Presentation is loading. Please wait.

Presentation is loading. Please wait.

Forefront Identity Manager 2010 R2 Technical Overview

Similar presentations


Presentation on theme: "Forefront Identity Manager 2010 R2 Technical Overview"— Presentation transcript:

1 Forefront Identity Manager 2010 R2 Technical Overview
4/22/2017 7:44 PM Forefront Identity Manager 2010 R2 Technical Overview Jochen Nickel, TSP Microsoft Schweiz EPG Security, Identity and Access Management © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Agenda FIM 2010 R2 – Feature Overview Upgrade Scenarios Best practices
Web based password reset Reporting Simplified deployment and troubleshooting Enhanced preformance Enhanced MA connectitivity Added language support Upgrade Scenarios Best practices Common project scenarios

3 Introduction

4 Evolution of Identity Manager

5 Web based password reset

6 Credential Management

7 Password Reset Components

8 Setup Experience

9 Reporting

10 What Does FIM Know Today?
Current state of resources People, Groups, Policy Rules, etc. Limited log of system state changes Requests and Request History view “What should be” vs. “What is” Not always authoritative Does not maintain all data found in AD

11 Reporting in R2 Add historical reporting for FIM-managed objects
Includes frequently-requested reports, e.g.: Group membership changes over time Request history Person and group change history Report data store is extensible Can be extended to store history of custom FIM Service objects and attributes Enable customers and ISVs to build custom reports Integrates with System Center Service Manager, leveraging its data warehouse SCSM Free for FIM Customers

12 How to Answer these Questions
State Events Historic Current Who is in group A? What groups does a particular person belong to? Who is person Y’s manager? Who joined group A today? What groups had new members today? How many new people joined the company today? Who joined group A on May 1st, 2010? How did a group’s membership change over time? Who approved a group join? How did a set filter definition change over time? What groups did person A have access to on November 4th, 2009? What was a group’s membership last July? Source: FIM Portal and Reporting Source: FIM reporting Source: FIM requests via portal Source: FIM database via portal

13 Out of Box Reports Report Class Defined Over Description
Membership Change Reports Group Membership (SG + DG) Set Membership Contains membership changes, who approved them, and the associated request which generated the change. Object History Reports Users Groups Sets Requests Policy Rules Contains changes to key attributes over time.

14 Example Membership Change Report: Group Membership Change
Account Name Operation Type Committed Time Group Name Request Originator Request Approver Request ID MPR that Triggered the Request cwilcox Join Group 1/7/ :27:02 Finance FIM Service {43edf…} All accountants have access to financial data kimaber 1/3/2011 16:12:25 Sales dparker {81e2b…} Leave Group 1/1/ :58:02 Marketing samanthas Samantha removes Colin from the Marketing group Colin changes roles and is added, automatically, to the Finance group Kim requests to join the Sales group, Darren approves the request User Information User Display Name User Account Name User Object ID User Domain Group Information Group Display Name Group Account Name Group Domain Group Type Group Owner Request Information Request Originator Request Approver Policy Rule that Triggered the Request Request ID

15 Example History Report: User History
User Name User ID Operation Attribute Value Requestor Committed Time Request Colin Wilcox {732d2…} Remove User FIM Service 2/13/ :22:00 {532aa…} Display Name First Name Colin Last Name Wilcox Add Manager gfort Garth Fort 9/22/ :55:28 {8457b…} samanthas Employee Type FTE Contractor 5/2/ :32:11 {126da…} Colin is created in FIM in 2002 via a sync through HR, Samantha Smith is his first manager In 2011, Colin leaves the company, and he is removed from FIM. In 2006, Colin becomes a full-time employee, and, as a result, gets a new manager, Garth.

16 Reporting Architecture
FIM Service FIM Reporting Administration Schema Binding FIM Service DB <DWBind> <obj 1> <obj 2> <obj 3> ... Management Packs Import Report Class/Relationship Definition Initial Sync Fact/Dimension Definition Binding Objects Incremental Sync Report Definition System Center Data Warehouse SCSM Console Staging Row 1 Row 2 Row 3 Row 4 Row 5 Row 6 …. SSRS Data Mart Repository SSRS Web Service Report Log

17 Troubleshooting

18 Troubleshooting Today
Portal displays generic errors Admins typically need to get the user to reproduce the error to collect logs Admins needs to sift through a noisy event log to capture the actual user error The event log contents are esoteric and we can’t figure out what went wrong

19 What’s new in R2? Portal displays errors generated from the FIM Service Better error messages Correlation identifiers to link user error with service-side error New plumbing for Authentication and Authorization workflow errors Event Tracing for Windows FIM MA Event Log

20 Request Processing Today

21 Correlation Identifier

22 Event Tracing for Windows (ETW)
Verbose tracing for FIM Service by default ETW Tracing available for FIM Service traces Tracing can be turned on/off at runtime Trace output to XML file that can be parsed

23 Performance Improvements

24 FIM 2010

25 Performance Improvements
Improve performance for initial load of customer data from connected system to FIM Service Improve performance for bulk addition (e.g., of new division) from connected system to an existing FIM deployment Provide FIM Service database tuning guidance and enhancements

26 FIM 2010 R2

27 Extensibility

28 Extensibility Fully extensible Data Warehouse
Extensible dimensional based schema ETL process is further extensible via custom transforms Custom report authoring via SSRS Support for “Favorite reports” Dynamic interface for flowing new data from FIM into the Data Warehouse Bindings between FIM and DW, persisted in FIM objects Automatic, scheduled, data flow

29 New Extensible MA Framework
Enable extensible Management Agents to support Batched call-based import Batched call-based export Programmatic schema, partition, and hierarchy discovery Password management behave as other methods Custom anchors and additional dn styles Support custom parameters Full Export run step .NET 4 support New SAP, Oracle ERP, and Lotus Notes MAs for FIM 2010 R2 developed on top of the new API

30 Ease of Use Improvements
Best Practices Analyzer (BPA) Reduce overall TCO (and support calls) with a FIM deployment validation tool Identifies possible issues in FIM setup relating to performance, security, configuration Improvements for troubleshooting Enhanced diagnostics and error messages in FIM Portal and web services Additions to IT Pro documentation for top problem areas Improvements in the setup process Easier configuration of scenarios such as password reset Reduced initial load time

31 Platform Investments FIM Add-in supports Outlook 2010 for group management and approvals Add support for 32-bit and 64-bit Outlook 2010 Add-in localized to 33 languages FIM Portal supports SharePoint 2010 Support for installing FIM portal on the newest version of SharePoint Foundation Seamless installation experience Continued support for WSS 3 (SharePoint 2007) Same UI experience on both platforms

32 Outlook Add-in Groups Tab Context menus on mail items
Exposes all functionalities of the Add-in on the Outlook ribbon. Context menus on mail items right-clicking on a mail item in the mail list view.

33 Other Additions Add language support for:
Russian, Norwegian (Bokmal), Swedish, Finnish, Brazilian Portuguese, Polish, Korean, Danish, Turkish, and Czech

34 Upgrade Scenarios

35 Discussion – possible scenarios
? FIM 2010 R2 ? ?

36 Best pratices Common project scenarios

37 Common project scenario – Company A

38 Common project scenario – Company B

39 4/22/2017 7:44 PM © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.


Download ppt "Forefront Identity Manager 2010 R2 Technical Overview"

Similar presentations


Ads by Google