I multiple questions regarding IDM and I am not what forum to ask them
under. Anyhow here it goes, Our current environment consists of 3 aging
NW6.5 servers each with edirectory. I have 15000 plus users.

edir1 - master replica
edir2 - read replica also has ftp services
edir3 - read replica, also provides imanager, and netstorage services.

Our file services are on a separate cluster of 3 nw6.5 servers.
fs1, 2, 3, We also have imanager on one of these servers.

We also have 2 Win2003 servers providing Active Directory Services.

My goal would be to install IDM so I could sync our AD and Edir
accounts, maybe in the future this will do some other provisioning but I
would like to start as simple as possible. I have 3 new DL360 HP
servers that are earmarked to replace my aging edir servers. I could
also probably throw 1 or 2 more older HP DL380 servers at this project.

I currently do not have Universal Password in place so this would likely
be the first thing to get done. Thinking ahead I would probably want
the users to be able to use Password Self Service via Challenge sets.
This would mean I also need to upgrade all of my Novell Clients to the
latest version and turn on NMAS.

My initial plan was to install OES2 on my 3 new servers running on SUSE
basically duplicating the environment I have above.

OESedir1 - master replica
OESedir2 - read replica also ftp services
OESedir3 - read replica also imanager, and netstorage services

I then thought of setting up one of my older DL380 servers with SUSE and
IDM and the application portlet with and the identity vault . Then
install the ADS connectors on the to AD servers.

Also our LDAP services are provided by iplanet running on RedHat.

Following are my questions concerns regarding all this?

Would 1 server running IDM, the identity vault, and the application
portlet be able to handle this?

When users on Windows workstations click on the "Did you forget your
password?" link on the Novell Client is it redirected to identity
application portlet? Is this where this logic is done?

I assume the identity vault is edirectory and it creates a master
replica. Do I need to have read replicas for redundany then sitting out
on another server?

I read that password self service is only supported in iManager 2.02.
Why is this? Should I install iManager 2.02 instead of the application
portlet?

My understanding is that everything I need to do this comes with OES2
which is IDM3.5 is this correct?

Does my above environment seem logical or does anyone have any
recommendation for maximizing my hardware?

Andy