Data
Reader small image

You're reading from  Microsoft Identity Manager 2016 Handbook

Product typeBook
Published inJul 2016
PublisherPackt
ISBN-139781785283925
Edition1st Edition
Tools
Microsoft Identity Manager
Concepts
Identity Management
Right arrow
Authors (2):
David Steadman
David Steadman
author image
David Steadman

David Steadman has been an IT industry influencer and dedicated husband for more than 17 years. He has held prestigious positions at some of the world's most innovative technology companies, including his service as a senior escalation engineer within the identity platform at, possibly, the most famous tech company on the planet, Microsoft. He is an entrepreneur, active learner, and a man constantly looking to develop and expand new skills in order to leverage the technology of the future. When not at his job, David enjoys family time and coaching soccer.
Read more about David Steadman

Jeff Ingalls
Jeff Ingalls
author image
Jeff Ingalls

Jeff Ingalls is a husband, father, and cancer-surviving dyslexic who works out of his Ohio home office in identity and access management. Jeff has been working with Microsoft technologies for over 20 years and with the Microsoft identity software since its conception in 2003. He has provided solutions to various private and public sectors including automotive, DoD, education, health and services, small businesses, and state and local government. He enjoys learning, teaching, and learning some more. Jeff has a graduate degree in information technology and an undergraduate degree in mathematics. In his free time, he enjoys spending time with his family, cooking, and reading non-fiction. You can reach him at jeff@ingallsdesigns.com.
Read more about Jeff Ingalls

View More author details
Right arrow

Chapter 2. Installation

As we have already discussed, Microsoft Forefront Identity Manager 2016 (MIM 2016) is not one product but a family of products.

This also means that there are many different ways of installing the product, depending on what parts you want and how you would like to separate them on different systems.

We can choose to separate the different components based on the load or just because we like it clean.

As an example, we will look at the setup used by The Financial Company. They are doing a split installation for the configuration to include sync and service on separate physical nodes.

In this chapter, we will look at the following topics:

  • Prerequisites for installing different components of MIM 2016

  • How to actually install the components

  • A few post-installation steps to get it working

Capacity planning

At the Microsoft download center, you can download the Forefront Identity Manager Capacity Planning Guide (http://bit.ly/MIMCapacityPlanning). We will not dig deep into capacity planning in this book, but make sure your setup is done in a way that allows you to easily make your MIM environment expand to cope with future needs.

If you look at the following table, you'll see that capacity planning is not easy because there is no straight answer to the problem. When we have 10,000 users, how should we plan our MIM environment? There are many parameters to look at:

eparating roles

If we look at all the MIM features we are about to install, we need to understand that in theory, we might be able to put them all in one box; however, this is not practical, and in some cases, it is not even supported by Microsoft.

The example setup we will use in this book for The Financial Company can be used as a starting point.

Databases

As you will see, you need quite a few databases. Depending on the load and other factors, you can choose to install the databases locally on each box hosting a MIM feature, or choose to have them all on a central Microsoft SQL server. Alternatively, you can even mix the two approaches.

If you find that your initial approach was not optimal, don't be alarmed. Moving the databases is fully supported. In this book, we will use so-called SQL aliases when referencing the databases. One reason for this is that it makes moving the databases simpler.

System Center Service Manager Data Warehouse, required by the MIM Reporting feature, usually uses...

Hardware

Whether to virtualize or not is the question for many companies today. All components of MIM 2015 can be virtualized. If you have chosen to virtualize your SQL servers, a starting point for the discussion on virtualization is available at http://aka.ms/VirtualizationBestPractices.

Installation order

The MIM CM components can be installed regardless of other MIM pieces.

If you have an existing SCSM environment, the SCSM servers might already be in place, but may still need some updates to support MIM 2016R2 Reporting.

The following SCSM servers need to be installed before we install the MIM Reporting feature, as the MIM service uses the client to communicate with the SCSM server:

  • SCSM Management (if the MIM Reporting feature is to be used)

  • SCSM Data Warehouse (if the MIM Reporting feature is to be used)

MIM components also have some dependencies that make it logical to install them in a certain order. They should be installed in the following order:

  1. MIM Synchronization Service

  2. MIM Service

  3. MIM Portals

  4. MIM Reporting

If you have a configuration similar to that of The Financial Company, the order of installation could be to start off with the test/development environment. We will use the domain : server name : feature to install syntax in the following installation lists. For complete...

Prerequisites

Before we can start installing any components, there are a number of prerequisites that we need to make sure we have in place.

The main reason for errors in MIM is mistakes made during this phase of the installation. Sometimes, it is hard to backtrack the errors, especially if you get Kerberos authentication errors.

Databases

The Company will have several servers running Microsoft SQL Server. The server names in the following list refer to the server names used in Chapter 1, Overview of Microsoft Identity Manager 2016:

  • TFCSQL01: This is the central SQL server holding all production databases. This will be used by the MIM Sync, MIM Service, and MIM CM servers. This is also where SQL-based CDSes such as the HR system will be found.

  • TFCSCSM-MGMT01: This SQL server will be used by SCSM for management. The Financial Company does not have existing SCSM infrastructure and is implementing this for MIM reporting purposes only.

  • TFCSCSM-DW01: This SQL server will be used by SCSM for data warehousing...

Installation

The installation of different components is quite straightforward once the prerequisites are in place.

The MIM Synchronization service

The Financial Company will have two separate instances of the MIM Synchronization service: one on the MIM Dev server and one on the MIM Sync server.

The MIM Synchronization service setup creates five security groups. The first three groups correspond with the MIM Synchronization service user roles—Administrator, Operator, and Joiner. The other two groups are used to grant access to the Windows Management Instrumentation (WMI) interfaces: Connector Browse and Password Set.

By default, the MIM Synchronization service creates five security groups as local computer groups instead of domain global groups. If you plan to use domain global groups, you must create the groups before you install the MIM Synchronization service.

From a recovery standpoint, it is highly recommended to use domain groups all the time as this will give you the flexibility to manage...

Post-installation configuration

Before we can start to use our new MIM environment, we need to perform some post-installation tasks.

Granting the MIM service access to MIM Sync

In order for the MIM service to manage the MIM Synchronization service, we need to add the MIM Service service account to the MIMSyncAdmins group. If you are implementing Password Reset, you also need to add the MIM Service service account to the MIMSyncPasswordSet group.

After adding the MIM Service service account to the new groups, you need to restart the MIM Service service in order for the new group membership to take effect.

Securing the MIM Service mailbox

This is not required, but it is best practice to take a look at the mailbox used by the MIM service (if you're running Exchange). A few things you might consider are as follows:

  • Secure the mailbox, making sure only internal users can send a mail to it.

  • Configure the mailbox quota to make sure the MIM Service mailbox does not get blocked by default quota settings...

Summary

Installing the prerequisites is, as you can see, the toughest part, while installing the products involved in the MIM family is quite straightforward.

In this chapter, we showed you what it would look like if you installed all MIM 2016 components using the setup that my example company, The Financial Company, uses.

The key to a successful MIM 2016 installation is to really understand the prerequisites, making sure you understand all your service accounts, aliases, and Kerberos settings.

Remember that if you are not planning to use parts of the product, you might be able to reduce the number of machines involved. If you, for example, are not interested in MIM Reporting, the whole setup of the SCSM infrastructure is not required.

Now that we have our installation in place, it is time to start using our MIM 2016 infrastructure. In the next chapter, we will start off by looking at the initial configuration of the MIM Synchronization, MIM Service, and MIM Portal components.

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 8 of 22
Next Chapter
You have been reading a chapter from
Microsoft Identity Manager 2016 Handbook
Published in: Jul 2016Publisher: PacktISBN-13: 9781785283925
© 2016 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Authors (2)

author image
David Steadman

David Steadman has been an IT industry influencer and dedicated husband for more than 17 years. He has held prestigious positions at some of the world's most innovative technology companies, including his service as a senior escalation engineer within the identity platform at, possibly, the most famous tech company on the planet, Microsoft. He is an entrepreneur, active learner, and a man constantly looking to develop and expand new skills in order to leverage the technology of the future. When not at his job, David enjoys family time and coaching soccer.
Read more about David Steadman

author image
Jeff Ingalls

Jeff Ingalls is a husband, father, and cancer-surviving dyslexic who works out of his Ohio home office in identity and access management. Jeff has been working with Microsoft technologies for over 20 years and with the Microsoft identity software since its conception in 2003. He has provided solutions to various private and public sectors including automotive, DoD, education, health and services, small businesses, and state and local government. He enjoys learning, teaching, and learning some more. Jeff has a graduate degree in information technology and an undergraduate degree in mathematics. In his free time, he enjoys spending time with his family, cooking, and reading non-fiction. You can reach him at jeff@ingallsdesigns.com.
Read more about Jeff Ingalls

Personalised recommendations for you

Based on your interests and search pattern

Et al.

Et al.

Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.

BookAug 2023230 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages4
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages1
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Mastering Tableau 2023

Mastering Tableau 2023

This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.

BookAug 2023684 pages
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages5
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages2
Data Engineering with AWS

Data Engineering with AWS

Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.

BookOct 2023636 pages5
Modern Data Architecture on AWS

Modern Data Architecture on AWS

Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.

BookAug 2023420 pages5
Practical Guide to Applied Conformal Prediction in Python

Practical Guide to Applied Conformal Prediction in Python

Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.

BookDec 2023240 pages
TinyML Cookbook

TinyML Cookbook

With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.

BookNov 2023664 pages

Design factor

Considerations

Topology

This is the distribution of MIM services among computers on the network.

Hardware

This is the physical hardware and any virtualized hardware specifications that you are running for each MIM component. It includes CPU, memory, network adapter, and hard drive configurations.

MIM policy configuration objects

This is the number and type of MIM policy configuration objects...