| Subcribe via RSS

SailPoint IIQ: Move Over, Rover

I’m getting ready to do some customer training on Sailpoint IIQ v6.0. Getting ready for the trip has been a good impetus to get my rear end in gear and get up to date. I’ve been running Sailpoint IIQ v5.5 “bare metal” on my MacBook Pro pretty much since Sailpoint IIQ v5.5 was released. I have procrastinated getting Sailpoint IIQ v6.0 installed on my laptop. (Mainly because I have Sailpoint IIQ v6.0p5 running in the mad scientist lab on ESXi accessible via VPN.)

Side By Side Approach

So, it was time to install Sailpoint IIQ v6.0, but… I don’t and didn’t want to obliterate my Sailpoint IIQ v5.5p6 installation; I have too many customizations, test applications and rules I don’t want to loose and still want to be able to run live. I’ve been running Sailpoint IIQ with a context root of /identityiq and with a MySQL database user of identityiq.

When I run multiple versions of Sailpoint IIQ side by side on the same machine, I’ve adopted the practice of running each installation as /iiqXY where XY is the version number. So I wanted to run /iiq55 and /iiq60 side by side from the same application server. (I could also take the approach of running multiple instances of application server and run one installation from one port, say 8080, and another from another port, say 8081.)

So how to “lift and load” the existing installation at /identityiq to /iiq55 without reinstalling everything and re-aggregating all my sources? Here’s what I did.

DISCLAIMER: I’m neither advocating nor de-advocating this. Do this at your own risk, especially if your environment differs from mine. I make no claims or warranty of any kind. This worked for me. If it helps you… great.

The Environment

Here was my environment:

Operating System Mac OS X, Mountain Lion, v10.8.3
Application Server Apache Tomcat v6.0.35
JRE Java SE JRE (build 1.6.0_43-b01-447-11M4203) (64-bit)
SailPoint IIQ SailPoint IIQ v5.5p6
IIQ Database MySQL 5.5.15

Shut Everything Down

First, I shut everything down. This basically meant just spinning down the entire Tomcat application server. The command you might use and the location of your application server scripts may differ:

$ cd /Library/Apache/Tomcat6/bin
$ ./shutdown.sh

More »

Tags: , , , ,

Oh Ye MacBook Pro Of Little Memory :-(

March 25th, 2013 | No Comments | Posted in General, IdM Infrastructure, Tools

I’ve been a Mac user ever since 1993 and have always been extremely pleased with the platform in so many ways. Recently, Apple seems to have finally been realized in the consumer market as superior — I see Macs everywhere I go. And in the developer/power user arena, Macintosh and Mac OS X is the absolute “cat’s meow,” especially if one is a JEE developer. I couldn’t do what I do in Identity Management for Qubera without my 15″ MacBook Pro. It just does what I want it to do — no PC fuss or muss.

Apple’s Poor Memory Roadmap (IMO)

I’ve been disappointed however recently with one piece of the architecture: Apple’s maximum memory limits and their roadmap as it relates to upper memory limits on their non-Retina line of MacBook Pros. I feel it’s short sighted. (Even the new Retina MacBook Pros should max out at 32gb, not 16gb. Their memory footprints are just running behind the PCs at this point.) When I bought my MacBook Pro in early 2011, I laid out a lot of cash for this thing, and I instantly max’d the memory out at a {sarcasm}whopping{/sarcasm} 8gb, knowing I needed to run a lot of VMs, which Qubera uses for testing and support of customers.

Even more recently, after upgrading to Mountain Lion, I’ve pretty much bumped into the limit. I run a lot of stuff to do what I do in Identity Management, and I need it all open at once; Microsoft Word, Microsoft PowerPoint, Microsoft Excel, Google Chrome, Eclipse, emacs, Evernote, VMware Fusion and a Windows 7 VM (mainly for Visio, but also PC testing), Tomcat 6, MySQL, terminal windows galore, RDP sessions galore, calendaring, you name it. In recent weeks, I was beginning to despair a little bit. According to Apple, I had already max’d out my memory. 8gb just isn’t/wasn’t enough. What to do?!

Where Has All My Memory Gone?

I began trying to manage my memory better. I used Activity Monitor to monitor my memory, and I learned a lot about what was eating up memory. I didn’t realize I needed to treat just about every browser tab as it’s own application — there’s so much going on behind the scenes of every tab. I usually have a million tabs open too. But I need all this stuff opened. I can’t be closing it down, loosing context in my work.

I really needed a better solution. I began doing some research and in the end, I reached out to my good friends at The Chip Merchant for help. What I discovered was incredibly good news. Good enough news to document this in a blog entry.

8gb For i7-Based Macbook Pros Is NOT “The Max”!!

I’ve been using the guys at The Chip Merchant (in San Diego, CA) for over a decade. When it comes to memory, I know of no one better. These guys really know their stuff. I had a hunch that someone, somewhere HAD to be making an 8gb SODIMM that would fit the MacBook Pro. It turns out, after turning to The Chip Merchant, I was right.

If you go on Amazon and look for these memory SODIMMs, you’ll see they are available, but people are having mixed results with them per the reviews. I found out from The Chip Merchant that these are probably people running the i5-based MacBook Pro rather than the i7-based MacBook Pro, which is what I have. Crucial Memory makes an 8gb SODIMM that is stable and doesn’t over-heat in the i7-based MacBook Pros. For less than $150 to max my memory out at 16gb, it was a no brainer.

(The Chip Merchant really gave Crucial Memory the props as well — they said if Crucial Memory says it, you can book it. Something to remember when it comes to memory in the future.)

Ordering Information

So, there you have it. Despite what Apple indicates or recommends or states as the max for your i7-based MacBook Pro, Crucial Memory makes an 8gb SODIMM that fits and works — so 2x equals 16gb max. My life has been saved.

If you’re looking to upgrade your i7-based MacBook Pro to 16gb, give my friends over at The Chip Merchant a call. These 8gb SODIMMs are NOT in their online store at present, but they do have them and can get their hands on them. Worth every penny. Here is the item number from The Chip Merchant:


Account rep. Devin Charters helped me with this. What a life-saver. :-) This probably extended the life of my MacBook Pro for another 3 years at least. Thanks The Chip Merchant!! Hope this helps someone else out there who is despairing as I was.

Tags: , , , , ,

Ian Glazer: Killing IdM to Save It

February 22nd, 2013 | No Comments | Posted in General Idm/IAM, IdM Infrastructure

I recently watched Ian Glazer of Gartner‘s presentation on Killing IAM In Order To Save It and whole heartedly agree with a lot of what he advocates in this quick presentation. Enough to feature it here. You can view embedded below, but I also encourage you to visit the original posting on his site in order to view the valuable comments and dialogue others left there as well.

If you’ve been in Identity Management for very long, you should be able to relate to a lot of what Ian is presenting here. Great job.

Tags: , , , , , , , ,

Tomcat: Open Document Directory Listings

December 6th, 2012 | No Comments | Posted in General Idm/IAM, IdM Infrastructure

A lot of us IdMers deploy and run our favorite flavors of IdM tools to and on Apache Tomcat in our personal sandboxes. It’s just an easy servlet container to deploy to. Sun Identity Manager/Oracle Waveset and Sailpoint IIQ come to mind. While this article isn’t necessarily written to plug Sailpoint IIQ, my desire to allow the PDF documents that ship with IdentityIQ to display in my sandbox Tomcat installation did lead to this article being written.

Configuring Tomcat To Allow Directory Listings

Tomcat used to set directory listings to true out of the box. It seems somewhere along the line, this default behavior reverted to false. I’m not sure when. As with plain vanilla Apache HTTP Server, Tomcat does provide directory listings of URLs which don’t point to servlets and other configured objects. It does this through a default servlet (so a servlet is still running — as you might imagine.)

This default servlet can be configured to display directory listings. To do so:

(1) Navigate to the root of your Tomcat installation.

(2) Edit the ./conf/web.xml XML config file.

(3) Look for this section of code and make sure the listings parameter is set to true


(4) Restart Tomcat

(NOTE: Be aware this changes the directory listing behavior for ALL APPLICATIONS deployed to Tomcat. If you want directory listings turned off in other applications, you need to make a choice of which web.xml‘s to edit to gain the desired result!)

XSLT Transformations

For those looking to take things into the bonus round, just so you know, the Tomcat default servlet runs these directory listings through an XSLT transformation. If you are especially ambitious, you can override these XSLT transformations with transformations of your own. “Skin” your own directory listings, essentially. If your company for instance insists on proper branding no matter what is served, or, if you were serving this listing up in an iframe on another server, this would be the way to transform the look and feel of the Tomcat directory listing to your liking.

I’m not going to do that here.

SailPoint IIQ PDF Documentation

Now we can navigate to where the Sailpoint IIQ PDF documentation is kept and view these docs right in our browser:

SailPoint IIQ PDF Documents Directory Listing

A really nice benefit is that each time you patch Sailpoint IIQ, this exact directory will be updated with the latest and any changed docs from Sailpoint. As you can see above, I’ve already patched my Sailpoint IIQ v6.0 installation to v6.0p1, and as a result, I have the corresponding v6.0p1 docs as well as the original v6.0 docs.

For IdentityIQ, Delete In Production

While we’re here, just another security pointer… I recommend deleting the PDFs in your production install of IdentityIQ, no matter which application server you choose to install to. It only makes sense. While the docs may not be served via HTTP, there are other people who have access to the file system (system and network admins, etc.) and you want to keep your security documentation inhouse.