fim 2010 release 2 and sp 1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
FIM 2010 Release 2 (and SP 1) PowerPoint Presentation
Download Presentation
FIM 2010 Release 2 (and SP 1)

Loading in 2 Seconds...

play fullscreen
1 / 27

FIM 2010 Release 2 (and SP 1) - PowerPoint PPT Presentation


  • 138 Views
  • Uploaded on

FIM 2010 Release 2 (and SP 1). Agenda. What business problems are we trying to solve? How does FIM 2010 Release 2 help? Demonstration. What business problems are we trying to solve?. Data held in and/or required by many directories, databases and services.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'FIM 2010 Release 2 (and SP 1)' - kaia


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide2

Agenda

  • What business problems are we trying to solve?
  • How does FIM 2010 Release 2 help?
  • Demonstration
slide3

What business problems are we trying to solve?

Data held in and/or required by many directories, databases and services

  • Personal attributes: names, telephone numbers, job title
  • Authentication: logons, passwords
  • Authorization: key attributes, role and group memberships

Often not well co-ordinated

  • Unnecessary administration overhead
  • Security is compromised
  • Difficult to roll out new applications and services
  • Poor user experience can lead to low productivity
  • Proper governance can’t be shown (because it isn’t there)

And also…

  • Password reset – helpdesk overload
  • Reporting requirements – who has/had access to what?
  • Whites pages
  • Etc.
it s a really great synchronization engine

Uses a metadirectory

State-based, so that it is persistent

Resilient against connectivity outages and other failures

Minimum changes to target systems

Extensible

Can connect to (almost) any system

Rules can leverage the entire .NET capability

It’s a really great synchronization engine

Ctroup

Logon name

Full Name

DN

Carolt

Display name

E-mail alias

Phone #

Carol Troup

Logon name

E-mail alias

Cost center

Employee #

Directory

Service

E-mail

Directory

Metadirectory

Troup, Carol

Title

Cost center

Manager

Carol Troup

Title

Employee #

Salary

ERP

Database

HR

Database

it s a really great synchronization engine1

Flows identity information (objects and attributes) between directories

Implements established rules that determine the authoritative sources for identity information

Any source can be authoritative for any attribute

Extends to password management (but not in quite the same way)

Carol Troup

Carol Troup

Carol Troup

It’s a really great synchronization engine

Carol Troup

Title

HR

Database

Title

E-mail alias

Logon name

Carole Troup

E-mail alias

Metadirectory

E-mail

Directory

Caro Troup

Logon name

Directory

Service

it s a really great synchronization engine2

Detects changes made to identity information

Changes can be allowed, blocked or reversed

Propagates changes to other directories according to the rules already established

Carol Troup

Title = Consultant

HR

Database

Carol Troup

Title = Consultant

Metadirectory

Carol Troup

Title = Consultant

`

Title = Sr. Consultant

Title = Sr. Consultant

Title = Sr. Consultant

Title = Sr. Consultant

E-mail

Directory

Carol Troup

Title = Consultant

Directory

Service

It’s a really great synchronization engine
it s a really great synchronization engine3

Provisions directories and databases

Resulting from changes in an authoritative directory (like a joiner or someone changing roles)

Conforming to business rules

Timely access to systems

It’s a really great synchronization engine

Tomas Koska

Added manually

Tomas Koska

New Object in

Metadirectory

HR

Database

Metadirectory

E-mail

Directory

Directory

Tomas Koska

Accounts/Objects

Created

it s a really great synchronization engine4

Deprovisions directories and databases

Resulting from changes in an authoritative directory (like a leaver, or someone changing roles)

Conforming to business rules

Access stopped

No loose ends

It’s a really great synchronization engine

Tomas Koska

Modified

Manually

Tomas Koska

Object in

Metadirectory

X

HR

Database

Metadirectory

X

E-mail

Directory

X

NOS

Directory

X

Tomas Koska

AD User

it s a really great synchronization engine plus

Evolution of ILM policy:

from next to nothing (manual or a set of scripts)…

to rule-basedbut diffuse…

to an integrated set of statements that relate back to defined business requirements

It’s a really great synchronization engine, plus…

Solutions

User Mgmt

Credential Mgmt

Group Mgmt

Policy Mgmt

Custom

Reporting

FIM Clients

Custom

Windows

CM

SSRS

Portals

Outlook

FIM Platform

Meta

directory

FIM Sync

FIM Service

Data Warehouse

App

DB

CM

DB

Action

Workflow

Request

Processor

Delegation& Permissions

AuthN

Workflow

AuthZ

Workflow

MAs

Cert Mgmt

SCSM

Identity Stores

Directories

Applications

Databases

E-Mail Systems

what s new in r2
What’s new in R2?
  • R2 Improvements
    • Performance improvements
    • Self-service password reset enhancements (demo)
    • New synchronization rule type (demo)
    • Reporting (demo)
    • Extensible Connectivity Management Agent 2
    • BHOLD
  • R2 SP1 Improvements
    • More performance improvements
    • Version support for FIM itself (e.g. Windows Server 2012, SQL Server 2012)
    • Visual Studio 2010 for extensions
    • Other version support for WS2012 (AD MA), Office 2013 for client components, Windows 8 client support (e.g. SSPR)
    • SCSM 2012 reporting support
demonstration
Demonstration
  • Synchronization of sources
  • Provisioning and deprovisioning– including new sync rule type
  • Users and groups
  • Self service – including password reset
what s new in r21
What’s new in R2?
  • R2 Improvements
    • Performance improvements
    • Self-service password reset enhancements (demo)
    • New synchronization rule type (demo)
    • Reporting (demo)
    • Extensible Connectivity Management Agent 2
    • BHOLD
  • R2 SP1 Improvements
    • More performance improvements
    • Version support for FIM itself (e.g. Windows Server 2012, SQL Server 2012)
    • Visual Studio 2010 for extensions
    • Other version support for WS2012 (AD MA), Office 2013 for client components, Windows 8 client support (e.g. SSPR)
    • SCSM 2012 reporting support
reporting system components
Reporting System Components
  • SQL Server Reporting Services
    • Provides Report platform
  • System Center Service Manager 2010
    • Provides Data Warehouse
  • New FIM Resource Types
    • Configuration of reporting process
data flows in reporting
Data Flows in Reporting
  • FIM reporting PowerShell scripts, push data into the System Center Service Manager database
    • Initial: Used the first time data is extracted
    • Initial Partial: Used after a configuration change (e.g. schema extension)
    • Incremental: Used in regular operation to extract the changes since the last incremental extraction
  • Reporting Job objects – specify the type of Job which is to be executed; new Reporting Job object for each Extraction
  • The Extract, Transform and Load (ETL) process controls the flow of data from the System Center Service Manager database to the ultimate reporting database (the DataMart)
    • Extract: from the System Center Service Manager database to the Staging tables
    • Transform and stored in Data Repository
    • Loaded into the Data Mart
comparing data structures dw and fim
Comparing Data Structures DW and FIM
  • FIM Schema: Resource Type and Attributes (with Reference Attributes)
  • DW: Classes, Derived Classes, Properties (with Relationships)
  • Mapping is required to indicate the representations of:
    • Resource Type in FIM as which class in DW
    • Attribute in FIM as which Property in DW
    • Reference Attribute in FIM as Relationship in DW
  • Mappings are stored as XML on objects in FIM
  • These mapping objects do not extend the DW schema
    • DW Schema defined in Management Packs
classes and class hierarchy
Classes and Class Hierarchy
  • DW uses a class/property model with inheritance
  • Child classes contain all parent properties as well as their own
    • e.g. FIMDisplayName is in FIMEntity and FIMPerson
    • Prevents need for excessive joins
  • A single FIM Object has entries in each class table according to its class type
    • e.g. FIMPerson has entries in FIMPerson, FIMEntity and Entity
  • If you wish to include new attributes, you create a new child class with those attributes, and inheriting the existing attributes
dimensions and facts
Dimensions and Facts
  • Dimensions: base data, one row per object, many properties, latest value held (Group Scope, or Person AccountName, JobTitle or Department)
  • Facts: history to be tracked, e.g. Group ComputedMember
  • In the case of FIM, we also have history stored in Requests, so history of any property is available
  • Each data class has a dimension table, e.g. FIMEntityDim, FIMPersonDim, FIMGroupDim, FIMSetDim
  • Each fact has a (series of) tables:
    • FIMGroupHasExplicitMembersFact_2012_April
    • FIMGroupHasExplicitMembersFact_2012_May
  • Automatically-extended views collect the split Fact tables (UNION)
    • e.g. FIMGroupHasExplicitMembersFactvw
    • Always report against the views!
  • Fact entries join to Dimension entries, e.g. GroupHasMemberFact  FIMEntityDim (not FIMPersonDim because many resource types can be members)
  • Outriggers
demonstration1
Demonstration
  • Reporting
ecma2 enhancements over ecma
ECMA2 Enhancements over ECMA
  • Full export
  • Call-based import
  • Batch export and import
  • LDAP support (and “generic” renaming)
  • Export types (object, attribute replace, attribute update)
  • Programmatic schema, partition and hierarchy discovery…
  • Passwords and references can be exported on first pass or second pass
  • Normalization (not yet implemented)
  • No export delete confirmation (on delta import)
  • Different object types can have different anchors
  • Parameters for run profiles (e.g. additional files, extra credentials)
  • Always merges pending exports into export in progress
ecma2 enhancements over ecma1
ECMA2 Enhancements over ECMA
  • Full export
  • Call-based import
  • Batch export and import
  • LDAP support (and “generic” renaming)
  • Export types (object, attribute replace, attribute update)
  • Programmatic schema, partition and hierarchy discovery…
  • Passwords and references can be exported on first pass or second pass
  • Normalization (not yet implemented)
  • No export delete confirmation (on delta import)
  • Different object types can have different anchors
  • Parameters for run profiles (e.g. additional files, extra credentials)
  • Always merges pending exports into export in progress
ecma2 enhancements over ecma2
ECMA2 Enhancements over ECMA
  • Full export
  • Call-based import
  • Batch export and import
  • LDAP support (and “generic” renaming)
  • Export types (object, attribute replace, attribute update)
  • Programmatic schema, partition and hierarchy discovery…
  • Passwords and references can be exported on first pass or second pass
  • Normalization (not yet implemented)
  • No export delete confirmation (on delta import)
  • Different object types can have different anchors
  • Parameters for run profiles (e.g. additional files, extra credentials)
  • Always merges pending exports into export in progress
ecma2 enhancements over ecma3
ECMA2 Enhancements over ECMA
  • Full export
  • Call-based import
  • Batch export and import
  • LDAP support (and “generic” renaming)
  • Export types (object, attribute replace, attribute update)
  • Programmatic schema, partition and hierarchy discovery…
  • Passwords and references can be exported on first pass or second pass
  • Normalization (not yet implemented)
  • No export delete confirmation (on delta import)
  • Different object types can have different anchors
  • Parameters for run profiles (e.g. additional files, extra credentials)
  • Always merges pending exports into export in progress
ecma2 enhancements over ecma4
ECMA2 Enhancements over ECMA
  • Full export
  • Call-based import
  • Batch export and import
  • LDAP support (and “generic” renaming)
  • Export types (object, attribute replace, attribute update)
  • Programmatic schema, partition and hierarchy discovery…
  • Passwords and references can be exported on first pass or second pass
  • Normalization (not yet implemented)
  • No export delete confirmation (on delta import)
  • Different object types can have different anchors
  • Parameters for run profiles (e.g. additional files, extra credentials)
  • Always merges pending exports into export in progress