Novell Identity Manager 2 - InfoWorld Test Report

Novell's identity management solution relies heavily on the company's directory server, eDirectory, which does a fine job as an identity vault. Building on eDirectory to incorporate directory information from across the enterprise, Identity Manager takes care of the rest.

You'll find all the bells and whistles in Identity Manager 2, including password management, role-based provisioning, cross-application user management, user deprovisioning, and corporate white pages functionality. Furthermore, Novell has probably the most intuitive and polished user interface of the bunch.

Running through Harry's ups and downs revealed some clear benefits of the Identity Manager suite. The eDirectory and Identity Manager combo tied all of our disparate data sources together, allowing for as much flexibility and granularity as most enterprises require. 

Identity Manager handles these tasks largely with administrator-defined identity policies, which allow admins to manage complex application relationships and workflow. All this information is pumped through a two-lane highway between the Identity Vault and the subordinate applications on the network. All this, of course, depends on Identity Manager Drivers, which are the agents needed to manage all applications. Communication among Vault, Drivers, and Identity Manager is based entirely on XML.

With the exception of Novell's fairly granular workflow capabilities, this is all standard stuff. And though the Identity Manager implementation went smoothly, there wasn't much to differentiate it from the others save Novell's carefully designed, glitzy user interfaces. Defining things such as the corporate white pages or the HR-to-IT workflow that our tests required was done in a slick Web-based administration tool that offered speed and customizability.

We'd seen this before, but Novell had a definite edge in the UI department. In fact, we were already sufficiently impressed, and then they pulled out Designer.

Designer gives the Novell solution a definite ooh-aah factor not found in any of the other products here, but it's important to note that this is an optional add-on. Fortunately, right now it's a free, optional add-on, and if you're using either eDirectory or Identity Manager, we highly recommend you download it ASAP.

Based on the Eclipse framework, Designer allows administrators to lay out almost the entire identity implementation visually and then drill down for configuration. Designer configures the entire Identity Manager front end using portlets, allowing administrators not only to modify the look and feel of each portlet (for easy integration into an existing intranet design) but also to modify each portlet at the field level -- in effect deciding exactly what users do and don't see one field at a time. Even better, Designer allows much of the configuration to be done in a simulated sandbox mode. That means you could design an identity implementation blueprint and play what-if games by altering underlying systems or configuration settings. Novell even added version control to make those games easier.

In the end, Novell conquered our lab scenario with few hiccups and went on to finish all the extra-credit tests, including Lotus Notes and z/OS integration, Web GUI- and e-mail-based workflow provisioning, and populating our e-HRMS database from AD, all handled centrally from the smooth iManager console.

When Harry turned naughty, Identity Manager found his illegal administration account so fast we didn't even have time to fully provision the account. Harry was immediately dumped into the Illegals group, which not only disabled his admin access but also kept a handy record of the attempt. It did not send us an alert, however.