migration Oracle Waveset (OW, earlier Sun Identity Manager) to Oracle Identity Manager

SIM2OIM:-

Oracle WevSet (OW) (earlier Sun Identity Manager – SIM) is Identity Management product from Sun that Oracle acquired in and renamed as Oracle Waveset (OW). Oracle Identity Manager (OIM) is a provisioning and identity Management product from Thor Xellerate that Oracle acquired and renamed as Oracle Identity Manager (OIM). Oracle Identity Manager is strategic identity provisioning/reconciliation and management software from Oracle . Oracle Waveset (including Connector Server) will slowly merge with Oracle Identity Manager.

This post covers an overview of Oracle Waveset (OW, earlier Sun Identity Manager) to Oracle Identity Manager migration.

1. Oracle Waveset (OW) objects that can be directly mapped to their equivalents in OIM.

1.1 These will be automatically or partially migrated Not too many surprises here. A good portion of OW objects could find direct mappings in OIM. Example of such objects

a) Enterprise Identity Data Objects (e.g. Organization, Role, User, and Resource)

b) Schema Templates and Policy Objects (e.g. IDM Schema Configuration, Email Templates, and Password Policy)

c) Administration and Authorization Objects (e.g. Capabilities and Admin Roles)

d) Business Logic and Process Data Objects (e.g. Process/Object Forms)

Note: Not all features of these objects could be directly mapped to OIM. For Example, dynamic variables in OW Email Templates need to be manually configured in OIM once these templates are automatically migrated. How much these OW features are used in your OW/SIM implementation will determine the amount of automatic translation that could happen.

2. Oracle Waveset (OW) objects with no direct equivalent in OIM.

2.1 There will be a report capturing these objects and they will require manual migration.

2.2 As a general rule of thumb, any customized XPRESS scripting will likely require re-implementation. The migration toolkit will not be able to translate XPRESS logic into SOA composites or OIM adapters or Java code underlying adapters. User Interfaces and Workflows fall into this category.

3. Audit trail / Historical data. These records will not be automatically migrated

As Oracle Waveset and Oracle Identity Manager employ different schema for persistence of audit records, recommendation is to follow a co-existence strategy. In this approach, audit artefacts would be generated from either OW, OIM or both depending on context / need.

4. Identity Connector Framework (ICF) will be leveraged by the migration toolkit. Plan is to build both OW and OIM resource connectors on top of the new Identity Connector Framework (ICF). It’s already available to Oracle Waveset customers as long as they upgrade their installation to 8.1.x. This not only enables them to leverage new features and enjoy updates to the connectors provided by Oracle but also unifies the underlying infrastructure for a seamless transition by the migration toolkit.

Overall, the Oracle Waveset to Oracle Identity Manager migration toolkit by Oracle is a respectable attempt at automating the migration tasks. It pays attention to details regarding product differences and focuses on identifying customizations that require manual effort to migrate. For example, the toolkit takes care of passwords and challenge questions/answers when migrating OW users such that end users won’t need to reset passwords or re-enter their challenge answers in OIM.

On the other hand, no magic tool could solve real life problems in a quick and easy way. (This was one of the lessons taught in Doraemon’s stories).

Oracle Waveset Object Type List of Objects Pre- Migration Analysis by Migration Toolkit Migration Effort Considerations
Out-Of-Box Connectors Authoritative source(HR) Connector (e.g. Active Sync Resource Adapters Automated Might require upgrading to OW version 8.1.X
Managed resources Connectors Automated Might require upgrading to OW version 8.1.X
Task Definitions Deferred Task Scanner (Scan user objects for termination tasks) Semi-Automated Map to OIM Scheduled Task. Since the termination on mechanism is different between OW and OIM, the “to-be-terminated” user onjects during cutover period need to be manually migrated
Customized User Forms Active Sync Input Form For HR Connector Semi-Automated Mapped to OIM process Forms and Request Data Set Manual migration is required if any OW-Specific features (e.g. validation logic) are used by the customization.
Update user Form to tag user with the future termination on date
Forms to display details for performing manual termination
Task Definitions Require manual migration. These processes are shared with other use cases (e.g updating user profile from HR)
Processes to process updates from HR Manual Require manual migration. Consider enhancing a grace period before hard termination.
Processes to terminate users in both managed and non-managed resources Manual
Rules Common Logic Used by customized user Forms and Workflow Manual Require manual migration.
Mapped to OIM Email templates. Manual migration is required if any OW-specific features(e.g. Dunamis)
Email Templates Termination Email notifications Semi-Automated

 

Rest part I’ll post soon…

About the Author Masroof Ahmad

Leave a Comment:

5 comments
Ravi says February 13, 2013

Gr8 document , we will really appreciate.

Reply
manoj says February 13, 2013

It’s very nice doc. thanks man for sharing this…

good one………….

Reply
Rajeev says February 14, 2013

You are genoius Dharmendra.
Give us some more technical details on migration.

Reply
Dharmendra says February 15, 2013

Sure very soon I’ll post more migration script..

Reply
IDM User says June 11, 2013

Excellent Dharmendra! Please keep posting new articals..

Reply
Add Your Reply