Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist...

37
Microsoft Identity Microsoft Identity Integration Server Integration Server 2003 (MIIS) 2003 (MIIS) Kim Mikkelsen Kim Mikkelsen Senior Technology Specialist Senior Technology Specialist Microsoft Microsoft

Transcript of Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist...

Page 1: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

Microsoft Identity Microsoft Identity Integration Server 2003 Integration Server 2003 (MIIS)(MIIS)

Kim MikkelsenKim MikkelsenSenior Technology SpecialistSenior Technology SpecialistMicrosoftMicrosoft

Page 2: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

AgendaAgenda

Overview of Microsoft Identity Overview of Microsoft Identity Integration Server 2003Integration Server 2003

Resource Kit ToolsResource Kit Tools

What’s new in SP1?What’s new in SP1?

RoadmapRoadmap

Page 3: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

Simplify Enterprise Identity Simplify Enterprise Identity ManagementManagement

Identity DataIdentity Data

LDAPLDAP SQLSQL

Directory Directory SynchronizationSynchronization

Active Directory & ADAMActive Directory & ADAMSun/iPlanet DirectorySun/iPlanet DirectoryNovell eDirectoryNovell eDirectoryMicrosoft SQL 2000 & SQL 7Microsoft SQL 2000 & SQL 7Oracle 9i/8iOracle 9i/8iLotus Notes 5.x/6.xLotus Notes 5.x/6.xMicrosoft Exchange 5.5, 2K, Microsoft Exchange 5.5, 2K,

2K32K3Microsoft NT 4.xMicrosoft NT 4.xDSML, LDIF, CSV, fixed widthDSML, LDIF, CSV, fixed width……others to followothers to follow

Password ManagementPassword ManagementSelf-service password resetSelf-service password resetHelpdesk password resetHelpdesk password reset

User ProvisioningUser ProvisioningAutomate account Automate account

create/deletecreate/delete

NOSNOS

LOB AppsLOB Apps

Page 4: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

Exchange 5.5Exchange 5.5

Directory SynchronizationDirectory Synchronization

Synchronizes multiple repositoriesSynchronizes multiple repositories

““Agentless” connection to other Agentless” connection to other systemssystems

Provides attribute-level controlProvides attribute-level control

Manage global address lists (GAL)Manage global address lists (GAL)

Automate group and DL managementAutomate group and DL management

Active DirectoryActive Directory

NotesNotes

iPlanetiPlanet

SQLSQL

OracleOracle

Page 5: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

New FeaturesNew FeaturesCapabilityCapability MMS 2.2MMS 2.2

MIIS 2003MIIS 2003

EnterpriseEnterpriseStandard datastoreStandard datastore ProprietaryProprietary SQL 2000SQL 2000

MIIS extensions/ScriptingMIIS extensions/Scripting ProprietaryProprietary VS .NET languagesVS .NET languages

Fault tolerance/failoverFault tolerance/failover LimitedLimited SQL ClusteringSQL Clustering

ScalabilityScalability 1M1M 100M100M

LDAP accessLDAP access - via ADAM- via ADAM

Extensible APIsExtensible APIs NoNo WMI, SDKWMI, SDK

Easily move from test to productionEasily move from test to production NoNo Password ManagementPassword Management NoNo Support renames in connected systemsSupport renames in connected systems NoNo XML-basedXML-based NoNo Data lineageData lineage NoNo Single User View (Polyarchy)Single User View (Polyarchy) NoNo Consulting engagementConsulting engagement RequiredRequired OptionalOptional

Page 6: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

MIIS ArchitectureMIIS Architecture

MIIS runs as MIIS runs as a servicea service

Management Management Agents (MA) Agents (MA) connect to connect to directoriesdirectories

Metadirectory data Metadirectory data stored in SQLstored in SQL

Administrative Administrative client connects to client connects to service via DCOMservice via DCOM

MA ControllerMA Controller

iPlanetiPlanetMAMA

ADADMAMA

OracleOracleMAMA

……MAMA

MIIS ServiceMIIS Service

AD/E2KAD/E2KiPlanetiPlanet OracleOracle

MIIS AdminMIIS AdminClientClient

DCOMDCOM

MIISMIISStoreStore

Page 7: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

Extending CapabilitiesExtending Capabilities

Modify the behavior of MIISModify the behavior of MIISCall methods on the interface in response Call methods on the interface in response to changes in the systemto changes in the system

Model defines a managed interfaceModel defines a managed interfaceConfiguration set in UI determines which Configuration set in UI determines which methods are calledmethods are called

Write custom extensions in any Write custom extensions in any programming language with a compiler programming language with a compiler for the CLRfor the CLRVisual Studio projects auto-generated for Visual Studio projects auto-generated for VB or C#VB or C#

Page 8: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

MIIS ConceptsMIIS ConceptsConnected Connected directorydirectory

Source and/or Source and/or destination for destination for synchronized synchronized attributesattributes

Connector Connector space (CS)space (CS)

Staging area for Staging area for inbound or inbound or outbound outbound synchronized synchronized attributesattributes

Metaverse Metaverse (MV)(MV)

Central (SQL) Central (SQL) store of identity store of identity informationinformationMatching CS Matching CS entries to a entries to a single MV entry single MV entry is called “join”is called “join”

iPlanetiPlanet

OracleOracle

SQLSQL

ExchangeExchange5.55.5

ConnectedConnectedDirectoriesDirectories

MetaverseMetaverse

UserUser

ConnectorSpace

Page 9: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

Reference AttributesReference Attributes

Different systems have different DN Different systems have different DN formatsformats

Cn=Max Benson,ou=People,dc=microsoft,dc=comCn=Max Benson,ou=People,dc=microsoft,dc=com

Uid=7399,ou=development,ou=emp,dc=contoso.comUid=7399,ou=development,ou=emp,dc=contoso.com

Refer to other objects in the Refer to other objects in the namespace, e.g. employee#namespace, e.g. employee#

Reference attributes in MIIS do not Reference attributes in MIIS do not persist the persist the datadata, rather the , rather the relationshiprelationship between objects between objects

Page 10: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

Provisioning & WorkflowProvisioning & Workflow

Simple Provisioning & De-provisioningSimple Provisioning & De-provisioningProvision users as they appear in authoritative Provision users as they appear in authoritative

systemssystemsSet initial values for attributes (including password)Set initial values for attributes (including password)Disable or delete accountsDisable or delete accounts

Complex WorkflowComplex WorkflowInitiate workflow or provisioning systemInitiate workflow or provisioning systemIntegrated with BizTalkIntegrated with BizTalkIntegrating with 3Integrating with 3rdrd party provisioning systems party provisioning systems

e.g., e.g., Blockade,Blockade, Business Layers, M-Tech, OSMBusiness Layers, M-Tech, OSM

Page 11: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

Provisioning & de-Provisioning & de-provisioningprovisioning

SourceSource

Email

Tel No.

Title

TitleTel No.Email

TitleTel No.Email

TitleTel No.Email

ProvisioningProvisioningEngineEngine

Page 12: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

Provisioning & de-Provisioning & de-provisioningprovisioning

SourceSource

Email

Tel No.

Title

TitleTel No.Email

TitleTel No.Email

TitleTel No.Email

ProvisioningProvisioningEngineEngineTitle

Tel No.Email

JoinJoinEngineEngine

Page 13: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

CS Objects – 2 statesCS Objects – 2 states

Provisioning TypesProvisioning TypesSimple ProvisioningSimple Provisioning

MetaverseMetaverseMetaverseMetaverseObjectsObjects

ConnectorConnector

ConnectorConnector

ConnectorConnector

MetaverseMetaverseObjectsObjects

ConnectorConnector

ConnectorConnector

ConnectorConnector

MetaverseMetaverseObjectsObjects

Link to ADLink to AD

Link to SQLLink to SQL

Link to NDSLink to NDS

Connector Space “AD”Connector Space “AD”

ConnectorConnectorSpaceSpaceObjectsObjects

ConnectorConnectorSpaceSpaceObjectsObjects

ConnectorConnectorSpaceSpaceObjectsObjects

Connector Space “SQL”Connector Space “SQL”

ConnectorConnectorSpaceSpaceObjectsObjects

ConnectorConnectorSpaceSpaceObjectsObjects

ConnectorConnectorSpaceSpaceObjectsObjects

Connector Space “NDS”Connector Space “NDS”

ConnectorConnectorSpaceSpaceObjectsObjects

ConnectorConnectorSpaceSpaceObjectsObjects

ConnectorConnectorSpaceSpaceObjectsObjects

DisconnectorDisconnector

ConnectorConnectorLink to

MV

Link to MV

Link to MVLink to MV

Link to MVLink to MV

Page 14: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

Provisioning TypesProvisioning TypesSimple ProvisioningSimple Provisioning

Name & Attribute ConstructionName & Attribute ConstructionAdvanced Import Attribute FlowAdvanced Import Attribute Flow

MetaverseMetaverse Connector SpaceConnector Space

HendrixHendrixJimiJimi

,,

cn = cn = displayName = displayName =

sn = sn = givenName = givenName =

HendrixHendrixJimiJimi

Select Case FlowRuleName Case “cn” mventry(“cn”).Value = csentry(“sn”).Value & “, “ & csentry(“givenName”).Value Case “displayName” mventry(“displayName”).Value = csentry(“givenName”).Value & “ “ & csentry(“sn”).Value Case ElseEnd Select

Page 15: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

HR MA Connector SpaceHR MA Connector Space

MetaverseMetaverse

Provisioning TypesProvisioning TypesSimple ProvisioningSimple Provisioning

MA code modifies attributes as MA code modifies attributes as they flowthey flow

JimiJimi

cn = cn = displayName = displayName =

Surname = Hendrix Surname = Hendrix First Name = First Name = JimiJimi

Email MA Connector SpaceEmail MA Connector Space

Co

nstru

ctedC

on

structed

Attrib

utes

Attrib

utes

Jimi HendrixJimi HendrixHendrix, JimiHendrix, Jimi

cn = Hendrix, Jimicn = Hendrix, JimiMailboxName = Jimi HendrixMailboxName = Jimi Hendrix

Flo

wed

Flo

wed

Attrib

utes

Attrib

utes

MA config flows attributes intactMA config flows attributes intact

MA maps attributesMA maps attributes

Page 16: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

MetaverseMetaverse

Select Case employeeStatus Case “active” container = Users Case “inactive” container = DisabledUsers Case ElseEnd Select

De-ProvisioningDe-ProvisioningSimple De-Provisioning with MIISSimple De-Provisioning with MIIS

Connector SpaceConnector Space

employeeStatus = employeeStatus =

UsersUsersUsersUsers DisabledDisabledUsersUsersDisabledDisabledUsersUsers

active active inactive inactive

Page 17: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

Mail ScenariosMail Scenarios

HR add triggers HR add triggers new mail usernew mail userContacts Contacts automatically automatically generated in other generated in other systems (GAL)systems (GAL)Automated Automated DL/group DL/group managementmanagement

MIISMIIS

Exch1Exch1 Exch2Exch2

Create

Create

UserUser

SAPSAP

User

User

Ad

ded

Ad

ded

UserUser

Conta

ct

Conta

ct

Alias Alias namename

WHERE clauseWHERE clause

MMSTeamMMSTeam department=‘US-Metadirectory’department=‘US-Metadirectory’

BigDogsBigDogs personalTitle=‘Vice President’personalTitle=‘Vice President’

KevDirKevDir managerMailNickname=‘KevinmanagerMailNickname=‘KevinMil’Mil’

DLsDLs

DLsDLs

ConnectedMA adma = mventry.ConnectedMAs[“AD”];ConnectedMA adma = mventry.ConnectedMAs[“AD”];adma.Connectors.StartNewConnector(“user”);adma.Connectors.StartNewConnector(“user”);

Page 18: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

State- vs. Event- basedState- vs. Event- basedState-based systems are more robustState-based systems are more robust

Storing state information means the system Storing state information means the system knows what to expect on the connected systemknows what to expect on the connected systemThe system can respond if things go wrong The system can respond if things go wrong

Event-based systems Event-based systems can becan be quicker to quicker to respondrespond

Events fire in response to changes in systems, Events fire in response to changes in systems, but…but………events can get lost if servers are downevents can get lost if servers are down

MIIS provides the “best of both”MIIS provides the “best of both”Our state based approach allows us to take a Our state based approach allows us to take a pessimistic view of connected system pessimistic view of connected system uptime/connectivityuptime/connectivityOur architecture allows high flexibilityOur architecture allows high flexibility

Runs can be controlled via schedules, events via WMI, Runs can be controlled via schedules, events via WMI, etc.etc.System can process only changes in the connected System can process only changes in the connected systemssystemsMicrosoft OTG runs 1500-2000 times per dayMicrosoft OTG runs 1500-2000 times per day

Page 19: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

Preview ModePreview Mode

System is transparent in designSystem is transparent in designAllows architect/developer to preview Allows architect/developer to preview work in the metadirectory without work in the metadirectory without committing any changescommitting any changes

Allows the testing ofAllows the testing ofConfiguration changesConfiguration changes

New rulesNew rules

New connected directoriesNew connected directories

Can view all results through the UICan view all results through the UI

Page 20: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

ProvisionProvision De-provisionDe-provisionJoin andJoin andsynchronizesynchronize

Provisioning LifetimeProvisioning Lifetime

Provisioning & de-provisioningProvisioning & de-provisioning

Page 21: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

ProvisionProvision De-provisionDe-provisionJoin andJoin andsynchronizesynchronize

Provisioning LifetimeProvisioning Lifetime

Provisioning & de-provisioningProvisioning & de-provisioning

PasswordPasswordSynchSynch

Page 22: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

Password ManagementPassword ManagementEncryption – the basic problemEncryption – the basic problem

““Carve99”Carve99”““Carve99”Carve99”Plaintext passwordPlaintext passwordPlaintext passwordPlaintext password

One Way One Way FunctionFunctionOne Way One Way FunctionFunction

ADADADAD

NT4 SAMNT4 SAMNT4 SAMNT4 SAM

C62EAD47D82E1037A6AC12CD0CC49C6EC62EAD47D82E1037A6AC12CD0CC49C6EC62EAD47D82E1037A6AC12CD0CC49C6EC62EAD47D82E1037A6AC12CD0CC49C6E

One Way One Way FunctionFunctionOne Way One Way FunctionFunction

OWF passwordOWF passwordOWF passwordOWF password

C62EAD47D82E1037A6AC12CD0CC49C6EC62EAD47D82E1037A6AC12CD0CC49C6EC62EAD47D82E1037A6AC12CD0CC49C6EC62EAD47D82E1037A6AC12CD0CC49C6E

OWF passwordOWF passwordOWF passwordOWF password

Page 23: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

Active DirectoryActive Directory

Password ManagementPassword ManagementInitial password setInitial password setCentralized password control via a Web Centralized password control via a Web appapp

Self-service password resetSelf-service password resetHelpdesk password resetHelpdesk password reset

Decentralized password synchronizationDecentralized password synchronization33rdrd party password sync products can easily integrate party password sync products can easily integrate

SunONE DirectorySunONE Directory

Web appWeb app

Page 24: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

Password ManagementPassword ManagementTrue Password SyncTrue Password Sync

Requires agents on target systemsRequires agents on target systemsTrap password in plain text formatTrap password in plain text format

Securely transport back to central serverSecurely transport back to central server

Server does Password Set on other Server does Password Set on other targetstargets

PasswordPasswordAgentAgent

PasswordPasswordAgentAgent

Target SystemTarget System

Transport

Transport

Encrypted

Encrypted

Password

Password

Password Set:Password Set:Directory WriteDirectory WriteNative APIsNative APIs

Target SystemTarget SystemPassword ServerPassword Server

M-Tech P-Synch ServerM-Tech P-Synch Server

Page 25: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

Password Set & Password Set & ResetReset

Password SynchPassword Synch

MIISMIIS

SQLSQLSQLSQL

SQL TablesSQL Tables

P-Synch TableP-Synch Table

P-Synch EngineP-Synch EngineP-Synch EngineP-Synch Engine

Persistent Join DataPersistent Join Data

Password SyncPassword SyncM-Tech P-Synch – MIIS IntegrationM-Tech P-Synch – MIIS Integration

Page 26: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

VisualizationVisualization

Different hierarchies suit different Different hierarchies suit different needsneeds

Multiple hierarchical representations Multiple hierarchical representations can be discovered from datacan be discovered from data

Polyarchy eliminates the requirement Polyarchy eliminates the requirement for fixed hierarchyfor fixed hierarchy

Polyarchy provides multiple Polyarchy provides multiple hierarchical views and richer hierarchical views and richer visualization of infrastructure visualization of infrastructure informationinformation

Page 27: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

PrerequisitesPrerequisites

Microsoft SQL Server 2000 Enterprise Microsoft SQL Server 2000 Enterprise EditionEdition

SP1 adds support for Standard EditionSP1 adds support for Standard Edition

Windows Server 2003 Enterprise Windows Server 2003 Enterprise EditionEdition

Visual Studio .NET 2003Visual Studio .NET 2003

Page 28: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

Directory SynchronizationDirectory SynchronizationConnectivity in MIIS 2003, Enterprise EditionConnectivity in MIIS 2003, Enterprise Edition

Active DirectoryActive DirectoryActive Directory Application ModeActive Directory Application ModeExchange 2000 and Exchange 2003 Global Address List Exchange 2000 and Exchange 2003 Global Address List SynchronizationSynchronizationSun One Directory (formerly iPlanet) 4.x and 5.0Sun One Directory (formerly iPlanet) 4.x and 5.0SQL Server 7.0 and 2000SQL Server 7.0 and 2000Oracle 8i and 9iOracle 8i and 9iDSML 2.0DSML 2.0LDAP Directory Interchange Format (LDIF)LDAP Directory Interchange Format (LDIF)Delimited TextDelimited TextFixed-Width TextFixed-Width TextAttribute-Value Pair TextAttribute-Value Pair TextWindows NT 4.0Windows NT 4.0Exchange 5.5Exchange 5.5Lotus Notes 4.6, 5.x, and 6.xLotus Notes 4.6, 5.x, and 6.xNovell eDirectory 8.62 and 8.7Novell eDirectory 8.62 and 8.7Other LDAP-based or mainframe or RDBMS systems to Other LDAP-based or mainframe or RDBMS systems to followfollow

Page 29: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

MIIS 2003 – Resource Kit MIIS 2003 – Resource Kit v2v2

MIIS Provisioning WizardMIIS Provisioning WizardMIIS Workflow ApplicationMIIS Workflow Application

Sample application that show how to build Sample application that show how to build workflow based on MIIS 2003workflow based on MIIS 2003

AttributeFlowViewerAttributeFlowViewerShows import and export flows of MV attributesShows import and export flows of MV attributesGenerates XML fileGenerates XML file

MIISInfoBackupMIISInfoBackupCollects all MIIS configuration into XML fileCollects all MIIS configuration into XML file

MVConfigurationViewerMVConfigurationViewerTranslates MV configuration to XML fileTranslates MV configuration to XML fileAllows viewing and documenting MV Allows viewing and documenting MV configuration in readable wayconfiguration in readable way

Page 30: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

MIIS 2003 ResKit v2 ProvisioningMIIS 2003 ResKit v2 Provisioning

MIIS 2003MIIS 2003Administrator had to write code for Administrator had to write code for provisioningprovisioning

MIIS SP1 Resource KitMIIS SP1 Resource KitAdditional toolsAdditional tools

Provisioning code generatorProvisioning code generatorDeclarative UI for provisioningDeclarative UI for provisioning

Generates provisioning codeGenerates provisioning code

Enables provisioning and registers Enables provisioning and registers provisioning DLLprovisioning DLL

Source code can be extended with custom Source code can be extended with custom code code

Page 31: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

Service Pack 1Service Pack 1

Page 32: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

MIIS 2003 SP1 – Management MIIS 2003 SP1 – Management AgentsAgents

New MAsNew MAsIBM DB2IBM DB2

Version 7 or 8.1Version 7 or 8.1

Windows OS only at this timeWindows OS only at this time

IBM DSIBM DSVersion 4.1, 5.1 and 5.2Version 4.1, 5.1 and 5.2

Windows OS only at this timeWindows OS only at this time

Improved MA supportImproved MA supportSun One 5.2Sun One 5.2

eDirectory 8.73eDirectory 8.73

Lotus Notes 6.xLotus Notes 6.x

Page 33: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

MIIS 2003 SP1 Password MIIS 2003 SP1 Password SynchronizationSynchronization

Problem: Credentials in multiple identity stores Problem: Credentials in multiple identity stores are hard to manageare hard to manageSolution: Use credentials from one store and Solution: Use credentials from one store and synchronizesynchronize

End users – convenienceEnd users – convenienceIT – security, manageabilityIT – security, manageability

Must be easy to use and integrated with desktopMust be easy to use and integrated with desktopEnd users know how to change passwords from the End users know how to change passwords from the Windows clientWindows clientNo training required No training required

Must be easy to deployMust be easy to deployPCNS Filter and Service can easily be rolled out with SMS PCNS Filter and Service can easily be rolled out with SMS or GPor GPPCNS configuration stored in AD; no need to update each PCNS configuration stored in AD; no need to update each DC for configuration changesDC for configuration changes

Password synchronization integrated in MIISPassword synchronization integrated in MIISService will forward password changes to MIISService will forward password changes to MIISMIIS uses password extensions for all connected identity MIIS uses password extensions for all connected identity storesstoresRobust implementationRobust implementation

Page 34: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

PackagingPackaging

MIIS 2003, Enterprise EditionMIIS 2003, Enterprise EditionAvailable via Open and Select licensingAvailable via Open and Select licensing

MSDN Universal for development, testingMSDN Universal for development, testing

Includes all management agentsIncludes all management agents

Identity Integration Feature Pack for Identity Integration Feature Pack for ADAD

No cost web downloadNo cost web download

AD and ADAM management agentsAD and ADAM management agents

Supports Exchange GAL syncSupports Exchange GAL sync

Page 35: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

1.1. Codeless provisioningCodeless provisioning2.2. Richer logging/auditingRicher logging/auditing3.3. Self-service platformSelf-service platform4.4. Workflow for provisioning and self-serviceWorkflow for provisioning and self-service5.5. Cluster supportCluster support6.6. Computed attributes (dynamic groups)Computed attributes (dynamic groups)7.7. Cross-forest group managementCross-forest group management8.8. Entitlement reportingEntitlement reporting9.9. Capacity planning documentationCapacity planning documentation10.10. Scalability improvementsScalability improvements

Page 36: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

RoadmapRoadmapPolyarchy Beta – Target: 2H04Polyarchy Beta – Target: 2H04MIIS Gemini – Target: CY06MIIS Gemini – Target: CY06

Full Lifecycle Identity Management: Full Lifecycle Identity Management: Additional Provisioning/De-provisioningAdditional Provisioning/De-provisioningAuditAudit

Development PlatformDevelopment PlatformEven easier Deployment/Development and Even easier Deployment/Development and Ongoing AdministrationOngoing AdministrationPolyarchyPolyarchyAutogroupAutogroup

Page 37: Microsoft Identity Integration Server 2003 (MIIS) Kim Mikkelsen Senior Technology Specialist Microsoft.

© 2003 Microsoft Corporation. All rights reserved.© 2003 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.