Back in 2000s the Sun Identity Manager was the king. It was the best IDM product pursuant to Gartner. It had a good market share. And according to my experience it was actually the only practical IDM system on the market. Sun Identity Manager is now dead. It died in 2010 when Sun Microsystems was acquired by Oracle. Sun IDM was renamed to Oracle Waveset and the development of the product has been immediately stopped. But Sun IDM is a tough one. Even though it was killed 6 years ago it still survives in a creepy half-life form to this day. Oracle obviously tried to migrate all the Sun IDM installations to Oracle Identity Manager. But many customers refused to migrate. We can only speculate about the reasons, although anyone that had any hands-on experience with Oracle IDM will certainly have an opinion about that. Anyway, the future was not entirely bright for those who still maintain Sun IDM installation. But now there is a new hope.
Sun IDM was a very flexible product. It was one of the few that can really adapt to the need of an IDM solution. Which means that almost all Sun IDM installations are heavily customized. But that comes at a cost. The customizations and therefore the whole IDM solution is tightly bound to the product itself. There is no simple and easy migration path from Sun IDM to any other product. Changing the product essentially means re-implementing the whole IDM solution. And this approach has two huge disadvantages: cost and risk.
It is very difficult to eliminate the cost of Sun IDM migration as the required effort is similar to a new green-field deployment. However there is a way to reduce it. There are several products that are philosophically quite close to Sun IDM. Migrating existing RBAC and organizational structures to the products that are conceptually compatible with Sun IDM will obviously reduce the cost. Also using IDM system that is using a connector framework which is similar to Sun IDM can bring the cost down. Evolveum midPoint satisfies both conditions. Engineers used to work with Sun IDM will be quite familiar with midPoint features and data structures. And midPoint connectors are based on ConnId framework which is an evolution of Sun Identity Connector Framework code used in Sun IDM.
Even though we can reduce the migration cost it cannot be entirely eliminated. But this apparent drawback can be turned into an opportunity. If we really have to spend the money, let’s not waste it on simple reimplementation of existing features in a new product. That will bring only a very limited benefit. Let’s use the money to improve the whole IDM solution. Sun IDM was a first-generation IDM system. But now there is a class of second-generation IDM systems. They are alive, well tested and they are in active development. These new IDM systems learned from the mistakes of the previous generation and they are much more sophisticated and efficient. Evolveum midPoint is the most comprehensive second-generation system available on the market. MidPoint brings advanced role management, efficient organizational structure synchronization and now it even includes identity governance features. Why not take advantage of these features and instead of a simple migration project embark on “IDM Evolution” project. It will bring much better value while keeping the costs reasonable.
However the worst obstacle in any migration project is the risk. Migration that requires re-implementation of the whole solution is naturally a risky business. Yet there are ways how to keep the risk under control. I will write about that in my next post.