Microsoft Identity Integration Server
Encyclopedia
Microsoft Identity Integration Server (MIIS) is an identity management
(IdM) product offered by Microsoft
. It is a service that aggregates identity-related information from multiple data-sources. The goal of MIIS is to provide organizations with a unified view of a user's/resources identity across the heterogeneous enterprise and provide methods to automate routine tasks.
MIIS manages information by retrieving identity information from the connected data sources and storing the information in the connector space as connector space objects or CSEntry objects. The CSEntry objects are then mapped to entries in the metaverse called metaverse objects or MVEntry objects. This architecture allows data from dissimilar connected data sources to be mapped to the same MVEntry object. All back-end data is stored in Microsoft SQL Server.
For example, through the metaverse an organization's e-mail system can be linked to its human resources database to the organization's PBX system to any other data repository containing relevant user information. Each employee's attributes from the e-mail system and the human resources database are imported into the connector space through respective management agents. The e-mail system can then link to individual attributes from the employee entry, such as the employee telephone number. If an employee's telephone number changes, the new telephone number will automatically be propagated to the e-mail system.
One of the goals of the identity management
is to establish and support authoritative source of information for every known attribute and to preserve data integrity according to predetermined business rules.
On IdM market of products MIIS stands out by implementing state-based architecture. Majority of competitors are offering transaction-based products. Due to this approach MIIS requires no software/drivers/agents/shims being installed on the target system.
, which allows developers and network administrators to extend out-of-the-box capabilities and perform complex tasks.
LDE was strongly email system oriented but traces of it and its field mapping technology remain through MIIS 2003.
After acquiring Zoomit Via Microsoft renamed it to MMS (Microsoft Metadirectory Services) and offered this product for free; however they will strongly encourage customers to hire Microsoft Consulting Services to install and configure product.
Microsoft Identity Integration Server 2003 was completely re-written from ground up. No original Zoomit Via code was moved into MIIS. However Microsoft preserved methodology and original idea of the Via product. MIIS 2003 no longer uses ZScript (proprietary scripting language of Zoomit Via), instead it offered .NET framework
support. With this upgrade Microsoft did not offer a migration path from MMS to MIIS due to the significant differences in the products.
Currently Service Pack 2 is available for MIIS 2003.
IIFP is a slimmed-down version of MIIS that is limited to synchronization between AD, ADAM, and exchange datastoreshttp://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=1848075&SiteID=17.
MIIS 2003 was recently (Fall 2007) incorporated into a new offering called Identity Lifecycle Manager
2007. This product was announced at the RSA Conference in February 2007 and made available to customers in May 2007. Identity Lifecycle Manager 2007 includes not only the original MIIS 2003 product, but also a component called Certificate Lifecycle Manager (CLM) which is used to manage X.509 digital certificate and smart card issuance.
only; x86 support expected to be dropped, following suite of Exchange Server
Public Release Candidate (RC) version for Identity Lifecycle Manager
'2' is available now (December 2008)
The Microsoft SQL Server
2008 is a new back-end dependency of ILM '2'
Network operating systems and directory services :
Microsoft Windows NT
, Active Directory
, Active Directory Application Mode, IBM Directory Server, Novell eDirectory
, Resource Access Control Facility
(RACF), SunONE/iPlanet
Directory, X.500
systems and other network directory products
E-mail :
Lotus Notes
and IBM Lotus Domino
, Microsoft Exchange
5.5, 2000, 2003, 2007
Application :
PeopleSoft
, SAP AG
products, ERP1, telephone switches PBX, XML- and Directory Service Markup Language
DSML-based systems
Database :
Microsoft SQL Server
, Oracle RDBMS, IBM Informix, dBase
, IBM DB2
File-based :
DSMLv2, LDIF, Comma-separated values
CSV, delimited, fixed width, attribute value pairs
Other:
MIIS provides developers with well defined framework to create additional management agents (in any .NET framework
languages currently available on the market) that are not available out-of-the box. Microsoft itself as well as third party vendors is continuing to provide wide array of additional management agents, such as OpenLDAP
, IBM UniData
, PeopleSoft
, Windows Live ID
/Hotmail
, MySQL
etc.
Identity management
Identity management is a broad administrative area that deals with identifying individuals in a system and controlling access to the resources in that system by placing restrictions on the established identities of the individuals.Identity management is multidisciplinary and covers many...
(IdM) product offered by Microsoft
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
. It is a service that aggregates identity-related information from multiple data-sources. The goal of MIIS is to provide organizations with a unified view of a user's/resources identity across the heterogeneous enterprise and provide methods to automate routine tasks.
MIIS manages information by retrieving identity information from the connected data sources and storing the information in the connector space as connector space objects or CSEntry objects. The CSEntry objects are then mapped to entries in the metaverse called metaverse objects or MVEntry objects. This architecture allows data from dissimilar connected data sources to be mapped to the same MVEntry object. All back-end data is stored in Microsoft SQL Server.
For example, through the metaverse an organization's e-mail system can be linked to its human resources database to the organization's PBX system to any other data repository containing relevant user information. Each employee's attributes from the e-mail system and the human resources database are imported into the connector space through respective management agents. The e-mail system can then link to individual attributes from the employee entry, such as the employee telephone number. If an employee's telephone number changes, the new telephone number will automatically be propagated to the e-mail system.
One of the goals of the identity management
Identity management
Identity management is a broad administrative area that deals with identifying individuals in a system and controlling access to the resources in that system by placing restrictions on the established identities of the individuals.Identity management is multidisciplinary and covers many...
is to establish and support authoritative source of information for every known attribute and to preserve data integrity according to predetermined business rules.
On IdM market of products MIIS stands out by implementing state-based architecture. Majority of competitors are offering transaction-based products. Due to this approach MIIS requires no software/drivers/agents/shims being installed on the target system.
Extensibility
The product is extensible through the use of the .NET framework.NET Framework
The .NET Framework is a software framework that runs primarily on Microsoft Windows. It includes a large library and supports several programming languages which allows language interoperability...
, which allows developers and network administrators to extend out-of-the-box capabilities and perform complex tasks.
Versions
- Zoomit Via (pre 1999)
- Microsoft Metadirectory Server [MMS] (1999–2003)
- Microsoft Identity Integration Server 2003 Enterprise Edition [MIIS] (Retired)
- Microsoft Identity Integration Server 2003 Feature Pack [IIFP] (Retired)
- Microsoft Identity Lifecycle ManagerIdentity Lifecycle ManagerMicrosoft Forefront Identity Manager is a state-based identity management software product, designed to manage users' digital identities, credentials and groupings throughout the lifecycle of their membership of an enterprise computer system...
Server 2007 ILMIdentity Lifecycle ManagerMicrosoft Forefront Identity Manager is a state-based identity management software product, designed to manage users' digital identities, credentials and groupings throughout the lifecycle of their membership of an enterprise computer system...
(Retired)
- Microsoft ForefrontMicrosoft ForeFrontMicrosoft Forefront is a family of line-of-business security software by Microsoft Corporation. Microsoft Forefront products protect computer networks, network servers and individual devices....
Identity Manager 2010 FIM (Current)
History
MIIS has its origins in two Canadian companies' products, Linkage Software's metadirectory product LinkAge Directory Echange (LDE) which Microsoft acquired on June 30, 1997 and Zoomit Corporation's metadirectory product, Via, which Microsoft acquired on July 7, 1999.LDE was strongly email system oriented but traces of it and its field mapping technology remain through MIIS 2003.
After acquiring Zoomit Via Microsoft renamed it to MMS (Microsoft Metadirectory Services) and offered this product for free; however they will strongly encourage customers to hire Microsoft Consulting Services to install and configure product.
Microsoft Identity Integration Server 2003 was completely re-written from ground up. No original Zoomit Via code was moved into MIIS. However Microsoft preserved methodology and original idea of the Via product. MIIS 2003 no longer uses ZScript (proprietary scripting language of Zoomit Via), instead it offered .NET framework
.NET Framework
The .NET Framework is a software framework that runs primarily on Microsoft Windows. It includes a large library and supports several programming languages which allows language interoperability...
support. With this upgrade Microsoft did not offer a migration path from MMS to MIIS due to the significant differences in the products.
Currently Service Pack 2 is available for MIIS 2003.
IIFP is a slimmed-down version of MIIS that is limited to synchronization between AD, ADAM, and exchange datastoreshttp://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=1848075&SiteID=17.
MIIS 2003 was recently (Fall 2007) incorporated into a new offering called Identity Lifecycle Manager
Identity Lifecycle Manager
Microsoft Forefront Identity Manager is a state-based identity management software product, designed to manage users' digital identities, credentials and groupings throughout the lifecycle of their membership of an enterprise computer system...
2007. This product was announced at the RSA Conference in February 2007 and made available to customers in May 2007. Identity Lifecycle Manager 2007 includes not only the original MIIS 2003 product, but also a component called Certificate Lifecycle Manager (CLM) which is used to manage X.509 digital certificate and smart card issuance.
Future Developments
Future releases of MIIS/ILM are expected to be x64X86-64
x86-64 is an extension of the x86 instruction set. It supports vastly larger virtual and physical address spaces than are possible on x86, thereby allowing programmers to conveniently work with much larger data sets. x86-64 also provides 64-bit general purpose registers and numerous other...
only; x86 support expected to be dropped, following suite of Exchange Server
Public Release Candidate (RC) version for Identity Lifecycle Manager
Identity Lifecycle Manager
Microsoft Forefront Identity Manager is a state-based identity management software product, designed to manage users' digital identities, credentials and groupings throughout the lifecycle of their membership of an enterprise computer system...
'2' is available now (December 2008)
The Microsoft SQL Server
Microsoft SQL Server
Microsoft SQL Server is a relational database server, developed by Microsoft: It is a software product whose primary function is to store and retrieve data as requested by other software applications, be it those on the same computer or those running on another computer across a network...
2008 is a new back-end dependency of ILM '2'
Supported Data Sources
MIIS 2003, Enterprise Edition, includes support for a wide variety of identity repositories including the following.Network operating systems and directory services :
Microsoft Windows NT
Windows NT
Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. It was a powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix. It was intended to complement...
, Active Directory
Active Directory
Active Directory is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems. Server computers on which Active Directory is running are called domain controllers....
, Active Directory Application Mode, IBM Directory Server, Novell eDirectory
Novell eDirectory
Novell eDirectory is an X.500-compatible directory service software product initially released in 1993 by Novell for centrally managing access to resources on multiple servers and computers within a given network...
, Resource Access Control Facility
Resource Access Control Facility
RACF, short for Resource Access Control Facility, is an IBM software product. It is a security system that provides access control and auditing functionality for the z/OS and z/VM operating systems...
(RACF), SunONE/iPlanet
IPlanet
iPlanet was a product brand that was used jointly by Sun Microsystems and Netscape Communications Corporation when delivering software and services as part of a non-exclusive cross marketing deal that was also known as "A Sun|Netscape Alliance"....
Directory, X.500
X.500
X.500 is a series of computer networking standards covering electronic directory services. The X.500 series was developed by ITU-T, formerly known as CCITT, and first approved in 1988. The directory services were developed in order to support the requirements of X.400 electronic mail exchange and...
systems and other network directory products
E-mail :
Lotus Notes
Lotus Notes
Lotus Notes is the client of a collaborative platform originally created by Lotus Development Corp. in 1989. In 1995 Lotus was acquired by IBM and became known as the Lotus Development division of IBM and is now part of the IBM Software Group...
and IBM Lotus Domino
IBM Lotus Domino
Lotus Domino is an IBM server product that provides enterprise-grade e-mail, collaboration capabilities, and a custom application platform. Domino began life as Lotus Notes Server, the server component of Lotus Development Corporation's client-server messaging technology. It can be used as an...
, Microsoft Exchange
Microsoft Exchange Server
Microsoft Exchange Server is the server side of a client–server, collaborative application product developed by Microsoft. It is part of the Microsoft Servers line of server products and is used by enterprises using Microsoft infrastructure products...
5.5, 2000, 2003, 2007
Application :
PeopleSoft
PeopleSoft
PeopleSoft, Inc. was a company that provided Human Resource Management Systems , Financial Management Solutions , Supply Chain and customer relationship management software, as well as software solutions for manufacturing, enterprise performance management, and student administration to large...
, SAP AG
SAP AG
SAP AG is a German software corporation that makes enterprise software to manage business operations and customer relations. Headquartered in Walldorf, Baden-Württemberg, with regional offices around the world, SAP is the market leader in enterprise application software...
products, ERP1, telephone switches PBX, XML- and Directory Service Markup Language
Directory Service Markup Language
Directory Services Markup Language is a representation of directory service information in an XML syntax.The DSML version 1 effort was announced by creator Bowstreet on July 12, 1999. Initiative supporters include AOL-Netscape, Sun Microsystems, Oracle, Novell, Microsoft, and IBM...
DSML-based systems
Database :
Microsoft SQL Server
Microsoft SQL Server
Microsoft SQL Server is a relational database server, developed by Microsoft: It is a software product whose primary function is to store and retrieve data as requested by other software applications, be it those on the same computer or those running on another computer across a network...
, Oracle RDBMS, IBM Informix, dBase
DBASE
dBase II was the first widely used database management system for microcomputers. It was originally published by Ashton-Tate for CP/M, and later on ported to the Apple II and IBM PC under DOS...
, IBM DB2
IBM DB2
The IBM DB2 Enterprise Server Edition is a relational model database server developed by IBM. It primarily runs on Unix , Linux, IBM i , z/OS and Windows servers. DB2 also powers the different IBM InfoSphere Warehouse editions...
File-based :
DSMLv2, LDIF, Comma-separated values
Comma-separated values
A comma-separated values file stores tabular data in plain-text form. As a result, such a file is easily human-readable ....
CSV, delimited, fixed width, attribute value pairs
Other:
MIIS provides developers with well defined framework to create additional management agents (in any .NET framework
.NET Framework
The .NET Framework is a software framework that runs primarily on Microsoft Windows. It includes a large library and supports several programming languages which allows language interoperability...
languages currently available on the market) that are not available out-of-the box. Microsoft itself as well as third party vendors is continuing to provide wide array of additional management agents, such as OpenLDAP
OpenLDAP
OpenLDAP Software is a free, open source implementation of the Lightweight Directory Access Protocol developed by the OpenLDAP Project. It is released under its own BSD-style license called the OpenLDAP Public License. LDAP is a platform-independent protocol. Several common Linux distributions...
, IBM UniData
IBM U2
Rocket U2 is a suite of database management and supporting software now owned by Rocket Software. It includes two MultiValue database platforms: UniData and UniVerse. Both of these products are operating environments which run on current Unix, Linux and Windows operating systems. They are both...
, PeopleSoft
PeopleSoft
PeopleSoft, Inc. was a company that provided Human Resource Management Systems , Financial Management Solutions , Supply Chain and customer relationship management software, as well as software solutions for manufacturing, enterprise performance management, and student administration to large...
, Windows Live ID
Windows Live ID
Windows Live ID is a single sign-on web service developed and provided by Microsoft that allows users to log in to many websites using one account...
/Hotmail
Hotmail
Windows Live Hotmail, formerly known as MSN Hotmail and commonly referred to simply as Hotmail, is a free web-based email service operated by Microsoft as part of its Windows Live group. It was founded by Sabeer Bhatia and Jack Smith and launched in July 1996 as "HoTMaiL". It was one of the first...
, MySQL
MySQL
MySQL officially, but also commonly "My Sequel") is a relational database management system that runs as a server providing multi-user access to a number of databases. It is named after developer Michael Widenius' daughter, My...
etc.
Wish list
- Whilst the product appears to support DSMLDirectory Service Markup LanguageDirectory Services Markup Language is a representation of directory service information in an XML syntax.The DSML version 1 effort was announced by creator Bowstreet on July 12, 1999. Initiative supporters include AOL-Netscape, Sun Microsystems, Oracle, Novell, Microsoft, and IBM...
, there is currently no out-of-the-box support for SPMLSPMLService Provisioning Markup Language is an XML-based framework, being developed by OASIS, for exchanging user, resource and service provisioning information between cooperating organizations....
version 1 or version 2.0. Standardization in the service provisioning space would benefit consumers and assist in avoiding costly lock-in to proprietary systems. To implement SPML or any other standard, see Extensibility and XMA sections.
See also
- Identity Lifecycle ManagerIdentity Lifecycle ManagerMicrosoft Forefront Identity Manager is a state-based identity management software product, designed to manage users' digital identities, credentials and groupings throughout the lifecycle of their membership of an enterprise computer system...
- Password Change Notification ServicePassword Change Notification ServiceThe Microsoft Password Change Notification Service enables synchronization of password changes in Active Directory to Microsoft Identity Integration Server , ILM 2007 and FIM 2010 or the Microsoft Enterprise Single Sign-On Service...
(PCNS) - Watermark (data synchronization)Watermark (data synchronization)Watermark describes an object of a predefined format which provides a point of reference for two systems/datasets attempting to establish delta/incremental synchronization; any object in the queried data source which was created, modified/changed, and/or deleted after the watermark value was...