Data
Reader small image

You're reading from  Microsoft Forefront Identity Manager 2010 R2 Handbook

Product typeBook
Published inAug 2012
PublisherPackt
ISBN-139781849685368
Edition1st Edition
Tools
Microsoft Identity Manager
Concepts
Identity Management
Right arrow
Author (1)
Kent Nordstrom
Kent Nordstrom
author image
Kent Nordstrom

Kent Nordström wrote his first lines of code in the late 70s so he's been working with IT for quite some time now. When Microsoft released its Windows 2000 operating system he started a close relationship with them that has continued since. For many years Kent has been working part time as a sub-contractor to Microsoft Consulting Services and has been doing many of the implementations of FIM and its predecessors for multinational companies and large organizations in Sweden. Apart from FIM, Kent is also well known within the community for his knowledge around Forefront TMG, Forefront UAG and PKI. Find out more by visiting his blog on http://konab.com.
Read more about Kent Nordstrom

Right arrow

Chapter 2. Overview of FIM 2010 R2

Microsoft Forefront Identity Manager 2010 R2 (FIM 2010 R2) is not one product, but a family of products working together to mitigate the challenges regarding Identity Management.

The following picture shows a high-level overview of the FIM family and the components relevant to an FIM 2010 R2 implementation:

Within the FIM family, there are some parts that can live by themselves and others that depend on other parts. But, in order to fully utilize the power of FIM 2010 R2, you should have all parts in place.

At the center, we have FIM Service and FIM Synchronization Service (FIM Sync). The key to a successful implementation of FIM 2010 R2 is to understand how these two components work—by themselves as well as together.

In this chapter, I will give you an overview of:

  • The history of FIM 2010 R2

  • FIM Synchronization Service (FIM Sync)

  • FIM Service

  • FIM Portal

  • FIM Reporting

  • FIM Certificate Management (FIM CM)

  • Licensing

The history of FIM 2010 R2

Let me give you a short summary of the versions preceding FIM 2010 R2.

In 1999, Microsoft bought a company called Zoomit. They had a product called VIA—a directory synchronization product. Microsoft incorporated Zoomit VIA into Microsoft Metadirectory Services (MMS). MMS was only available as a Microsoft Consulting Services solution.

In 2003, Microsoft released Microsoft Identity Integration Server (MIIS), and this was the first publicly available version of the synchronization engine today known as FIM 2010 R2 Synchronization Service.

In 2005, Microsoft bought a company called Alacris. They had a product called IdNexus, which was used to manage certificates and smart cards. Microsoft renamed it Certificate Lifecycle Manager (CLM).

In 2007, Microsoft took MIIS (now with Service Pack 2) and CLM and slammed them together into a new product called Identity Lifecycle Manager 2007 (ILM 2007). Despite the name, ILM 2007 was basically a directory synchronization tool with...

FIM Synchronization Service (FIM Sync)

FIM Synchronization Service is the oldest member of the FIM family. Anyone who has worked with MIIS back in 2003 will feel quite at home with it. Visually, the management tools look the same.

FIM Synchronization Service can actually work by itself, without any other component of FIM 2010 R2 being present. You will then basically get the same functionality as MIIS had, back in 2003.

FIM Synchronization Service is the heart of FIM, which pumps the data around, causing information about identities to flow from one system to another.

Let's look at the pieces that make up the FIM Synchronization Service:

As you can see, there are lots of acronyms and concepts that need a little explaining.

On the right-hand side of FIM Synchronization Service, we have Metaverse (MV). Metaverse is used to collect all the information about all the identities managed by FIM.

On the other side, we have Connected Data Source (CDS). Connected Data Source is the database, directory...

FIM Service

If FIM Synchronization Service is the heart pumping information, FIM Service is the brain (sorry FIM CM, but your brain is not as impressive; I'll give you credit later).

FIM Service plays many roles in FIM, and during the design phase the capabilities of FIM Service is often on focus. FIM Service allows you to enforce the Identity Management policy within your organization and also make sure you are compliant at all times.

FIM Service has its own database, where it stores the information about the identities it manages.

Request pipeline

In order to make any changes to objects in the FIM Service database, you need to work your way through the FIM Service request pipeline. So, let's look at the following diagram and walk through the request pipeline:

Every request is made to the web service interface, and follows the ensuing flow:

  1. The Request Processor workflow receives the request and evaluates the token (who?) and the request type (what?).

  2. Permission is checked to see if the request...

FIM Portal

FIM Portal is usually the starting point for administrators who will configure FIM Service. The configuration of FIM Service is usually done using FIM Portal, but it may also be configured using Power Shell or even your own custom interface.

FIM Portal can also be used for self-service scenarios, allowing users to manage some aspect of the Identity Management process.

FIM Portal is actually an ASP.NET application using Microsoft Sharepoint as a foundation, and can be modified in many ways.

Self Service Password Reset (SSPR)

The Self Service Password Reset (SSPR) feature of FIM is a special case, where most components used to implement it are built-in.

The default method is using what is called a QA Gate. FIM 2010 R2 also has built-in methods for using a One Time Password (OTP) that can be sent using either SMS, or e-mail services.

In short, the QA Gate works in the following way:

  1. The administrator defines a number of questions.

  2. Users register for SSPR and provide answers to the questions...

FIM Reporting

The Reporting component is brand new in FIM 2010 R2. In earlier versions of FIM, as well as the older MIIS and ILM, reporting was typically achieved by either buying third-party add-ons or developing their own solutions based on SQL Reporting Services.

The purpose of Reporting is to give you a chance to view historical data. There are a few reports built in to FIM 2010 R2, but many organizations will develop their own reports that comply with their Identity Management policies.

The implementation of FIM 2010 R2 will however be a little more complex, if you want the Reporting component. This is because the engine used to generate the reports is the Data Warehouse component of Microsoft System Center Service Manager (SCSM).

There are a number of reasons for using the existing reporting capabilities in SCSM; the main one, I would guess, is that it is easy to extend.

Since the architecture of the Reporting component is quite complex, I will explain it in a dedicated chapter—Chapter...

FIM Certificate Management (FIM CM)

Certificate Management is the outcast member of the FIM family. FIM CM can be, and often is, used by itself, without any other parts of FIM being present. It is also the component with the poorest integration with the other components.

If you look at it, you will find that it hasn't changed much since its predecessor, Certificate Lifecycle Management (CLM), was released.

FIM CM is mainly focused on managing smart cards, but it can also be used to manage and trace any type of certificate requests.

The basic concept of FIM CM is that a smart card is requested using the FIM CM portal. Information regarding all requests is stored in the FIM CM database.

The Certification authority, which handles the issuing of the certificates, is configured to report the status back to the FIM CM database.

FIM CM portal also contains a workflow engine, so that the FIM CM admin can configure features such as e-mail notifications as a part of the policies.

Certificate Management...

Licensing

I put this part in here, not to tell you how FIM 2010 R2 is licensed, but rather to tell you that it is complex. Since Microsoft has a habit of changing the way they license their products, I will not put any license details into writing.

Depending on what parts you are using and, in some cases, how you are using them, you need to buy different licenses. FIM 2010 R2 (at the time of my writing) uses both Server licenses as well as Client Access Licenses (CALs).

In almost every FIM project I have been involved with, the licensing cost has been negligible compared to the gain retrieved by implementing it. But even so, please make sure to contact your Microsoft licensing partner, or your Microsoft contact, to clear any questions you might have around licensing.

If you do not have Microsoft System Center Service Manager (SCSM), it is stated (at the time of my writing) that you can install and use SCSM for FIM Reporting usage without having to buying SCSM licenses.

Read more about FIM Licensing...

Summary

As you can see, Microsoft Forefront Identity Manager 2010 R2 is not just one product, but a family of products. In this chapter, I have given you a short overview of the different components, and we saw how together they can mitigate the challenges that The Company has identified about their identity management.

But, as you can see, there are many components involved. In the next chapter, we will look at how to install all these components.

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 8 of 21
Next Chapter
You have been reading a chapter from
Microsoft Forefront Identity Manager 2010 R2 Handbook
Published in: Aug 2012Publisher: PacktISBN-13: 9781849685368
© 2012 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Kent Nordstrom

Kent Nordström wrote his first lines of code in the late 70s so he's been working with IT for quite some time now. When Microsoft released its Windows 2000 operating system he started a close relationship with them that has continued since. For many years Kent has been working part time as a sub-contractor to Microsoft Consulting Services and has been doing many of the implementations of FIM and its predecessors for multinational companies and large organizations in Sweden. Apart from FIM, Kent is also well known within the community for his knowledge around Forefront TMG, Forefront UAG and PKI. Find out more by visiting his blog on http://konab.com.
Read more about Kent Nordstrom

Personalised recommendations for you

Based on your interests and search pattern

Et al.

Et al.

Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.

BookAug 2023230 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages4
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages1
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Mastering Tableau 2023

Mastering Tableau 2023

This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.

BookAug 2023684 pages
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages5
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages2
Data Engineering with AWS

Data Engineering with AWS

Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.

BookOct 2023636 pages5
Modern Data Architecture on AWS

Modern Data Architecture on AWS

Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.

BookAug 2023420 pages5
Practical Guide to Applied Conformal Prediction in Python

Practical Guide to Applied Conformal Prediction in Python

Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.

BookDec 2023240 pages
TinyML Cookbook

TinyML Cookbook

With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.

BookNov 2023664 pages