Microsoft Identity Integration Server (MIIS) 2003, Enterprise Edition is a lesser know member of the Windows Server System family. The third incarnation of the product formerly known as Microsoft Metadirectory Services (MMS), MIIS provides vital functions in today's security-conscious business world.
Identity information about users and network resources is typically scattered around the network in various applications and databases that aren't necessarily compatible with one another. MIIS provides a centralized service that consolidates all that information. The product synchronizes user account information, passwords, and other identity data across multiple directories and other data stores, making the information easy to manage and update across the enterprise and reducing the administrative overhead required to maintain multiple copies of information. MIIS also ensures that users have fast access to resources by eliminating denials of access that can result when identity information isn't promptly updated. And businesses can use MIIS to comply with industry-specific governmental regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLB Act), and the Sarbanes-Oxley Act, that mandate control of identity information.
MIIS in Brief
Here's how MIIS works. Software components called management agents or connectors connect data sources (e.g., databases, directories, flat files) to MIIS. The product implements these connections as a set of tables called a metaverse. MIIS contains a metadirectory, which consolidates all information about an object (i.e., a particular user or resource) into one entry. Each entry contains multiple attributes or pieces of information (e.g., a password, an employee number) for the object.
MIIS stores the metadirectory in a Microsoft SQL Server database. Administrators can access and update information from this central location. When one connected data source is changed, whether by an administrator, an end user, a program, or some other means, MIIS can automatically propagate the change to other connected data sources. MIIS resolves conflicts between information in different data sources based on rules that specify which data sources are authoritative for particular attributes.
Using MIIS
Implementing an identity-management infrastructure into an enterprise environment in which many disparate directories and databases are already in use is a complex undertaking. The process involves determining which attributes from each data source to include in the metaverse and which connected data sources to consider authoritative for particular attributes.
To help customers plan and implement their identity-management infrastructures, Microsoft teamed with PricewaterhouseCoopers to develop the Microsoft Identity and Access Management Solution. The Identity and Access Management Solution helps you design the Active Directory (AD) environment on which the centralized repository is based, assists in evaluating the cost effectiveness of different options, and guides you through the process of integrating MIIS into the organization. The Solution also discusses deployment and best practices with an eye toward ease of management, security, and lower total cost of ownership (TCO). To learn more about the Solution, see http://www.microsoft.com/technet/security/topics/identity/idmanage/default.mspx.
The first step in creating the identity-management infrastructure within an organization is to connect MIIS to all the data sources that hold identity information. These sources might include AD, the Windows NT user database, Novell Directory Services (NDS), email systems such as Microsoft Exchange Server and Lotus Notes, the underlying databases of management software products from companies such as PeopleSoft and SAP, databases such as SQL Server and Oracle 8i, and file-based sources such as comma-separated value (CSV) files and LDAP Data Interchange Format (LDIF) files. MIIS 2003, Enterprise Edition ships with many management agents that are designed to connect with data sources such as these.
Users who need to synchronize identity information and Exchange Server 2003 and Exchange Server 2000 Global Address Lists (GALs) only across multiple AD forests can use the Microsoft Identity Integration Feature Pack (IIFP) for Microsoft Windows Server Active Directory. The IIFP functions as a "lite" version of MIIS and includes a limited set of management agents for AD, Active Directory Application Mode (ADAM), and Exchange. You can obtain the free IIFP at http://www.microsoft.com/downloads/details.aspx?familyid=d9143610-c04d-41c4-b7ea-6f56819769d5&displaylang=en.
In addition to using Microsoft-supplied tools for implementing MIIS, administrators who have programming skills can create custom extensions to control the behavior of management agents and the metaverse. Unlike MMS, MIIS lets you use common scripting languages—specifically, Visual Basic .NET and C#—to create rule extensions. You can also use applications such as Windows Management Instrumentation (WMI) to manage MIIS. For example, you can use scripts that call WMI to schedule updates, start and stop management agents, check statistics, generate reports, and interface MIIS to third-party management consoles. You can use the WMI interface to start imports and exports of data and run queries against the MIIS metaverse.
Third-Party Extensions
Microsoft partners have developed a variety of products to interoperate with and extend MIIS in the enterprise. These products provide capabilities such as management console integration with MIIS, password management, cross-platform integration, and scalability. Table 1 lists the add-ons that I mention in this article.
Management-console integration.
Management consoles such as Microsoft Operations Manager (MOM), HP OpenView, and the IBM Tivoli Enterprise Console let you monitor and manage multiple servers and applications from one console view. Interfacing MIIS with your management console lets you use the familiar console interface to access MIIS information. For example, the MIIS 2003 Management Pack module lets you use MOM to monitor identity integration scenarios. OpenView and Tivoli Enterprise Console interface with MIIS through WMI to let you track and manage MIIS events within the big picture of the entire network. You can also configure many management consoles to automatically respond to events and notify administrators of events.
Previous
Register
