IBM Security Identity Governance and Intelligence (IGI) 5.2.5 - a step in the right direction
If you have trouble with the IGI upgrade, our engineers can help! Give them a call.
IGI 5.2.5 was released in Q1 2019, and our first experiences (especially after the 184.108.40.206 FP that came in during summer) are positive. There were several significant changes, but I’ll deal with the one that I feel is the most interesting here.
If you have ever played with IBM’s Identity Governance solution (it was named IBM Security Identity Governance – ISIG in the early days) you’ve probably found out that it is quite different from IBM Security Identity Manager, the „standard“ IBM’s Identity Management solution for quite some time. As usual, people who had experience with ISIM would try to get the same functionality in IGI – and would usually understand pretty quickly that IGI is an entirely different beast.
What's new in a practical way?
The thing that I missed the most in the first days with IGI was the ISIM’s out-of-the-box adapters for different OS, database, and application systems, but soon after (in version 5.2) the Identity Brokerage adapters were introduced – basically bringing the proven ISIM adapters to IGI. The added functionality, unfortunately, also added complexity, most notably the need for one more server (LDAP server). To me, it always seemed a little unnatural to need both the database and LDAP server for very similar purpose.
And with IGI 5.2.5, that has changed. The LDAP functionalities of storing target configuration and data cache now resides within the database, with the rest of the IGI data, so you don’t need the LDAP server anymore.
Migration from 5.2.4 LDAP to the 5.2.5 database is automatic during the upgrade, and it works well. You will, of course, have to read the documentation carefully, and take special care of the custom adapters you built using IBM SDI and deal with any LDAP dependencies there, but in most cases you will be fine after the migration.
From what we measured, the well-tuned database in 220.127.116.11 works faster than the database + LDAP combination from 18.104.22.168, and that is always nice to see.
If you are interested, there is an excellent introduction to the new database schema, explaining how the Identity Brokerage tables work on IBM Security Learning Academy.