none
Upgrading from MIIS/ILM 2007 to FIM 2010

    Question

  • Hello,

    What's the upgrade path to go from MIIS/ILM 2007 to FIM 2010?  Will FIM 2010 just use your current configuration?  Also, how's the timing of the FIM release?  If you were implementing Identity Management now - is it best to implement it on ILM or FIM?

    Thanks,
    Chris
    reef
    Friday, August 7, 2009 10:27 PM

Answers

  • Chris,

        The upgrade path from ILM 2007 to FIM 2010 involves several steps, but generally will not be terribly difficult.  You would need to accomplish the following:

    1 - Stand up a test environment that represents your production environment
    2 - Upgrade your SQL database to 2008 if not already there
    3 - Recompile all code using .Net 3.5 (Visual Studio 08)
    4 - Perform complete end to end testing
    5 - Verify you have x64 versions for any third party apps required on the ILM server (Oracle client, Notes client, etc)
    6 - Build Windows 2008 x64 and install FIM 2010 sync engine - pointing to the SQL 2008 version of the ILM database
    7 - Perform complete end to end testing
    8 - Consider installing FIM 2010 portal
    9 - Consider migrating some of the codeless capabilities and group management to FIM 2010
    10 - Perform complete end to end testing

    As you can see from above - FIM 2010 can make use of your existing design, but it is not a point and click upgrade (one is 32 bit only, the other 64 bit only).

    Timing of the release of FIM 2010 can best be answered by some of the MS guys - they have the latest information

    As for which one to use - if you are just now getting into the process of implementing an identity management solution, you should start with determining systems involved, gathering requirements, developing a design, etc.  If you absolutely require the use of a portal to allow user participation, then you may want to wait on FIM 2010 (or look at designing your own); if you are looking to deploy in the immediate future, you will have to decide whether or not you can use release candidate software in a production environment.  With the release of RC1 of FIM 2010, you may be able to participate in TAP/RDP programs if desired.

    As you can see from the migration path; if you decide to start with ILM 2007, you can still migrate the capabilities to FIM 2010 without too much work, though it may involve some rework to move some of the design into the portal.

    Bob T
    Friday, August 7, 2009 11:56 PM
  • Chris,

    Bob gives you a great and very thorough answer. Let me add one or two items:

    In step 3 You will need to change some of your references to use 64-bit editions of the new Microsoft.metadirectoryservicesex.dll that was introduced with the hotfix referenced below:
    http://support.microsoft.com/default.aspx/kb/946797

    I can't understate the importance of following Bob's advice in Step 5. 64 bit editions of the items needed is critical. For example the Host Access Management Agents are not yet available for 64-bit use since they depend on Host Integration Server 2006 which won't install on Windows Server 2008 x64. So if connect to mainframes you will need to consider how to do that
    1) using ILM 2007 as a bridge
    or
    2) using a 3rd party MA
    or
    3) writing your own MA
    David Lundell www.ilmBestPractices.com
    Sunday, September 27, 2009 5:02 AM

All replies

  • Chris,

        The upgrade path from ILM 2007 to FIM 2010 involves several steps, but generally will not be terribly difficult.  You would need to accomplish the following:

    1 - Stand up a test environment that represents your production environment
    2 - Upgrade your SQL database to 2008 if not already there
    3 - Recompile all code using .Net 3.5 (Visual Studio 08)
    4 - Perform complete end to end testing
    5 - Verify you have x64 versions for any third party apps required on the ILM server (Oracle client, Notes client, etc)
    6 - Build Windows 2008 x64 and install FIM 2010 sync engine - pointing to the SQL 2008 version of the ILM database
    7 - Perform complete end to end testing
    8 - Consider installing FIM 2010 portal
    9 - Consider migrating some of the codeless capabilities and group management to FIM 2010
    10 - Perform complete end to end testing

    As you can see from above - FIM 2010 can make use of your existing design, but it is not a point and click upgrade (one is 32 bit only, the other 64 bit only).

    Timing of the release of FIM 2010 can best be answered by some of the MS guys - they have the latest information

    As for which one to use - if you are just now getting into the process of implementing an identity management solution, you should start with determining systems involved, gathering requirements, developing a design, etc.  If you absolutely require the use of a portal to allow user participation, then you may want to wait on FIM 2010 (or look at designing your own); if you are looking to deploy in the immediate future, you will have to decide whether or not you can use release candidate software in a production environment.  With the release of RC1 of FIM 2010, you may be able to participate in TAP/RDP programs if desired.

    As you can see from the migration path; if you decide to start with ILM 2007, you can still migrate the capabilities to FIM 2010 without too much work, though it may involve some rework to move some of the design into the portal.

    Bob T
    Friday, August 7, 2009 11:56 PM
  • Chris,

    Bob gives you a great and very thorough answer. Let me add one or two items:

    In step 3 You will need to change some of your references to use 64-bit editions of the new Microsoft.metadirectoryservicesex.dll that was introduced with the hotfix referenced below:
    http://support.microsoft.com/default.aspx/kb/946797

    I can't understate the importance of following Bob's advice in Step 5. 64 bit editions of the items needed is critical. For example the Host Access Management Agents are not yet available for 64-bit use since they depend on Host Integration Server 2006 which won't install on Windows Server 2008 x64. So if connect to mainframes you will need to consider how to do that
    1) using ILM 2007 as a bridge
    or
    2) using a 3rd party MA
    or
    3) writing your own MA
    David Lundell www.ilmBestPractices.com
    Sunday, September 27, 2009 5:02 AM