[nv-l] Three tier Architecture for Tivoli Identity Manager

2005-09-13 06:33:53
Subject: [nv-l] Three tier Architecture for Tivoli Identity Manager
From: "Karl Prinelle" <Karl.Prinelle AT elyzium.co DOT uk>
To: <nv-l AT lists.us.ibm DOT com>
Date: Tue, 13 Sep 2005 11:32:48 +0100
This isn't the right list - use tme10 AT lists.us.ibm DOT com for the Tivoli product set, or DeveloperWorks on the IBM site.
That said, in answer to your question;
You seem to be talking about a functional cluster - but these are being depreciated afaik - ITIM 4.6 only supports a regular cluster.
It very much depends on system load & sizing to be honest.  You can put it all on one machine, or you can have many.  Assuming you use IDS (which uses DB2) and you need multiple servers;
Server#1: WAS & ITIM Application
Server#2: IBM Directory Server (ITIM instance), DB2 (LDAP instance), DB2 (ITIM Audit db instance)
Server#1: WAS & ITIM Application - node 1
Server#2: WAS & ITIM Application - node 2
Server#3: WAS Cluster Manager, IBM Directory Server (ITIM instance), DB2 (LDAP instance), DB2 (ITIM Audit db instance)
Server#4: HTTP server (points to Server#1, Server#2)
In terms of DMZ's, all the ports are documented for inter-app communication so that should be ok, although personally I'd put the ITIM solution within it's own DMZ & not each box.  Put the HTTP server (server#4) outside the DMZ if necessary.  That way you limit the DMZ config's needed yet don't really loose that much by way of security.

Karl Prinelle
Principal Architect
Elyzium Ltd


This email transmission is confidential and intended solely for the person or organisation to whom it is addressed.  If you are not the intended recipient, you must not copy, distribute or disseminate the information, or take any action in reliance of it. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of any organisation or employer.  If you have received this message in error, do not open any attachment but please notify the sender (above) deleting this message from your system.  Please rely on your own virus check, no responsibility is taken by the sender for any damage rising out of any bug or virus infection.

<Prev in Thread] Current Thread [Next in Thread>