FIM 2010

Components to Deploy

FIM 2010 consists of these main components:

  • FIM Service
  • FIM Synchronization Service
  • FIM Portal
  • FIM Certificate Management
ComponentDescriptionTopology options
FIM PortalInterface for performing password resets, group management, and administrative operationsHost on the same computer as the other FIM components, subdivide it onto a separate server, or expand to a Network Load Balancing (NLB) cluster
FIM Serviceweb service that implements FIM identity management functionalityHost on the same computer as the other FIM components, place on a separate server, or implement an NLB cluster
FIM Synchronization ServiceSynchronizes data with other identity storesHost on the same computer as the other FIM 2010 components, place on a separate server
Microsoft SQL ServerFIM Service and FIM Synchronization Service store their data in independent SQL databasesHost on the same computer as the other FIM 2010 components, place on a separate server, or implement a server cluster

FIM Service

Deploy the FIM Service:

  • On a stand-alone server
  • On a shared server with the FIM Portal and Windows® SharePoint® Services 3.0
  • On multiple servers, we recommend that you use:
  • Network Load Balancing (NLB) to distribute the processing load.
  • Aliases (for instance, A or CNAME records) so that one common name is exposed to the user.
  • A separate alias for a dedicated FIM Service server as an alternative to offload intensive administration tasks to one or more servers so that the end-user tasks are not affected.

FIM Synchronization Service

  • Only one FIM Synchronization Service instance can exist in a deployment.
  • The server running SQL Server can be a stand-alone server or part of a failover cluster.

FIM Portal

  • Deploying the FIM Portal consists of installing the FIM Portal component and configuring Windows SharePoint Services.
  • Deploy Windows SharePoint Services on either a stand-alone server or as a Windows SharePoint Services server farm. If deploying a Windows SharePoint Services server farm, Windows SharePoint Services automatically load-balances the servers.
  • The FIM Portal is a component that does not demand intensive resources and can be deployed on the same server as the FIM Service.

Topology Consideration

  • Small organization of up to 20,000 users and 10,000 groups – Basic deployment with multitier topology and network load balancing.
  • Medium organization of up to 50,000 users and 50,000 groups – Advanced deployment with multitier topology, network load balancing, and dedicated servers for FIM services.
  • Large organization of up to 200,000 users and 450,000 groups – Advanced deployment with multitier topology, network load balancing, and multiple servers for FIM services.

Identity stores

Identity stores or connected data sources are the systems that FIM manages through MAs. Default MAs manage a number of systems, as shown in the following table. The MAs range from very simple but powerful text-based files to MAs that communicate with the target system’s exposed APIs. There is also an Extensible MA that is used to connect to custom data stores.

Type of systemManagement agents
Network operating systems and directory servicesAD DS in Windows Server® 2008 R2 and Windows Server 2008. Active Directory directory service in Windows Server 2003 R2, Windows Server 2003, and Microsoft Windows® 2000. Active Directory Lightweight Directory Services (AD LDS) in Windows Server 2008 R2, Windows Server 2008, Windows Server 2003 R2, Windows Server 2003, and Windows 2000. Active Directory global address list (GAL) in Microsoft Exchange Server 2010, Exchange 2007, Exchange 2003, and Exchange 2000. IBM Tivoli Directory Server version 6.2, Novell eDirectory v8.7.3 and v8.8 Sun ONE and Netscape Directory Servers 5.1 and 5.2
Certificate and smart card managementFIM Certificate Management
E-mail and messagingExchange 2010 and Exchange 2007. (Use Active Directory MA to provision mailboxes and mail-enabled groups.) Lotus Notes 6.5 and 7.0 (32-bit Lotus Notes client required)
DatabasesSQL Server 2008, SQL Server 2005, and SQL Server 2000 IBM DB2 Universal Database Version 9.1 and Version 9.5 (64-bit client Version 9.5 FP5 or Version 9.7 FP1 required) Oracle Database 10g (Requires 64-bit client)
File-basedAttribute value pairs Comma-separated values (CSV) Delimited Fixed width Directory Services Markup Language (DSML) 2.0 LDAP Interchange Format (LDIF) These file formats allow for integration with a variety of applications, databases, telephone switches, X.500 systems, mainframe, and metadirectory products or underlying systems that can produce a file for import and export.
OtherSAP R/3 Enterprise Release 4.70 and mySAP 2004 (ECC 5.0) (32-bit client) Extensible MA for custom connectivity to other systems