1. Microsoft Forefront Identity Manager 2010 R2 Edin Smlatić s IT Solutions HR d.o.o. edin.smlatic@s-itsolutions.hr Rijeka, 11. prosinac 2013.

2. Agenda: -Općenito o Identity Managementu -Povijest FIM-a -FIM komponente -Instalacija FIM-a -FIM Syncronization Service -Demo 1. – Synchronization Service Manager -FIM Service i FIM Portal -Demo 2. – FIM Service i FIM Portal O čemu danas nećemo govoriti: -FIM Password Registration and Reset Portal -FIM Reporting -FIM Certificate Managenemt -Backup / Restore

3. Općenito o Identity Managementu: -Što je identitet? -Skup objekata koji nas interesira ili bilo koji objekt čije podatke želimo skladištiti, npr ljudi, grupe, računala, printeri -Identiteti od našeg značaja često se nalaze u različitim ne kompatibilnim data store-ovima koji znaju biti nekonzistentni -Identity Management System -Skup servisa i/ili aplikacija koje koordiniraju informacijama skladištenim u različitim data store-ovima -Omogućuje nam efikasnije upravljanje našim podacima -Forefront Identity Manager -Skup proizvoda

4. Povijest FIM-a: -1999 godina: -Microsoft kupuje firmu Zoomit pa time i proizvod zvan VIA -Integracija Zoomit VIA u Microsoft Metadirectory Service – proizvod dostupan samo kroz Microsoft Consulting Service rješenja -2003 godina: -Microsoft Identity Integration Server (MIIS) -Prva javno dostupna verzija, danas poznata kao FIM Syncronization service -2005 godina: -Microsoft kupuje firmu Alacris pa time i proizvod IdNexus -IdNexus kasnije dobiva naziv Certificate Lifecycle Manager (CLM) -2007 godina: -Spajanje MIIS i CLM u Identity Lifecycle Manager 2007 (ILM) -2010 godina: -Forefront Identity Manager 2010 (FIM) -FIM Portal -2012 godina: -Forefront Identity Manager 2010 R2 (FIM) -FIM Reporting

5. FIM komponente: -FIM Synchronization Service: -Non-declarative (classic) vs declarative syncronization -FIM Service -FIM Portal -FIM Password Registration and Reset -FIM Reporting -Naslanja se na Data Warehouse komponentu od SCSM -FIM Certificate Managenemt

6. Instalacija FIM-a: -Sistemski zahtjevi: -Hardware – x64 CPU, 2GB RAM, 2 GB HDD -Software – -Windows Server 2008 ili 2008 R2 -SQL Server 2008 x64 SP1 -PowerShell -.NET Framework -FIM Synchronization Service: -Visual Studio 2008 – za potrebe developing-a non-declarative sync rule-ova -Exchange Management Tools – za potrebe mail provisioninga -FIM Service -FIM Portal, Password Registration and Reset -IIS -Sharepoint Services 3.0 SP2 ili Sharepoint Foundation 2010 -FIM Reporting -SCSM 2010 SP1 -FIM Certificate Managenemt -FIM Client-Side Components -Add-in for Outlook -Password Reset Extensions

7. FIM Synchronization Service:

9. -Primarne komponente: -Management Agents (MA) -Connector Data Source (CDS) -Metaverse (MV) -Connector Space (CS) -Build-in MA: -Databases: SQL Server, Oracle, IBM DB2 Universal Database -Active Directory®: Domain Services, GAL Sync, AD LDS -Other Directories: IBM Directory Server, Lotus Notes, Novell eDirectory, Sun and Netscape Directory Servers -File-based MAs: Attribute Value Pair (AVP), LDAP Directory Interchange Format (LDIF), Directory Services Mark-up Language (DSML), delimited text, fixed width text -Others: SAP R/3 (Microsoft), Extensible Connectivity

10. FIM Synchronization Service: -Objekti i atributi -MV i CS: -Join rules, Project rules, Manual Joining -Connectors, Disconnectors – Normalni i Eksplicitni -Connector Filters -Anchor attributes and GUIDs -Attribute flow: Import i Export -Authority and precedence -Run Profiles -Import – Full, Delta -Sync – Full, Delta -Export – uvijek Delta -Confirm Import – najčešće Delta Import i Delta Sync -MA Statistics i greške

11. FIM Synchronization Service: -Sync Service Manager Tools: -Operations – uvid u izvršavanje Run Profile-a -MV Designer Tool -Configure attribute flow precedence -Edit Attribute – Indexing -Configure Object Deletion Rule -MV Search Tool -Joiner Tool -Provisioning: -Classic rules – DLL -Declarative - Portal -Deprovisioning -MV Object Deletion Rule -Make it Disconnector -Make it Explicit Disconnector -Stage a delete on the object on next export run -Determine With a Rules Extension

12. FIM Synchronization Service

14. Demo FIM Syncronization Service Manager

15. FIM Service i FIM Portal: -Declarative (Codeless) Provisioning -SQL server -Sharepoint Portal -FIM Service MA -Mandatory Object Types – DRE, ERE, SyncRule -Mandatory Object Type Mappings -Mandatory Attribute Flow Data Source Object TypeMetaverse Object Type DetectedRuleEntrydetectedRuleEntry ExpectedRuleEntryexpectedRuleEntry SynchronizationRulesynchronizationRule Data Source Attribute Metaverse AttributeType Dn  Sync-rule-mapping – Expression MVObjectID  Direct DetectedRulesList  Direct  csObjectIDDirect ExpectedRulesList  Direct

16. FIM Service i FIM Portal: -Sets -Workflows -Authentication -Authorization -Action -Management Policy Rules (MPR) -Request MPRs – grant permissions and run workflows -Set Transition MPRs – cannot grant permissions only run workflows -Syncronization Rules -Inbound -Outbound -Expected Rules Entry (ERE) -Expected Rules List (ERL) -Detected Rules Entry (DRE) -Detected Rules List (DRL) -Inbound / Outbound

17. FIM Service i FIM Portal: -ERE/DRE

18. FIM Service i FIM Portal:

19. Demo FIM Portal

20. Zaključci: -Poželjno testiranje u test okolini prije izmjena na produkciji -Classic vs Declarative Provisioning? -Deprovisioning Disconnect or Delete? -Automatizacija Run Profile-a -VBS -PowerShell -Mail Error Alerting

21. Pitanja???

22. Hvala

23. Izvor: -Microsoft Technet: http://technet.microsoft.com/en-us/forefront/cc470030.aspx http://technet.microsoft.com/en-us/forefront/cc470030.aspx