Symantec IGA

[left] I am a true fan of Identity Manager.  [left]  [left] If you are still going to be doing provisioning you will not be leaving Etrust Admin behind though.   It still lives in IdM!   So if you don't like Etrust Admin now then adding IdM on top[left] of it probably won't change your opinion, unless you resolve your Admin issues first.   In most of my experiences the main complaint I hear about IdM is that it's "too slow" or users don't like the UI.   Most of the unhappyness revolves around two areas, a lack of understanding of what the product is capable of and a poor implementation.  [left]  [left] There are ways to tune IdM so that it's faster and most of the time these techniques are not used.   Also alot of people forget that there are ways to customize the UI or not use it at all.    The UI  looks ok to me but if you want to really change it be prepared for CSS ****, nothing too  earth shattering though.   Most people eventually move to TEWS (Task execution web services) which allows you to submit IdM tasks to a web service and then you can create your own UI or integrate IdM into your current application.[left]  [left] Compared to other products, I think CA's IdentityManager has a good mix of ease of use with flexibility.   I've tried working with Sun's Idm and M$ and unless you are a skilled java programmer you won't get far with Sun and M$ doesn't allow much customization and god forbid if you aren't using SQL or AD.   OID is interesting but I much prefer CA.   I think role based identity management is the best thing since....policy based management, I mean sliced bread.[left]  [left] If you aren't using IdentityManager now, self-management and password services alone make life sooo much easier.   Also I don't know if you are using Siteminder for SSO in your environment or not but leveraging IdM roles for application access control is extremely pleasant.[left]  [left] It takes some getting used to but I whole heartedly recommend doing two things, learn IdM   (take a class on IdM and read all of the manuals, as painful as it may be) and most importantly, do a proof of concept to see what questions IdM will resolve for you.[left]  [left] These are just my humble opinions.[left]  [left] Take care,[left]  [left] Ryan Lance[left] Tripod Technology Group, Inc.[left]  [left]  [left] Check out our website @ http://www.ttg.cc -- Securing Your Business, Securing Your Success! [left]

Just curious as to what tuning techniques you have used for identity manager outside of tuning the policy server connections and general app server tuning (GC etc) thanks

There was an 8.1 Tuning Guide that was posted to Support.ca.com

https://support.ca.com/irj/portal/kbtech?docid=466315

Title: Identity Manager 8.1 Performance and Tuning Guide

This guide provides detailed information for defining highly scalable and robust Identity Manager 8.1 deployments based on performance and tuning guidelines as well as Identity Manager best practices. There are many aspects of IM performance and tuning ranging from definition of successful physical architectures, developing scalable delegated administration models, optimizing security enforcement points, policy server and directory tuning, and clustering and high availability. Each of these topics is covered in this guide.

I suggest checking Support.ca.com as there are other tuning documentation on there as well.

- KenV