Presentation is loading. Please wait.

Presentation is loading. Please wait.

DEP311 Identity Management with Microsoft Identity Integration Server (formerly MMS) Steve Plank Architectural Engineer |Microsoft UK Visit

Published byCameron Harper Modified over 8 years ago

Similar presentations

Presentation on theme: "DEP311 Identity Management with Microsoft Identity Integration Server (formerly MMS) Steve Plank Architectural Engineer |Microsoft UK Visit"— Presentation transcript:

1 DEP311 Identity Management with Microsoft Identity Integration Server (formerly MMS) Steve Plank Architectural Engineer |Microsoft UK Visit http://www.microsoft.com/MIIS for more metadirectory information Visit http://www.MIIS.com for a tasty treat that won't melt in your hands

2 Agenda Diversity and the Identity Crisis Identity Integration Metadirectory Concepts Demos Anybody for more demos?

3 Diversity Is The Reality Identity information is fragmented across multiple systems Average major corporation has  150 sources of identity ‡ Most is NOT stored in “The Directory” Not integrated with business processes Systems never designed to work together ‡ Gartner Group

4 The Identity Crisis

5 Agenda Diversity and the Identity Crisis Identity Integration Metadirectory Concepts

6 The Enterprise Directory Dream “Enterprise directory” Single repository of identity information Reuse by many applications Centralized management, provisioning, schema HRSystem InfraApplication Lotus Notes Apps In-HouseApplication COTSApplication ContractorSystem In-HouseApplication Identity Platform Authe nticatio n Author ization Identit y Data

7 What Really Happens “Identity Chaos” Multiple repositories of identity information Multiple user IDs, multiple passwords Decentralized management, ad hoc data sharing Flat Files And Sneaker-net Enterprise Directory HRSystem InfraApplication Lotus Notes Apps In-HouseApplication COTSApplication ContractorSystem In-HouseApplication Authentication Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data

8 Ideal Identity ManagementHRSystem InfraApplication Lotus Notes Apps In-HouseApplication COTSApplication ContractorSystem In-HouseApplication Identity Platform Authe nticatio n Author ization Identit y Data Authentication Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data IDENTITY “Unified Identity” Single source of identity information Single “Authentication system” Centralized management

9 Opportunities For Improvement: Identity DataHRSystem InfraApplication Lotus Notes Apps In-HouseApplication COTSApplication ContractorSystem In-HouseApplication Enterprise Directory Authe nticatio n Author ization Identit y Data Authentication Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data Authorization Identity Data Authentication Authorization Identity Data Authentication Authorization Identity Data Identity Integration “Identity Integration” Rock solid software to integrate identity

10 Scenarios Hire Scenario Fire Scenario Join Scenario Identity Data Aggregation Identity Data Brokering (Identity Convergence) Identity Data Integrity Enforcement

11 Hire Scenario HRSystem Metadirectory Notes ContractorSystem AD App Mode SQLServer iPlanetDirectory ActiveDirectory LotusNotes File LDAP SQL LDAP

12 Fire Scenario HRSystem Metadirectory Notes ContractorSystem AD App Mode SQLServer iPlanetDirectory ActiveDirectory LotusNotes File LDAP SQL LDAP

13 Identity Joining Scenario HRSystem Metadirectory iPlanetDirectory ActiveDirectory LotusNotes givenName sn title mail employeeID telephone Klarek Cenntt 008 givenName sn title mail employeeID telephone givenName sn title mail employeeID telephone Clark Kennttt 007 givenName sn title mail employeeID telephone Klarke Kent Superhero 007 867-5309 Clark Kent 007 Reporter Clark@contoso.com 867-5309 Clark Kent Reporter Clark@contoso.com 007 Project to Metaverse givenName sn title mail employeeID telephone Clark Kent 007 Join on employeeID JOINED 007 Join on employeeID JOINED Join on employeeID JOINED Manual Join

14 Attribute Flow Scenario HRSystem Metadirectory iPlanetDirectory ActiveDirectory LotusNotes FirstName LastName EmployeeID Title E-Mail Telephone givenName sn title mail employeeID telephone Klarek Cenntt 008 givenName sn title mail employeeID telephone givenName sn title mail employeeID telephone Clark Kennttt 007 givenName sn title mail employeeID telephone Klarke Kent Superhero 007 givenName sn title mail employeeID telephone 867-5309 Clark Kent 007 Reporter Clark@contoso.com 867-5309 Clark Kent Reporter Clark@contoso.com 007 Identity Data Aggregation givenName sn title mail employeeID telephone 007 Clark Kent 007 Reporter 867-5309

15 Attribute Flow Scenario HRSystem Metadirectory iPlanetDirectory ActiveDirectory LotusNotes FirstName LastName EmployeeID Title E-Mail Telephone givenName sn title mail employeeID telephone Klarek Cenntt 007 givenName sn title mail employeeID telephone givenName sn title mail employeeID telephone Clark Kennttt 007 givenName sn title mail employeeID telephone Klarke Kent Superhero 007 givenName sn title mail employeeID telephone867-5309 Clark Kent 007 Reporter 867-5309 Clark Kent Reporter Clark@contoso.com 007 Clark@contoso.com Clark Kent Reporter Clark@contoso.com 867-5309 Reporter Clark@contoso.com 867-5309 Clark Kent Clark@contoso.com Clark Reporter 867-5309 Identity Data Brokering (Convergence)

16 Attribute Flow Scenario HRSystem Metadirectory iPlanetDirectory ActiveDirectory LotusNotes FirstName LastName EmployeeID Title E-Mail Telephone givenName sn title mail employeeID telephone 007 givenName sn title mail employeeID telephone givenName sn title mail employeeID telephone Clark 007 givenName sn title mail employeeID telephone Kent 007 givenName sn title mail employeeID telephone867-5309 Clark Kent 007 867-5309 Clark Kent Reporter Clark@contoso.com 007 Clark@contoso.com Kent Reporter 867-5309 Reporter Clark@contoso.com 867-5309 Clark Kent Clark@contoso.com Clark Reporter 867-5309 Identity Data Integrity Enforcement 007 Superhero ReporterSuperhero

17 Active Directory Password Management Initial password set Centralized password control via a Web app Self-service password reset Helpdesk password reset Decentralized password synchronization 3 rd party password sync products can easily integrate iPlanet Web app Metadirectory

18 Identity Management Overview demo demo

19 Active Directory OU=AdminStaff OU=Disabled Users OU=Groups OU=Users OU=Staff OU=Disabled Users OU=Groups OU=Users The Scenario MIIS 2003 Expenses System SQL HR System SQL NT 4.0 Exchange 5.5 iPlanet Directory Server

20 Agenda Diversity and the Identity Crisis Identity Integration Metadirectory Concepts

21 Connected Data Source (CD) Any source and/or destination containing identity data Management Agent (MA) Facilitates the communication between MIIS and the CD Connector Space (CS) Staging area for inbound or outbound synchronized attributes Metaverse (MV) Central (SQL) store of identity information Matching CS entries to a single MV entry is called “join” CD MIIS CS MV MA

22 Metadirectory Architecture Metadirectory MV CS CS CS SQL Server 2000 Identity Repositories Network CS

23 Status RTM happened on 24 th June Two live internal Microsoft deployments Scale and performance testing Currently at >1.5 million objects for all MAs Targeting 5 million objects for next phase Releasing at Catalyst on 8 th July Select – August Select CD shipment

24 Agenda Diversity and the Identity Crisis Identity Integration Metadirectory Concepts Demos Getting Started

25 User Interface demo demo

26 Metadirectory Connectors AD/Exchange 2000/Exchange “Titanium” ADAM SunOne Directory (iPlanet) SQL Oracle DSML 2.0 LDAP Directory Interchange Format (LDIF) Delimited Text Fixed-Width Text Attribute-Value Pair Text NT4 Exchange 5.5 Lotus Notes 4.6 and 5.0 Novell eDirectory 8.62/8.7 Other LDAP-based and RDBMS systems to follow

27 Creating Management Agents demo demo

28 Running Management Agents demo demo

29 Identity Aggregation demo demo

30 Simple Provisioning and De-Provisioning demo demo

31 Extending MIIS using Visual Studio.NET demo demo

32 Preview Mode System is transparent in design Allows architect/developer to preview work in the metadirectory without committing any changes Allows the testing of Configuration changes New rules New connected directories Can view all results through the UI

33 Preview Mode demo demo

34 Password Sync Encryption – the basic problem“Carve99” Plaintext password One Way Function AD NT4 SAM C62EAD47D82E1037A6AC12CD0CC49C6E One Way Function OWF password C62EAD47D82E1037A6AC12CD0CC49C6E MD4/MD5 Demo

35 Password Sync Password Set & Reset Password Set “Carve99” MMS Self Service Password Reset Web Applicaiton

36 Visualization Different hierarchies suit different needs Multiple hierarchical representations can be discovered from data Polyarchy eliminates the requirement for fixed hierarchy Polyarchy provides multiple hierarchical views and richer visualization of infrastructure information

37 Identity Management Virtual Track For the IT Pro SEC400: UNIX & Kerberos Interop to Achieve Identity Mgmt DEP311: Identity Management with Microsoft Metadirectory Services WIN310: AD Branch Office with Windows Server 2003 ADM313: Managing Active Directory with MOM ADM314: Delegating Administrative Tasks in Active Directory For the Developer SEC320/402: Developing Identity-aware apps on Microsoft’s Identity Platform (Part 1& 2) OFC333: EAI Using SharePoint Portal Server WEB311: Windows Platform Security Services for Web Services

38 Review Diversity and the Identity Crisis Identity Integration Metadirectory Concepts Training: SQLSoft: www.sqlsoft.com/promo/mms30.asp

39 Identity Management Virtual Track For the IT Pro SEC400: UNIX & Kerberos Interop to Achieve Identity Mgmt DEP311: Identity Management with Microsoft Metadirectory Services WIN310: AD Branch Office with Windows Server 2003 ADM313: Managing Active Directory with MOM ADM314: Delegating Administrative Tasks in Active Directory For the Developer SEC320/402: Developing Identity-aware apps on Microsoft’s Identity Platform (Part 1& 2) OFC333: EAI Using SharePoint Portal Server WEB311: Windows Platform Security Services for Web Services

40 Community Resources http://www.microsoft.com/communities/default.mspx Most Valuable Professional (MVP) http://www.mvp.support.microsoft.com/ Newsgroups Converse online with Microsoft Newsgroups, including Worldwide http://www.microsoft.com/communities/newsgroups/default.mspx User Groups Meet and learn with your peers http://www.microsoft.com/communities/usergroups/default.mspx

41 evaluations evaluations

42 © 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Download ppt "DEP311 Identity Management with Microsoft Identity Integration Server (formerly MMS) Steve Plank Architectural Engineer |Microsoft UK Visit"

Similar presentations

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
© 2010 Quest Software, Inc. ALL RIGHTS RESERVED Quests solutions for Windows Management Lee Elliott & Jonathan Culver – Technical Account Managers Windows.

© 2010 Quest Software, Inc. ALL RIGHTS RESERVED Quests solutions for Windows Management Lee Elliott & Jonathan Culver – Technical Account Managers Windows.
Quality in Identity and Access Management Systems IDM: Overview Michele Brass, PMP PMI Westchester Chapter Program Manager – Collaboration Tools.

Quality in Identity and Access Management Systems IDM: Overview Michele Brass, PMP PMI Westchester Chapter Program Manager – Collaboration Tools.
Faith Allington Program Manager Microsoft Corporation Session Code: WSV304.

Faith Allington Program Manager Microsoft Corporation Session Code: WSV304.
DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.

DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.
Identity Management with Microsoft Identity Integration Server.

Identity Management with Microsoft Identity Integration Server.
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Identity and Access Management

Identity and Access Management
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
Christophe Fiessinger & Jan Kalis Senior Technical Product Manager Microsoft Corporation Session Code: OFS214.

Christophe Fiessinger & Jan Kalis Senior Technical Product Manager Microsoft Corporation Session Code: OFS214.
Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.
OFC324 Microsoft Project Server: Putting Enterprise Project Management (EPM) To Work Sam Brooks www.sambrooks.com.

OFC324 Microsoft Project Server: Putting Enterprise Project Management (EPM) To Work Sam Brooks
#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.

#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.
Understanding Active Directory

Understanding Active Directory
Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.

Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.
Identity Lifecycle Management Jonny Chambers Senior Technical Specialist Microsoft Ireland

Identity Lifecycle Management Jonny Chambers Senior Technical Specialist Microsoft Ireland
Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation

Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation
Identity and Access Management Business Ready Security Solutions.

Identity and Access Management Business Ready Security Solutions.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
DBA230 Introducing SQL Server 2000 Reporting Services Jason Carlson Product Unit Manager SQL Server Microsoft Corporation.

DBA230 Introducing SQL Server 2000 Reporting Services Jason Carlson Product Unit Manager SQL Server Microsoft Corporation.

Similar presentations

Ads by Google