Download presentation
Presentation is loading. Please wait.
Published by委 刁 Modified over 7 years ago
1
Introduction to the Microsoft Identity Integration Server and Roadmap
Andreas Luther Group Program Manager MIIS
2
Agenda Identity and Lifecycle Management Scenarios
MIIS architecture fundamentals Provisioning and group management with MIIS 2003 Password Management Summary Q&A
3
The ID Lifecycle Password Mgmt Retire User Synchronize Identity
Strong Passwords “Lost” Password Password Reset Retire User Delete/Freeze Accounts Delete/Freeze Entitlements Synchronize Identity Extend lifecycle information across all identity stores Entitlement Reporting Audit/log any ILM changes Keep track of Entitlements Account Changes Promotions Transfers New Privileges Attribute Changes New User User ID Creation Credential Issuance Access Rights
4
MIIS – Identity Broker “Identity Integration” HR System Contractor
Authentication Authorization Identity Data HR System Authentication Authorization Identity Data Contractor System Enterprise Directory Authorization Identity Data Authentication Lotus Notes Apps Identity Integration Authentication Authorization Identity Data Infra Application Authentication Authorization Identity Data COTS Application Authentication Authorization Authentication Authorization Identity Data In-House Application Identity Data Authentication Authorization Identity Data In-House Application “Identity Integration” Rock solid software to integrate identity
5
MIIS Identity Broker Scenarios
Hire Scenario Fire Scenario Join Scenario Identity Data Aggregation Identity Data Brokering (Identity Convergence) Identity Data Integrity Enforcement
6
Hire Scenario File MIIS Notes LDAP LDAP SQL LDAP HR System Contractor
Lotus Notes Notes Active Directory LDAP iPlanet Directory LDAP SQL Server SQL AD App Mode LDAP
7
Fire Scenario File MIIS Notes LDAP LDAP SQL LDAP HR System Contractor
Lotus Notes Notes Active Directory LDAP iPlanet Directory LDAP SQL Server SQL AD App Mode LDAP
8
Identity Joining Scenario
MIIS HR System givenName Clark Clark sn Kent Kent PROJECTED Project to Metaverse title mail employeeID 007 007 telephone givenName sn title mail employeeID telephone Clark Kent 007 Lotus Notes givenName Clark sn Kennttt JOINED Join on employeeID title Reporter Reporter 007 007 mail employeeID 007 007 telephone Active Directory givenName Klarke sn Kent JOINED Join on employeeID title Superhero mail employeeID 007 007 telephone iPlanet Directory givenName Klarek sn Cenntt JOINED Join on employeeID title mail employeeID 008 telephone Manual Join
9
Attribute Flow Scenario
MIIS FirstName LastName EmployeeID HR System givenName Clark Clark sn Kent Kent title mail employeeID 007 007 telephone givenName sn title mail employeeID telephone givenName sn title mail employeeID telephone 007 Clark Kent Reporter Title Lotus Notes givenName Clark sn Kennttt title Reporter Reporter mail employeeID 007 Identity Data Aggregation telephone Active Directory givenName Klarke sn Kent title Superhero mail employeeID 007 telephone Telephone iPlanet Directory givenName Klarek sn Cenntt title mail employeeID 008 telephone
10
Attribute Flow Scenario
MIIS FirstName LastName EmployeeID HR System givenName Clark sn Kent title mail employeeID 007 telephone givenName Clark Clark Clark Clark sn Kent Kent Kent Title Lotus Notes title Reporter Reporter Reporter Reporter givenName Clark mail sn Kennttt employeeID 007 Incorrect or Missing Information title Reporter telephone mail employeeID 007 Identity Data Brokering (Convergence) telephone Active Directory givenName Klarke sn Kent title Superhero mail employeeID 007 telephone Telephone iPlanet Directory givenName Klarek sn Cenntt title mail employeeID 007 telephone
11
Attribute Flow Scenario
MIIS FirstName LastName EmployeeID HR System givenName Clark sn Kent title Reporter mail 007 employeeID 007 telephone givenName Clark sn Kent Title Lotus Notes title Superhero Superhero Superhero Reporter Superhero givenName Clark mail sn Kent employeeID 007 title Superhero Reporter telephone mail employeeID 007 Identity Data Integrity Enforcement telephone Active Directory givenName Clark sn Kent title Reporter mail employeeID 007 telephone Telephone iPlanet Directory givenName Clark sn Kent title Reporter mail employeeID 007 telephone
12
Identity Data Integrity Enforcement
MIIS FirstName LastName EmployeeID HR System givenName Clark sn Kent title Reporter mail 007 employeeID 007 telephone givenName Clark sn Kent Title Active Directory title Reporter Superhero Reporter Reporter Reporter givenName Clark mail sn Kent employeeID 007 title Reporter Reporter telephone mail employeeID 007 Identity Data Integrity Enforcement telephone Lotus Notes givenName Clark sn Kent title Publisher mail employeeID 007 telephone Telephone iPlanet Directory givenName Clark sn Kent title Publisher mail employeeID 007 telephone
13
MIIS Reach Wide range of connectivity
Active Directory & ADAM Sun/iPlanet Directory IBM DS Novell eDirectory Microsoft SQL 2000 & SQL 7 Oracle 9i/8i IBM DB2 Lotus Notes 5.x/6.x Microsoft Exchange 5.5, 2K, 2K3 Microsoft NT 4.x RACF DSML, LDIF, CSV, fixed width …others to follow MA SDK allows ISVs and corporate developers to build custom MAs NOS LDAP SQL LOB Apps Identity Data
14
MIIS Reach - The Management Agent SDK
Easy to use SDK to build Management Agents .Net hosted set of interfaces Address IT Pro and ISV audiences IT Pro Fast MA development using template Simple to configure by reusing “Extensible MA UI” ISVs Allow customizing MA configuration UI and provide customized look and feel Enable packaging and redistribution of management agents Enable Identity Manager-integrated development of MA configuration UI Supports password synchronization
15
Agenda Identity and Lifecycle Management Scenarios
MIIS architecture fundamentals Provisioning and group management with MIIS 2003 Password Management Summary Q&A
16
Robust State-based Engine
State-based systems are robust Storing state information means MIIS knows what to expect on the connected system MIIS can respond if things go wrong Built on the assumption that systems go down and connectivity can be intermittent MIIS can easily recover from disaster Architecture allows high flexibility Runs can be controlled via schedules, events via WMI, etc. MIIS can attain near-real time by constantly running management agents MIIS can process only changes in the connected systems
17
MIIS Terms MIIS MV CS CD MA Connected Data Source (CD)
Any source and/or destination containing identity data Management Agent (MA) Facilitates the communication between MIIS and the CD Connector Space (CS) Staging area (SQL) for inbound or outbound synchronized attributes Metaverse (MV) Central (SQL) store of identity information Matching CS entries to a single MV entry is called “join”
18
MIIS Concepts – Example
Scenario: HR system in Oracle Hiring Approval system on SQL Server Sun One Directory Server Notes Notes Sun One MIIS Oracle SQL
19
MIIS Concepts Let’s zoom in on what MIIS does Connector Metaverse
Connected Data Sources (CD) Notes Oracle SQL Sun One MV entries are linked to CS entries through: Projection Provisioning a connector Joining CS entries represent objects in Connected Data Sources Synchronization is between MV and CS Staging is from CD to CS Export is from CS to CD Metaverse (MV) Connector Space (CS) User MIIS Let’s zoom in on what MIIS does
20
MIIS Sequence Of Events
Connected Data Sources (CD) Notes Sun One Oracle HR database staged and projected Provision and export to SQL-based approval system Manager approval app causes import and delta synchronization Sun One and Notes connectors provisioned and exported SQL User Oracle Connector Space (CS) Metaverse (MV)
21
MIIS Synchronization Rules and Extension Model
Rules can be defined declaratively or can be scripted Declaratively Use Identity Manager Extensions allow the user to modify the behavior of MIIS MIIS calls methods on the interface in response to changes in the system Model defines a managed interface Configuration set in UI determines which methods are called Write custom extensions in any programming language with a compiler for the CLR Visual Studio projects auto-generated for VB or C#
22
Data Aggregation and Synchronization Rules
23
Agenda Identity and Lifecycle Management Scenarios
MIIS architecture fundamentals Provisioning and group management with MIIS 2003 Password Management Summary Q&A
24
Provisioning Scenarios
Dataflow driven provisioning Provisioning data mastered from an upstream system (like SAP) MIIS 2003 scenario Self-Service entry point with workflow Allow delegated users to trigger provisioning actions through web applications Personal information changes, password resets Approval processes can be required Account requests, group membership requests Dataflow driven provisioning with workflow Add approval processes to provisioning processes initiated by upstream system (like SAP) New employee joins, manager needs to approve DL membership
25
MIIS 2003 SP1 Provisioning MIIS 2003 MIIS SP1 Resource Kit
Administrator had to write code for provisioning MIIS SP1 Resource Kit Additional tools Provisioning code generator Declarative UI for provisioning Generates provisioning code Enables provisioning and registers provisioning DLL Source code can be extended with custom code
26
Group Management Manage group membership across heterogeneous systems
Use of the built in capabilities for managing reference attributes Authoritative data for group membership can be a connected directory (e.g. AD) calculated based on attributes; results imported into MIIS by using a Management Agent
27
Query against the integrated view Import group definition and members
Group Populator HR Database Query against the integrated view MIIS Active Directory Import group definition and members
28
Workflow with MIIS 2003 Workflow not integrated in MIIS 2003
Easy to extend MIIS with workflow MIIS 2003 SP1 Resource Kit Workflow application (account request application) Complex workflow Integrate BizzTalk with MIIS Future MIIS versions Powerful workflow engine fully integrated in MIIS
29
Agenda Identity and Lifecycle Management Scenarios
MIIS architecture fundamentals Provisioning and group management with MIIS 2003 Password Management Summary Q&A
30
MIIS Password Management A Complete Solution
Accounts secure from provisioning to de-provisioning Initial password set feature Guarantees strong passwords Reduced sign-on capabilities Password sync initiated from Windows desktop Ability for end user to manage passwords in systems that do not participate in password synchronization Web portal allows end uses to manage passwords in connected identity stores Forgotten passwords (SP2 deliverable) Self-service password reset solution
31
Agenda Identity and Lifecycle Management Scenarios
MIIS architecture fundamentals Provisioning and group management with MIIS 2003 Password Management MIIS roadmap Summary Q&A
32
Agenda Identity and Lifecycle Management Scenarios
MIIS architecture fundamentals Provisioning and group management with MIIS 2003 Password Management Summary Q&A
33
Summary Reduce administration cost through automation
Active Directory Summary Reduce administration cost through automation Provisioning and de-provisioning Entitlement management GAL management DL/group management Password management Improved productivity User self-service Faster access to systems Increased security Least access for users Fast de-provisioning Exchange 5.5 iPlanet Notes SQL Oracle
34
Summary – Deployment and Management
Easy to deploy No agents to deploy on connected systems MIIS can stand-alone or share clustered SQL Migrate configuration from test to production via XML files Easy to extend existing deployment System is designed so that it’s easy to incrementally add capabilities Easily add more systems or business rules Easy to troubleshoot and manage Preview Mode Data Lineage No log files to grep through - All error information stored in the database MOM Management Pack available for download
35
Solution Map
36
Founding Members NetPro drives the health, security and control of essential infrastructure services like MIIS and Active Directory. NetPro's MissionControl for MIIS offers administrators complete, operations management capability over their MIIS environments. Oxford Computer Group is an IT service company who specializes in identity and access management (IAM). This includes the provision of specific tactical solutions to address their customers' identity and access management needs. PointBridge is an IT consulting firm delivering Microsoft infrastructure solutions for the most complex business and technology environments. Vintela provides a family of innovative, extensible platform integration solutions built around the Vintela Integration Architecture (VIA) that enable non-Windows environments to integrate with Microsoft-centric environments.
37
NetPro The only solution to manage the enterprise-wide operations of MIIS Provides graphical presentation of MIIS Proactively troubleshoots and diagnoses MIIS issues Delivers service level reports for baselining, capacity planning and management reporting Monitors and alerts on MIIS health Audits and reports on critical MIIS configuration changes The MIIS World
38
Agenda Identity and Lifecycle Management Scenarios
MIIS architecture fundamentals Provisioning and group management with MIIS 2003 Password Management Summary Q&A
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.