Microsoft Identity Integration Server

Last updated

Microsoft Identity Integration Server (MIIS) is an identity management (IdM) product offered by Microsoft. It is a service that aggregates identity-related information from multiple data-sources. The goal of MIIS is to provide organizations with a unified view of a user's/resources identity across the heterogeneous enterprise and provide methods to automate routine tasks.

Contents

MIIS manages information by retrieving identity information from the connected data sources and storing the information in the connector space as connector space objects or CSEntry objects. The CSEntry objects are then mapped to entries in the metaverse called metaverse objects or MVEntry objects. This architecture allows data from dissimilar connected data sources to be mapped to the same MVEntry object. All back-end data is stored on Microsoft SQL Server. [1]

For example, through the metaverse an organization's e-mail system can be linked to its human resources database, its PBX system and any other data repositories containing relevant user information. Each employee's attributes from the e-mail system and the human resources database are imported into the connector space through respective management agents. The e-mail system can then link to individual attributes from the employee entry, such as the employee telephone number. If an employee's telephone number changes, the new telephone number will automatically be propagated to the e-mail system.

One of the goals of the identity management is to establish and support authoritative sources of information for every known attribute and to preserve data integrity according to predetermined business rules.

On IdM market of products MIIS stands out by implementing state-based architecture. The majority of competitors are offering transaction-based products. Due to this approach MIIS requires no software/drivers/agents/shims to be installed on the target system.

Extensibility

The product is extensible through the use of the .NET Framework, which allows developers and network administrators to extend out-of-the-box capabilities and perform complex tasks.

Versions

History

MIIS has its origins in two Canadian companies' products, Linkage Software's metadirectory product LinkAge Directory Exchange (LDE) which Microsoft acquired on June 30, 1997 [2] and Zoomit Corporation's metadirectory product, Via, which Microsoft acquired on July 7, 1999. [3]

LDE was strongly email system oriented but traces of it and its field mapping technology remain through MIIS 2003.

After acquiring Zoomit Via Microsoft renamed it to MMS (Microsoft Metadirectory Services) and offered this product for free; however they will strongly encourage customers to hire Microsoft Consulting Services to install and configure product.

Microsoft Identity Integration Server 2003 was completely re-written from ground up. No original Zoomit Via code was moved into MIIS. However Microsoft preserved methodology and original idea of the Via product. MIIS 2003 no longer uses ZScript (proprietary scripting language of Zoomit Via), instead it offered .NET Framework support. With this upgrade Microsoft did not offer a migration path from MMS to MIIS due to the significant differences in the products.

Currently Service Pack 2 is available for MIIS 2003.

IIFP is a slimmed-down version of MIIS that is limited to synchronization between AD, ADAM, and exchange datastores. [4]

In fall 2007 MIIS 2003 was incorporated into a new offering called Identity Lifecycle Manager (ILM) 2007. This product was announced at the RSA Conference in February 2007 and made available to customers in May 2007. Identity Lifecycle Manager 2007 includes not only the original MIIS 2003 product, but also a component called Certificate Lifecycle Manager (CLM) which is used to manage X.509 digital certificate and smart card issuance.

Future developments

Future releases of MIIS/ILM are expected to be x64 only; x86 support expected to be dropped, following suite of Exchange Server Public Release Candidate (RC) version for Identity Lifecycle Manager '2' is available now (December 2008) [5] The Microsoft SQL Server 2008 is a new back-end dependency of ILM '2'

Supported data sources

MIIS 2003, Enterprise Edition, includes support for a wide variety of identity repositories including the following.

Network operating systems and directory services : Microsoft Windows NT, Active Directory, Active Directory Application Mode, IBM Directory Server, Novell eDirectory [6] , Resource Access Control Facility (RACF), SunONE/iPlanet Directory, X.500 systems and other network directory products

E-mail : Lotus Notes and IBM Lotus Domino, Microsoft Exchange 5.5, 2000, 2003, 2007, 2010, & 2013.

Application : PeopleSoft, SAP AG products, ERP1, telephone switches PBX, XML- and Directory Service Markup Language DSML-based systems

Database : Microsoft SQL Server, Oracle RDBMS, IBM Informix, dBase, IBM Db2

File-based : DSMLv2, LDIF, Comma-separated values CSV, delimited, fixed width, attribute value pairs

Other: MIIS provides developers with well defined framework to create additional management agents (in any .NET Framework languages currently available on the market) that are not available out-of-the box. Microsoft itself as well as third party vendors provide a wide array of additional management agents, such as OpenLDAP, IBM UniData, PeopleSoft, Windows Live ID/Hotmail, MySQL etc.

Limitations

While MIIS appears to support DSML, there is currently no out-of-the-box support for SPML version 1 or version 2.0. Standardization in the service provisioning space would benefit consumers and assist in avoiding costly lock-in to proprietary systems.

See also

Related Research Articles

Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. Windows Server operating systems include it as a set of processes and services. Originally, only centralized domain management used Active Directory. However, it ultimately became an umbrella title for various directory-based identity-related services.

The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.

In computing, a directory service or name service maps the names of network resources to their respective network addresses. It is a shared information infrastructure for locating, managing, administering and organizing everyday items and network resources, which can include volumes, folders, files, printers, users, groups, devices, telephone numbers and other objects. A directory service is a critical component of a network operating system. A directory server or name server is a server which provides such a service. Each resource on the network is considered an object by the directory server. Information about a particular resource is stored as a collection of attributes associated with that resource or object.

<span class="mw-page-title-main">NetWare</span> Computer network operating system

NetWare is a discontinued computer network operating system developed by Novell, Inc. It initially used cooperative multitasking to run various services on a personal computer, using the IPX network protocol.

Banyan VINES is a discontinued network operating system developed by Banyan Systems for computers running AT&T's UNIX System V.

Directory Services Markup Language (DSML) is a representation of directory service information in an XML syntax.

A metadirectory system provides for the flow of data between one or more directory services and databases, in order to maintain synchronization of that data, and is an important part of identity management systems. The data being synchronized typically are collections of entries that contain user profiles and possibly authentication or policy information. Most metadirectory deployments synchronize data into at least one LDAP-based directory server, to ensure that LDAP-based applications such as single sign-on and portal servers have access to recent data, even if the data is mastered in a non-LDAP data source.

Microsoft Servers is a discontinued brand that encompasses Microsoft software products for server computers. This includes the Windows Server editions of the Microsoft Windows operating system, as well as products targeted at the wider business market. Microsoft has since replaced this brand with Microsoft Azure, Microsoft 365 and Windows 365.

eDirectory is an X.500-compatible directory service software product from NetIQ. Previously owned by Novell, the product has also been known as Novell Directory Services (NDS) and sometimes referred to as NetWare Directory Services. NDS was initially released by Novell in 1993 for Netware 4, replacing the Netware bindery mechanism used in previous versions, for centrally managing access to resources on multiple servers and computers within a given network. eDirectory is a hierarchical, object oriented database used to represent certain assets in an organization in a logical tree, including organizations, organizational units, people, positions, servers, volumes, workstations, applications, printers, services, and groups to name just a few.

IBM Storage Protect is a data protection platform that gives enterprises a single point of control and administration for backup and recovery. It is the flagship product in the IBM Spectrum Protect family.

<span class="mw-page-title-main">SUSE Linux Enterprise</span> Linux distribution

SUSE Linux Enterprise (SLE) is a Linux-based operating system developed by SUSE. It is available in two editions, suffixed with Server (SLES) for servers and mainframes, and Desktop (SLED) for workstations and desktop computers.

<span class="mw-page-title-main">System Architect</span> Enterprise architecture tool

Unicom System Architect is an enterprise architecture tool that is used by the business and technology departments of corporations and government agencies to model their business operations and the systems, applications, and databases that support them. System Architect is used to build architectures using various frameworks including TOGAF, ArchiMate, DoDAF, MODAF, NAF and standard method notations such as sysML, UML, BPMN, and relational data modeling. System Architect is developed by UNICOM Systems, a division of UNICOM Global, a United States-based company.

Microsoft SQL Server Express is a version of Microsoft's SQL Server relational database management system that is free to download, distribute and use. It comprises a database specifically targeted for embedded and smaller-scale applications. The product traces its roots to the Microsoft Database Engine (MSDE) product, which was shipped with SQL Server 2000. The "Express" branding has been used since the release of SQL Server 2005.

EGroupware is free open-source groupware software intended for businesses from small to enterprises. Its primary functions allow users to manage contacts, appointments, projects and to-do lists. The project releases its software under the terms of GNU General Public License (GPL).

A Watermark for data synchronization describes an object of a predefined format which provides a point of reference value for two systems/datasets attempting to establish delta/incremental synchronization; any object in the queried data source which was created, modified, or deleted after the watermark's value will be qualified as "above watermark" and should be returned to the client requesting data.

Microsoft Forefront Identity Manager (FIM) is a state-based identity management software product, designed to manage users' digital identities, credentials and groupings throughout the lifecycle of their membership of an enterprise computer system. FIM integrates with Active Directory and Exchange Server to provide identity synchronization, certificate management, user password resets and user provisioning from a single interface.

User provisioning software is software intended to help organizations more quickly, cheaply, reliably and securely manage information about users on multiple systems and applications.

Novell Storage Manager is a system software package released by Novell in 2004 that uses identity, policy and directory events to automate full lifecycle management of file storage for individual users and organizational groups. By tying storage management to an organization's existing identity infrastructure, it has been pointed out, Novell Storage Manager enables the administration of users across all file servers "as a single pool rather than [in] separate independently managed domains." Novell Storage Manager is a component of the Novell File Management Suite.

<span class="mw-page-title-main">GroupWise</span> Messaging and collaborative software platform

GroupWise is a messaging and collaboration platform from OpenText that supports email, calendaring, personal information management, instant messaging, and document management. The GroupWise platform consists of desktop client software, which is available for Windows,, and the server software, which is supported on Windows Server and Linux.

The history of Microsoft SQL Server begins with the first Microsoft SQL Server database product – SQL Server v1.0, a 16-bit relational database for the OS/2 operating system, released in 1989.

References

  1. "MIIS 2003 Overview". Microsoft. 2006-08-14. Retrieved 2009-10-27.
  2. "Microsoft Acquires LinkAge Software". Microsoft Press.
  3. "Microsoft Acquires Leading Developer of Meta-Directory Products". Microsoft Press.
  4. "Library of Congress Web Archives". Archived from the original on 2012-08-03. Retrieved 2018-03-10.{{cite web}}: CS1 maint: bot: original URL status unknown (link)
  5. "Evaluate Microsoft Identity Lifecycle Manager "2" RC". Microsoft Corporation.
  6. "Troubleshooting LDAP SSL connection issues between Microsoft ILM/MIIS & Novell eDirectory 8.7.3". 2008-03-15. Retrieved 2017-01-23.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.