Forefront Identity Manager 2010

Brief details of Forefront Identity Manager 2010.

IT professionals are given more tools to solve day-to-day tasks such as delegating administration and creating workflows for common identity management tasks.

Components to Deploy

FIM 2010 consists of these main components:

· FIM Service

· FIM Synchronization Service

· FIM Portal

· FIM Certificate Management

Component

Description

Topology options

FIM Portal

Interface for performing password resets, group management, and administrative operations

Host on the same computer as the other FIM components, subdivide it onto a separate server, or expand to a Network Load Balancing (NLB) cluster

FIM Service

web service that implements FIM identity management functionality

Host on the same computer as the other FIM components, place on a separate server, or implement an NLB cluster

FIM Synchronization Service

Synchronizes data with other identity stores

Host on the same computer as the other FIM 2010 components, place on a separate server

Microsoft SQL Server

FIM Service and FIM Synchronization Service store their data in independent SQL databases

Host on the same computer as the other FIM 2010 components, place on a separate server, or implement a server cluster

FIM Service

Deploy the FIM Service:

· On a stand-alone server

· On a shared server with the FIM Portal and Windows® SharePoint® Services 3.0

· On multiple servers, we recommend that you use:

· Network Load Balancing (NLB) to distribute the processing load.

· Aliases (for instance, A or CNAME records) so that one common name is exposed to the user.

· A separate alias for a dedicated FIM Service server as an alternative to offload intensive administration tasks to one or more servers so that the end-user tasks are not affected.

FIM Synchronization Service

· Only one FIM Synchronization Service instance can exist in a deployment.

· The server running SQL Server can be a stand-alone server or part of a failover cluster.

FIM Portal

· Deploying the FIM Portal consists of installing the FIM Portal component and configuring Windows SharePoint Services.

· Deploy Windows SharePoint Services on either a stand-alone server or as a Windows SharePoint Services server farm. If deploying a Windows SharePoint Services server farm, Windows SharePoint Services automatically load-balances the servers.

· The FIM Portal is a component that does not demand intensive resources and can be deployed on the same server as the FIM Service.

Topology Consideration

· Small organization of up to 20,000 users and 10,000 groups – Basic deployment with multitier topology and network load balancing.

· Medium organization of up to 50,000 users and 50,000 groups – Advanced deployment with multitier topology, network load balancing, and dedicated servers for FIM services.

· Large organization of up to 200,000 users and 450,000 groups – Advanced deployment with multitier topology, network load balancing, and multiple servers for FIM services.

Identity stores

Identity stores or connected data sources are the systems that FIM manages through MAs. Default MAs manage a number of systems, as shown in the following table. The MAs range from very simple but powerful text-based files to MAs that communicate with the target system’s exposed APIs. There is also an Extensible MA that is used to connect to custom data stores.

Type of system

Management agents

Network operating systems and directory services

AD DS in Windows Server® 2008 R2 and Windows Server 2008. Active Directory directory service in Windows Server 2003 R2, Windows Server 2003, and Microsoft Windows® 2000.

Active Directory Lightweight Directory Services (AD LDS) in Windows Server 2008 R2, Windows Server 2008, Windows Server 2003 R2, Windows Server 2003, and Windows 2000.

Active Directory global address list (GAL) in Microsoft Exchange Server 2010, Exchange 2007, Exchange 2003, and Exchange 2000.

IBM Tivoli Directory Server version 6.2, Novell eDirectory v8.7.3 and v8.8

Sun ONE and Netscape Directory Servers 5.1 and 5.2

Certificate and smart card management

FIM Certificate Management

E-mail and messaging

Exchange 2010 and Exchange 2007. (Use Active Directory MA to provision mailboxes and mail-enabled groups.)

Lotus Notes 6.5 and 7.0 (32-bit Lotus Notes client required)

Databases

SQL Server 2008, SQL Server 2005, and SQL Server 2000

IBM DB2 Universal Database Version 9.1 and Version 9.5 (64-bit client Version 9.5 FP5 or Version 9.7 FP1 required)

Oracle Database 10g (Requires 64-bit client)

File-based

Attribute value pairs

Comma-separated values (CSV)

Delimited

Fixed width

Directory Services Markup Language (DSML) 2.0

LDAP Interchange Format (LDIF)

These file formats allow for integration with a variety of applications, databases, telephone switches, X.500 systems, mainframe, and metadirectory products or underlying systems that can produce a file for import and export.

Other

SAP R/3 Enterprise Release 4.70 and mySAP 2004 (ECC 5.0) (32-bit client)

Extensible MA for custom connectivity to other systems

image

For more details check the TechNet link:

http://technet.microsoft.com/en-us/library/ff684076.aspx