68 Robust Data Synchronization with IBM Tivoli Directory Integrator
3.4.1 Combination with an enterprise directory
There are two major metadirectory models or approaches to integrating existing
enterprise data stores and building an authoritative source for identity information
that exist:
Metaview, which introduces one main central directory store where all data is
aggregated and then synchronizes and publishes data from there back to all
other authoritative repositories.
Point-to-Point synchronization, to avoid the central repository and configure
event driven automatic data flows and reconciliation between the repositories,
based on business rules and technical requirements.
Metadirectories are often used to accomplish the following goals:
Create a single enterprise view of users from attributes stored in network
services.
Enforce business rules that define the authoritative source for attribute values.
Handle naming and schema discrepancies.
Provide data synchronization services between information sources.
Enable network and security administrators to manage large, complex
networks.
Simplify the management of user access to corporate resources.
As the foundation for a metadirectory solution, IBM Tivoli Directory Integrator
supports both solutions and provides a means of managing information that is
stored in multiple directories. It provides
Connectors for collecting information
from many operating system and application specific sources and services, as
well as for integrating the data into a unified namespace. It can provide a central
enterprise directory, as well as integrate distributed directories directly.
By design IBM Tivoli Directory Integrator seems especially suited for the second
approach. As a metadirectory, it extends the directory with services for managing
information that is stored in multiple directories. It acts as the hub for making
changes between the disparate systems, and it has a number of facilities that
enable it to act as the agent for change on these disparate systems. A scenario
based on this architecture is shown in Figure 3-1 on page 43. The important
design decision is on the authoritative data repository; after that it is a matter of
defining the data flows for each
AssemblyLine.
There are two possibilities for the implementation of a centralized enterprise
directory. The architecture can have one directory with different authoritative data
sources for different identity information as shown in Figure 3-8 on page 69, or
you can define your central directory as the authoritative data source. In this