2. Agenda
• Major themes in RC1
• Manageability improvements
• Developer-visible changes
• Improvements by scenario
− group management
− password reset
− provisioning
3. Forefront Identity Manager
Provides Office-based self-service tools
Empowers
SharePoint admin console to manage identities
People
Greater productivity through faster time to resolution
Delivers Reduces costs through automation and self-service
Agility and Maximizes existing investments in Identity Infrastructure
Efficiency Integrates with familiar developer tools to enable new scenarios
Increases Integrates identity, credential, and access management
Security and Implements a rich permissions and delegation model
Compliance Enables system auditing and compliance
4. Forefront Identity Manager
SharePoint-based console for policy authoring, enforcement & auditing
Policy
Management Extensible WS– * APIs and Windows Workflow Foundation workflows
Heterogeneous identity synchronization and consistency
Heterogeneous certificate management with Windows & 3rd party CAs
Credential Management of multiple credential types
Management
Self-service password reset integrated with Windows logon
Integrated provisioning of identities, credentials, and resources
User
Management Automated, codeless user provisioning and de-provisioning
Self-service profile management
Rich Office-based self-service group management tools
Group Offline approvals through Office
Management
Automated group and distribution list updates
5. Releases
• ILM 2007
• ILM 2007 FP1
• ILM 2007 FP1 SP1
• ILM “2” RC0: 4Q CY 2008
• FIM 2010 RC1: 3Q CY 2009
• FIM 2010 RTM: 1Q CY 2010
6. Major Themes in FIM 2010 RC1
• Rebranding
• General improvements
− Manageability and deployability
− Usability
− Performance and scalability
• Bug fixes
8. RC1: Forefront Rebranding
ILM “2” RC FIM 2010 RC1
Identity Lifecycle Manager “2” Microsoft Forefront Identity Manager 2010
ILM Service FIM Service
MIIS / Sync Engine FIM Synchronization Service
CLM FIM Certificate Management
Object type Resource type
Object Visualization Resource Control Display Configuration
Configuration (RCDC)
(OVC)
http://www.microsoft.com/fim/
9. New Manageability Features
• Management Policy Rules
− MPR Explorer
− Individual MPRs can be disabled
• Configuration Migration Tools
• SCOM Management Pack
18. SCOM Management Pack
Collects and reports on Health Events generated by FIM
Component # Monitors # Events
FIM Service 9 8
FIM Portal 11 10
FIM Sync 7 6
FIM CM 6 6
20. Operational Changes
• User Access
− Users in FIM Service Database will be identified by
ObjectSID rather than AccountName
• Workflow
− Additional config options for control over maximum
number of simultaneous workflows (in scale-out)
• Requests
− More details in the Request resource to aid in
determining why a request denied or failed
• Patching
− Patches after RC1 delivered via Microsoft Update
21. Developer Impact
• Can configure a search scope to be used to specify list
view attributes to display for custom resource types
• Changes to XPath for query
− “contains()” function now works like SQL Full Text Search
− descendants(), betweenTime(), atTime(), allTime() removed
− membersof() changed syntax
• Changes to Activities
− Removed ScriptHostActivity
− Removed
ResourceTemplateActivity, EnumerateResourceIterationActivity (as
duplicate other activities)
• Blog http://blogs.msdn.com/imex/ to be updated after RC1
22. Change Auditing via Requests
• At RC0, a web services client could reconstruct resources
via Requests, or betweenTime, atTime and allTime
functions
• At RC1, a web service client will be able to reconstruct
resources via Requests
− More attributes on Request, and new creator and target
fields in RequestParameters values available
− Configurable request trimming interval to auto-delete
requests which have been archived
• Blog at http://blogs.technet.com/doittoit/ to be updated
after RC1
23. Group Management Scenario
• New Requestor Validation activity added for
group self-service
− Prevents end users from removing others from
groups
• Portal will show which members of security
groups do not meet AD requirements
24. Password Reset Scenario
• MPRs and their Sets now included by
default (with MPRs disabled)
• Windows XP SP2 now supported
• New configuration options
− Users can be required to type their login
passwords prior to registration
− Clients can be configured to not check whether
the user is registered on each login
25. Synchronization
• Added checkbox for use during disaster
recovery to temporarily disable declarative
provisioning
− Already present for scripted provisioning
• Added IsPresent function for Sync Rules
• Additional scope control options
− NotContains, NotStartsWith, NotEndsWith
• Bidirectional sync rules can be defined
26. Management Agent Changes
• Adding support for
− Active Directory in Windows Server 2008
− SQL Server 2008
− Novell eDirectory 8.8
− Sun Java System DS 6.2
− IBM DB2 9.1, 9.5
• Connecting to RACF, ACF2, OS400,
TopSecret will be via ILM 2007FP1
27. Other End-User Improvements
• Localization
− FIM Service and Portal:
Chinese (Simplified &
Traditional), Dutch, English, French, German, It
alian, Japanese, Portuguese, Spanish
− FIM Outlook add-in & password reset:
35 languages/locales (no right-to-left)
• All mail messages will be customizable
30. Preparing Systems for RC1
• Platform Prerequisites
− FIM Service, FIM Sync, FIM CM
− Windows Server 2008 (64-bit)
− FIM Portal
− Windows Server 2008 (64-bit)
− Windows SharePoint Services
− FIM Service and FIM Sync Databases
− SQL Server 2008 CU2 or later, including SP1
− SQL’s Full Text Search now required for RC1
31. Documentation and FIM Forum
• IT Pro doc updates on TechNet
• SDK doc updates on MSDN
• FIM Forum
http://go.microsoft.com/fwlink/?LinkID=163230
− Greatest hits
http://go.microsoft.com/fwlink/?LinkID=163459
− ScriptBox
http://go.microsoft.com/fwlink/?LinkID=160098
32. Summary
• RC1 brings
− numerous bug fixes
− performance/scale improvements
− feature manageability/usability improvements
• Your feedback is requested
− Help us and customer deployments prepare for
RTM!