Referenced by Other works and Sale at Lulu

I was pleasantly surprised today to find three other books, referencing FIM Best Practices Volume 1, which because of a Lulu Sale you can get at 25% off until 12/14/2011 Coupon Code: BUYMYBOOK305 Coupon expires December 14, 2011 $50 Max Savings. Of course today only 30% off, CYBERMONDAY305.

All three have an identical blurb about FIM and reference FIM Best Practices Volume 1 as additional material.

Title	Author
User Provisioning: High-impact Strategies - What You Need to Know: Definitions, Adoptions, Impact, Benefits, Maturity, Vendors	Kevin Roebuck (Jun 7, 2011)
Excerpt - Page 138: "... TechNet Wiki [7] FIM Best Practices Volume 1: Introduction ..."
Run Book Automation: What you Need to Know For IT Operations Management	by Michael Johnson (May 3, 2011)
Excerpt - Page 74: "... Microsoft TechNet Wiki [7] FIM Best Practices Volume 1 ..."
Federated Id management: High-impact Strategies - What You Need to Know: Definitions, Adoptions, Impact, Benefits, Maturity, Vendors	by Kevin Roebuck (Jun 7, 2011)
Excerpt - Page 148: "... TechNet Wiki [7] FIM Best Practices Volume 1: Introduction ..."

Although the blurb lists the license for FIM as Shareware. I hadn’t thought that FIM would fit the definition of Shareware.

All three appear to start with an introductory paper, and the contain a compilation of articles on various related technologies.

TEC 2012 call for papers open for 2 more days

The Experts Conference Call for Papers still open until Nov 18th

http://www.theexpertsconference.com/us/2012/submit-a-paper/ 

For general info: http://www.theexpertsconference.com/us/2012/

I have attended at spoke at this conference since 2007. I love it. It is a great experience and loads of great in-depth technical training by top experts on Directory & Identity, as well as SharePoint, Exchange, Virtualization & Cloud and PowerShell Deep Dive. Also come and learn about the inside joke dealing with the rubber chicken.

Big news–Insight + Ensynch

Insight to acquire Ensynch.

As my colleague Rebecca Croft said:

We are very excited about the union of Insight and Ensynch and the benefits that it will bring to our clients. Both companies are focused on helping our clients find innovative, cost effective solutions to address business needs. Bringing Ensynch into the Insight organization will offer clients more robust software services, particularly around Microsoft Enterprise Agreements, as well as improved services delivery, enhanced virtualization and cloud capabilities and solution-focused approach to software sales. This acquisition will further simplify our clients’ ability to acquire, procure, implement and manage IT solutions across their technology environment.

For more information, read the press release here, visit www.insight.com or www.ensynch.com, or contact me with any questions.

SQL Extensible Management Agents That Scale (Rebecca Croft)

Rebecca, a fellow Ensynchian, presented at TEC 2011 on the limitations of the standard out of the box SQL Management and how she overcame them by writing a very fast eXtensible Management Agent (XMA).

First attempt use ado.net sql reader to read data (really fast) and write one row at a time to the AVP file (but that gets slow when dealing with large data sets).

Second attempt use the T-SQL “FOR XML” clause to transform the data to XML and then use an XSLT to transform to LDIF.

So the XMA executes a T-SQL statement to export the data to XML and then XSLT to transform to LDIF and then returns the LDIF file to the FIM Synchronization Service.

She even showed off a wizard to create the XMA for us. When it completed successfully she received a spontaneous round of applause.

FIM 2010 R2 News

At Tech Ed Atlanta Brjann Brekkan and Mark Wahl discussed FIM 2010 R2 in a public forum – so here is a lot of info that is now in the public forum.

Mark covered the new items that will come out in R2:

1. Web Based Password reset (no need for a domain joined computer, no need to install Password Client no need for Active X, support for Firefox)
1. Although for integration with the GINA (the login screen) you still need to install the FIM Password Reset Client
2. Have the ability to mark QA gates as executing for everyone or only those coming through the extranet.
1. 
3. Considering adding Captcha or OTP gates to phones
2. Reporting
1. Depends on System Center Data Warehouse (SCDW)
1. But no separating licensing is required for SCDW
2. Reports
1. Membership Change Reports
2. Object History
1. Users
2. Groups
3. Sets
4. Requests
5. Policy Rules (MPRs)
3. MA – EZ MA – Andreas Kjellman covered this one at TEC

Using FIM to manage BPOS/Office 365

Carol presented a solution to a very thorny problem – how to overcome the lack of delegation in BPOS. In BPOS a user is either an admin or a user. So she used FIM to provide the delegation. Very detailed, very complete solution. She illustrated some of the scripts she has posted on her blog such as http://www.wapshere.com/missmiis/a-script-to-create-sets-and-mprs-from-templates 

Well done Carol!

FIM 2010 reporting using SQL Server Reporting Services (Jeremy and Craig)

Jeremy and Craig had an interesting shoot out showing off their differing versions of reporting from FIM. Jeremy has an “agent” that he uses to pull the data out of FIM and store it in SQL, after which doing SSRS reports is not terribly difficult. Craig’s approach was to start off by creating a generic SSRS Data Processing extension for PowerShell, and then adjusted to pull data from FIM. Both approaches look very slick. Afterwards they explained how their efforts actually turned out to be quite complimentary. Two thumbs up gentlemen!

Cloud computing single sign-on. Making ADFS work with Google and Salesforce (Nikita Ryumin)

This TEC session on the Directory Services track was short but sweet illustrating how to connect ADFS to Google and SalesForce.

Desktop Virtualization and Identity Management

I did a lunch time presentation in partnership with Jonathan Sander. We presented how we can use Quest VWorkspace and Quest One Identity Manager to build a corporate store (we code named it VIPER) to provide a dynamic desktop experience.

Creating Authentication Activities in FIM (Ikrima Elhassan)

This session at TEC was quite interesting. Ikrima presented quite a lot of material about how to extend FIM with your own authentication activities, demonstrating a OTP password reset approach.

Code is available at https://github.com/ikrima/Public-Development

Recruiting

Hey readers, our Identity Practice at Ensynch is keeping us very busy. We would like to have more Identity consultants as part of our team. Come work with me and the rest of our fantastically talented Identity Team.

We are looking for people with experience in Forefront Identity Manager 2010 and people with experience in ADFS 2.0. We are looking for both Full Time Employees as well as people interested in being contractors for us.

Travel requirement: Depends on where you live and ranges from 15%-60%

Locations: Ideally New York/New Jersey (travel between 15%-30%)

Southern California (travel between 20%-50%)

Any other place in the continental US with access to a major airport (Travel between 50%-60%)

Shoot me an email at DLundell

(at)

Ensynch.com

Designing and Implementing RBAC Solutions with FIM 2010 Group Management

After I introduced Brad Turner and turned the time over to him, he showed off some really cool FIM extensions to enable RBAC. He even showed how it fits the NIST RBAC definitions even through level 3.

The key design decision was to extend the Set and Group objects. The Set then functions as a role. This allows for both explicit and criteria based membership. A new object type for a Role Membership allows for the user’s membership in a role to expire at an individual time.

FIM Best Practices: Sizing Your FIM Installation

I had a lot of fun presenting this session. Largely based on chapter 5 in volume 1 I showed how to decide on your High availability approach, how that impacts your topology choice, and then how to estimate your scale, load, and complexity points. Then based on those factors figure out how big to make your SQL Server that hosts the FIM service database.

In the middle I did enjoy putting in a plug for our Ensynch sponsored green, dishwasher safe water bottles, as I took a drink of my fruit punch Gatorade mix.

I received lots of great questions and got to see lots of familiar faces.

Can PXEs Fly? FIM and SCCM Integration (Rob Allen)

I was looking forward to this one, but got called away. I hope to look at the slides soon.

Creating Management Agents with the new EZMA (Andreas Kjellman)

At TEC 2011, Andreas Kjellman of Microsoft, who “owns” the FIM synchronization engine, showed off the upcoming EZMA framework.

The problem:

The existing eXtensible Management Agent (XMA) does not have a call based import method, we are limited to using GUIDs as the initial anchors, and we don’t have partitions in an XMA.

Solution

EZMA – which, IMO, will actually be a little harder to do than an XMA but will allow the developer to do much more that will make the FIM admin’s life easier.

Some of the new features:

Call based import, that you can batch! So just like with an AD MA run profile step (see the figure) we can configure batch size and it will actually have an impact, and you can also choose a partition to process.

The call based export is modified to be able to batch it  too. So instead of calling ExportEntry for each csentry object you will get the ExportEntries method which will have a collection of csentry objects that have pending exports.

The schema, partitions and hierarchy can be discovered programmatically.

Custom anchors – that aren’t GUIDs.

Even better support for custom parameters (of different data types)

Finally the ability to do a full export! Which is great when you have a target that doesn’t store state.  However, you must decide at design time which type of exports your MA will be executing.  You can choose either delta or full, but not both.

Comments

The XMA will still be supported.

The EZMA is more of a developer activity than the XMA was. Your dev will need to learn new interfaces, but should need to know a little less about the internal workings of the sync engine.

Bottom Line

Good move because now we can write EZMA’s that are as fully functional as anything the product group does.

Files, FIM, and PowerShell (James Booth)

James Booth former Microsoft Group Program Manager for MIIS (precursor to FIM) presented on using PowerShell to process files in preparation for consumption by FIM.

James points out that “In the beginning, it was all files.” These call based MA’s are the new kids on the block, also said that at Microsoft in 2000 the philosophy was “XML is the answer, now what is your question?”

James has posted his new commandlets to GitHub https://github.com/jhbooth/LDIF-PowerShell 

Commandlet	Description
Import-DirectoryCredential	Imports directory credentials from a file, and returns a custom PowerShell object. Imports directory credentials from a file created using Export-DirectoryCredential
Export-DirectoryCredential	see above
Import-LDIF	Imports directory information from an LDIF file, and writes custom PowerShell objects to the pipeline.
Export-LDIF	Exports directory information from the pipeline to an LDIF file
Convert-EscapeDnComponent	Escape DN components – escaping

James also talked about “munging” the data by piping the data through other functions to transform the data.

He also cautioned against thinking that PowerShell is the only way to do something.

TEC 2011–FIM Workflows Deep dive

I am already in Las Vegas, prepping to assist my fellow Ensynch coworkers, Joe Zamora, and Rebecca Croft as they lead an awesome value packed pre-conference workshop tomorrow (Sunday) morning at 8 AM to 12 PM (noon). Jerry Camel and Brad Turner will also be around to assist.

There are so many good sessions to attend this time here are some of the ones I am looking forward to:

Monday morning gets the FIMsters off to a great start with a choice of two great sessions:

1) Andreas Kjellman of Microsoft presenting on Msft PM 2Creating Management Agents with the new EZMA. Apparently “in the next few months a new” and to me very exciting “development framework for creating management agents will be released.” This is a great one to send a developer so they can prep for using the EZMA which sounds as though it will make the XMA obsolete.

2) James Booth, formerly of Microsoft, now of Boothbilt, makes his return to speaking at TEC as he presents on Files, FIM, and Powershell. I am looking forward to learning how James has made use of PowerShell to automate certain chores in maintaining FIM. Man, I love collaborating with that guy!

Then in the post lunch sleepiness we have two exciting speakers to keep us awake, Craig Martin, FIM MVP, speaking on FIM Powershell Deep Dive Must stack up for PS deep dive and Rob Allen with his cleverly named Can PXEs Fly? FIM and SCCM Integration. Which one to choose?

Immediately following Craig’s session I am delivering: FIM Best Practices: Sizing Your FIM Installation. Hopefully it will be a beaut!

At the same time following another FIM MVP, Carol Wapshere (of Miss MIIS fame), will be speaking on Head in the clouds – navigating the identity pitfalls of a complex cloud migration. At that altitude it sounds like someone got a bloody nose. Nonetheless, I am sure that Carol’s clear and direct style of speech will help others avoid the nose bleed.

Another “bloody nose” session will also be going on at the same time as mine, AD FS Troubleshooting in the Wild – Cookies and Tokens and Fiddler, Oh My! by Laura Hunter and Brian Puhl. Those MS IT masters of disaster err I mean ADFS are at it again.

Winding up the day and setting the stage for the Quest sponsored TEC party, is Brad Turner, showing off some really slick FIM add-ons from one of our latest projects. I will be there to lead things off for Designing and Implementing RBAC Solutions with FIM 2010 Group Management. Also at the same hour Brian Komar, shows off some work from a recent project (thanks for leading that one Brian!) illustrating the Simplifying certificate enrollment to non-Windows computers

To Gil Kirkpatrick, Christine McDermott, and Stella De Jean Lowe and all of the other folks at Quest involved in TEC, I say you have put together what looks to be an amazing set of pre-cons and first day sessions! Look for my reviews on Monday as the day goes, I am going to try and blog it as we go. I suppose that’s really a twitter kind of thing, but then again has anyone ever known me to limit myself to 120 characters?

Making Sense of the Cloud

 

National Roadshow Series:  2 High Value Sessions in 1 Business Focused Technology Briefing from Leading Industry Experts at Ensynch and Microsoft It’s time to make sense of the plethora of rhetoric around the term "Cloud." It's time to cut through the hype and figure out how to leverage the latest Dynamic Private Cloud and Public Cloud technologies and provide real value to your business. Why Attend? Learn how organizations worldwide are realizing tremendous business value as they begin to migrate portions of their business to securely provide IT as a service through private and public cloud solutions.  Unlike many product-focused technology events, this event is focused on business use cases and solutions.  You will leave this event having gained real value and perspective that you can immediately apply to your business's information technology strategy and roadmap. Complimentary Steakhouse Lunch  will be served at noon to all attendees present. We recommend attending both event sessions, but you can choose to attend the one that will provide you with the most value. Session 1- Building your Business Cloud (10:30 AM) How to Makeover your Infrastructure by providing IT as a Service through Virtualization, Next Generation Management, and Automation solutions from Microsoft. Session 1- Intended Audience: Business focused IT Executives and Leaders, Infrastructure and Desktop Management Directors and Managers, Identity Management and Security Directors and Managers. Products Relevant in Session 1: Windows 7, Windows Server 2008 R2, Systems Center Suite, Windows Server Hyper-V, Microsoft Desktop Optimization Pack, Forefront Identity Manager 2010, Windows InTune, Quest vWorkspace, Quest One Identity Manager, Active Directory Federation Services (ADFS) Lunch Break: (12:00 PM) Complimentary steakhouse lunch will be served. Session 2- Consuming your Business Cloud (1:00 PM) How to makeover your productivity and business intelligence platforms powered by SharePoint 2010 and SQL to enable One Place to View the Facts, Collaborate, and Provide a Consumer Cloud Experience at Work.  Session 2- Intended Audience: Business and IT Executives, SharePoint/Collaboration/Web Directors and Managers, Business Intelligence Leaders and Stakeholders. Products Relevant in Session 2: SharePoint 2010, Office 365, Lync 2010, SQL Server 2008 R2, SQL Azure, Windows Azure Choose Your City. RSVP Today. April 27, 2011 - Irvine, CA  (Ruth's Chris Steakhouse) April 28, 2011 - San Diego, CA (Donovan's Steakhouse) May 4, 2011 - Parsippany, NJ  (Ruth's Chris Steakhouse) May 5, 2011 - New York, NY (Park Avenue-Spring Restaurant) May 11, 2011 - Phoenix, AZ (Donovan's Steakhouse)

Webinar: Cloud’s Silver Lining: Identity Management

Business Insights Webcast: 
The Cloud's Silver Lining: Identity Management

Join Us for an Informative Webcast on the Value of IDA in the Cloud
- Part 2 in a Series of Webcasts from Microsoft FIM MVP David Lundell -

Identity Management is a critical component to realizing the true value of the Cloud.

Solutions from Microsoft including Forefront Identity Manager (FIM), Active Directory Federation Services (AD FS), and Microsoft Forefront Unified Access Gateway (Forefront UAG) allow you to get the most out of your cloud applications (such as Office 365, BPOS, and other Software a Service (SaaS) solutions); while enabling a seamless transition in managing the identities of your users.

If you are planning to migrate or deploy applications to the Cloud, you must first address provisioning and Single Sign-On (SSO)in order to enable a seamless transition.

Delivered by Microsoft FIM MVP David Lundell, this webcast will provide insight on how to save money and make your business more agile with the Cloud, by ensuring you have a successful Identity Management strategy.

Presenter: David Lundell, Microsoft MVP, Forefront Identity Manager, Ensynch

David is the author of FIM Best Practices Volume 1 (David Lundell, 2010), is a Microsoft Most Valuable Professional (MVP) for Microsoft Forefront Identity Manager 2010, functions as a virtual technical specialist for Microsoft in the identity space, and serves as the Identity Management Practice Director for Ensynch. David frequently speaks at the Directory Experts Conference, the Experts Conference, holds an MBA and numerous other technical certifications.

When: March9th, 2011

Where: Online

Time: 10:00-11:00 AM Pacific

SPACE IS LIMITED

Get FIM Training from Author of FIM Best Practices Volume 1

Come get FIM training from David Lundell, FIM MVP and author of FIM Best Practices Volume 1.

Register by emailing FIMTraining@Ensynch.com, providing your contact info, which class and date you want to attend. You will then be contacted to complete the registration.

On Feb 8th - Feb 11th in downtown Phoenix (class will start at 8 AM), I will be teaching 50382A Implementing Forefront Identity Manager 2010 and of course adding in lots of valuable information from various FIM implementations that I have performed and supervised. Additionally, material from FIM Best Practices Volume 1 will be referenced during class (bring your copy to class). The cost of the course is  $1895 USD.

This course is intended for Systems Engineers, Developers, Architects, and Project Leaders who need to gain a good understanding of how Forefront Identity Manager 2010 can be applied to manage identity information across a number of directories or databases. It is also suitable for those who simply want to review the technology in some depth.

After completing this course, students will be able to:

• Understand FIM concepts and components.
• Identify appropriate FIM scenarios.
• Manage users, groups, and passwords using FIM.
• Synchronize identity data across systems, such as Active Directory and HR.
• Understand the issues involved in loading data (initial load, backup, and disaster recovery).
• Configure security for different levels of user.
• Manage password self-service reset and synchronization.
• Automate run cycles.
• Handle sets, simple workflows, and management policy rules (MPRs).