locked
MIIS Newbie Question - My Apologies In Advance

    Question

  • How difficult is this to roll out in an all Microsoft environment? 

    Is it highly beneficial in an all msft shop/do benefits increase exponentially in a heterogeneous environment?

    What skills are necessary?

    Given an environment with X number of sites/domains, how much time has it taken to implement?

    What are the biggest 'gotchas'?

    Are deployment docs available?

    Thanks!

    Eric

    Tuesday, August 15, 2006 3:41 AM

Answers

All replies

  • Hello Eric

    Wow.. big question :)

    I have no oubt that the guys in the forum will be able to assist with this, but here is my initial input.

    I suggest you read the MIIS Technical Reference, this will give you an idea of the archtiecture of MIIS. You will see that most likely you will only need one MIIS server for your deployment. This is the norm in most cases although there are specific scenarios which might require additional servers.

    As far as required skills set is concerned I would much rather refer you to two articles on two of our MVP's sites:

    - http://idchaos.blogspot.com/2006/07/chaos-chat-what-is-best-miis-skillset.html#links (Brad Turner)

    - http://www.miisexperts.org/FAQ_Full.html (Craig Martin & Co)

    One of the main 'gotchas' I have come across is the differnce in basic architecture. I am gonna go out on a limb and guess that our focus more on infrastructure than development (since you refer in your question to sites). Most infrastructure guys need to grasp first the MIIS does not function like the familiar Exchange connectors we all know. It is not a read here and write there tool, it is a metadirectory (and with this comes a bit of a initial learning curve). I say this because I originally entered Identity Mangement from a pure advanced infrastructure consulting background.

    There are loads of documentation, site and sceario walkthrouhgs available to make this transition quick and painless. I recommend the following:

    - MSDN Site for MIIS: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/mmsdev/mms/portal.asp

    - MIIS Site Tech Downloads: http://www.microsoft.com/windowsserversystem/miis2003/techinfo/planning/default.mspx

    - MIIS Documentation Roadmap: http://www.microsoft.com/downloads/details.aspx?FamilyID=add44cf4-2ef5-4368-bf4d-f831a0f650f8&DisplayLang=en

    And finally - go through the MIIS Sceario Walkthroughs (http://www.microsoft.com/downloads/details.aspx?FamilyId=15032653-D78E-4D9D-9E48-6CF0AE0C369C&displaylang=en) they will help you to understand the technology and identity areas in which you want to get back to us for q&a.

    Good luck - and please get back to us if there is any further info you require.

    -HTH

     

    Tuesday, August 15, 2006 7:23 AM
  • Eric,

    Almero has some great information and all of the essential links posted so I won't duplicate that - but I do encourage you to at least get through the Technical Reference first. It is essential that you understand the basic MIIS architecture and terminology before you try and work with the product. As Almero pointed out, MIIS is a very different animal. I'll try and add my two cents here and there.

     EricHeavner wrote:

    How difficult is this to roll out in an all Microsoft environment?

    Is it highly beneficial in an all msft shop/do benefits increase exponentially in a heterogeneous environment?

    I would say that MIIS is indifferent to this question as a whole as it is inherently a metadirectory tool. These tools thrive in heterogeneous (mixed) environments since they do well at connecting environments that don't directly communicate with each other in the first place. However, MIIS can still add value in homogeneous (the same - I think that's what you meant) environments as it can help bridge information between Forests, domains, or synchronize extranet Forests or LDAP (ADAM) instances.

     EricHeavner wrote:

    Given an environment with X number of sites/domains, how much time has it taken to implement?


    Almero addressed this, but I'll some comments here as well. "This really depends on the problem you're trying to solve." (typical Architect speak ) Unlike most projects, a successful MIIS implementation is 80% Analysis & Design, and only 20% Build & Implement. How long the initial 80% takes depends a lot on the complexity of your environment, and what business processes you need to automate. It's defining those processes and understanding the individual state changes caused by specific actions that take time to document.

     EricHeavner wrote:

    What are the biggest 'gotchas'?

    I would say it is understanding the business processes and getting an accurate sampling of all of those involved. You may think you know how the new hire process (for example) works, but in reality you only understand it as much as it involves the technologies you are responsible for. It's very important to ask the same question to each of the stakeholders involved in the new hire process (one among many) and then combine the answers into a bigger picture. MIIS is very much a "big picture" product, and if you can't see the big picture then you'll implement a partial solution (or one that is limited in scope and may not satisfy all regulatory requirements). A big gotcha is not being able to step away from the details long enough to see the entire problem at the macro level.

    Another gotcha is trying to do too much right away. The lesson I keep hearing from the past two DECs, from MSFT, and others is that you really want to break the project down into managable chunks or phases and demonstrate value as early as possible. I strongly recommend a Phase 1 approach of only integrating your main service directory (AD for instance) with your HR directory first. If you combine this with Reporting then you can even launch a sub-phase for reporting only and just focus on data cleanup issues prior to actually Provisioning. Data cleanup and manual joins can seriously delay the rollout of any IdM project. But don't approach the other connected directories until you have a solid foundation between HR and AD.

    Tuesday, August 15, 2006 7:15 PM
  • As I expected, it is like eating an elephant!  LOL  Bite, by bite!  Thanks to everyone for your input.  I greatly appreciate it
    Friday, August 18, 2006 4:34 PM