I'm releasing the deck from my session at DEC Europe 2007 - enjoy.
finding some semblance of balance amongst the chaos of identity and access management including the Microsoft Identity Integration Server 2003 (MIIS), Identity Lifecycle Manager 2007 (ILM), ILM 2, and Forefront Identity Manager 2010 (FIM).
Wednesday, September 26, 2007
Monday, September 24, 2007
MIIS Coding Practices Deck released
I'm releasing the following deck which was presented at the Desert Code Camp event in Phoenix, AZ for all that were not able to make it - this is a PowerPoint Show (PPS) file compatible with PowerPoint 97-03.
Sunday, September 23, 2007
Bright and Shiny Objects
Oh rue the Bright and Shiny Objects!
As an Architect in the IDA space I frequently come across new technologies that I find interesting and would really like to learn more about (WF, WCF), expand my knowledge of (AD, ADAM, ADFS, SharePoint, SQL), or even rediscover lost former evangelical endeavors (AzMan & Directory AppDev - more on this later). It's just so tempting to use something cutting edge when building the latest solution or solution dependent widget. However, finding the time to learn custom SharePoint development skills while sticking within established best practices (as opposed to hammering together something altogether sticky and unholy) AND an established deadline is pretty challenging. Of course, this is where the strength of a really good team comes into play - distributing the various BASO's across the team where more diverse skills lie.
The 2008 "LongHorn" wave of products is just chock full of BASO's and even if you're part of some of those beta programs you're probably still struggling to keep up and assimilate the emerging new adjacent technology families. We all have to keep up on the technologies that are adjacent to our core competencies; for instance, few of you reading this blog are likely to be true Network Architects with years of experience designing large complex networks, but you're certainly familiar with the basics of how networks work, the tools you need to troubleshoot with, as well as the TCP/IP ports your favorite set of applications rely on. Most of the consumer world is familiar with 802.11x nomenclature and of course IP subnetting has become a ubiquitous part of any Client/Server doctrine forever linking Network technologies with probably all areas of IT. As technologies develop, new dependencies are added and new adjacent technology families now become necessary to learn. The 2008 "LongHorn" wave of products is the next wave of product in line to do just this by adding some of the following:
Foundation Technologies
- .NET Framework 3.5 - built on top of the previous 3.0 Framework which almost silently gave us Workflow Foundation (WF), Windows Communication Foundation (WCF), and Windows Presentation Foundation (WPF), they're even called foundation technologies!
- Hypervisor - Hypervisor is the new ultra-thin layer providing virtualization capability in Windows Server 2008 that newer version of Virtual Server will depend on. Hypervisor makes use of the new Server Core functionality and is available as one of the installable roles.
2008 will also bring the eventual debut of the successor to Identity LifeCycle Manager 2007 - currently billed as ILM "2". ILM "2" will have some very specific core requirements of its own - most of which involve either Windows Server 2008 or Office 2007 Enterprise. The dependencies for ILM "2" in more detail are:
Mandatory Requirements for ILM "2"
- Windows Server 2008 X64 - only the 64-bit distribution of Server 2008 will be certified and supported for hosting the ILM "2" application
- SQL Server 2005 - not much new here other than you'll need the X64 version if you expect to host both SQL and ILM on the same system
- .NET Framework 3.5 - whether this ultimately ships with Server 2008 I can't say, but ILM "2" will require some of the advancements in the 3.5 refresh of WCF and WF
- Windows SharePoint Services 3.0 (WSS) - at least WSS will be required to host the ILM access control solution which will be completely hosted in SharePoint now (MOSS 2007 could certainly be used here instead of WSS) and almost all of the really neat new stuff is baked into the ILM portal application
Optional Requirements for ILM "2"
In order to get the full experience you'll need the following additional components:
-
Exchange 2007 - the ILM access control solution leverages SharePoint's built-in capability for WF and ships with custom activities for notifications that require features only found in Exchange 2007. Without at least one Exchange 2007 server, notification workflows send a basic email with a link back to the portal to complete the requested operation
- Value Proposition -to make it worthwhile, the notifications would have to do something pretty special to warrant the additional investment. The product team is betting that the tight integration features with Office will justify it.
- Office 2007 Enterprise - the full Enterprise SKU is currently required because it seems to be the only way to install two of the .NET extensibility add-ins (Microsoft Forms .NET 2.0 Programmability Support and Smart Tag .NET Programming Support) which the ILM Client services make use of. Strictly speaking, the only thing you need to get the full Office integration experience is Outlook 2007 (with the .NET extensibility add-ins).
- Value Proposition - the Office integration features in ILM "2" allow Information Workers to consume identity data in the tools that are most familiar to them - tools typically found in the Office suite. IW's will be able to do things like request group creation, ask to be added to existing groups, and approve the addition of others to groups they manage. The Windows Workflow experiences extends directly into Outlook and allows for the direct approval or rejection without the need to visit the portal. You can bet that partners will begin to adopt this paradigm and offer greater extensibility into Office applications with WF based systems.
This is the first time that I've been aware of where Office applications will become a part of a fully integrated infrastructure solution.
Thinking Ahead
Given the length of time it takes most companies to roll out anything, I have begun to advise my customers to begin addressing the rollout of Office 2007 Enterprise and the .NET 3.0 Framework sooner rather than waiting for ILM "2" to debut and then be a year or so behind the curve. Here is a great opportunity to enable future application capability by deploying some dependent client functionality. Start your Office deployments today, and if you're not already deploying the .NET Framework to your systems today then you should start! The .NET 1.1 and 2.0 Frameworks are becoming a very common requirement in many applications today and should be considered in any security and infrastructure planning sessions. Don't wait, act now and you'll get the full set of Ginsu knives...ooh, shiny!
Greetings from Brussels (the heart of Europe)
So Jerry Camel and I are in Brussels for the week attending the Directory Experts Conference and decided to post a few pics.
What does this have to do with Identity and Access Management? I haven't a clue, but we're enjoying the waffles!