Difference between Java based and .NET based connectors in OIM

When to use a Java based connector for Oracle Identity Manager (OIM) or a .Net based connector. This post will go over the difference between these two types of OIM connectors.
There are two types of connector servers: .NET based and Java based. For example for Microsoft Active Directory User Management connector, a .Net connector is required (not a java based connector).
In order to run the AD User Management connector, first make sure you have a .NET connector server running on a windows host, which is typically a host joined to the domain. It is not necessary to install the .Net connector server on a Domain Controller. Here in you deploy your AD connector and do the Trusted Recon or Provisioning etc jobs/operations. See below Connector Architecture for .Net based connector.
.Net based connector Architecture
As shown in the above Connector Architecture for Microsoft Active Directory connector, the Connector bundle which is the main connector software is deployed on a server running the .Net Connector.

See below the Connector Architecture for Siebel User Management Connector. Here there is no need for a separate connector server and all connector components can be installed on the OIM server itself.
Connector Architecture diagram for Siebel User Management connector (which is java based connector)
Oracle Identity Governance communicates with a .NET Connector Server over the network. The .NET Connector Server serves as a proxy to provide any authenticated application access to the current version of the connector deployed within the .NET Connector Server. Once again the Connector Server need not be on the domain controller on which the target system is running. Connector Server can be configured on any machine in the Microsoft Active Directory domain.

The Microsoft Active Directory User Management connector is a .NET connector that supports provisioning to and reconciliation from Microsoft Windows servers running, Microsoft Active Directory Domain Services (AD DS) and Microsoft Active Directory Lightweight Directory Services (AD LDS).

Instead of communicating directly with the native API, ICF Common communicates with the connector framework through its API, and then calls SPI operations on a specific version of this connector. Between the Java ICF and the connector, the .NET Connector Framework resides (in the context of which the connector is running) and bridges the Java ICF and .NET connector. The connector is deployed in the .NET connector framework.

The other type of connector are java based, for example Siebel user connector can be directly run on the OIM host/server itself. There is no need for a separate connector server.

Here is direct from Oracle docs about Connector server.
1.8.2 Support for the Connector Server
Connector Server is one of the features provided by ICF. By using one or more connector servers, the connector architecture permits your application to communicate with externally deployed bundles.

A Java connector server is useful when you do not wish to execute a Java connector bundle in the same VM as your application. It can be beneficial to run a Java connector on a different host for performance improvements.
For Microsoft AD connector, it is required to have a .Net based connector.
Regardless of which type of connector you use, the steps for configuring the connector remain same. See below steps from Start to Done.
Overall Flow of the Process for Creating an Application By Using the Connector

-----------------------------------------------------------------------------------------------
Ref: Fusion Middleware Developers Guide for Oracle Identity Manager
http://docs.oracle.com/cd/E21764_01/doc.1111/e14309/icfpart.htm#sthref467

Provisioning/Recon to AD and Exchange will require you to run a .NET connector server on a Windows box. In this case, connector server is a mandatory piece. Check connector documentation for the requirements around Windows box (like same domain as AD and others).

Java based connector server can run anywhere (even in the same box OIM server is running). But keep in mind that connector server is an optional piece for Java based connectors, these connectors can be directly executed in OIM.
------------------------------------------------------------------------------------------------
An application instance is a provisionable entity. It is a combination of IT resource instance (target connectivity and connector configuration) and resource object (provisioning mechanism). Application instances have business-friendly names that are easier to remember. Creating and managing application instances are performed by using the Application Instance section of Oracle Identity System Administration.


Application instances can be connected or disconnected. A connected application instance has a connector defined for the provisioning of entities. A disconnected application instance is used for the provisioning of a disconnected resource, for which a connector is not defined, and therefore, the provisioning is performed manually by the administrator. 

tags: Oracle Identity Manager, OIM, Connector server

Comments

Popular posts from this blog

VMware fix for Invalid manifest and ova file import failed errors

SOAPUI - import certificate

Session Timeout in Oracle Access Manager