none
Event based sync?

    Question

  • Hi,

    So FIM is a state-based system, and not an event-based system. And you need to execute the Run Profiles to start the sync process.

    Now - is there a way to invoke one of the Run Profiles from an MPR? This way FIM can become a event-based system (in a way)?

    Thanks

     

    Sunday, October 17, 2010 10:26 AM

Answers

  • I've been architecting my MIIS/ILM solutions for 6 years under an event-driven model using the Event Broker from UNIFY Solutions, and now I'm doing it with FIM.  The Event Broker has always been able to run export run profiles when pending exports are detected, and can do so in a mutex fashion to avoid locking.  It has also always been able to run (delta) import run profiles whenever changes occur in a CD for which it is configured to respond (e.g. AD, SQL, file, etc.).

    The way I have been triggering the FIM MA (delta import/delta sync) run profiles is to use a PULL approach - the MPR(s) I configure just flicks a switch (or switches) to say there's something to import.  Depending on whether or not the change is to managed identity data or to business rules determines whether or not the resulting sync activity is a delta cycle or a full sync cycle (i.e. a re-baseline of the sync engine is required after a rule change).  Works a treat I might add :)

    There has been some considerable momentum building around this model of late, and I expect to be writing up our first FIM 2010 case study in the not too distant future.  In the meantime drop me a line for more details.


    Bob Bradley, www.unifysolutions.net (FIMBob?)
    Tuesday, October 19, 2010 12:33 AM

All replies

  • Create a custom action workflow to make WMI calls to the FIM sync engine to run a profile. Then attach that the MPR.

    http://msdn.microsoft.com/en-us/library/ms694615.aspx

    http://msdn.microsoft.com/en-us/library/ms697765.aspx


    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html
    Sunday, October 17, 2010 3:00 PM
  • You'd need some sort of tracking system though I would think - what happens if 1000 users fire a MPR which kicks off the same run profile?
    My Book - Active Directory, 4th Edition
    My Blog - www.briandesmond.com
    Sunday, October 17, 2010 5:05 PM
  •  Brian is right that you want some throttle controls. You could check to see if anything is already running first.


    David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html
    Monday, October 18, 2010 3:02 PM
  • I've been architecting my MIIS/ILM solutions for 6 years under an event-driven model using the Event Broker from UNIFY Solutions, and now I'm doing it with FIM.  The Event Broker has always been able to run export run profiles when pending exports are detected, and can do so in a mutex fashion to avoid locking.  It has also always been able to run (delta) import run profiles whenever changes occur in a CD for which it is configured to respond (e.g. AD, SQL, file, etc.).

    The way I have been triggering the FIM MA (delta import/delta sync) run profiles is to use a PULL approach - the MPR(s) I configure just flicks a switch (or switches) to say there's something to import.  Depending on whether or not the change is to managed identity data or to business rules determines whether or not the resulting sync activity is a delta cycle or a full sync cycle (i.e. a re-baseline of the sync engine is required after a rule change).  Works a treat I might add :)

    There has been some considerable momentum building around this model of late, and I expect to be writing up our first FIM 2010 case study in the not too distant future.  In the meantime drop me a line for more details.


    Bob Bradley, www.unifysolutions.net (FIMBob?)
    Tuesday, October 19, 2010 12:33 AM
  • Shameless plug... sorry FIMBob I had too.. :)

    Bob's product is top notch and already built/tested/implemented.. and likely your best bet as a solution.....

    :)

     

     


    Joe Stepongzi - Identity Management Consultant ilmXframework.codeplex.com
    Tuesday, October 19, 2010 4:53 AM
  • Bob,

    I assume this is something that customers would have to additionally purchase?

    Sounds pretty awesome though!

    Thanks

    Tuesday, October 19, 2010 5:45 PM
  • I had considered something callable from a workflow using MSMQ and A Windows Service on the Sync System. The Windows Service would respond to a call and check current requests on the stack to determine if there is already a pending call on the MA and do a check against the current state of the MAs to make sure that they aren't already running.

    Unfortunately, I never got the free cycles to do more than a conceptual design.


    Eric
    Tuesday, October 19, 2010 6:50 PM
  • Eric - what you describe is one of the concepts in the Event Broker design ... check out my company website for more details.  It's been evolving over 6 years now, so it's certainly mature, so no need to re-invent the wheel?
    Bob Bradley, www.unifysolutions.net (FIMBob?)
    Tuesday, October 19, 2010 10:39 PM
  • I just listened to a Teched FIM webcast - and they state that an outbound sync rule can trigger a Run Profile...but they dont explain how.
    Tuesday, October 26, 2010 9:08 AM