like this. For each base object, a server function is defined and assigned to the Job serverClosed. All Job servers with this attribute run provisioning and single object synchronization processes in parallel.

NOTE: You should not implement load balancing for provisioning or single object synchronization on a permanent basis. Parallel processing of objects might result in dependencies not being resolved because referenced objects from another Job server have not been completely processed.

Once load balancing is no longer required, ensure that the synchronization server executes the provisioning processes and single object synchronization.

To configure load balancing for a target system

  1. Configure the servers and declare them as Job servers in One Identity Manager.

    • Assign the standard server function of the respective target system to these Job servers.

    All Job servers must be able to access the same target system as the synchronization server for the respective base object. For detailed information about setting up the synchronization server, see the administration guides for connecting to target systems.

  2. Use the Synchronization EditorClosed to create a server function for the target system's base object.

    1. On the base object's master data form, click next to the Service function field.

    2. Enter a name for the server function.

    3. Enable all the Job servers to which the server function will be assigned.

      Only enable the Job servers that can access the same target system as the base object's synchronization server.

    4. Click OK.

To use the synchronization server without load balancing.

  • In the Synchronization Editor, remove the server function from the base object.
Restrictions

Load balancing is only used if the number of maximum instances for the executed process task or process component is set to 0 or >1.

If the maximum number of instances on the process task or process component is set to 1 or -1, load balancing cannot take place. This affects processes, which use the following process tasks:

  • AdHocProjectionSingle
  • AdHocProjectionSinglex86
  • UpdateProjectionSingle
  • UpdateProjectionSinglex86

These process tasks are used, for example, by different provisioning processes for the IBM Notes and G Suite target system types.

For more information about these process tasks, see the One Identity Manager Configuration Guide.

Detailed information about this topic

Automatically create and update synchronization projects

You can create synchronization projectsClosed automatically. This can be particularly useful if you want to set up synchronization projects for different Active Directory domains, which require the same configuration. A new synchronization project is generated from the command line or with a Windows PowerShell CmdLet using the configuration of a reference project. The reference project's configuration is supplied in a configuration file. which you can modify. You can define variable settings, like the target system to connect or password, in parameters, which are used passed values when the command is called.

Existing synchronization projects for which patches are available can be updated in the same way. A configuration file is made available using a reference project that contains a list of all the patches that are to be applied. Only patches that do not require any user input can be applied.

To set up automatic creation of synchronization projects:

  1. Enable expert mode in the Synchronization EditorClosed.

  2. Create the reference project using the project wizard.

    1. Create a new synchronization project.

    2. Click Save configuration on the last page of the project wizard.

    3. Select a repository for the configuration file and give it a name.

      The file is saved as a Synchronization Editor workspace file with the extension sews.

    4. End the project wizard.

  3. Customize the synchronization configuration in the configuration file.

    • Check the saved settings and adjust the values.

    • Create the parameters for changeable settings.

  4. To create synchronization projects with this configuration

  5. To automatically create synchronization projects, use scripts which execute the Synchronization Editor Command Line Interface or the Synchronization Editor Module for Windows PowerShell.

To set up automatic updating of synchronization projects:

  1. Enable expert mode in the Synchronization Editor.

  2. Create the configuration file.

    1. Open the reference project.

    2. Select Edit | Update synchronization project from the menu.

    3. Optional: Select the patches to be applied under Available patches. Select at least one patch or milestone. Multi-select is possible.

    4. Click Save configuration.

    5. Select a repository for the configuration file and give it a name.

      The file is saved as a Synchronization Editor workspace file with the extension sews.

  3. Customize the synchronization configuration in the configuration file.

    • Check the saved settings and adjust the values.

    • Create the parameters for changeable settings.

  4. To update synchronization projects with this configuration:

    • Open up the Synchronization Editor Command Line Interface.

      - OR -

    • Load the Synchronization Editor Module for Windows PowerShell.

  5. To automatically update synchronization projects, use scripts which execute the Synchronization Editor Command Line Interface or the Synchronization Editor Module for Windows PowerShell.

TIP: A configuration file created for setting up new synchronization projects can also be used for updating synchronization projects. Add the necessary editor and parameters to the configuration file.

Detailed information about this topic

Customizing the configuration file

All data required for creating or updating a synchronization projectClosed is saved in XML format. The file is divided into three main sections:

Structure of the configuration file

<?xml version="1.0" encoding="utf-8"?>

<SynchronizationEditorWorkspace Version="1.0">

<Parameters>

...

</Parameters>

<Global>

...

</Global>

<Editors>

...

</Editors>

</SynchronizationEditorWorkspace>

Customize the settings to create or update a new synchronization project based on this configuration file. Use parameters for all variable values if different synchronization projects are going to be created or updated with this configuration file.

To Customize the configuration file

  1. Decide on the variable values.

  2. Define parameters for each of these values.

  3. Replace the values with parameters.

Example

Synchronization projects should be created for various Active Directory domains in different One Identity Manager databases on one and the same database server. A synchronization project has been created with the project wizard for one of these domains. This reference project's configuration file must be adjusted such that it can be used for all the other domains.

The following settings must be customized:

  • Define parameters for the One Identity Manager database, database user, system user and its password.

  • Define parameter for the domain name, domain controller Active Directory user and its password.

  • Define a parameter for the synchronization project, if more than one synchronization projects is going to added to one database.

  • Replace the respective values in the global and editor sections with these parameters.

    IMPORTANT: The connection data for the One Identity Manager database in the global definitions (WorkDatabase.ConnectionString) and in the editor definitions (MainConnection.ConnectionParameter) must be identical. If you replace these value with parameters, use the same parameter in each case.

    The following table shows the required adjustments in the configuration file based on a reference project from a SQL Server database. For detailed information about the connection data for a SQL Server database, see the One Identity Manager Installation Guide. For detailed information about One Identity Manager authentication modules, see the One Identity Manager Authorization and Authentication Guide.

    Customizations to the configuration file for new synchronization projects:

    • WorkDatabase.ConnectionString

      data source=<database server>;initial catalog=<database>;
      user id=<user>;pooling=False;Password=$DBPassword$

      Replace <database> and <user> with parameters, such as $Database$ and $DBUser$.

    • WorkDatabase.AuthenticationString

      Module=<authentication module>;User[VI.DB_USER]=<system user>;(Password)Password[VI.DB_Password]=<password>

      Replace <system user> and <password> with parameters, such as $SystemUser$ and $SystemPassword$.

    • MainConnection.ConnectionParameter

      Authentication=ProjectorAuthenticator;
      data source=<database server>;DBFactory="VI.DB.ViSqlFactory, VI.DB";
      initial catalog=<database>;password="<DBPassword>";pooling=False;
      user id=<user>

      Replace <system user> and <password> with parameters, such as $SystemUser$ and $SystemPassword$.

    • ConnectedSystemConnection.ConnectionParameter

      ADAuthentication=<authentication type>;
      ADEnableras=<Remote Access Service>;
      ADEnablerecyclebin=<Active Directory recycle bin>;
      ADEnableterminal=<terminal service>;
      ADPort=<Port>;ADRootdn="<distinguished domain name>";
      ADServer=<domain controller>;
      ADTypeEnableExtensions=<type classes allowed>;
      ADTypeExtensions=<type class definition>;
      baseloginaccount=<Active Directory user>;
      basepassword="<Active Directory password>"

      Replace <distinguished domain name>, <domain controller>, <Active Directory user> and <Active Directory password> with parameters.

    • ShellDisplay

      <synchronization project display name>

      Replace the <synchronization project display name> with a parameter if more than one synchronization projects are added to a database.

For more information, see Configuration file for creating new synchronization projects.

Parameter definitions

First, define all the parameters for variable settings. You can use these parameters in the global and editor definitions.

Table 84: Parameter definition

Attribute

Description

Parameter name

Name of the parameter.

Display

Display name of the parameter.

IsQueryParameter

Specifies whether the parameter's value is given by the user.

  • False: The parameter value is passed on the command line.

  • True: The parameter value is queried after the command is run. The user must enter a value. This setting can be used to input a password, for example.

IsSecret

Specifies whether the parameter value is displayed or not.

  • False: The parameter value is displayed when the user enters it.

  • True: The parameter is masked when the user enters it.

Example value

Default value used if no value is entered on the command line or by user input. If no default value is defined, a value must be passed on the command line or entered by the user.

ValueFormat

Format of the parameter value. Permitted values are:

  • ConnectionParameterValue: The value is formatted as a connection parameter. Special characters are masked.
  • Default: The parameter value is handled as given.

If no ValueFormat is defined, the parameter value is handled as given.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating