10 Jul 2012

Forefront Identity Manager - Understand How it Works

I’m getting nervous to write this, as this software is outside my experience as a .NET Developer and specifically as a SharePoint Developer. But I done one project with this so far, so worth to share to you guys, as this software really challenging and actually really easy to do if you got at least little or medium level knowledge in Windows Active Directory.

FIM-Logo_thumb2[4]

Alright, I’ll go with the short brief. Forefront Identity Manager is a software / system which could handles and combine an attributes of entity from a different other sources, and then put it on any other destination sources. What I’m talking about the sources is such as Active Directory, SQL Server Database, SAP, Oracle, or any other data sources.

a3e797e6-40f9-4441-a0a6-bd825bc2c427

See that diagram above to make it easier to understand, I took it from TechNet Microsoft. What we got now in the example above is there are 5 data sources, Active Directory, Lotus Notes, HR SQL Database, Vendor Database, and Telephone Text File. In Active Directory, there’s a bunch of attributes such as Logon data (computer user name, any other data related to the system). In Lotus Notes (if the company intend to use Lotus Notes rather than Exchange), we got E-mail, Department, Manager, Location, and so on. Different configuration might affect the diagram also, such as if you use Exchange Server rather than Lotus Notes, then we don’t need to use another connector / data sources to Exchange, as it’s already integrated with Active Directory. There’s a bunch of attributes also inside HR SQL Database and Vendor Database, and any other data sources. It pulls the attributes from data sources with some conditional or just barely pull it, put it on some temporary space named as connector space, then will do some attributes combining based on rules. Then it’ll become a full complete identity data, and then push it to another data sources we want to put. Just as simple as that, as long as there’s a such primary key, or Microsoft called it Anchor, which shared across multiple data sources. No Anchor, no combining / joining. With Anchor, everyone happy, all data sync’d.

From this concept, we knew that this software is all about data synchronization, especially identity synchronization between those data sources. I’ll try to write on my understanding, so it’ll be easier to read (or might harder?).

Metaverse

Metaverse is specifically a storage or space that holds an aggregated information from multiple data sources. This is the main internal storage for FIM to work. Those attributes pulled from multiple data sources, will be saved in here.

image

Management Agents

Management Agents is a such configuration for specific data source. One Management Agent represent one data source, and it holds a lot of settings related to the data source, especially on how we want to push and pull the data into the Metaverse. The best part of this, if we can’t find the Management Agent (MA) which fit to our scenarios, we can create one.

image

Processes

Process should be simple, as in my mind, there’s a 3 big processes, Import, Sync, Export. But from those we can get more little specific like Full Import, Delta Import, etc. Import, is importing the data from data source to connector space.  Sync, is a process to committing the imported data from connector space to metaverse, and then do a join and vice versa between data sources. Export, is a process when we push the sync’d data to the data sources.

Diagrams

Of course, diagrams is suddenly very important here, when we are planning to deploy solutions with this kind of software. Before you go through, always write diagram on how we want to push and pull the data. Based on the knowledge above, actually we can draw a sync line between those data sources.

2 komentar:

  1. This is an high level program in my point of view ! Is something same between Church software and this one?

    BalasHapus
    Balasan
    1. It's slightly different from Church software you've pointed to. Church software I think it's to manage denomination and organization inside a church.
      FIM, well, in much simpler case is sync user object between data in the HR database, SAP, and the Active Directory or e-Mail. But in an advanced case, it can be expanded to a wider scenarios.
      And, of course, it's a bit 'high' level because much more related to a big system, it's not just a simple software. And not many client in my country use this, but it's a good idea to share instead.
      Anyway, thanks for reading. I never thought my post about this got comment so fast :P.

      Hapus

[give me your ideas, hopes, comments and compliments below...]
[aaand...... +1 if you need to....]