Sun Identity Manager Overview

Assessing the Need for Availability

This section describes how to assess the amount of availability that your specific deployment requires.

Assessing the Cost of Downtime

Because Identity Manager is not in the transaction path between general users and the systems and applications that they already have access to, Identity Manager downtime is not the nightmare that you might imagine. If Identity Manager is unavailable, end users are still able to access resources through their provisioned accounts.

The main cost of Identity Manager downtime is lost productivity. If Identity Manager is down, end users cannot use Identity Manager to gain access to systems that they are either locked out of or not provisioned to.

To calculate the cost of downtime, the first number that is needed is the average cost of lost productivity due to end users being unable to access computing resources within the enterprise. In our assessment, this number is called productivity per person hour.

The other major number that needs to be determined is the percentage of end users within the user population who need to use Identity Manager at any given time. This population usually includes new hires who need to be provisioned, and end users who have forgotten their password if password management is a part of the deployment.

Consider the following hypothetical situation:

Total number of employees 



Number of password resets in a day 



Number of new hires in a day 



Number of hours in a work day 


For this particular situation you can calculate the following:

Using these numbers you can then estimate the cost of an Identity Manager outage:

Productivity per person hour 



Loss in productivity 



(50% decrease in productivity due to inability to access system) 

Number of people affected 






Duration of outage 

2 hours 


Total immediate loss 



This example shows that even though the number of users being managed by Identity Manager is high, the number of users needing Identity Manager to gain access to systems at any given time is usually low.

Another point to consider is that the time it takes to bring a system like Identity Manager back online is usually less than the time it takes to execute the manual provisioning processes that Identity Manager is automating. So while Identity Manager downtime exacts a cost, it is usually less than the cost of using manual processes to give users access to resources.

Understanding the Causes of Downtime

When planning for an Identity Manager highly-available deployment, it is worthwhile to consider the causes of downtime.

These causes include the following:

Calculating Return on Investment

Identity Manager automates processes and reduces lost productivity. The return on investing in a highly-available Identity Manager architecture is realized by minimizing downtime and averting lost productivity.

You can use the cost of downtime to determine the amount of availability that is ultimately needed for Identity Manager. In general, a moderate investment in making Identity Manager highly-available is worthwhile.

When calculating the cost of your investment, remember that purchasing HA/FT hardware and software is only one part of implementing an available solution. Having a knowledgeable staff to keep it up and running is another cost.