Components to Deploy
FIM 2010 consists of these main components:
- FIM Service
- FIM Synchronization Service
- FIM Portal
- FIM Certificate Management
Component | Description | Topology options |
FIM Portal | Interface for performing password resets, group management, and administrative operations | Host on the same computer as the other FIM components, subdivide it onto a separate server, or expand to a Network Load Balancing (NLB) cluster |
FIM Service | web service that implements FIM identity management functionality | Host on the same computer as the other FIM components, place on a separate server, or implement an NLB cluster |
FIM Synchronization Service | Synchronizes data with other identity stores | Host on the same computer as the other FIM 2010 components, place on a separate server |
Microsoft SQL Server | FIM Service and FIM Synchronization Service store their data in independent SQL databases | Host on the same computer as the other FIM 2010 components, place on a separate server, or implement a server cluster |
FIM Service
Deploy the FIM Service:
- On a stand-alone server
- On a shared server with the FIM Portal and Windows® SharePoint® Services 3.0
- On multiple servers, we recommend that you use:
- Network Load Balancing (NLB) to distribute the processing load.
- Aliases (for instance, A or CNAME records) so that one common name is exposed to the user.
- A separate alias for a dedicated FIM Service server as an alternative to offload intensive administration tasks to one or more servers so that the end-user tasks are not affected.
FIM Synchronization Service
- Only one FIM Synchronization Service instance can exist in a deployment.
- The server running SQL Server can be a stand-alone server or part of a failover cluster.
FIM Portal
- Deploying the FIM Portal consists of installing the FIM Portal component and configuring Windows SharePoint Services.
- Deploy Windows SharePoint Services on either a stand-alone server or as a Windows SharePoint Services server farm. If deploying a Windows SharePoint Services server farm, Windows SharePoint Services automatically load-balances the servers.
- The FIM Portal is a component that does not demand intensive resources and can be deployed on the same server as the FIM Service.
Topology Consideration
- Small organization of up to 20,000 users and 10,000 groups – Basic deployment with multitier topology and network load balancing.
- Medium organization of up to 50,000 users and 50,000 groups – Advanced deployment with multitier topology, network load balancing, and dedicated servers for FIM services.
- Large organization of up to 200,000 users and 450,000 groups – Advanced deployment with multitier topology, network load balancing, and multiple servers for FIM services.
Identity stores
Identity stores or connected data sources are the systems that FIM manages through MAs. Default MAs manage a number of systems, as shown in the following table. The MAs range from very simple but powerful text-based files to MAs that communicate with the target system’s exposed APIs. There is also an Extensible MA that is used to connect to custom data stores.
Type of system | Management agents |
Network operating systems and directory services | AD DS in Windows Server® 2008 R2 and Windows Server 2008. Active Directory directory service in Windows Server 2003 R2, Windows Server 2003, and Microsoft Windows® 2000. Active Directory Lightweight Directory Services (AD LDS) in Windows Server 2008 R2, Windows Server 2008, Windows Server 2003 R2, Windows Server 2003, and Windows 2000. Active Directory global address list (GAL) in Microsoft Exchange Server 2010, Exchange 2007, Exchange 2003, and Exchange 2000. IBM Tivoli Directory Server version 6.2, Novell eDirectory v8.7.3 and v8.8 Sun ONE and Netscape Directory Servers 5.1 and 5.2 |
Certificate and smart card management | FIM Certificate Management |
E-mail and messaging | Exchange 2010 and Exchange 2007. (Use Active Directory MA to provision mailboxes and mail-enabled groups.) Lotus Notes 6.5 and 7.0 (32-bit Lotus Notes client required) |
Databases | SQL Server 2008, SQL Server 2005, and SQL Server 2000 IBM DB2 Universal Database Version 9.1 and Version 9.5 (64-bit client Version 9.5 FP5 or Version 9.7 FP1 required) Oracle Database 10g (Requires 64-bit client) |
File-based | Attribute value pairs Comma-separated values (CSV) Delimited Fixed width Directory Services Markup Language (DSML) 2.0 LDAP Interchange Format (LDIF) These file formats allow for integration with a variety of applications, databases, telephone switches, X.500 systems, mainframe, and metadirectory products or underlying systems that can produce a file for import and export. |
Other | SAP R/3 Enterprise Release 4.70 and mySAP 2004 (ECC 5.0) (32-bit client) Extensible MA for custom connectivity to other systems |