Upload
microsoft-private-cloud
View
2.502
Download
2
Embed Size (px)
DESCRIPTION
Citation preview
What’s New in FIM 2010 RC1
Agenda
• Major themes in RC1• Manageability improvements• Developer-visible changes• Improvements by scenario
− group management− password reset − provisioning
Forefront Identity Manager
Integrates identity, credential, and access managementImplements a rich permissions and delegation modelEnables system auditing and compliance
Provides Office-based self-service toolsSharePoint admin console to manage identitiesGreater productivity through faster time to resolution
Reduces costs through automation and self-serviceMaximizes existing investments in Identity InfrastructureIntegrates with familiar developer tools to enable new scenarios
Empowers People
Delivers Agility and Efficiency
Increases Security
and Compliance
Software for policy-based management of identities,credentials, and resources across heterogeneous
environments
Forefront Identity Manager
Credential Management
Heterogeneous certificate management with Windows & 3rd party CAsManagement of multiple credential typesSelf-service password reset integrated with Windows logon
GroupManagement
Rich Office-based self-service group management toolsOffline approvals through OfficeAutomated group and distribution list updates
UserManagement
Integrated provisioning of identities, credentials, and resourcesAutomated, codeless user provisioning and de-provisioningSelf-service profile management
PolicyManagement
SharePoint-based console for policy authoring, enforcement & auditingExtensible WS– * APIs and Windows Workflow Foundation workflowsHeterogeneous identity synchronization and consistency
Releases
• ILM 2007• ILM 2007 FP1• ILM 2007 FP1 SP1
• ILM “2” RC0: 4Q CY 2008• FIM 2010 RC1: 3Q CY 2009• FIM 2010 RTM: 1Q CY 2010
Major Themes in FIM 2010 RC1• Rebranding• General improvements
− Manageability and deployability− Usability− Performance and scalability
• Bug fixes
FIM 2010 RC1
RC1: Forefront Rebranding
ILM “2” RC FIM 2010 RC1
Identity Lifecycle Manager “2”
Microsoft Forefront Identity Manager 2010
ILM Service FIM Service
MIIS / Sync Engine FIM Synchronization Service
CLM FIM Certificate Management
Object type Resource type
Object Visualization Configuration(OVC)
Resource Control Display Configuration(RCDC)
http://www.microsoft.com/fim/
New Manageability Features
• Management Policy Rules− MPR Explorer− Individual MPRs can be disabled
• Configuration Migration Tools• SCOM Management Pack
MPR Explorer
MPR Explorer
MPR Explorer
Configuration Migration Tools
• PowerShell commands to copy select configuration settings between FIM Services− Requires FIM Service to be RC1 or later
Export-FIMConfig(FIM Production)
Join-FIMConfigCompare-FIMConfig
Import-FIMConfig(FIM Production)
Export-FIMConfig(FIM Pilot)
Export Objects(.NET Collection)
Import Objects(.NET Collection)
Matched Objects(.NET Collection)
Configuration Migration Tools1. Retrieve configuration from pilot FIM Service.
Configuration Migration Tools2. Retrieve configuration from production FIM Service.
Configuration Migration Tools3. Merge pilot and production configurations, compute differences.
Configuration Migration Tools4. Apply changes to production FIM Service.
SCOM Management Pack
Component # Monitors # Events
FIM Service 9 8
FIM Portal 11 10
FIM Sync 7 6
FIM CM 6 6
Collects and reports on Health Events generated by FIM
SCOM Management Pack
Operational Changes• User Access
− Users in FIM Service Database will be identified by ObjectSID rather than AccountName
• Workflow− Additional config options for control over
maximum number of simultaneous workflows (in scale-out)
• Requests− More details in the Request resource to aid in
determining why a request denied or failed
• Patching− Patches after RC1 delivered via Microsoft
Update
Developer Impact
• Can configure a search scope to be used to specify list view attributes to display for custom resource types
• Changes to XPath for query− “contains()” function now works like SQL Full Text Search− descendants(), betweenTime(), atTime(), allTime()
removed− membersof() changed syntax
• Changes to Activities− Removed ScriptHostActivity− Removed ResourceTemplateActivity,
EnumerateResourceIterationActivity (as duplicate other activities)
• Blog http://blogs.msdn.com/imex/ to be updated after RC1
Change Auditing via Requests• At RC0, a web services client could reconstruct
resources via Requests, or betweenTime, atTime and allTime functions
• At RC1, a web service client will be able to reconstruct resources via Requests− More attributes on Request, and new creator and
target fields in RequestParameters values available
− Configurable request trimming interval to auto-delete requests which have been archived
• Blog at http://blogs.technet.com/doittoit/ to be updated after RC1
Group Management Scenario• New Requestor Validation activity
added for group self-service− Prevents end users from removing others
from groups
• Portal will show which members of security groups do not meet AD requirements
Password Reset Scenario
• MPRs and their Sets now included by default (with MPRs disabled)
• Windows XP SP2 now supported• New configuration options
− Users can be required to type their login passwords prior to registration
− Clients can be configured to not check whether the user is registered on each login
Synchronization
• Added checkbox for use during disaster recovery to temporarily disable declarative provisioning − Already present for scripted provisioning
• Added IsPresent function for Sync Rules
• Additional scope control options− NotContains, NotStartsWith, NotEndsWith
• Bidirectional sync rules can be defined
Management Agent Changes• Adding support for
− Active Directory in Windows Server 2008− SQL Server 2008− Novell eDirectory 8.8− Sun Java System DS 6.2− IBM DB2 9.1, 9.5
• Connecting to RACF, ACF2, OS400, TopSecret will be via ILM 2007FP1
Other End-User Improvements• Localization
− FIM Service and Portal:Chinese (Simplified & Traditional), Dutch, English, French, German, Italian, Japanese, Portuguese, Spanish
− FIM Outlook add-in & password reset: 35 languages/locales (no right-to-left)
• All mail messages will be customizable
Scalability in RC1
• FIM being be tested to Microsoft scale
Certificate Management
• More documentation for 3rd party CA API
• Bug fixes
Preparing Systems for RC1
• Platform Prerequisites− FIM Service, FIM Sync, FIM CM
− Windows Server 2008 (64-bit)− FIM Portal
− Windows Server 2008 (64-bit)− Windows SharePoint Services
− FIM Service and FIM Sync Databases− SQL Server 2008 CU2 or later, including SP1− SQL’s Full Text Search now required for RC1
Documentation and FIM Forum• IT Pro doc updates on TechNet• SDK doc updates on MSDN• FIM Forum
http://go.microsoft.com/fwlink/?LinkID=163230− Greatest hits
http://go.microsoft.com/fwlink/?LinkID=163459− ScriptBox http://go.microsoft.com/fwlink/?
LinkID=160098
Summary
• RC1 brings− numerous bug fixes− performance/scale improvements− feature manageability/usability
improvements
• Your feedback is requested− Help us and customer deployments
prepare for RTM!