Understanding Identity Manager Service Provider System Architecture

If the Identity Manager Service Provider feature is implemented, a fifth tier is required. This tier is called the Web tier and it consists of one or more web servers located in a DMZ. No Identity Manager components are installed in the web tier. Instead, the web servers in the DMZ support one or more application servers in the application tier by responding to web page requests. Adding one or more web servers to the web tier provides enhanced scalability, and placing the web servers in a DMZ provides better network security.

The Service Provider feature also requires an LDAP repository. This repository resides in the database tier. Because the LDAP repository can be a managed resource, the LDAP server can be understood as residing in the managed resource tier, as well.

In a service-provider-only implementation, an Identity Manager repository is recommended in addition to the LDAP repository, but it is not required. If an Identity Manager repository is not deployed, some functionality such as certain reporting capabilities will not be available.

Figure 2–2 Identity Manager Service Provider System Architecture