This document refers to the installation location of CA IAM Connector Server as cs_install. By default, cs_install is in the following locations:
The Provisioning Server installation location is referred as ps_install. By default, ps_install is in the following locations:
For the migration process, the tool uses the default logging configuration path that is specified in java_home/lib/logging.properties.
There are three different connectors that you can use to gather data from a CA Top Secret endpoint. The connector named Top Secret TSSCFILE is supplied with CA GovernanceMinder. The connectors named CA Top Secret and CA Top Secret v2 are supplied with Identity Management and CA CloudMinder.
This table compares the methods that are used for connecting CA Top Secret connectors to a CA Top Secret endpoint.
|
|
CA Top Secret v2 Connector |
TSS TSSCFILE Connector |
CA Top Secret Connector |
|---|---|---|---|
|
Description |
A Java connector which is installed with CA IAM Connector Server. |
A Java connector which is installed with CA IAM Connector Server. |
A plug-in component of Provisioning Server in Identity Management. |
|
Systems that can use this connector |
Any system that uses CA IAM Connector Server, including Identity Management and CA CloudMinder. |
CA GovernanceMinder only |
Existing Identity Management deployments CA GovernanceMinder can access the endpoint through its Identity Management connector. |
|
What can the connector do? |
Read and write: Provision users Gather data |
Read only: Gather data |
Read and write: Provision users Gather data |
|
Method for acquiring data |
Connector communicates with CA LDAP Server, which is installed on the CA Top Secret endpoint. |
Use the TSSCFILE utility to dump data into a text file. The connector server connects to the file, and CA GovernanceMinder communicates with the connector server. |
Connector communicates with CA LDAP Server, which is installed on the CA Top Secret endpoint. |
|
How roles and resources are handled (relevant for CA GovernanceMinder only) |
Not supported in this release. |
Provides direct and indirect associations between ACIDS, groups, profiles, zones, departments, divisions, and resources. |
Provides ACIDS and the attributes, privileges, and resources that are directly associated with them. Provides direct associations between ACIDs and groups, profiles, zones, departments, and divisions. |
|
Type of mapping for CA GovernanceMinder |
Not supported in this release. |
Shallow and deep mappings |
Shallow mappings |
|
Documentation |
This guide |
This guide |
This guide |
The table in Compare Three Methods for Connecting to CA Top Secret Endpoints shows three connectors. The following table contrasts only the connectors that are available in Identity Management.
The differences are important if you currently use the old connector and you plan to migrate to the new connector. Use the following table to verify whether you want to upgrade or not.
|
Feature |
CA Top Secret Connector (Plug-in for Provisioning Server) |
CA Top Secret v2 Connector (New Java connector with CA IAM Connector Server) |
|---|---|---|
|
Uses Provisioning Manager Provisioning Manager is a legacy client of Identity Management. It supports the earlier supported connectors. Provisioning Manager is no longer supported for new connectors. |
Yes |
No |
|
Use admin credentials for accessing the endpoint The new connector cannot use the logged-in user (Global User) credential to access the endpoint. Instead, it accesses the endpoint using the credentials used to acquire the endpoint. |
Yes |
No |
|
SSL All communication between the Client and CA LDAP Server for z/OS can be encrypted using SSL. |
Yes |
Yes |
|
Create, read, update, and delete accounts and ACIDs |
Yes |
Yes |
|
Create, read, update, and delete the following data:
|
Yes, in Provisioning Manager only |
No |
|
Assign the following data to an account:
|
Yes |
Yes |
|
Fetch Suffix List The new connector does not support the Get Suffixes function. Instead, ask the mainframe administrator for the suffix when you ask for the machine name. |
Yes |
No |
|
Custom attributes The plug-in connector lets you map additional fields to custom attributes using schema_map.txt. The new connector requires you to map custom attributes with Connector Xpress. |
Yes |
Yes |
|
Multithreading to provide higher processing efficiency |
No |
Yes |
|
System Options displayed in client System Options is moved from the System Options tab in Provisioning Manager to the System Options tab in User Console. |
Yes |
Yes |
|
Password Options displayed in client Password Options is moved from the Password Options tab in Provisioning Manager to the Password Options tab in User Console. |
Yes |
Yes |
|
Password Synch Agent Password Synch Agent is an agent to be installed at the endpoint. This agent propagates a password change from the endpoint to the Global User and to the other endpoint accounts of the same Global User. |
Yes |
Yes |
|
LDAP Service Wizard LDAP Service wizard sets up password sync parameters on mainframe. |
Yes, in Provisioning Manager only |
No |
|
Import from Identity Management to CA GovernanceMinder 12.5 SP8/12.6.1 The connector marks a set of objects and attributes as Interesting to Compliance, for CA GovernanceMinder. CA GovernanceMinder connects to Identity Management and extracts users, account templates, provisioning roles and resources. |
Yes |
No |
|
Export from CA GovernanceMinder 12.5 SP8/ 12.6.1 to Identity Management, and then to the endpoint After CA GovernanceMinder has modified associations on the imported data set, you can push those changes to the endpoint through Identity Management. |
Yes |
No |
|
Reverse Synchronization The process of reverse synchronization let users take actions on endpoint accounts discovered by the explore and correlate process based on a set of defined policies. |
Yes |
Yes |
|
Copyright © 2013 CA.
All rights reserved.
|
|