Skip to main content

Successful Sun IdM Replacements... Don't Rely on Luck

March 28, 2013

We all know what is coming – the end of an era. In its time, Sun Identity Manager (IdM) was a market leader that played a central role in IT, and allowed companies to deploy an enterprise-capable identity management system that solved a number of complex problems through technology. For those still leveraging Sun, if your decision wasn’t easy 18 months ago, it certainly isn’t any easier today. You may not know all of the intricacies of your system, exactly what each of your custom connectors does (which are also on the endangered species list), what each piece of Xpress code does, and all of the business processes that wrap around the technology. However, you do know the Sun IdM ecosystem is the culmination of many thousands of hours of design, development and documentation that is about to be put on the shelf. To top it off, it is working in its current state and is also the devil you know. Here are some questions you may be asking yourself about your Sun IdM environment:

I’m still on Sun IdM, what should I do now?

The answer is simple; you don’t have to do anything. The vendors and service providers know who you are, and they have been carefully crafting marketing messages to try to get in your front door. If you haven’t done so already, your main thing is to prepare yourself for what you will have to go through… both fiscally and psychologically. Not only you personally, but also your team, company employees, business owners, business partners, key stakeholders, executive sponsors, contractors, and consumers. Contrary to what you may have heard, there is no “Easy” button and although there are some platforms that have scripts to provide assistance, there is no automated process to get from Sun IdM to anywhere else (see Robert Block’s two-part series, “Feeling ‘Sun-burnt’ by your Sun Identity Migration Options?”). Your Sun deployment is complex and has its own uniqueness (Xpress, object model, forms, workflows, etc.). Not to mention Sun IdM was developed to solve problems based on IT needs, not the complex and challenging business needs that have changed how we do business today. It’s time to brace yourself for the reality of what is about to happen.

What is my next step?

Your next step is an important one and may be a key reason why you are where you are today. With so many people whispering in your ear about which way to go, it is hard to know who to believe anymore. The key thing to remember is that there isn’t a perfect match out there, given the gaps in your current Sun deployment and IT infrastructure, your business requirements and drivers have likely changed over the years, and the fact that current market-leading Identity technologies are not “one size fits all.” There isn’t a like-for-like migration option; in fact, even the concept of “migration” is misleading since it implies simply moving the functionality from one tool to another (which is not possible with Sun IdM). But one thing is certain, you need to start moving.

Given the state of the security industry, the obsolescence of the Sun IdM platform will not happen on its retirement date, but instead is happening already. With those gaps—and coupled with stronger government regulation—you will draw the interest from internal Audit and Risk Management. Once end-of-life is reached, the development cycle stops (the brakes were applied long ago anyway), along with OS certifications, security patches, and any validation processes that ensure the system is going to work during the next upgrade of any connected system. So the signs are clear… it’s time to start moving.

What are my options?

The good news is there are a slew of options for you right now. Every enterprise vendor offers a “migration path” for current Sun IdM customers, and service integrators are salivating to get their hands on a large and complex Sun replacement project. Among those options there are organizations that can even spend a few hours with you and then quickly provide a Sun IdM replacement roadmap on their way out the door. Sounds great, right? But let’s ask the important question:  How can they realistically produce something that has been individualized to your business processes, use cases, and infrastructure dependencies in a few hours?  You know what they say about things that sound too good to be true. But you know what to do – and now is your opportunity.

The business and technology landscapes have changed, but Sun IdM hasn’t changed with it so you have an opportunity to reevaluate your Identity & Access Management (IAM) needs around your current and future state. The very thought of business process reengineering may make you cringe as you think of previous large-scale ERP projects, but the effort that went into the discovery and diligence exercise around it would give you a picture of what would truly fit your business, no matter what technology path you choose in the end. At the end of the day, you should consider the initiative as just as much of an opportunity as it is a necessary evil.

How can FishNet Security help?

FishNet Security is an end-to-end enterprise security provider with IAM acting as a cornerstone of our service offerings. We work with key IAM vendors, and have helped organizations select and deploy IAM solutions that meet the needs of the business, not just IT. We have a large population of smart folks on the strategy side, and a number of our senior and principal level consultants have Sun backgrounds. We lead with strategy in an affordable, efficient, and pragmatic way. Our plan is not to turn you upside down and shake the change out of your pockets, but instead to provide experienced-based and objective feedback to help your organization make the right decision around Sun IdM replacement.

I assure you, we will not arrive at a plan overnight that points to some prebaked preferred solution, nor will we attempt to sign you up for a 12-month analysis that requires a dozen consultants with freshly-minted college degrees. We have developed an accelerated program—based on real-world experience— specifically designed to help you determine what is right for you, and will work with you to tailor that program further to meet your needs. Although luck can play a part in the success of any IT project, we find that it is truly dependent on thoughtful planning and execution, and having the right partner at your side.

I would be happy to discuss your situation at any time, or put you in touch with the right person at FishNet Security, to explore how we can help – just click here to contact us for more information.

Related Blogs

March 14, 2018

Observations on Smoke Tests – Part 1

Smoke testing in the traditional definition is most often used to assess the functionality of key software features to determine if they work or perfo...

See Details

February 06, 2012

Access Governance 101 | Optiv

We will be posting excerpts from select Identity Strategy and Advisory Group (ISAG) briefings. Part 2 below is transcribed from a recent briefing that...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy


January 26, 2018

Identity and Access Management Solutions

We help you minimize risk and maximize efficiency with our IAM solutions.

See Details

September 19, 2017

Governance Risk and Compliance Services

Optiv works with your organization to optimize its investment in RSA Archer.

See Details

September 19, 2016

Security Staffing Services

Learn how Optiv can provide the resources you need to address your security staffing challenges.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.