Microsoft Identity Integration Server

Last updated June 12, 2022

Microsoft Identity Integration Server (MIIS) is an identity management (IdM) product offered by Microsoft. It is a service that aggregates identity-related information from multiple data-sources. The goal of MIIS is to provide organizations with a unified view of a user's/resources identity across the heterogeneous enterprise and provide methods to automate routine tasks.

MIIS manages information by retrieving identity information from the connected data sources and storing the information in the connector space as connector space objects or CSEntry objects. The CSEntry objects are then mapped to entries in the metaverse called metaverse objects or MVEntry objects. This architecture allows data from dissimilar connected data sources to be mapped to the same MVEntry object. All back-end data is stored in Microsoft SQL Server.^[1]

For example, through the metaverse an organization's e-mail system can be linked to its human resources database to the organization's PBX system to any other data repository containing relevant user information. Each employee's attributes from the e-mail system and the human resources database are imported into the connector space through respective management agents. The e-mail system can then link to individual attributes from the employee entry, such as the employee telephone number. If an employee's telephone number changes, the new telephone number will automatically be propagated to the e-mail system.

One of the goals of the identity management is to establish and support authoritative source of information for every known attribute and to preserve data integrity according to predetermined business rules.

On IdM market of products MIIS stands out by implementing state-based architecture. The majority of competitors are offering transaction-based products. Due to this approach MIIS requires no software/drivers/agents/shims being installed on the target system.

Extensibility

The product is extensible through the use of the .NET Framework, which allows developers and network administrators to extend out-of-the-box capabilities and perform complex tasks.

Versions

Zoomit Via (pre 1999)
Microsoft Metadirectory Server [MMS] (1999–2003)
Microsoft Identity Integration Server 2003 Enterprise Edition [MIIS] (Retired)
Microsoft Identity Integration Server 2003 Feature Pack [IIFP] (Retired)
Microsoft Identity Lifecycle Manager Server 2007 ILM (Retired)
Microsoft Forefront Identity Manager 2010 FIM (Retired)
Microsoft Identity Manager 2016 [MIM] (Current)

History

MIIS has its origins in two Canadian companies' products, Linkage Software's metadirectory product LinkAge Directory Exchange (LDE) which Microsoft acquired on June 30, 1997^[2] and Zoomit Corporation's metadirectory product, Via, which Microsoft acquired on July 7, 1999.^[3]

LDE was strongly email system oriented but traces of it and its field mapping technology remain through MIIS 2003.

After acquiring Zoomit Via Microsoft renamed it to MMS (Microsoft Metadirectory Services) and offered this product for free; however they will strongly encourage customers to hire Microsoft Consulting Services to install and configure product.

Microsoft Identity Integration Server 2003 was completely re-written from ground up. No original Zoomit Via code was moved into MIIS. However Microsoft preserved methodology and original idea of the Via product. MIIS 2003 no longer uses ZScript (proprietary scripting language of Zoomit Via), instead it offered .NET Framework support. With this upgrade Microsoft did not offer a migration path from MMS to MIIS due to the significant differences in the products.

Currently Service Pack 2 is available for MIIS 2003.

IIFP is a slimmed-down version of MIIS that is limited to synchronization between AD, ADAM, and exchange datastores.^[4]

In fall 2007 MIIS 2003 was incorporated into a new offering called Identity Lifecycle Manager (ILM) 2007. This product was announced at the RSA Conference in February 2007 and made available to customers in May 2007. Identity Lifecycle Manager 2007 includes not only the original MIIS 2003 product, but also a component called Certificate Lifecycle Manager (CLM) which is used to manage X.509 digital certificate and smart card issuance.

Future developments

Future releases of MIIS/ILM are expected to be x64 only; x86 support expected to be dropped, following suite of Exchange Server Public Release Candidate (RC) version for Identity Lifecycle Manager '2' is available now (December 2008)^[5] The Microsoft SQL Server 2008 is a new back-end dependency of ILM '2'

Supported data sources

MIIS 2003, Enterprise Edition, includes support for a wide variety of identity repositories including the following.

Network operating systems and directory services : Microsoft Windows NT, Active Directory, Active Directory Application Mode, IBM Directory Server, Novell eDirectory ^[6] , Resource Access Control Facility (RACF), SunONE/iPlanet Directory, X.500 systems and other network directory products

E-mail : Lotus Notes and IBM Lotus Domino, Microsoft Exchange 5.5, 2000, 2003, 2007, 2010, & 2013.

Application : PeopleSoft, SAP AG products, ERP1, telephone switches PBX, XML- and Directory Service Markup Language DSML-based systems

Database : Microsoft SQL Server, Oracle RDBMS, IBM Informix, dBase, IBM Db2

File-based : DSMLv2, LDIF, Comma-separated values CSV, delimited, fixed width, attribute value pairs

Other: MIIS provides developers with well defined framework to create additional management agents (in any .NET Framework languages currently available on the market) that are not available out-of-the box. Microsoft itself as well as third party vendors provide a wide array of additional management agents, such as OpenLDAP, IBM UniData, PeopleSoft, Windows Live ID/Hotmail, MySQL etc.

Limitations

While MIIS appears to support DSML, there is currently no out-of-the-box support for SPML version 1 or version 2.0. Standardization in the service provisioning space would benefit consumers and assist in avoiding costly lock-in to proprietary systems.

Related Research Articles

Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was used only for centralized domain management. However, Active Directory eventually became an umbrella title for a broad range of directory-based identity-related services.

The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.

In computing, a directory service or name service maps the names of network resources to their respective network addresses. It is a shared information infrastructure for locating, managing, administering and organizing everyday items and network resources, which can include volumes, folders, files, printers, users, groups, devices, telephone numbers and other objects. A directory service is a critical component of a network operating system. A directory server or name server is a server which provides such a service. Each resource on the network is considered an object by the directory server. Information about a particular resource is stored as a collection of attributes associated with that resource or object.

NetWare is a discontinued computer network operating system developed by Novell, Inc. It initially used cooperative multitasking to run various services on a personal computer, using the IPX network protocol.

Banyan VINES is a network operating system developed by Banyan Systems for computers running AT&T's UNIX System V.

Query languages, data query languages or database query languages (DQLs) are computer languages used to make queries in databases and information systems. A well known example is the Structured Query Language (SQL).

Directory Services Markup Language (DSML) is a representation of directory service information in an XML syntax.

Microsoft Servers is a discontinued brand that encompasses Microsoft software products for server computers. This includes the Windows Server editions of the Microsoft Windows operating system, as well as products targeted at the wider business market. Microsoft has since replaced this brand with Microsoft Azure, Microsoft 365 and Windows 365.

Windows Server 2008 is the fourth release of the Windows Server operating system produced by Microsoft as part of the Windows NT family of the operating systems. It was released to manufacturing on February 4, 2008, and generally to retail on February 27, 2008. Derived from Windows Vista, Windows Server 2008 is the successor of Windows Server 2003 and the predecessor to Windows Server 2008 R2.

eDirectory is an X.500-compatible directory service software product from NetIQ. Previously owned by Novell, the product has also been known as Novell Directory Services (NDS) and sometimes referred to as NetWare Directory Services. NDS was initially released by Novell in 1993 for Netware 4, replacing the Netware bindery mechanism used in previous versions, for centrally managing access to resources on multiple servers and computers within a given network. eDirectory is a hierarchical, object oriented database used to represent certain assets in an organization in a logical tree, including organizations, organizational units, people, positions, servers, volumes, workstations, applications, printers, services, and groups to name just a few.

IBM Spectrum Protect is a data protection platform that gives enterprises a single point of control and administration for backup and recovery. It is the flagship product in the IBM Spectrum Protect family.

Microsoft SQL Server Express is a version of Microsoft's SQL Server relational database management system that is free to download, distribute and use. It comprises a database specifically targeted for embedded and smaller-scale applications. The product traces its roots to the Microsoft Database Engine (MSDE) product, which was shipped with SQL Server 2000. The "Express" branding has been used since the release of SQL Server 2005.

EGroupware is free open-source groupware software intended for businesses from small to enterprises. Its primary functions allow users to manage contacts, appointments, projects and to-do lists. The projects spreads its software under the terms of GNU General Public License (GPL).

Watermark describes an object of a predefined format which provides a point of reference for two systems/datasets attempting to establish delta/incremental synchronization; any object in the queried data source which was created, modified/changed, and/or deleted after the watermark value was established will be qualified as "above watermark" and could/should be returned to a delta-querying partner

Vinzant Software is a privately held company that is based in Hobart, IN. Vinzant Software develops and markets enterprise job scheduling products for platforms including Windows, Unix, Linux, IBM i and MPE/ix. It was founded in 1988 by David Vinzant and has solely focused on job scheduling since 1995.

Microsoft Forefront Identity Manager (FIM) is a state-based identity management software product, designed to manage users' digital identities, credentials and groupings throughout the lifecycle of their membership of an enterprise computer system. FIM integrates with Active Directory and Exchange Server to provide identity synchronization, certificate management, user password resets and user provisioning from a single interface.

User provisioning software is software intended to help organizations more quickly, cheaply, reliably and securely manage information about users on multiple systems and applications.

Novell Storage Manager is a system software package released by Novell in 2004 that uses identity, policy and directory events to automate full lifecycle management of file storage for individual users and organizational groups. By tying storage management to an organization's existing identity infrastructure, it has been pointed out, Novell Storage Manager enables the administration of users across all file servers "as a single pool rather than [in] separate independently managed domains." Novell Storage Manager is a component of the Novell File Management Suite.

GroupWise is a messaging and collaboration platform from Micro Focus that supports email, calendaring, personal information management, instant messaging, and document management. The GroupWise platform consists of desktop client software, which is available for Windows,, and the server software, which is supported on Windows Server and Linux.

Distributed Data Management Architecture (DDM) is IBM's open, published software architecture for creating, managing and accessing data on a remote computer. DDM was initially designed to support record-oriented files; it was extended to support hierarchical directories, stream-oriented files, queues, and system command processing; it was further extended to be the base of IBM's Distributed Relational Database Architecture (DRDA); and finally, it was extended to support data description and conversion. Defined in the period from 1980 to 1993, DDM specifies necessary components, messages, and protocols, all based on the principles of object-orientation. DDM is not, in itself, a piece of software; the implementation of DDM takes the form of client and server products. As an open architecture, products can implement subsets of DDM architecture and products can extend DDM to meet additional requirements. Taken together, DDM products implement a distributed file system.

References

↑ "MIIS 2003 Overview". Microsoft. 2006-08-14. Retrieved 2009-10-27.
↑ "Microsoft Acquires LinkAge Software". Microsoft Press.
↑ "Microsoft Acquires Leading Developer of Meta-Directory Products". Microsoft Press.
↑ "Library of Congress Web Archives".
↑ "Evaluate Microsoft Identity Lifecycle Manager "2" RC". Microsoft Corporation.
↑ "Troubleshooting LDAP SSL connection issues between Microsoft ILM/MIIS & Novell eDirectory 8.7.3". 2008-03-15. Retrieved 2017-01-23.

External links

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "MIIS 2003 Overview". Microsoft. 2006-08-14. Retrieved 2009-10-27.

[2] "Microsoft Acquires LinkAge Software". Microsoft Press.

[3] "Microsoft Acquires Leading Developer of Meta-Directory Products". Microsoft Press.

[4] "Library of Congress Web Archives".

[5] "Evaluate Microsoft Identity Lifecycle Manager "2" RC". Microsoft Corporation.

[6] "Troubleshooting LDAP SSL connection issues between Microsoft ILM/MIIS & Novell eDirectory 8.7.3". 2008-03-15. Retrieved 2017-01-23.

[1]

[2]

[3]

[4]

[5]

[6]