If Identity Manager Service Provider functionality is to be utilized, Sun recommends adding a web tier between the user tier and the application tier. The web tier consists of one or more web servers that reside in a demilitarized zone (DMZ) that is separated by a firewall from the application tier.
An LDAP repository is required if Service Provider functionality is to be utilized. If Identity Manager will only be supporting extranet clients, a standard Identity Manager repository is recommended, but not required. Otherwise, if Identity Manager will be supporting both intranet and extranet users, an LDAP repository and a standard Identity Manager repository is required.