Oracle Waveset (formerly Sun Identity Manager) migration to OIM

Oracle Waveset is former Sun Identity Manager.


Migration Oracle Waveset (OW, earlier Sun Identity Manager) to Oracle Identity Manager


Oracle WevSet (OW) (earlier Sun Identity Manager – SIM) is Identity Management product from Sun that Oracle acquired in and renamed as Oracle Waveset (OW). Oracle Identity Manager (OIM) is a provisioning and identity Management product from Thor Xellerate that Oracle acquired and renamed as Oracle Identity Manager (OIM). Oracle Identity Manager is strategic identity provisioning/reconciliation and management software from Oracle . Oracle Waveset (including Connector Server) will slowly merge with Oracle Identity Manager.
This post covers an overview of Oracle Waveset (OW, earlier Sun Identity Manager) to Oracle Identity Manager migration.
1. Oracle Waveset (OW) objects that can be directly mapped to their equivalents in OIM.
1.1 These will be automatically or partially migrated Not too many surprises here. A good portion of OW objects could find direct mappings in OIM. Example of such objects
a) Enterprise Identity Data Objects (e.g. Organization, Role, User, and Resource)
b) Schema Templates and Policy Objects (e.g. IDM Schema Configuration, Email Templates, and Password Policy)
c) Administration and Authorization Objects (e.g. Capabilities and Admin Roles)
d) Business Logic and Process Data Objects (e.g. Process/Object Forms)
Note: Not all features of these objects could be directly mapped to OIM. For Example, dynamic variables in OW Email Templates need to be manually configured in OIM once these templates are automatically migrated. How much these OW features are used in your OW/SIM implementation will determine the amount of automatic translation that could happen.
2. Oracle Waveset (OW) objects with no direct equivalent in OIM.
2.1 There will be a report capturing these objects and they will require manual migration.
2.2 As a general rule of thumb, any customized XPRESS scripting will likely require re-implementation. The migration toolkit will not be able to translate XPRESS logic into SOA composites or OIM adapters or Java code underlying adapters. User Interfaces and Workflows fall into this category.
3. Audit trail / Historical data. These records will not be automatically migrated
As Oracle Waveset and Oracle Identity Manager employ different schema for persistence of audit records, recommendation is to follow a co-existence strategy. In this approach, audit artefacts would be generated from either OW, OIM or both depending on context / need.
4. Identity Connector Framework (ICF) will be leveraged by the migration toolkit. Plan is to build both OW and OIM resource connectors on top of the new Identity Connector Framework (ICF). It’s already available to Oracle Waveset customers as long as they upgrade their installation to 8.1.x. This not only enables them to leverage new features and enjoy updates to the connectors provided by Oracle but also unifies the underlying infrastructure for a seamless transition by the migration toolkit.
Overall, the Oracle Waveset to Oracle Identity Manager migration toolkit by Oracle is a respectable attempt at automating the migration tasks. It pays attention to details regarding product differences and focuses on identifying customizations that require manual effort to migrate. For example, the toolkit takes care of passwords and challenge questions/answers when migrating OW users such that end users won’t need to reset passwords or re-enter their challenge answers in OIM.
On the other hand, no magic tool could solve real life problems in a quick and easy way. (This was one of the lessons taught in Doraemon’s stories).
Oracle Waveset Object TypeList of ObjectsPre- Migration Analysis by Migration ToolkitMigration Effort Considerations
Out-Of-BoxConnectorsAuthoritative source(HR) Connector (e.g. Active Sync Resource AdaptersAutomatedMight require upgrading to OW version 8.1.X
Managed resources ConnectorsAutomatedMight require upgrading to OW version 8.1.X
Task DefinitionsDeferred Task Scanner (Scan user objects for termination tasks)Semi-AutomatedMap to OIM Scheduled Task. Since the termination on mechanism is different between OW and OIM, the “to-be-terminated” user onjects during cutover period need to be manually migrated
CustomizedUser FormsActive Sync Input Form For HR ConnectorSemi-AutomatedMapped to OIM process Forms and Request Data Set Manual migration is required if any OW-Specific features (e.g. validation logic) are used by the customization.
Update user Form to tag user with the future termination on date
Forms to display details for performing manual termination
Task DefinitionsRequire manual migration. These processes are shared with other use cases (e.g updating user profile from HR)
Processes to process updates from HRManualRequire manual migration. Consider enhancing a grace period before hard termination.
Processes to terminate users in both managed and non-managed resourcesManual
RulesCommon Logic Used by customized user Forms and WorkflowManualRequire manual migration.
Mapped to OIM Email templates. Manual migration is required if any OW-specific features(e.g. Dunamis)
Email TemplatesTermination Email notificationsSemi-Automated


Comments

Popular posts from this blog

VMware fix for Invalid manifest and ova file import failed errors

Session Timeout in Oracle Access Manager

SOAPUI - import certificate