Identity Manager 4.6 Release

IDM 4.6 Released

The latest version of Identity Manager 4.6 has been released by NetIQ.  This release is a major new release as it combines the 5 services packs of 4.5 with some brand new features.  This article will discuss the release and the new features.

Review the release notes for a full list of features and enhancements at: https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html#b149h4pw

Editions

Identity Manager 4.6 still comes in 2 editions.  The standard edition and the advanced edition. NetIQ has decided to release this version with a new set of DVDs.  The options are:

Download Name Notes
Identity_Manager_4.6_Linux.iso Contains Identity Manager Server (Engine, Remote Loader, Fan-Out Agent, drivers, and plug-ins), Designer, iManager, Analyzer, OSP, SSPR, Identity Applications, Identity Reporting, and Sentinel Log Management for Identity Governance and Administration (IGA)
Identity_Manager_4.6_Windows.iso Contains Identity Manager Server (Engine, Remote Loader, Fan-Out Agent, drivers, and plug-ins), Designer, iManager, Analyzer, OSP, SSPR, Identity Applications, and Identity Reporting

NOTE:Sentinel Log Management for IGA is not supported on Windows.

Identity_Manager_4.6_Linux_Framework.iso Contains Identity Vault, Identity Manager Engine, Remote Loader, Fan-Out Agent, drivers, and plug-ins
Identity_Manager_4.6_Windows_Framework.iso Contains Identity Vault, Identity Manager Engine, Remote Loader, Fan-Out Agent, drivers, and plug-ins
Identity_Manager_4.6_Windows_IdentityApplications.iso Contains OSP, SSPR, Identity Applications, Identity Reporting, and PostgreSQL and Tomcat (convenience installer)
Identity_Manager_4.6_Linux_IdentityApplications.iso Contains OSP, SSPR, Identity Applications, Identity Reporting, and PostgreSQL and Tomcat (convenience installer)

Most customers will need either the Linux or Windows DVD and skip the framework and Identity Applications DVD.  Remember if your vault is on linux and you need the windows remote loader you must download one of the WIndows DVD’s to get the installer.

The differences between the Advanced Edition and Standard Edition have not really changed since the original release of version 4.5.  They both still use the same vault (engine, eDirectory, iManager) and SSPR.

If you need roles and resources you should upgrade to the advanced edition.  Other reasons to choose the Advanced Edition such as reporting (history).

Operating System Support has been changed to include SLES 12 SP1 and RHEL 6.8 and 7.3.  WIndows Server 2016 is not supported for the IDM engine at this time.  However the remote loader/AD driver is supported on Windows 2016.  Support for server 2016 as a vault platform will likely be released with the first service pack.

Features

Section 1.1 of the readme discusses the new features in 4.6.  We are going to discuss the top 3 changes in this article.

Engine Enhancements

There are 8 engine enhancements within this release and the biggest is the support for eDirectory 9 and iManager 3.  New vaults should take advantage of these new components.  The speed of each is a marked improvement over previous versions.  For those with eDirectory 8.x the DVD’s ship with hot patches (8.8.8.9 HF2).  If you are using eDirectory 8.x you must continue to use iManager 2.7.x.

Monitoring IDM is easier with the implementation of health monitoring via ldap.  This is likely worthy of an article in itself.

Identity Manager 4.6 also includes the Subscriber Service Channel.  It enables you to separately process the out-of-band queries without interrupting the normal flow of cached events. This requires changes to driver shims/polices and is only supported on the JDBC Fan-Out driver in this release.

This could be useful for processing queries for large amounts of data without interrupting normal flow once the drivers are updated.

New Dashboard replaces Identity Manager Home

This dashboard allows you access all features in one location for end users.

The applications tab shows applications that you have access to:

With OSP (or Access Manager) you can provide Single Sign-On to each app.  Also work has been done to keep the UI consistent across the applications. If you install all of the applications here are the URLs to keep in mind:

End of Role Based Entitlements

With this release the decision has been made to deprecate the RBE Driver.  This will affect many standard edition customers. There is no need to make any changes to your existing environment prior to or post upgrade.  The driver is included in this release but NetIQ will not be making any code changes moving forward.  We are still discussing options for those users that have their infrastructure built on Role Based Entitlements.  

Upgrades

Concensus recommends an evaluation of your current environment prior to suggesting an upgrade path.  In many cases we do not recommend in place upgrades.  Our recommendation is to build new servers on the latest supported list, install the latest software and cut-over to the new boxes.  This always gives us a back out plan in case of issues with the new version.  However you may upgrade your vault in place if you are upgrading from version 4.5.5 or 4.5.4.  Please contact us for more information.