Data synchronization

IBM Security Identity Manager stores most of its operational data in an LDAP directory. Examples of operational data include information about the people and accounts that are managed by ISIM, the policies defined in ISIM, and other information. IBM Security Identity Manager provides the ability for users to run reports about this operational data. For example:

• As an auditor, we can run a report that lists all of the people who are in violation of a corporate policy.

• As an administrator, we can run a report that lists all of the accounts that are inactive for the last six months.

• As a manager, we can run a report that lists all of the accounts that are owned by people in your department.

The reporting architecture requires that data reside in a database. The ISIM data synchronization feature copies the operational data from the LDAP directory to a database, making it available to be included in reports.

Running data synchronization

Data synchronization can be run in the following ways.

Full data synchronization

This approach synchronizes all of the operational data. That is, the full data synchronization process starts by deleting all of the data it previously copied into the database. Then, it copies all of the operational data from the LDAP directory to the database. The full data synchronization can be run in the following ways:

On demand

As an administrator, we can log in to IBM Security Identity Manager, and run the full data synchronization process.

On a recurring schedule

As an administrator, we can configure IBM Security Identity Manager to automatically run the full data synchronization process on a specified recurring schedule. For example, we can configure IBM Security Identity Manager to run the full data synchronization process at these times:

• Every Sunday night at midnight.

• The 15th day of every month.

Incremental data synchronization

This approach synchronizes only the operational data that changed since the last time the data was synchronized. Unlike the full data synchronization, the incremental data synchronization does not delete all of the data it previously copied into the database. Rather, it updates the database to reflect the changes that occurred in the LDAP directory since the last time the data was synchronized. Incremental data synchronization requires enabling the LDAP change log feature.

Report Data Synchronization Utility

This approach is identical to the full data synchronization. The only difference is that it can be run from a computer that is not part of the deployed IBM Security Identity Manager environment. That is, the first two approaches must be run on a computer in which IBM Security Identity Manager is installed. The Report Data Synchronization Utility can be run on any computer, provided the computer meets the hardware and software requirements of the utility.

• Data synchronization for reports
  Manage schedules for data synchronization, or initiate a data synchronization activity immediately. We can also refresh the synchronization status.
• Incremental data synchronizer overview
  The Incremental Data Synchronizer is a separately installed utility that provides fast synchronization of data and access control items. Synchronization occurs between the directory server that ISIM uses and the ISIM database.
• Utility for external report data synchronization
  The report data synchronization utility is a separately installed utility that synchronizes data and access control items between the directory server and the IBM Security Identity Manager virtual appliance database. The synchronized data is used for running the reports.

Parent topic: Report administration