12.2:documentation:adm:modules_vs

Virtual system

A virtual system is not directly connected for online management. A virtual system is basically only a registration mode, where for each system in which a change is generated an implementation request (notification) is assigned to a particular administrator. The administrator must make sure that the change is made to the target system. In other words, IdM "knows" what accounts and permissions the user should have on the system, but on the real system this is executed by an implementer (administrator). The reason may be the need to manage a large number of systems without the need for demanding integration.

See a quickstart guide for creating a new virtual system with default mapping: Virtual system - New virtual system in 5 minutes.

The usage and configuration of virtual systems is described in the Admin tutorial.

After the request for updating a virtual system is created, the notification is sent to all implementers.

For virtual systems, a new connector called virtual-system-basic (BasicVirtualConnector.class) was devised. This connector provides an interface for external communication with a virtual system.

Virtual connector is the first implementation of the connector in the 'czechidm' connector framework.

Connector following operations of the 'czechidm' connector framework:

  • IcCanRead,
  • IcCanCreate,
  • IcCanUpdate,
  • IcCanDelete,
  • IcCanGenSchema,
  • IcCanSearch (Search in VS is supported only during reconciliation, it returns all accounts. As of now, no connector filter can be used.)

Before any virtual ystem is deleted in the CC module, it's necessary to call the VS module and enforce the deletion of all connected entities (on the deleted system).

For this is used 'SystemEventType.DELETE' event and processor 'system-delete-processor'.

The sequence of deleting a VS module:

  1. Check existing unresolved VS requests - If an unresolved vs request exists, then it isn't possible to delete the system (it throws an exception).
  2. Delete all archived VS requests for the system.
  3. Delete all VS accounts for connector key from the system.
  4. Delete VS account form definition for the system.
  5. Delete all VS system implementers for the system.