My quest to bring Best Practices to Identity Management especially with Microsoft FIM / ILM

Tuesday, December 23, 2008

ILM "2" confirmHumanity="false"

I was getting ready to try out some of the various installation topologies that may be possible with ILM "2" including: separating the Portal and the Service (definitely possible), having two portals point back to the same service (I think it's possible), when I came across the most interesting item in the ILM "2" installation guide in the section on Installing the ILM Service and ILM Portal on separate servers. Let's see if you can spot it too:

On ILM Service server, edit the file

  • c:\Program Files\Microsoft Identity Management\Common Services\Microsoft.ResourceManagement.Service.exe.config as follows:
    • <resourceManagementService certificateName="IdentityLifecycleManager2" confirmHumanity="false" servicePrincipalName="IdentityManagementService/computername"/>

 

What in the world can that be about? confirmHumanity="false"? Well at least the coder followed camelCasing so we may have a hint as to the perpetrator's identity -- Jerry Camel have you been doing some work for Microsoft?

Will someone please explain what this means? Is ILM "2" the Terminator? I mean it will deactivate and deprovision your accounts when you leave -- and afterwards it can show that you have been terminated!

We may never know! But comments are welcome.

Labels: , ,

Monday, December 22, 2008

Business Problems and their Technical Roots

Business Problem

Possible Underlying Business Problem

Cause

Technical Cause

Business launches a strategic initiative late

Employees don't receive communications that they should

Don't have email accounts

Aren't in the right distribution lists

Lack of automated distribution list management and self service fulfillment

Employee  can't fulfill a customer order

Employees don't have access to resources

Accounts haven't been provisioned to the systems they need

Aren't member of the groups or roles they need

Lack of automated security group management and self service fulfillment

Leak of Customer Information

OR

 stock affecting info

OR

Valuable data is destroyed

Employees have access to resources they shouldn't

OR

Former employees still have access to resources

Permissions granted too liberally

Or

User accounts haven't been terminated

Lack of automated security group management and self service fulfillment

AND

Lack of Automated deprovisioning

Customer Care Rep can't find  right person to whom they can escalate key customer problem

Employees can't find accurate, up to date  contact info for each other

Global address lists and other databases out of synch

Too many directories

No IDA tool to synchronize them

IDA tool hasn't matched the identities

Labels: ,

Business Problems VS Technical Problems

A business problem is when employees can't execute their job duties in an efficient fashion. In fact sometimes they are unable to complete the tasks at all. Business problems are especially costly when they directly affect customers. These problems can cause cash flowing into the company to be delayed as a customer waits to place an order, or to receive goods (and hence to pay), they can cause revenue to be lost as a customer temporarily takes their business to a competitor or a finds a substitute, sometimes this leads to customers forming new business relationships and loss of all future revenue from that customer. Non-customer affecting business problems may result in higher costs without affecting revenue. For example a problem on the job shop floor causes workers to put in overtime to complete customer jobs on time, raising costs without directly affecting the customer.

As Rodd Wagner and James K Harter point out in their book 12: The Elements of Great Managing company profitability is highly correlated with employees knowing what is expected of them, and when having adequate tools and materials (elements 1 and 2). When these two elements are short changed business problems result, costs go up and revenue goes down.

A technical problem is often the root cause of employees not having adequate tools or materials. A more specific definition could be that a technical problem is cause of the Information Technology department (people, process and technology) not being able to adequately fulfill a need expressed by the business. This inadequacy could be a matter of accuracy, timeliness, or consistency. It could also be a matter of lacking the capability. These are technical problems, like can't provision and deprovision accounts and entitlements quickly enough, accurately enough (deleted the account for the wrong Jane Smith), consistently enough (only 10 of the user's 16 accounts deprovisioned on the average per IDC) because the Identity Management system goes down frequently, or is too complex to change and the rules it enforces are outdated. Another possible technical problem could be that requests are lost or seem to take forever to be fulfilled either because the process supported by paper or a help desk ticket doesn't move efficiently. Requests may be fulfilled incorrectly, or inconsistently because the fulfillment is not automated and/or checklists don't exist or aren't followed.

Hence good managers look for ways to provide a knowledge of expectations and the sufficient tools and materials for their employees to do their jobs. I believe you'll agree that one of those great tools is ILM "2"

Labels: , , ,

Saturday, December 6, 2008

Millionaire Next Door and All Your Worth

No this post isn't about my new neighbors, or my new house.

Its about the secret to wealth.

First you buy two copies of the Millionaire Next Door and then you give one to each of your next door neighbors. Suddenly your odds of getting rich will improve.

Ok hopefully that gives you a chuckle. Nonetheless, here is my prescription for improving America's financial health. While I normally write on the topics of Identity Management and SQL Server, I did also earn an MBA from the Eller College of Business at the University of Arizona, and have done some financial counseling as a volunteer through church. So I have done some deep thinking on these matters.

Reading the Millionaire Next Door affects people, and helps them realize that wealth isn't about showing it off, that the people that appear as though they live like Millionaires often aren't, and quite frequently those whose net worth truly does exceed a million dollars don't like to show it.

After one catches the appropriate philosophy, and begins to desire to save a million dollars rather than have spent a million dollars, it is time to move to the how, and that is where All Your Worth comes in. This book by Elizabeth Warren and her daughter Amanda Tyagi, teach you how to put your financial life in balance, how to be prepared for a rainy day, and they teach you without forcing you to track every penny. They have excellent suggestions and ask you to look deep and make the hard choices, such as did I buy too big of a house? Perhaps the single most powerful thing I found was how to measure your finances. Income = Needs + wants + savings. So how to calculate your wants, track every penny? No! Subtract your needs (usually big ticket items) and your savings (they have great easy formulae to help you calculate that) from your income and you are left with how much you spend on your wants. If you are 50% needs, 20% savings and 30% wants then you are in balance and are beginning to be prepared for the rainy day.

Once you have gotten your life in balance and are saving well you need to be a smart investor. While Dr Elizabeth Warren recommends indexed mutual funds with no loads and low costs, I don't always agree that the stock market is the best place for funds. So I recommend Ben Stein's Yes you can time the market. No he doesn't reveal some magic secret about how to pick individual stocks, but rather about when to buy US Gov't bonds vs when to buy the aforementioned indexed mutual funds.

Additionally, I highly recommend John Nofsinger's Psychology of Investing. Learn how to avoid making sucker's choices with your investments, learn why people often make emotional decisions about stocks.

No the preceding advice is no guarantee, nor does it mean that your author is set for life, but I think this is the way to go.

Be skeptical about anything that makes life sound too easy, and check out the gurus (especially real estate gurus) John T Reed

Labels:

ILM 2 Web Services Part 1 and 1/2

A few days after my post about setting up the ILM 2 Web Service reference Joe Schulman and others from the ILM product group began a new blog designed to fill in the gaps in the knowledge in the community about how to use the web services. So far the blog looks great and is a welcome addition to my knowledge and the communities knowledge base! Great job Joe and Company and thanks for the link to my blog.

Identity Management Extensibility

I recommend starting out by reading the intro post as it gives a great overview of what to expect.

Also check out the code samples online at MSDN

Shortly I will be getting back to more technical posts.

Labels: , , , ,

Live@edu Partner Airlift and SQL PASS, Flat Tires, and Thanksgiving

As for me why no posts since Nov 11th -- well, I have attended the Live@edu Partner Airlift in Redmond, SQL PASS, had a flat tire, and enjoyed Thanksgiving. In this post

I attended the Live@edu Partner Airlift in Redmond to see what's new under the sun for schools and universities. Exchange Labs is now available on a widespread basis (see fellow MVP Almero Steyn's blog posts on Live@edu and on Exchange Labs) ! Students and alumni can now have school domain based exchange hosted email accounts for life at no cost to their schools. While this program has offered hotmail accounts now you can have hosted exchange accounts. I had a great time at the Airlift, thanks to Michael Wegman, Richard Wakeman, Andy Hoag, Steve Winfield (not Dave Winfield, nor Steve Winwood) and Anna Kinney and everyone else for putting it on.

I was privileged enough to attend SQL PASS for the first time. This year was in Seattle. So that meant two straight weeks in the Puget Sound area. It was fun to return and visit, see old friends, see my old house (where we lived for 9 months), see some beautiful wet countryside, experience more of downtown Seattle, but I sure was glad to get back to the warmth of the Arizona Sun! I did sneak my wife up for the weekend in between events and we did some of the tourist events we didn't have the chance to do while living there. We ate dinner at the space needle, took a cruise in the bay, saw some glass blowing, rode the monorail and visited pikes place fish market (the famous one featured in Fish! as well as the other two lesser known fish markets).

200811151323_00361  I took this photo on the cruise.

 

I greatly enjoyed SQL PASS, making and renewing acquaintances with many of the SQL Server MVP's. Thanks for letting me hang out and participate in all of the SQL MVP stuff without feeling like too much of an outsider! Saw lots of great sessions. Unfortunately I had to exit early from Gail Shaw's Dirty Dozen presentation on the twelve things not to do in your SQL code, but it seemed like it was going quite well.

After returning from Seattle we discovered that our 1 yr old Honda Odyssey had a flat. Out came the jack. Ouch went the back! But at least it prompted me to look at my other car and realize that I needed two new tires (an ounce of prevention is worth a pound of cure)!

I would like to remember this Thanksgiving as relaxing, fun, filled with family and friends and this year I can ;)

Labels: , , , ,