Layer 7 Access Management

Expand all | Collapse all

Clarity on the IM Provisioning Routing Rules for IAMCS/CCS Connectors

  • 1.  Clarity on the IM Provisioning Routing Rules for IAMCS/CCS Connectors

    Posted 03-16-2018 12:17 PM

    Team,

     

    I have collected the following notes to re-validate the IM provisioning routing rules and value for load-balancing.

     

    Using the ConnectorXpress UI, we can directly view the "Routing Rules" (RR) within the Identity Manager Provisioning User store.

     

    Where the "Routing Rules" are stored and how they are used.    The value statement of using the IAMCS (with the embedded CCS or managed remote single CCS service) with the checkbox of "Make this the default CS" is shown.

    - Ensure all IAMCS (with embedded CCS/remote CCS) uses this checkbox, to allow the "Routing Rules" to match for all IAMCS connectors, to avoid the need to have individual "Routing Rules" by namespace.   

     

    Example:  Do not use the vApp IAMCS connector with this checkbox, as it has no local CCS nor remote CCS service.

     

    Location of integration between IAMCS and CCS services:

    - Note:  IAMCS may only have a 1:1 relationship with a single CCS service.

    - Defined in the server_ccs.properties file.

     

     

    If the "Routing Rules" are the same between all similar connectors, then the IMPS service will select one of the available from that pool.   This appears to be a round-robin selection, that can be validated with using tail/baretail tools to the IAMCS(jcs) & CCS logs, when submitting batch transaction via IM Bulk or direct to provisioning tier IMPS, with etautil/ldapmodify CLI commands.

     

     

     

     

    Cheers,

     

    A.



  • 2.  Re: Clarity on the IM Provisioning Routing Rules for IAMCS/CCS Connectors

    Posted 03-20-2018 09:16 AM

    Thanks for taking the time to document this!