My quest to bring Best Practices to Identity Management especially with Microsoft FIM / ILM

Thursday, October 29, 2009

Identity Management Luncheon NYC

I will be speaking at an Identity Management Luncheon in New York City on Nov 12th. I will be speaking on FIM.

Come on down and join me if you can. (Please Register)

image

When:
Thursday, November 12, 2009
10:45 AM to 2:00 PM (EST)
Where:
Del Frisco's
Double Eagle Steak House
1221 Avenue of the Americas
New York, New York 10020

Come join us at this exclusive luncheon at one of the best steak houses in NYC!

Realizing the Value of Identity Management

Using Microsoft Forefront Identity Manager 2010 to Empower People, Deliver Agility and Efficiency, and Increase Security and Compliance of your Business
Ensynch and Microsoft invite you to join other senior technology and business executives at a complementary exclusive luncheon where we will discuss and demonstrate how Microsoft’s new identity management platform and solutions can help you consolidate technologies and reduce cost.

Today’s IT enterprise must deliver identity and access management that is efficient, cost effective, and secure. The complexity of managing and securing users, devices, and services is increasing. Whether due to regulatory mandate or business growth, identity management becomes more complex, and does often not deliver as much business benefit as it could.

Come and learn how Forefront Identity Manager 2010 can help you by delivering simplicity, agility and efficiency while increasing security and compliance within your enterprise identity infrastructure.
Event Agenda:

Interactive demonstration and discussion of how Forefront Identity Manager 2010 helps to...
• Ease Administrative Functions of Managing Identities
• Enable Self Service Group Management
• Increase Security and Compliance
• Save Money – Realizing ROI
• Empower collaboration by integrating with other cutting edge Microsoft technologies such as Office Communications Server and SharePoint.

[Register Now]

-------
Contact Anthony.Morgante@microsoft.com if you have any questions or concerns.

Visit http://www.microsoft.com/forefront/identitymanager
for more information on ForeFront Identity Manager 2010

Tuesday, October 6, 2009

Password Reset?

How would you feel if this was the only barrier between the hacker and your data – a single password reset question? Just one!

image

I won’t tell you who this is since then you’ll just want to go after my data on that site.

Oh well. The barn door won’t be shut until the wolf has gotten into the sheep

Labels: ,

Monday, October 5, 2009

Webinar: Accelerate Your Businesses for the Future with Microsoft Geneva (ADFS) and the Cloud

clip_image001

clip_image002

clip_image003

Get the rundown on Geneva from Frequent Industry Speaker and Nationally Recognized Microsoft ILM MVP,
David Lundell

When:
Wednesday, October 14, 2009
10:30 to 11:30 (PST)
12:30 to 1:30 (CST)
1:30 to 2:30 (EST)

Where:
Web/Online
Live Meeting Information
will be sent to attendees

Presenters:
David Lundell,
Identity Management
Practice Leader, Ensynch

Jonathan Sander
IAM and Security Analyst
Quest Software

clip_image004

Webinar: Accelerate Your Businesses for the Future with Microsoft Geneva (ADFS) and the Cloud
Has your organization been considering moving applications to the cloud or using Software as a Service (SaaS) providers? Have you already done it? Have you realized the cost savings?

Have you encountered the difficulties in managing the identities and passwords across the various identities?

Using Microsoft Geneva (ADFS) and Quest Java SSO, and Quest inTrust, you can lower the cost of moving applications to the cloud and to SaaS, which can remove a big hurdle to a key strategic initiative.

I would like to invite you to our latest exclusive "no frills" webinar: "How Microsoft Geneva Streamlines Business," the final part in a Identity Management Webinar Series from Ensynch's Identity Management Practice Director, Frequent Industry Speaker, and Microsoft Identity Management MVP, David Lundell, and Quest Software IAM and Security Analyst, Jonathan Sander. (Previous webinars are available for download here)

This webinar is designed for business leaders, and will present discuss the business value of Microsoft Geneva and the Cloud. Whether identity management within the Cloud and SaaS is a major concern for your organization or if you are simply curious about using Microsoft Geneva as an asset to help your business, this webinar is for you.
Webinar Agenda:
- The Cloud’s little secret: Multiplying identity stores

- High level discussion of The Cloud (Azure, Amazon, SaaS, etc)

- High Level discussion of Geneva (ADFS, WIF)

- The Value of the Cloud

- The hidden Costs of the Cloud

- How Geneva(ADFS) helps lower the cost of the Cloud

- Gaps of the Cloud

- Possible Solutions

- Gaps of Geneva with the cloud

- Possible Solutions from Quest


[Register Now]

clip_image005

Sunday, October 4, 2009

FIM RC 1 is here – what’s new?

FIM RC 1 is here.  Microsoft released it on Sept 30th which is the end of Q3 of 2009 which means the ILM/FIM team at Microsoft met their stated deadline announced back in March.

Here is the download:

http://technet.microsoft.com/en-us/evalcenter/cc872861.aspx

What’s new:

Gil Kirkpatrick has a nice post about the differences in the data structure:

Auditing FIM 2010 RC1

Darryl Russi a Sr. Test Lead at Microsoft has started blogging about FIM RC 1 performance:

http://blogs.msdn.com/darrylru/archive/2009/10/01/fim-2010-performance-testing-introduction.aspx

Microsoft has also included some pretty good documentation (available for independent download through the Microsoft connect site

http://connect.microsoft.com/directory/

Search for

Forefront Identity Manager 2010 (FIM 2010) Beta

Pay careful attention to the Release Notes.

One big thing I noticed, that I have been seeing with RC 0 and was hoping would be fixed with RC 1 was getting a “no-start-full-import-required” error during a delta import, however the release notes for RC 1 state:

Do not use delta-import with FIM MA

· In this release, always run a full import when synchronizing the FIM MA. Running a delta-import may result in a no-start-full-import-required error in some scenarios.

There are also several FIM schema changes you can make that make it impossible to restart the service and require a reinstall so keep an eye out for those: “[creating] a multi-valued Boolean attribute”, “[creating] custom attributes or resource types with duplicate names”,  or “[creating] a binding that uses the same resource type and attribute combination as another binding.” These last two are possible through the web service.

Password Reset

A nice thing is that the standard Password Reset workflows and MPRs are pre-created for you. I guess some people saw my Visio diagram of the fairly complex Password Reset process and heard the woes of everyone that tried to set it up. Kudos! This is possible because Management Policy Rules (MPRs) can be enabled and disabled!

 

Name Changes

Among other things is a documentation road map listing all of the documents available for IT Pros and an Identity Terminology guide. Defines almost everything including XAML, but they forgot XOML. They have changed some names but don’t mention the old name so here is my best attempt:

Old Name New Name Comment
ILM 2 FIM When Microsoft announced the name change back in April they said “ForeFront means business ready security.” I don’t know how you feel about Forefront Client Security but everything from Antigen, to ISA, to IAG, to ILM has been rebranded to Forefront. Does this mean that ForeFront Stirling is going to monitor FIM? I don’t know.
Object Visualization Configuration (OVC)

resource control display configuration (RCDC)

Same thing, new name, same limitations:  “you cannot write a customized function (Handler)” (Introduction to

resource control display configurations)

Although the documentation is much clearer on those limitations, and greatly expands on other topics as well.

CLM FIM CM FIM Certificate Management

 

Install Guide

The install guide looks fairly complete, just change any references to Enterprise Manager to mean Management Studio. When SQL 2005 came out I kept calling it Enterprise Management Studio (yes I would stutter on Manager-ment).

A big thing to note is this:

Assign enough space for the database

The FIM Service database will not autogrow even if those settings are enabled by default by SQL Server. You should expand the Data and Log files to be able to hold all data needed.

 

Wow! No autogrowth! I saw that happen with RC 0 but couldn’t believe it.

It also includes documentation on the parameters for unattended install. As you know from prior post my team and I prefer unattended installs.

Migrating from Test to Prod

There is a document called “Introduction to the Configuration Migration Tool

This document describes how to migrate a FIM 2010 configuration from a test environment to a production environment.

Yeah! We so needed this tool! Powershell! Sweet!

Labels: ,