Symantec IGA

Hello,

Appreciate, if any of you could  explain the necessity of having a Provisioning Directory in a CA IAM architecture. We are in process of implementing a new architecture with CA Directory and CA Identity Manager. The concept of Provisioning Directory which is load-balanced confuses a lot. What I understood is, it includes global users, which associate users in the Provisioning Directory with accounts on endpoints such as Microsoft Exchange, Active Directory, and SAP”

Does the Provisioning Directory has any other information other than global users data ?

1. Can the provisioning directory be same user store/DSA ?
2. What are best practices for load-balancing a provisioning directory ? Why Load-balancing (HA ?) ?
   1. OneCA Directory Server with 2 DSA’s with replication
   2. Two CA Directory Server?

Please advice.

Yogi

Hi Yogi,

Provisioning Directory is a mandatory component because it contains all information related to provisioning.

So not only Global Users but also all information needed to connect to a target system (i.e. connect to this Active Directory's domain with this specific administrative credential).

When you run an explore you load into Provisioning Directory all accounts that belong to a specific target system.

Regarding point 1, as for now CA suggest to not use Provisioning Directory as user store.

Regarding point 2, it seems that you are missing basic CA Directory concepts related to HA (high Availability). CA Education as good starting course to acquire these concepts.

Hope it helps,

ciao, Roberto