Microsoft Forefront - What’s New in FIM 2010 RC1 Presentation

What’s New in FIM 2010 RC1

Agenda

• Major themes in RC1• Manageability improvements• Developer-visible changes• Improvements by scenario

− group management− password reset − provisioning

Forefront Identity Manager

Integrates identity, credential, and access managementImplements a rich permissions and delegation modelEnables system auditing and compliance

Provides Office-based self-service toolsSharePoint admin console to manage identitiesGreater productivity through faster time to resolution

Reduces costs through automation and self-serviceMaximizes existing investments in Identity InfrastructureIntegrates with familiar developer tools to enable new scenarios

Empowers People

Delivers Agility and Efficiency

Increases Security

and Compliance

Software for policy-based management of identities,credentials, and resources across heterogeneous

environments

Forefront Identity Manager

Credential Management

Heterogeneous certificate management with Windows & 3rd party CAsManagement of multiple credential typesSelf-service password reset integrated with Windows logon

GroupManagement

Rich Office-based self-service group management toolsOffline approvals through OfficeAutomated group and distribution list updates

UserManagement

Integrated provisioning of identities, credentials, and resourcesAutomated, codeless user provisioning and de-provisioningSelf-service profile management

PolicyManagement

SharePoint-based console for policy authoring, enforcement & auditingExtensible WS– * APIs and Windows Workflow Foundation workflowsHeterogeneous identity synchronization and consistency

Releases

• ILM 2007• ILM 2007 FP1• ILM 2007 FP1 SP1

• ILM “2” RC0: 4Q CY 2008• FIM 2010 RC1: 3Q CY 2009• FIM 2010 RTM: 1Q CY 2010

Major Themes in FIM 2010 RC1• Rebranding• General improvements

− Manageability and deployability− Usability− Performance and scalability

• Bug fixes

FIM 2010 RC1

RC1: Forefront Rebranding

ILM “2” RC FIM 2010 RC1

Identity Lifecycle Manager “2”

Microsoft Forefront Identity Manager 2010

ILM Service FIM Service

MIIS / Sync Engine FIM Synchronization Service

CLM FIM Certificate Management

Object type Resource type

Object Visualization Configuration(OVC)

Resource Control Display Configuration(RCDC)

http://www.microsoft.com/fim/

New Manageability Features

• Management Policy Rules− MPR Explorer− Individual MPRs can be disabled

• Configuration Migration Tools• SCOM Management Pack

MPR Explorer

MPR Explorer

MPR Explorer

Configuration Migration Tools

• PowerShell commands to copy select configuration settings between FIM Services− Requires FIM Service to be RC1 or later

Export-FIMConfig(FIM Production)

Join-FIMConfigCompare-FIMConfig

Import-FIMConfig(FIM Production)

Export-FIMConfig(FIM Pilot)

Export Objects(.NET Collection)

Import Objects(.NET Collection)

Matched Objects(.NET Collection)

Configuration Migration Tools1. Retrieve configuration from pilot FIM Service.

Configuration Migration Tools2. Retrieve configuration from production FIM Service.

Configuration Migration Tools3. Merge pilot and production configurations, compute differences.

Configuration Migration Tools4. Apply changes to production FIM Service.

SCOM Management Pack

Component # Monitors # Events

FIM Service 9 8

FIM Portal 11 10

FIM Sync 7 6

FIM CM 6 6

Collects and reports on Health Events generated by FIM

SCOM Management Pack

Operational Changes• User Access

− Users in FIM Service Database will be identified by ObjectSID rather than AccountName

• Workflow− Additional config options for control over

maximum number of simultaneous workflows (in scale-out)

• Requests− More details in the Request resource to aid in

determining why a request denied or failed

• Patching− Patches after RC1 delivered via Microsoft

Update

Developer Impact

• Can configure a search scope to be used to specify list view attributes to display for custom resource types

• Changes to XPath for query− “contains()” function now works like SQL Full Text Search− descendants(), betweenTime(), atTime(), allTime()

removed− membersof() changed syntax

• Changes to Activities− Removed ScriptHostActivity− Removed ResourceTemplateActivity,

EnumerateResourceIterationActivity (as duplicate other activities)

• Blog http://blogs.msdn.com/imex/ to be updated after RC1

Change Auditing via Requests• At RC0, a web services client could reconstruct

resources via Requests, or betweenTime, atTime and allTime functions

• At RC1, a web service client will be able to reconstruct resources via Requests− More attributes on Request, and new creator and

target fields in RequestParameters values available

− Configurable request trimming interval to auto-delete requests which have been archived

• Blog at http://blogs.technet.com/doittoit/ to be updated after RC1

Group Management Scenario• New Requestor Validation activity

added for group self-service− Prevents end users from removing others

from groups

• Portal will show which members of security groups do not meet AD requirements

Password Reset Scenario

• MPRs and their Sets now included by default (with MPRs disabled)

• Windows XP SP2 now supported• New configuration options

− Users can be required to type their login passwords prior to registration

− Clients can be configured to not check whether the user is registered on each login

Synchronization

• Added checkbox for use during disaster recovery to temporarily disable declarative provisioning − Already present for scripted provisioning

• Added IsPresent function for Sync Rules

• Additional scope control options− NotContains, NotStartsWith, NotEndsWith

• Bidirectional sync rules can be defined

Management Agent Changes• Adding support for

− Active Directory in Windows Server 2008− SQL Server 2008− Novell eDirectory 8.8− Sun Java System DS 6.2− IBM DB2 9.1, 9.5

• Connecting to RACF, ACF2, OS400, TopSecret will be via ILM 2007FP1

Other End-User Improvements• Localization

− FIM Service and Portal:Chinese (Simplified & Traditional), Dutch, English, French, German, Italian, Japanese, Portuguese, Spanish

− FIM Outlook add-in & password reset: 35 languages/locales (no right-to-left)

• All mail messages will be customizable

Scalability in RC1

• FIM being be tested to Microsoft scale

Certificate Management

• More documentation for 3rd party CA API

• Bug fixes

Preparing Systems for RC1

• Platform Prerequisites− FIM Service, FIM Sync, FIM CM

− Windows Server 2008 (64-bit)− FIM Portal

− Windows Server 2008 (64-bit)− Windows SharePoint Services

− FIM Service and FIM Sync Databases− SQL Server 2008 CU2 or later, including SP1− SQL’s Full Text Search now required for RC1

Documentation and FIM Forum• IT Pro doc updates on TechNet• SDK doc updates on MSDN• FIM Forum

http://go.microsoft.com/fwlink/?LinkID=163230− Greatest hits

http://go.microsoft.com/fwlink/?LinkID=163459− ScriptBox http://go.microsoft.com/fwlink/?

LinkID=160098

Summary

• RC1 brings− numerous bug fixes− performance/scale improvements− feature manageability/usability

improvements

• Your feedback is requested− Help us and customer deployments

prepare for RTM!