none
Forefront Identity Manager 2010 R2 - Architecture query RRS feed

  • Question

  • If am deploying Microsoft's Forefront Identity Management (FIM) on a Single server environment (this means that FIM Service & FIM Synchronization Service will be installed on a single system which is running Windows server 2008 or Windows Server 2008 R2) and I want to use IBM DB2 & IBM Directory Server or Oracle Database and Sun/Oracle Directory server , Do I have to install Active Directory (AD DS) on the Windows Server 2008 where FIM service and FIM Synchronization Service will be installed ?


    And, How will this work if I want to deploy in a Cluster Environment ?

    Say, My FIM Service is installed on Machine A, -- FIM Synchronization Service is set-up on Machine B. Can I install the Database (DB2/Oracle) and Directory Server (IBM/Oracle) on either of them (i.e Machine A or B) ? Or Can I Install this on a third system i.e Machine C ?

    If Installed on 3 systems, do we require AD DS anyways for these 3 systems to communicate? Or Will it work if these 3 systems are set-up as windows local servers ?

    If answer to the first part of the question above (in Bold) is YES, and FIM deployment is planned in a cluster Environment, and I plan to use other vendors Database & Directory Server, Irrespective of installing DB2/Oracle Database & IBM/Oracle Directory server will I have to install Active Directory Domain Services ?

    Sunday, July 27, 2014 10:25 PM

Answers

  • On Tue, 29 Jul 2014 10:49:22 +0000, Mihir_7 wrote:

    On Tue, 29 Jul 2014 10:49:22 +0000, Mihir_7 wrote:

    Like, How we have IBM DB2 and IBM Directory server as components of IBM Security Identity Manager and likewise Oracle database & Directory server for Oracle Identity Management,

    My question was,

    Thought it is not recommended and is difficult to manage if we use an Identity Manager of a different vendor and the middle-ware components of a different vendor. However, If I am installing IBM security Identity manager it supports Oracle Database or SQL database if I don't opt to go with IBM DB2 ( I know that if I go by this way one cannot use middle-ware configuration utility tool ).

    No idea, you'd have to ask this question in an IBM and/or Oracle forum.


    Similarly, my question in original post was if we deploy FIM can we use a database from IBM or Oracle for it's installation or configuration, to which you mentioned that it's not and we must use SQL for installation/configuration. 

    As I stated, for FIM, you must use SQL Server.


    Example - Once we have IBM Security Identity manager up and running, by default it has few adapters with which we can manage ID's (identities) on target resources such as unix server, Lotus Notes, Windows server etc. 

    The link which I have mentioned, does it explain that once FIM installation and configuration is done FIM Synch service connects to these database (target resource) in order to manage ID's (identities) like the above example statement ?

    Is my understanding correct ?

    Yes, that is correct, and that is what that link is referring to.


    And,

    q1) With FIM can we manage identities on unix server(s) ?

    Yes.


    q2) "/Identity stores/ or /connected data sources/ are the systems that FIM manages through MAs*"

           What do you mean by *MAs
    ? Does it mean Adapters ?

    Management Agents, though the current term for them is now Connectors.
    These are used by FIM to connect to the databases/applications/directories
    that you want to use FIM to manage identities in.


    Paul Adare - FIM CM MVP
    Our OS who art in CPU, UNIX be thy name.
    Thy programs run, thy syscalls done, in kernel as it is in user!
    -- BSD fortune file

    • Marked as answer by Mihir_7 Tuesday, July 29, 2014 11:07 PM
    Tuesday, July 29, 2014 12:07 PM

All replies

  • On Sun, 27 Jul 2014 22:25:20 +0000, Mihir_7 wrote:

    If answer to the first part of the question above (in Bold) is YES, and FIM deployment is planned in a cluster Environment, and I plan to use other vendors Database & Directory Server, Irrespective of installing DB2/Oracle Database & IBM/Oracle Directory server will I have to install Active Directory Domain Services ?

    The servers running FIM must be domain members. Also, you cannot use a
    database other than SQL Server for the FIM databases.


    Paul Adare - FIM CM MVP
    IBM - "Internally Blackened Machines" -- Bob Vaughan about PSU failures

    Monday, July 28, 2014 8:13 AM
  • Can you help me understand this

    http://technet.microsoft.com/en-us/library/ff621362(v=ws.10).aspx

    Monday, July 28, 2014 3:52 PM
  • On Mon, 28 Jul 2014 15:52:50 +0000, Mihir_7 wrote:

    Can you help me understand this

    http://technet.microsoft.com/en-us/library/ff621362(v=ws.10).aspx



    <http://social.technet.microsoft.com/Forums/getfile/505172>

    I read your original post as you wanting to use something other than SQL
    Server for the databases that FIM uses for its own configuration, that is
    the database(s) that get created during the initial installation of FIM,
    either the FIM Synch service or the FIM Service. Those databases must be
    hosted in SQL Server.

    The page you refer to above lists the database software types that the FIM
    Synch service is able to connect to, post-install, in order to manage
    identities in those databases. They are not databases that FIM is able to
    use for its own configuration information and storage.


    Paul Adare - FIM CM MVP
    "symlinks ... the goto of the file system world." -- David Tilbrook

    Tuesday, July 29, 2014 7:23 AM
  • Like, How we have IBM DB2 and IBM Directory server as components of IBM Security Identity Manager and likewise Oracle database & Directory server for Oracle Identity Management,

    My question was,

    Thought it is not recommended and is difficult to manage if we use an Identity Manager of a different vendor and the middle-ware components of a different vendor. However, If I am installing IBM security Identity manager it supports Oracle Database or SQL database if I don't opt to go with IBM DB2 ( I know that if I go by this way one cannot use middle-ware configuration utility tool ).

    Similarly, my question in original post was if we deploy FIM can we use a database from IBM or Oracle for it's installation or configuration, to which you mentioned that it's not and we must use SQL for installation/configuration. 

    Example - Once we have IBM Security Identity manager up and running, by default it has few adapters with which we can manage ID's (identities) on target resources such as unix server, Lotus Notes, Windows server etc. 

    The link which I have mentioned, does it explain that once FIM installation and configuration is done FIM Synch service connects to these database (target resource) in order to manage ID's (identities) like the above example statement ?

    Is my understanding correct ?

    And,

    q1) With FIM can we manage identities on unix server(s) ?

    q2) "Identity stores or connected data sources are the systems that FIM manages through MAs"

           What do you mean by MAs ? Does it mean Adapters ?



    • Edited by Mihir_7 Tuesday, July 29, 2014 10:55 AM
    Tuesday, July 29, 2014 10:49 AM
  • On Tue, 29 Jul 2014 10:49:22 +0000, Mihir_7 wrote:

    On Tue, 29 Jul 2014 10:49:22 +0000, Mihir_7 wrote:

    Like, How we have IBM DB2 and IBM Directory server as components of IBM Security Identity Manager and likewise Oracle database & Directory server for Oracle Identity Management,

    My question was,

    Thought it is not recommended and is difficult to manage if we use an Identity Manager of a different vendor and the middle-ware components of a different vendor. However, If I am installing IBM security Identity manager it supports Oracle Database or SQL database if I don't opt to go with IBM DB2 ( I know that if I go by this way one cannot use middle-ware configuration utility tool ).

    No idea, you'd have to ask this question in an IBM and/or Oracle forum.


    Similarly, my question in original post was if we deploy FIM can we use a database from IBM or Oracle for it's installation or configuration, to which you mentioned that it's not and we must use SQL for installation/configuration. 

    As I stated, for FIM, you must use SQL Server.


    Example - Once we have IBM Security Identity manager up and running, by default it has few adapters with which we can manage ID's (identities) on target resources such as unix server, Lotus Notes, Windows server etc. 

    The link which I have mentioned, does it explain that once FIM installation and configuration is done FIM Synch service connects to these database (target resource) in order to manage ID's (identities) like the above example statement ?

    Is my understanding correct ?

    Yes, that is correct, and that is what that link is referring to.


    And,

    q1) With FIM can we manage identities on unix server(s) ?

    Yes.


    q2) "/Identity stores/ or /connected data sources/ are the systems that FIM manages through MAs*"

           What do you mean by *MAs
    ? Does it mean Adapters ?

    Management Agents, though the current term for them is now Connectors.
    These are used by FIM to connect to the databases/applications/directories
    that you want to use FIM to manage identities in.


    Paul Adare - FIM CM MVP
    Our OS who art in CPU, UNIX be thy name.
    Thy programs run, thy syscalls done, in kernel as it is in user!
    -- BSD fortune file

    • Marked as answer by Mihir_7 Tuesday, July 29, 2014 11:07 PM
    Tuesday, July 29, 2014 12:07 PM
  • Thanks for clearing my doubts :)

    One more question popped, after reading you last reply ;)

    When you talk about connectors, are these connectors available as a package with FIM suite ? If yes, by default which are those ?

    And, do we have option to create custom connectors ? If yes, does FIM provide with any connector development kit or which is the one recommended ?

    Tuesday, July 29, 2014 11:13 PM
  • On Tue, 29 Jul 2014 23:13:16 +0000, Mihir_7 wrote:

    When you talk about connectors, are these connectors available as a package with FIM suite ? If yes, by default which are those ?

    http://msdn.microsoft.com/en-us/library/jj863241%28v=ws.10%29.aspx


    And, do we have option to create custom connectors ? If yes, does FIM provide with any connector development kit or which is the one recommended ?

    http://msdn.microsoft.com/en-us/library/windows/desktop/hh859557%28v=vs.100%29.aspx


    Paul Adare - FIM CM MVP
    "Lotus Notes for Dummies" is surely a single page pull out with
    "don't" printed on it. -- Unknown

    Wednesday, July 30, 2014 9:55 AM