1 / 27

FIM 2010 Release 2 (and SP 1)

FIM 2010 Release 2 (and SP 1). Agenda. What business problems are we trying to solve? How does FIM 2010 Release 2 help? Demonstration. What business problems are we trying to solve?. Data held in and/or required by many directories, databases and services.

kaia
Download Presentation

FIM 2010 Release 2 (and SP 1)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. FIM 2010 Release 2(and SP 1)

  2. Agenda • What business problems are we trying to solve? • How does FIM 2010 Release 2 help? • Demonstration

  3. What business problems are we trying to solve? Data held in and/or required by many directories, databases and services • Personal attributes: names, telephone numbers, job title • Authentication: logons, passwords • Authorization: key attributes, role and group memberships Often not well co-ordinated • Unnecessary administration overhead • Security is compromised • Difficult to roll out new applications and services • Poor user experience can lead to low productivity • Proper governance can’t be shown (because it isn’t there) And also… • Password reset – helpdesk overload • Reporting requirements – who has/had access to what? • Whites pages • Etc.

  4. What does FIM 2010 Release 2 do?

  5. Uses a metadirectory State-based, so that it is persistent Resilient against connectivity outages and other failures Minimum changes to target systems Extensible Can connect to (almost) any system Rules can leverage the entire .NET capability It’s a really great synchronization engine Ctroup Logon name Full Name DN Carolt Display name E-mail alias Phone # Carol Troup Logon name E-mail alias Cost center Employee # Directory Service E-mail Directory Metadirectory Troup, Carol Title Cost center Manager Carol Troup Title Employee # Salary ERP Database HR Database

  6. Flows identity information (objects and attributes) between directories Implements established rules that determine the authoritative sources for identity information Any source can be authoritative for any attribute Extends to password management (but not in quite the same way) Carol Troup Carol Troup Carol Troup It’s a really great synchronization engine Carol Troup Title HR Database Title E-mail alias Logon name Carole Troup E-mail alias Metadirectory E-mail Directory Caro Troup Logon name Directory Service

  7. Detects changes made to identity information Changes can be allowed, blocked or reversed Propagates changes to other directories according to the rules already established Carol Troup Title = Consultant HR Database Carol Troup Title = Consultant Metadirectory Carol Troup Title = Consultant ` Title = Sr. Consultant Title = Sr. Consultant Title = Sr. Consultant Title = Sr. Consultant E-mail Directory Carol Troup Title = Consultant Directory Service It’s a really great synchronization engine

  8. Provisions directories and databases Resulting from changes in an authoritative directory (like a joiner or someone changing roles) Conforming to business rules Timely access to systems It’s a really great synchronization engine Tomas Koska Added manually Tomas Koska New Object in Metadirectory HR Database Metadirectory E-mail Directory Directory Tomas Koska Accounts/Objects Created

  9. Deprovisions directories and databases Resulting from changes in an authoritative directory (like a leaver, or someone changing roles) Conforming to business rules Access stopped No loose ends It’s a really great synchronization engine Tomas Koska Modified Manually Tomas Koska Object in Metadirectory X HR Database Metadirectory X E-mail Directory X NOS Directory X Tomas Koska AD User

  10. Evolution of ILM policy: from next to nothing (manual or a set of scripts)… to rule-basedbut diffuse… to an integrated set of statements that relate back to defined business requirements It’s a really great synchronization engine, plus… Solutions User Mgmt Credential Mgmt Group Mgmt Policy Mgmt Custom Reporting FIM Clients Custom Windows CM SSRS Portals Outlook FIM Platform Meta directory FIM Sync FIM Service Data Warehouse App DB CM DB Action Workflow Request Processor Delegation& Permissions AuthN Workflow AuthZ Workflow MAs Cert Mgmt SCSM Identity Stores Directories Applications Databases E-Mail Systems

  11. What’s new in R2? • R2 Improvements • Performance improvements • Self-service password reset enhancements (demo) • New synchronization rule type (demo) • Reporting (demo) • Extensible Connectivity Management Agent 2 • BHOLD • R2 SP1 Improvements • More performance improvements • Version support for FIM itself (e.g. Windows Server 2012, SQL Server 2012) • Visual Studio 2010 for extensions • Other version support for WS2012 (AD MA), Office 2013 for client components, Windows 8 client support (e.g. SSPR) • SCSM 2012 reporting support

  12. Demonstration • Synchronization of sources • Provisioning and deprovisioning– including new sync rule type • Users and groups • Self service – including password reset

  13. What’s new in R2? • R2 Improvements • Performance improvements • Self-service password reset enhancements (demo) • New synchronization rule type (demo) • Reporting (demo) • Extensible Connectivity Management Agent 2 • BHOLD • R2 SP1 Improvements • More performance improvements • Version support for FIM itself (e.g. Windows Server 2012, SQL Server 2012) • Visual Studio 2010 for extensions • Other version support for WS2012 (AD MA), Office 2013 for client components, Windows 8 client support (e.g. SSPR) • SCSM 2012 reporting support

  14. Reporting System Components • SQL Server Reporting Services • Provides Report platform • System Center Service Manager 2010 • Provides Data Warehouse • New FIM Resource Types • Configuration of reporting process

  15. Data Flows in Reporting • FIM reporting PowerShell scripts, push data into the System Center Service Manager database • Initial: Used the first time data is extracted • Initial Partial: Used after a configuration change (e.g. schema extension) • Incremental: Used in regular operation to extract the changes since the last incremental extraction • Reporting Job objects – specify the type of Job which is to be executed; new Reporting Job object for each Extraction • The Extract, Transform and Load (ETL) process controls the flow of data from the System Center Service Manager database to the ultimate reporting database (the DataMart) • Extract: from the System Center Service Manager database to the Staging tables • Transform and stored in Data Repository • Loaded into the Data Mart

  16. Data Flows in Reporting

  17. Comparing Data Structures DW and FIM • FIM Schema: Resource Type and Attributes (with Reference Attributes) • DW: Classes, Derived Classes, Properties (with Relationships) • Mapping is required to indicate the representations of: • Resource Type in FIM as which class in DW • Attribute in FIM as which Property in DW • Reference Attribute in FIM as Relationship in DW • Mappings are stored as XML on objects in FIM • These mapping objects do not extend the DW schema • DW Schema defined in Management Packs

  18. Classes and Class Hierarchy • DW uses a class/property model with inheritance • Child classes contain all parent properties as well as their own • e.g. FIMDisplayName is in FIMEntity and FIMPerson • Prevents need for excessive joins • A single FIM Object has entries in each class table according to its class type • e.g. FIMPerson has entries in FIMPerson, FIMEntity and Entity • If you wish to include new attributes, you create a new child class with those attributes, and inheriting the existing attributes

  19. Dimensions and Facts • Dimensions: base data, one row per object, many properties, latest value held (Group Scope, or Person AccountName, JobTitle or Department) • Facts: history to be tracked, e.g. Group ComputedMember • In the case of FIM, we also have history stored in Requests, so history of any property is available • Each data class has a dimension table, e.g. FIMEntityDim, FIMPersonDim, FIMGroupDim, FIMSetDim • Each fact has a (series of) tables: • FIMGroupHasExplicitMembersFact_2012_April • FIMGroupHasExplicitMembersFact_2012_May • Automatically-extended views collect the split Fact tables (UNION) • e.g. FIMGroupHasExplicitMembersFactvw • Always report against the views! • Fact entries join to Dimension entries, e.g. GroupHasMemberFact  FIMEntityDim (not FIMPersonDim because many resource types can be members) • Outriggers

  20. Demonstration • Reporting

  21. ECMA2 Enhancements over ECMA • Full export • Call-based import • Batch export and import • LDAP support (and “generic” renaming) • Export types (object, attribute replace, attribute update) • Programmatic schema, partition and hierarchy discovery… • Passwords and references can be exported on first pass or second pass • Normalization (not yet implemented) • No export delete confirmation (on delta import) • Different object types can have different anchors • Parameters for run profiles (e.g. additional files, extra credentials) • Always merges pending exports into export in progress

  22. ECMA2 Enhancements over ECMA • Full export • Call-based import • Batch export and import • LDAP support (and “generic” renaming) • Export types (object, attribute replace, attribute update) • Programmatic schema, partition and hierarchy discovery… • Passwords and references can be exported on first pass or second pass • Normalization (not yet implemented) • No export delete confirmation (on delta import) • Different object types can have different anchors • Parameters for run profiles (e.g. additional files, extra credentials) • Always merges pending exports into export in progress

  23. ECMA2 Enhancements over ECMA • Full export • Call-based import • Batch export and import • LDAP support (and “generic” renaming) • Export types (object, attribute replace, attribute update) • Programmatic schema, partition and hierarchy discovery… • Passwords and references can be exported on first pass or second pass • Normalization (not yet implemented) • No export delete confirmation (on delta import) • Different object types can have different anchors • Parameters for run profiles (e.g. additional files, extra credentials) • Always merges pending exports into export in progress

  24. ECMA2 Enhancements over ECMA • Full export • Call-based import • Batch export and import • LDAP support (and “generic” renaming) • Export types (object, attribute replace, attribute update) • Programmatic schema, partition and hierarchy discovery… • Passwords and references can be exported on first pass or second pass • Normalization (not yet implemented) • No export delete confirmation (on delta import) • Different object types can have different anchors • Parameters for run profiles (e.g. additional files, extra credentials) • Always merges pending exports into export in progress

  25. ECMA2 Enhancements over ECMA • Full export • Call-based import • Batch export and import • LDAP support (and “generic” renaming) • Export types (object, attribute replace, attribute update) • Programmatic schema, partition and hierarchy discovery… • Passwords and references can be exported on first pass or second pass • Normalization (not yet implemented) • No export delete confirmation (on delta import) • Different object types can have different anchors • Parameters for run profiles (e.g. additional files, extra credentials) • Always merges pending exports into export in progress

  26. Courses and Audiences Summary

More Related