none
Initializing FIM RRS feed

  • General discussion

  • Hi,

    We have an existing ILM 2007 environment with many connected systems, and are moving to FIM.

    We can migrate the existing ILM MAs across to FIM; however due to the fact that we already have data in the connected systems - is it a common practice to create new 'initialization MAs' to initially populate the MV with all the required data - in that way the existing MAs do not need to be modified. For example. would it confuse FIM if we had 2 AD MAs (one initial load only, the other the ongoing MA?)

    Just looking for some comments on this idea.

    thanks

    SK


    • Edited by D Wind Friday, June 1, 2012 1:45 AM
    Friday, June 1, 2012 12:35 AM

All replies

  • If you are starting a new environment i would try to import the data using the existing management agent and join the data from the connectors using a key that you sure now is available to get data back again within the metaverse.

    Are you also migrating to synchronization rules within the FIM portal or only upgrading the ILM sync engine to FIM sync engine.



    Need realtime FIM synchronization and advanced reporting? check out the new http://www.imsequencer.com that supports FIM 2010, Omada Identity Manager, SQL, File, AD or Powershell real time synchronization!

    Friday, June 1, 2012 6:37 AM
  • Will be migrating from FIM Sync & Portal lab into new FIM Sync & Portal production.

    This will replace the current ILM environment...however we cannot reuse the existing ILM MV due to modifications done to the object classes.

    So all the work ILM has done over the years, first has to be imported from all the connected systems into FIM, before we enable FIM logic. Hence my initial question on the process.

    Thanks


    • Edited by D Wind Friday, June 1, 2012 7:18 AM
    Friday, June 1, 2012 7:17 AM
  • I can see no reason to create duplicate MAs.  You have to have the data from each MA in the connector space of that MA, and that's only done by importing on that MA.  An "initialization MA" would have an independent connector space and wouldn't do you any good.

    If you can't transfer the ILM database and "upgrade" it, then apply your changes, then you're basically starting from scratch.  Turn off provisioning, do full imports on all your MAs, run a round of full synchronizations to project identities into your new metaverse and join to them from other MAs, turn on provisioning and do another round of full sync's to create any new connectors needed and modify any connectors (renames in AD, etc.).

    If by "FIM logic" you mean declarative, portal-based rules, the advice I've seen others in the forum give is to get your objects exported to the FIM MA before you create your sets, MPRs, etc. to reduce the amount of time the bulk load the portal takes.  The more rules apply to each object, the longer each individual exported identity takes to export.

    Chris

    Friday, June 1, 2012 9:27 PM
  • You first want to import all data within FIM Sync and connect all connectors to the correct mv objects so no duplicates are created, then export to the FIM portal and apply the FIM logic

    Need realtime FIM synchronization and advanced reporting? check out the new http://www.imsequencer.com that supports FIM 2010, Omada Identity Manager, SQL, File, AD or Powershell real time synchronization!

    Monday, June 4, 2012 6:54 AM