Wrapping your brain around a complex Identity Management project during the design phase can be really tough especially if you have never done this sort of thing before. What should our suffix be? Where should the users reside in the DIT? What roles do people have? What IT resources do we want to include in provisioning? Are there existing adapters for those resources or do we have to develop them? How many servers do we need? How many people will it take to manage this? Where do we start?
Over the last year my colleague Andy and I have spent most of our time learning how to develop assembly lines in Tivoli Directory Integrator. The initial focus was on pulling user identities from a few different sources to populate an LDAP. At the time we weren't really sure if we were going to buy ITIM or ITAM or anything else for that matter, but one thing was for sure. Our Portal applications could not authenticate our staff, customers or partners without an LDAP containing all of their identities. Going after low hanging fruit we decided that our customers Active Directories, Novell Directories, and Domino Directories would be the easiest places to get their Identities since they are all standard LDAP servers and we can develop our TDI assembly lines to detect changes in each of those sources and then populate the LDAP.
All this changes with ITIM in play. My whole vision of the directory hierarchy is now different. Maybe now I'm a bit more confused or unsure of what the DIT should look like. In fact we were so concerned with what the LDAP was going to look like before, now with ITIM I'm not sure it really matters any more. Once the TIM organization layout is in place should we really care what the layout of the LDAP looks like as far as Portal is concerned?
After printing 9,000 pages of documentation for TIM and TAM on top of the 3,000 pages we had already printed for TDI and TDS we find that the tough part is wading through all of it in search of the pieces that matter the most. The design stuff is all theoretical and if you can't get through that then it's going to be tough actually setting up a TIM. There's some good IBM Classroom courses, but the times and locations are not always convenient. If your lucky you will hook up with a good IBM Business Partner who has the staff to do this knowledge transfer.
We're working with Strategic Computer Solutions, Inc. (SCS) based out of Syracuse, NY. These people are a well known IBM business partner and they really know their stuff. Through them we also got to know the folks at Software Productivity Strategists, Inc. (SPS) out of Rockville, Md. Another group of highly talented people we found that if it wasn't convenient to go to an IBM training facility for Tivoli courses, you could pay SPS to send a trainer to your location. Now, I'm sure SPS isn't the only place that offers this option, but I'll just say that they have a Tivoli Security expert on staff that is one of the best trainers I've ever worked with. I'm not talking about someone who has done nothing but train people all his professional career, but instead someone who is in the real world implementing Tivoli software in very large enterprises and government entities who then brings that experience into the classroom. And I'm sure being a college professor in the computer science domain doesn't hurt either. The IBM courses are a huge help if you can get them one way or another.
But if you cannot take the courses or if the courses are scheduled weeks or months away you can get started with some on-line courses from Computer Generated Solutions. I recommend these to anyone just getting started with the Tivoli software. Even before you meet with consultants if you can take these on-line courses it will help to provide a sort of level set with what all the software components do, how a simple system is set up and if nothing else you will begin to get the lingo down so that you have half a clue when the consultants show up. I've taken the on-line courses for Tivoli Directory Server (TDS), Tivoli Directory Integrator (TDI) and now I'm going through the ones for ITIM 4.6. The TDS course was pretty good. It answered some of my questions about the basics, but it did not help me get a cluster working, TDI is tough. The on-line course for TDI will help you understand all the components of TDI and the lingo, but its a bit of a stretch to think you will be able to write really functional assembly lines after taking it. I'm finding the on-line courses for TIM to be very good. I recall several "Ah ha" moments during these courses so it seems they are working. Don't get me wrong, these are not replacements for Classroom courses, but they are a great way to get started and I think they are really good precursors to the classroom courses. Also, CGS is really easy to work with as far as payment goes. Our company does most things via PO so CGS allows you to enroll in the Tivoli courses specifying the payment type as being a PO. Then they email you the invoice so your business office can generate a PO and all of this can be transacted electronically so you can access the courses in no time.
As far as training goes for Tivoli, I usually like to buy books and CBT's. For topics like Microsoft Active Directory and Novell NDS and Java, etc... there is tons of options at amazon.com or Barnes & Noble. What's a little frustrating is that the only thing I could find on Tivoli Security is from IBM's web site (Redbooks and product documentation). IBM Press doesn't even have any good books on the Tivoli Software which I find disappointing, They have a great book at IBM Press for DB2: Understanding DB2 Learning Visually with Examples by Raul F. Chong, Clara Liu, Suylvia F. Qi, and Dwaine R. Snow. It baffles me why no one wrote a book like this for ITIM and ITAM. Oh well, your best place to start learning this stuff is here: Tivoli Education Website
Good luck and happy learning!
1 comment:
Post a Comment