Friday, March 31, 2006

DEC 2006 Final Thoughts

I would like to thank the people at NetPro both for putting on such an excellent show every year and for giving me the opportunity to share my experience with the MIIS community. DEC maintains its place as the preeminent conference for AD and MIIS information and talent.

Thanks directly to Gil for speaking and leading the charge, Stella and Christine for the outstanding job of planning and organizing , and Missy for facilitating my sessions.

Thanks to everyone who stepped up and presented this year - I hope the MIIS track will continue to expand and others will be inspired to step up and share their successes and failures. And, last but not least, thanks for everyone who showed up to learn and support the conference!

Now, on to next year!

If you would like to search for other blogs on DEC 2006,

Brad Turner

DEC 2006 MIIS Track Review - Wednesday


The last day of the conference and being in Las Vegas the final day I was surprised at how many people made it in for the early sessions.

Troubleshooting MIIS By James Booth
Certainly one of the most useful sessions had to be the troubleshooting one. James laid out a simple but well thought out guide to approaching troubleshooting MIIS implementations but the real value came about as the audience members began to share their stories and pain in an open forum full of top talent. I certainly hope that NetPro considers doing another one of these next year and allocates more time as these are very useful.

MIIS Futures And Architecture Preview By Bobby Gill
Certainly the most "gee-whiz" factor in the MIIS track as this one had to deal with all of the neat new features being planned for the Gemini release (due sometime after the Longhorn wave hits). Certainly the biggest advancements will come about through the visual workflow systems (via Windows Workflow Foundation) and the new CAR engine (Computed Attribute ??) for building dynamic groups and nested group relationships. Plus the addition of built in entitlement and auditing systems which should allow a search for who had what access and when. Very cool stuff, now to look at WWF on MIIS 2003!

The Microsoft Identity Metasystem And InfoCards In An Enterprise Context By Pamela Dingle
Pamela did an excellent job of sharing with everyone her enthusiasm for the new Identity Metasystem and how InfoCards will play a role in its acceptance. I found her presentation to be quite down to earth and I found it very easy to follow the concepts laid out in the WS* standards the way Pamela chose to explain it. This certainly will shape up to be a very interesting technology if everyone can get past some basic misconceptions. I think Microsoft is very smart touting this technology this far in advance and evangelists like Pamela should serve to head off dangerous misconceptions. After all, if someone gets it in their head that this is just another Passport then the technology may die on the vine. Lets hope not...

DEC 2006 MIIS Track Review - Tuesday

Tuesday started out with another keynote address - however this one had a much different tone than Monday's upbeat address from Stuart Kwan.

Identity Futures by John Enck
Windows proponets (myself included) were treated to a healthy dose of realism and the proverbial bucket of cold water Tuesday morning when Gartner's John Enck riveted the crowd with some mild anti-Microsoft rhetoric accusing Microsoft of being behind the curve on several critical emerging technologies like Virtual Directories. I also found it intriguing that in 2006 someone would still be preaching heterogeneous technology implementations and that we should all just give up trying to obtain the goal of "one directory." While I certainly won't say Microsoft has the nut cracked in terms of extensibility (non-windows is still the purview of emerging companies like Centrify and Vintela), security (always a focus on Microsoft here), and integration (AD, Exchange and SQL are still courting a single cohesive database), I believe that we are certainly dealing with the fallout of all of the push towards heterogeneous technologies in the 80's and 90's. I mean the part of the reason for Federation services, metadirectories, and single sign-on is due to lack of standardization and...heterogeneous technologies!

MIIS: Where is it going and what to expect? by Nick Nikols
After coming from a Gartner keynote which certainly had some negative connotations associated with it, I was pleasantly surprised to see such a constructive presentation by Burton Groups' Nick Nikols. Nick explained how MIIS fit into the Burton processes and which roles the product covered. He also did a pretty good job of objectively covering how the product stacks up against the competition (a better job I'd say than the InfoWorld IdM Shootout did). No good or bad here, just good constructive criticism and sincere hopes that the product will improve.

Using The Upcoming MIIS Management Agents And The Password Management Portal To Connect, Serve, and Synchronize By Chris Macaulay
Chris did an excellent job here demonstrating the upcoming Password Management Portal that is currently part of the Beta 1 release of MIIS SP2. Being a pretty comprehensive coverage of its features and limitations, I thought the topic took a turn for the worse when questions regarding the very nature and value of password synchronization began to take place. While this obviously was not the correct forum to debate the virtue of synchronizing passwords, it did happen and Chris was pounded with some difficult questions both from attendees and competitor M-Tech (makers of competing password sync tool P-Sync). Nevertheless, the product looks very promising and the price point is certainly reason enough to evaluate (free).

Building A Basic Entitlement And Auditing Solution For MIIS By Brad Turner
Thankfully, this time I wasn't up against an OCG lead presentation but rather from MMSUG community member, Jeremy Palenchar and his presentation on Case Study: A Recipe For A Successful Enterprise Implementation Of MIIS which I sincerely wanted to attend. The very idea of combining cooking and MIIS was not only a brilliant idea but should have made for some good fun - I'd like to hear how it went.

While I didn't get an accurate count on this one, I would estimate the attendence was 60+ so I had a much better turn out then my first presentation. This one ran quite a bit better and the demo gods were kind. There was very welcome and frank questions from the audience and I had a good feeling based on the questions and feedback that a good portion of the material got through. I hope everyone found it worthwhile!

As promised, I will be releasing most of the content from the presentation as soon as I can get it in some sort of presentable form and figure out how to distribute it. Thanks for everyone who asked for it - if you did not and are interested in getting the solution for yourself, and I'll add you to the list.

Tuesday, March 28, 2006

DEC 2006 MIIS Track Review - Monday

Directory Experts Conference 2006

I had a very rewarding experience both attending the presentations as well as delivering two of them. Here is my post DEC review of the presentations I attended:

Identity And Access Management Strategy And Roadmap By Stuart Kwan
As always, I found Stuart's keynotes very enlightening and this was pretty much the extent of the AD updates I was able to receive at the conference since I was more or less dedicated to the MIIS Track. What I found most interesting from this presentation is that Microsoft intends to "re-brand" Active Directory as an overall set of services instead of just the infrastructure directory it represents today. If memory serves, by the time the Longhorn wave hits you will see the following current technologies under the "AD umbrella":

  • Infrastructure/Directory Services
  • Certificate Services
  • Rights Management Services
  • Identity Integration Services (not clear if this is IIFP or full MIIS)
  • Federation Services
  • Security Token Services (InfoCard)

I think I can understand this from the marketing perspective, however I think this will only serve to confuse the rest of us. The key to making this work is further blur the lines between these products, but I'm not clear how that will come about. Certainly installing all of these services and products by running a DCPromo would violate what Microsoft has been trying to do since Windows 2003 - move away from the "everything is on by default" model. But, maybe I've got it all wrong?

MIIS Sync Engine and Tower of Power By Markus Vilcinskas
Man this was PACKED! I have to hand it to Martin for tackling one of the driest MIIS topics out there - holograms. There are two Microsoft topics that never fail to put me to sleep when reading about them or studying for an exam and they are RAS and MIIS holograms. I thought the information on synchronization here was good but I think the delta-triple explanation resulted a lot of blank stares. I did, however, appreciate Markus's assertion that MIIS is not really a synchronization engine, but rather a convergence engine.

MIIS Competitive - Review Of The InfoWorld IDM Shootout By Craig Martin And James Booth
I had my eye on this session for some time, and unfortunately it was during the same time as another presentation that I was also looking forward to - Building Self-Service Applications and Extending the Reach of MIIS By Chris Macaulay And Bobby Gill. However, Craig did not disappoint here either. I found the whole explanation of how Microsoft/OCG were selected to put MIIS through its paces very telling. It certainly did not come as a surprise that the team (Craig actually) attempted to win on value and the strength of Microsoft's vendor/partner relationships (as in NetPro and Centrify primarily). What did come as a surprise was that the team was not aware of the ranking criteria and that ultimately the "value" proposition would be deemed the least important (10% of the total ranking). What I ultimately thought served to invalidate the findings by InfoWorld was the size and scope of the scenario (2700 users in two AD forests - one newly acquired) combined with the panel of selected vendor solutions. Furthermore, the fact that the solution also solved the entire Single Sign-On issue between all of the non-windows platforms and AD didn't seem to count much towards the "cohesion" ranking. Good job here Craig - sorry about that hard drive!

Using MIIS For Active Directory Migrations By Brad Turner
I think most people made the decision to attend the Real-World MIIS: Scenarios, Challenges & Opportunities By Craig Owen so I ended up with maybe 15-20 people. On the whole I think the presentation went ok but I was plagued by the demo gods and ran into a kink or two. I was certainly expecting this presentation to draw more attention than my other one (Tuesday), but that turned out to not be the case or perhaps the competition was just to swift. ;) Darn, and I really wanted to catch Craig's presentation!

Under The Hood Of MAStats - How To Use The Utility To Monitor Your MIIS Servers Or Use The API To Develop Your Own Utilities By Jeremy Palenchar
Kudos to Jeremy here for giving back to the community! This was an excellent offer to extend quite a bit of personal work in the form of an Open Source project to anyone wishing to write their own utilities against MIIS and belonged solidly in the Masters Track. Nice job Jeremy!