Oracle Waveset (formerly Sun Identity Manager) migration to OIM
Oracle Waveset is former Sun Identity Manager.
Migration Oracle Waveset (OW, earlier Sun Identity Manager) to Oracle Identity Manager
Oracle WevSet (OW) (earlier Sun Identity Manager – SIM) is Identity Management product from Sun that Oracle acquired in and renamed as Oracle Waveset (OW). Oracle Identity Manager (OIM) is a provisioning and identity Management product from Thor Xellerate that Oracle acquired and renamed as Oracle Identity Manager (OIM). Oracle Identity Manager is strategic identity provisioning/reconciliation and management software from Oracle . Oracle Waveset (including Connector Server) will slowly merge with Oracle Identity Manager.
This post covers an overview of Oracle Waveset (OW, earlier Sun Identity Manager) to Oracle Identity Manager migration.
1. Oracle Waveset (OW) objects that can be directly mapped to their equivalents in OIM.
1.1 These will be automatically or partially migrated Not too many surprises here. A good portion of OW objects could find direct mappings in OIM. Example of such objects
a) Enterprise Identity Data Objects (e.g. Organization, Role, User, and Resource)
b) Schema Templates and Policy Objects (e.g. IDM Schema Configuration, Email Templates, and Password Policy)
c) Administration and Authorization Objects (e.g. Capabilities and Admin Roles)
d) Business Logic and Process Data Objects (e.g. Process/Object Forms)
Note: Not all features of these objects could be directly mapped to OIM. For Example, dynamic variables in OW Email Templates need to be manually configured in OIM once these templates are automatically migrated. How much these OW features are used in your OW/SIM implementation will determine the amount of automatic translation that could happen.
2. Oracle Waveset (OW) objects with no direct equivalent in OIM.
2.1 There will be a report capturing these objects and they will require manual migration.
2.2 As a general rule of thumb, any customized XPRESS scripting will likely require re-implementation. The migration toolkit will not be able to translate XPRESS logic into SOA composites or OIM adapters or Java code underlying adapters. User Interfaces and Workflows fall into this category.
3. Audit trail / Historical data. These records will not be automatically migrated
As Oracle Waveset and Oracle Identity Manager employ different schema for persistence of audit records, recommendation is to follow a co-existence strategy. In this approach, audit artefacts would be generated from either OW, OIM or both depending on context / need.
4. Identity Connector Framework (ICF) will be leveraged by the migration toolkit. Plan is to build both OW and OIM resource connectors on top of the new Identity Connector Framework (ICF). It’s already available to Oracle Waveset customers as long as they upgrade their installation to 8.1.x. This not only enables them to leverage new features and enjoy updates to the connectors provided by Oracle but also unifies the underlying infrastructure for a seamless transition by the migration toolkit.
Overall, the Oracle Waveset to Oracle Identity Manager migration toolkit by Oracle is a respectable attempt at automating the migration tasks. It pays attention to details regarding product differences and focuses on identifying customizations that require manual effort to migrate. For example, the toolkit takes care of passwords and challenge questions/answers when migrating OW users such that end users won’t need to reset passwords or re-enter their challenge answers in OIM.
On the other hand, no magic tool could solve real life problems in a quick and easy way. (This was one of the lessons taught in Doraemon’s stories).
Oracle Waveset Object Type | List of Objects | Pre- Migration Analysis by Migration Toolkit | Migration Effort Considerations | |
Out-Of-Box | Connectors | Authoritative source(HR) Connector (e.g. Active Sync Resource Adapters | Automated | Might require upgrading to OW version 8.1.X |
Managed resources Connectors | Automated | Might require upgrading to OW version 8.1.X | ||
Task Definitions | Deferred Task Scanner (Scan user objects for termination tasks) | Semi-Automated | Map to OIM Scheduled Task. Since the termination on mechanism is different between OW and OIM, the “to-be-terminated” user onjects during cutover period need to be manually migrated | |
Customized | User Forms | Active Sync Input Form For HR Connector | Semi-Automated | Mapped to OIM process Forms and Request Data Set Manual migration is required if any OW-Specific features (e.g. validation logic) are used by the customization. |
Update user Form to tag user with the future termination on date | ||||
Forms to display details for performing manual termination | ||||
Task Definitions | Require manual migration. These processes are shared with other use cases (e.g updating user profile from HR) | |||
Processes to process updates from HR | Manual | Require manual migration. Consider enhancing a grace period before hard termination. | ||
Processes to terminate users in both managed and non-managed resources | Manual | |||
Rules | Common Logic Used by customized user Forms and Workflow | Manual | Require manual migration. | |
Mapped to OIM Email templates. Manual migration is required if any OW-specific features(e.g. Dunamis) | ||||
Email Templates | Termination Email notifications | Semi-Automated |
Comments
Post a Comment