An Identity Management System may manipulate user accounts on Managed Systems that are implemented as aggregates of smaller systems. Examples of aggregate systems include:

  • Windows 2000 domains, which contain multiple domain controllers.
  • Applications which include an operating system, directory and/or database.
  • An e-mail system which includes a global directory and local mail servers.

In these cases, it is sometimes appropriate for the Identity Management System to refer to a single, aggregate system, and sometimes appropriate to differentiate between its components. For example, a user may be known to exist on the system as a whole, but password updates may have to be performed on each component.

A Sub-Host is one component of such an aggregate system.

Return to IT Security Concepts