This session at TEC was quite interesting. Ikrima presented quite a lot of material about how to extend FIM with your own authentication activities, demonstrating a OTP password reset approach. Code is available at https://github.com/ikrima/Public-Development http://feeds.feedburner.com/IdentityLifecycleManagerilmBestPractices
After I introduced Brad Turner and turned the time over to him, he showed off some really cool FIM extensions to enable RBAC. He even showed how it fits the NIST RBAC definitions even through level 3. The key design decision was to extend the Set and Group objects. The Set then functions as a role. This allows for both explicit and criteria based membership. A new object type for a Role Membership allows for the user’s membership in a role to expire at an individual time.
I had a lot of fun presenting this session. Largely based on chapter 5 in volume 1 I showed how to decide on your High availability approach, how that impacts your topology choice, and then how to estimate your scale, load, and complexity points. Then based on those factors figure out how big to make your SQL Server that hosts the FIM service database. In the middle I did enjoy putting in a plug for our Ensynch sponsored green, dishwasher safe water bottles, as I took a drink of my fruit punch Gatorade mix.
I was looking forward to this one, but got called away. I hope to look at the slides soon. http://feeds.feedburner.com/IdentityLifecycleManagerilmBestPractices
At TEC 2011, Andreas Kjellman of Microsoft, who “owns” the FIM synchronization engine, showed off the upcoming EZMA framework. The problem: The existing eXtensible Management Agent (XMA) does not have a call based import method, we are limited to using GUIDs as the initial anchors, and we don’t have partitions in an XMA. Solution EZMA – which, IMO, will actually be a little harder to do than an XMA but will allow the developer to do much more that will make the FIM admin’s life easier.
James Booth former Microsoft Group Program Manager for MIIS (precursor to FIM) presented on using PowerShell to process files in preparation for consumption by FIM. James points out that “In the beginning, it was all files.” These call based MA’s are the new kids on the block, also said that at Microsoft in 2000 the philosophy was “XML is the answer, now what is your question?” James has posted his new commandlets to GitHub https://github.
I am already in Las Vegas, prepping to assist my fellow Ensynch coworkers, Joe Zamora, and Rebecca Croft as they lead an awesome value packed pre-conference workshop tomorrow (Sunday) morning at 8 AM to 12 PM (noon). Jerry Camel and Brad Turner will also be around to assist. There are so many good sessions to attend this time here are some of the ones I am looking forward to: Monday morning gets the FIMsters off to a great start with a choice of two great sessions:
Sounds like a great conference. The Berliners will… johnkaiser - Nov 2, 2010Sounds like a great conference. The Berliners will want you back soon with Volume2!
Overall TEC 2010 Europe in Dusseldorf Germany was pretty cool. I enjoyed the speakers reception on Sunday night and got to meet some folks from the SharePoint side some of whom are even interested in FIM and one of them bought my book! For the first time I was able to bring my wife along to TEC! We enjoyed some good time in Dusseldorf including seeing Schloss (Palace) Benrather. Monday we started off with a keynote from Uday Hegde and Mark Wahl on the future of Directory and Identity Technologies.
I will be presenting at TEC Europe in Dusseldorf Germany Oct 4-6. During my sessions I will give away a copy or two of my book FIM Best Practices Volume 1 . FIM 2010 Performance Tuning (SQL and more) Speaker: David Lundell Learn how to tune FIM 2010 to make it scream. Take a look at the various architectures and what they buy you. Learn how crucial SQL is to FIM performance and what to do about it.
