A Hybrid Identity Management (IdM) Migration Approach

by Xiaofang Chen on April 14th, 2012

I see an Oracle Waveset Identity Manager (previously Sun Identity Manager) Migration project as a cooking challenge where you need to recreate a given dish in a particular time frame. You are going to be using different tools and techniques in your reconstruction but it has to resemble the taste and look-and-feel of the original dish. I could guarantee that almost everyone knows how to approach the challenge. First you carefully observe the original dish by tasting and feeling its texture, then identify the individual ingredients, and finally design a recipe by choosing the right tools and applying appropriate techniques. Your satisfaction with tasting the final product might vary but we are able to have the approach nailed down. I wish choosing the right IdM Migration approach could be as simple!

Let me explain what I mean. Some companies we know view the Migration effort of their Sun IdM solution as another infrastructure application upgrade. Their approach is driven by the Migration Toolkit released by the vendor (Oracle). We call this approach “Migration by Objects” since the list of various resources / components / assets inside the Sun tool is generated by the Vendor Migration Toolkit, then analyzed and migrated. The problem of this bottom-up approach is similar to the problem of recreating  the original dish by starting with the list of ingredients. The overall taste and feel (i.e. business requirements) might be lost during such "translation". Consider the following situations:
  • There are duplicate solutions implemented in the existing Sun IdM implementation (e.g. manual vs. scheduled) due to historical reasons. Only one of them needs to be migrated
  • There are existing objects (e.g. workflows, reports) that are never referenced/used in current system
  • There are obvious improvement opportunities in certain areas of business processes
  • There is existing customization that could be easily replaced by the latest advancement in Identity Management (e.g. customized java classes vs. Out-Of-Box Password Synchronization Adapter)
The opposite of “Migration by Objects” approach is to focus on re-designing the new system based on business requirements and processes. We call this approach “Migration by Use Cases”. The potential risk of this approach is overlooking functionality details and not fully leveraging the existing implementation. This is similar as to recreating the original dish without analyzing the detailed ingredients. Imagine realizing the end product is missing some key ingredients after the solution is delivered.

What we need is a well-balanced hybrid Top-Down (“Migration by Use Cases”) and Bottom-Up (“Migration by Objects”) approach. Overlooking one or the other introduces risks to the success of Migration. Unfortunately, most of Sun IdM Migration tools in the market nowadays are designed to facilitate the Bottom-Up (“Migration by Objects”) approach. They could be used to generate a catalog of existing Identity Objects and even to auto-migrate some simple objects (e.g. users, security objects) onto a particular Identity Management platform. But they fail to provide information from the perspectives of business processes/use cases.

Thus we, Identigral, have created our own Sun IdM Migration Toolkit to facilitate a hybrid Top-Down (“Migration by Use Cases”) and Bottom-Up (“Migration by Objects”) approach. This Toolkit could be used to auto-discover use cases by analyzing the implementation objects (e.g. Java class, XML objects) in an Identity Management solution repository. It fills the gap missing in other IdM Migration tools by establishing the connection between the business view and the underlying implementation. We have started applying this Toolkit in our current Sun IdM Migration projects and have received positive feedback from clients after seeing how much value it brings. Feel free to contact us if you want to learn more about the Toolkit. And stay tuned -- this toolkit will soon be available for OIM 10g Migration projects as well.


Posted in Sun Identity Manager    Tagged with waveset, waveset, sim, migration


0 Comments


Leave a Comment
Search

Subscribe

follow on

2012 (1)
2011 (2)
2010 (2)
2009 (64)
March (11)
April (18)
May (18)
June (4)
July (1)
August (1)
September (5)
October (5)
December (1)