1. Field
Embodiments of the invention relate to a distributed topology enabler for an identity manager that controls user access to different Identity Manager (IM) systems.
2. Description of the Related Art
An Identity Manager (IM) system controls user access to different systems. Systems may be described as “end points” that need user identification (userid) management. Systems may be any combination of computers, computer applications, network devices, human interface devices, appliances, etc.
Implementations for distributed IM nodes typically have requirements that include, for example:                24/7 availability        Millions of users/accounts        Thousands of managed platforms        Distributed administration and management        Distributed maintenance        
Operationally, these requirements present challenges in conventional IM systems. For example, conventional IM systems have difficulty with the requirements to manage the reconciliation load and scheduling of tens of thousands of services; the need to distribute IM configuration tasks for these services; and the need to provide a rolling schedule for system maintenance activities without bringing down entire IM functionality. Some conventional IM systems may be deployed in a cluster to improve performance and provide failover, but, in very large configurations, the conventional IM systems do not provide maintenance or an upgrade window, or control over reconciliation load management or decentralized administration and maintenance.
Thus, there are drawbacks of existing IM solutions in very large scale implementations. For example, scalability may be reached by adding nodes to a cluster, but this solution may suffer from the bottleneck of a single data repository. Also, an outage or maintenance window may bring down the entire IM infrastructure. Moreover, the configuration tasks are managed and implemented on a single application, putting configuration load at one point.