Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

Published byAlfred Blankenship Modified over 9 years ago

Similar presentations

Presentation on theme: "Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft."— Presentation transcript:

1 Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft

2 Agenda Overview of Microsoft Identity Integration Server 2003 Resource Kit Tools What’s new in SP1? Roadmap

3 Simplify Enterprise Identity Management Identity Data LDAPSQL Directory Synchronization Active Directory & ADAM Sun/iPlanet Directory Novell eDirectory Microsoft SQL 2000 & SQL 7 Oracle 9i/8i Lotus Notes 5.x/6.x Microsoft Exchange 5.5, 2K, 2K3 Microsoft NT 4.x DSML, LDIF, CSV, fixed width …others to follow Password Management Self-service password reset Helpdesk password reset User Provisioning Automate account create/delete NOS LOB Apps

4 Exchange 5.5 Directory Synchronization Synchronizes multiple repositories “Agentless” connection to other systems Provides attribute-level control Manage global address lists (GAL) Automate group and DL management Active Directory Notes iPlanet SQL Oracle

5 New Features Capability MMS 2.2 MIIS 2003 Enterprise Standard datastore Proprietary SQL 2000 MIIS extensions/Scripting Proprietary VS.NET languages Fault tolerance/failover Limited SQL Clustering Scalability1M100M LDAP access   - via ADAM Extensible APIs No WMI, SDK Easily move from test to production No Password Management No Support renames in connected systems No XML-basedNo Data lineage No Single User View (Polyarchy) No Consulting engagement RequiredOptional

6 MIIS Architecture MIIS runs as a service Management Agents (MA) connect to directories Metadirectory data stored in SQL Administrative client connects to service via DCOM MA Controller iPlanetMA ADMA OracleMA …MA MIIS Service AD/E2K iPlanet Oracle MIIS Admin Client DCOM MIISStore

7 Extending Capabilities Modify the behavior of MIIS Call methods on the interface in response to changes in the system Model defines a managed interface Configuration set in UI determines which methods are called Write custom extensions in any programming language with a compiler for the CLR Visual Studio projects auto-generated for VB or C#

8 MIIS Concepts Connected directory Source and/or destination for synchronized attributes Connector space (CS) Staging area for inbound or outbound synchronized attributes Metaverse (MV) Central (SQL) store of identity information Matching CS entries to a single MV entry is called “join” iPlanet Oracle SQL Exchange5.5 ConnectedDirectories Metaverse User Connector Space

9 Reference Attributes Different systems have different DN formats Cn=Max Benson,ou=People,dc=microsoft,dc=com Uid=7399,ou=development,ou=emp,dc=contoso.com Refer to other objects in the namespace, e.g. employee# Reference attributes in MIIS do not persist the data, rather the relationship between objects

10 Provisioning & Workflow Simple Provisioning & De-provisioning Provision users as they appear in authoritative systems Set initial values for attributes (including password) Disable or delete accounts Complex Workflow Initiate workflow or provisioning system Integrated with BizTalk Integrating with 3 rd party provisioning systems e.g., Blockade, Business Layers, M-Tech, OSM

11 Provisioning & de-provisioning Source Email Tel No. Title Tel No. Email Title Tel No. Email Title Tel No. Email ProvisioningEngine

12 Provisioning & de-provisioning Source Email Tel No. Title Tel No. Email Title Tel No. Email Title Tel No. Email ProvisioningEngine Title Tel No. Email JoinEngine

13 CS Objects – 2 states Provisioning Types Simple Provisioning Metaverse MetaverseObjects Connector Connector Connector MetaverseObjects Connector Connector Connector MetaverseObjects Link to AD Link to SQL Link to NDS Connector Space “AD” ConnectorSpaceObjects ConnectorSpaceObjects ConnectorSpaceObjects Connector Space “SQL” ConnectorSpaceObjects ConnectorSpaceObjects ConnectorSpaceObjects Connector Space “NDS” ConnectorSpaceObjects ConnectorSpaceObjects ConnectorSpaceObjects Disconnector Disconnector Connector Connector Link to MV

14 Provisioning Types Simple Provisioning Name & Attribute Construction Advanced Import Attribute Flow Metaverse Connector Space Hendrix Jimi, cn = displayName = sn = givenName = Hendrix Jimi Select Case FlowRuleName Case “cn” mventry(“cn”).Value = csentry(“sn”).Value & “, “ & csentry(“givenName”).Value Case “displayName” mventry(“displayName”).Value = csentry(“givenName”).Value & “ “ & csentry(“sn”).Value Case Else End Select

15 HR MA Connector Space Metaverse Provisioning Types Simple Provisioning MA code modifies attributes as they flow Jimi cn = displayName = Surname = Hendrix First Name = Jimi Email MA Connector Space Constructed Attributes Attributes Jimi Hendrix Hendrix, Jimi cn = Hendrix, Jimi MailboxName = Jimi Hendrix FlowedAttributes MA config flows attributes intact MA maps attributes

16 Metaverse Select Case employeeStatus Case “active” container = Users Case “inactive” container = DisabledUsers Case Else End Select De-Provisioning Simple De-Provisioning with MIIS Connector Space employeeStatus = UsersDisabledUsers activeinactive

17 Mail Scenarios HR add triggers new mail user Contacts automatically generated in other systems (GAL) Automated DL/group management MIIS Exch1 Exch2CreateUserSAP UserAdded User Contact Alias name WHERE clause MMSTeamdepartment=‘US-Metadirectory’ BigDogs personalTitle=‘Vice President’ KevDirmanagerMailNickname=‘KevinMil’ DLs DLs ConnectedMA adma = mventry.ConnectedMAs[“AD”]; adma.Connectors.StartNewConnector(“user”);

18 State- vs. Event- based State-based systems are more robust Storing state information means the system knows what to expect on the connected system The system can respond if things go wrong Event-based systems can be quicker to respond Events fire in response to changes in systems, but… …events can get lost if servers are down MIIS provides the “best of both” Our state based approach allows us to take a pessimistic view of connected system uptime/connectivity Our architecture allows high flexibility Runs can be controlled via schedules, events via WMI, etc. System can process only changes in the connected systems Microsoft OTG runs 1500-2000 times per day

19 Preview Mode System is transparent in design Allows architect/developer to preview work in the metadirectory without committing any changes Allows the testing of Configuration changes New rules New connected directories Can view all results through the UI

20 ProvisionDe-provision Join and synchronize Provisioning Lifetime Provisioning & de-provisioning

21 ProvisionDe-provision Join and synchronize Provisioning Lifetime Provisioning & de-provisioning PasswordSynch

22 Password Management Encryption – the basic problem “Carve99” Plaintext password One Way Function AD NT4 SAM C62EAD47D82E1037A6AC12CD0CC49C6E One Way Function OWF password C62EAD47D82E1037A6AC12CD0CC49C6E

23 Active Directory Password Management Initial password set Centralized password control via a Web app Self-service password reset Helpdesk password reset Decentralized password synchronization 3 rd party password sync products can easily integrate SunONE Directory Web app

24 Password Management True Password Sync Requires agents on target systems Trap password in plain text format Securely transport back to central server Server does Password Set on other targets PasswordAgent Target System TransportEncryptedPassword Password Set: Directory Write Native APIs Target System Password Server M-Tech P-Synch Server

25 Password Set & Reset Password Synch MIIS SQL SQL Tables P-Synch Table P-Synch Engine Persistent Join Data Password Sync M-Tech P-Synch – MIIS Integration

26 Visualization Different hierarchies suit different needs Multiple hierarchical representations can be discovered from data Polyarchy eliminates the requirement for fixed hierarchy Polyarchy provides multiple hierarchical views and richer visualization of infrastructure information

27 Prerequisites Microsoft SQL Server 2000 Enterprise Edition SP1 adds support for Standard Edition Windows Server 2003 Enterprise Edition Visual Studio.NET 2003

28 Directory Synchronization Connectivity in MIIS 2003, Enterprise Edition Active Directory Active Directory Application Mode Exchange 2000 and Exchange 2003 Global Address List Synchronization Sun One Directory (formerly iPlanet) 4.x and 5.0 SQL Server 7.0 and 2000 Oracle 8i and 9i DSML 2.0 LDAP Directory Interchange Format (LDIF) Delimited Text Fixed-Width Text Attribute-Value Pair Text Windows NT 4.0 Exchange 5.5 Lotus Notes 4.6, 5.x, and 6.x Novell eDirectory 8.62 and 8.7 Other LDAP-based or mainframe or RDBMS systems to follow

29 MIIS 2003 – Resource Kit v2 MIIS Provisioning Wizard MIIS Workflow Application Sample application that show how to build workflow based on MIIS 2003 AttributeFlowViewer Shows import and export flows of MV attributes Generates XML file MIISInfoBackup Collects all MIIS configuration into XML file MVConfigurationViewer Translates MV configuration to XML file Allows viewing and documenting MV configuration in readable way

30 MIIS 2003 ResKit v2 Provisioning MIIS 2003 Administrator had to write code for provisioning MIIS SP1 Resource Kit Additional tools Provisioning code generator Declarative UI for provisioning Generates provisioning code Enables provisioning and registers provisioning DLL Source code can be extended with custom code

31 Service Pack 1

32 MIIS 2003 SP1 – Management Agents New MAs IBM DB2 Version 7 or 8.1 Windows OS only at this time IBM DS Version 4.1, 5.1 and 5.2 Windows OS only at this time Improved MA support Sun One 5.2 eDirectory 8.73 Lotus Notes 6.x

33 MIIS 2003 SP1 Password Synchronization Problem: Credentials in multiple identity stores are hard to manage Solution: Use credentials from one store and synchronize End users – convenience IT – security, manageability Must be easy to use and integrated with desktop End users know how to change passwords from the Windows client No training required Must be easy to deploy PCNS Filter and Service can easily be rolled out with SMS or GP PCNS configuration stored in AD; no need to update each DC for configuration changes Password synchronization integrated in MIIS Service will forward password changes to MIIS MIIS uses password extensions for all connected identity stores Robust implementation

34 Packaging MIIS 2003, Enterprise Edition Available via Open and Select licensing MSDN Universal for development, testing Includes all management agents Identity Integration Feature Pack for AD No cost web download AD and ADAM management agents Supports Exchange GAL sync

35 1. Codeless provisioning 2. Richer logging/auditing 3. Self-service platform 4. Workflow for provisioning and self-service 5. Cluster support 6. Computed attributes (dynamic groups) 7. Cross-forest group management 8. Entitlement reporting 9. Capacity planning documentation 10. Scalability improvements

36 Roadmap Polyarchy Beta – Target: 2H04 MIIS Gemini – Target: CY06 Full Lifecycle Identity Management: Additional Provisioning/De-provisioning Audit Development Platform Even easier Deployment/Development and Ongoing Administration PolyarchyAutogroup

37 © 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Download ppt "Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft."

Similar presentations

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.
Donnie Hamlett Technology Specialist Microsoft Corporation Microsoft Services for NetWare 5.0 Overview Overview Directory Synchronization Services Directory.

Donnie Hamlett Technology Specialist Microsoft Corporation Microsoft Services for NetWare 5.0 Overview Overview Directory Synchronization Services Directory.
Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.

Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.
Quality in Identity and Access Management Systems IDM: Overview Michele Brass, PMP PMI Westchester Chapter Program Manager – Collaboration Tools.

Quality in Identity and Access Management Systems IDM: Overview Michele Brass, PMP PMI Westchester Chapter Program Manager – Collaboration Tools.
Microsoft Forefront Identity Manager 2010

Microsoft Forefront Identity Manager 2010
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.

DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.
Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.

Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.
Identity Management with Microsoft Identity Integration Server.

Identity Management with Microsoft Identity Integration Server.
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
4/17/2017 7:07 AM © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

4/17/2017 7:07 AM © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Identity and Access Management

Identity and Access Management
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
What’s new for Rich Clients? Martin Parry Developer & Platform Group Microsoft Ltd

What’s new for Rich Clients? Martin Parry Developer & Platform Group Microsoft Ltd
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
Understanding Active Directory

Understanding Active Directory
Future Directions for Leveraging Advanced XML Tools and Building Custom XML Solutions Denise Draper DAT321 Microsoft Corporation.

Future Directions for Leveraging Advanced XML Tools and Building Custom XML Solutions Denise Draper DAT321 Microsoft Corporation.
#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.

#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.
Winter 2005-2006 Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.

Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.

Similar presentations

Ads by Google