View Slides - Knowledge Center

Download Report

Transcript View Slides - Knowledge Center

Hugh Simpson-Wells
Oxford Computer Group
11th January 2013
Agenda
Data held in and/or
required by many
directories, databases
and services
• Personal attributes: names, telephone numbers, job title
• Authentication: logons, passwords
• Authorization: key attributes, role and group memberships
Often not well coordinated
•
•
•
•
•
Unnecessary administration overhead
Security is compromised
Difficult to roll out new applications and services
Poor user experience can lead to low productivity
Proper governance can’t be shown (because it isn’t there)
And also…
•
•
•
•
Password reset – helpdesk overload
Reporting requirements – who has/had access to what?
Whites pages
Etc.
Ctroup
Logon name
Full Name
DN
Directory
Service
Carol Troup
Logon name
E-mail alias
Cost center
Employee #
Carolt
Display name
E-mail alias
Phone #
E-mail
Directory
 State-based, so that it is
persistent
 Resilient against connectivity
outages and other failures
 Minimum changes to target
systems
 Can connect to (almost) any
Troup, Carol
Title
Cost center
Manager
ERP
Database
Metadirectory
Carol Troup
Title
Employee #
Salary
HR
Database
system
 Rules can leverage the entire
.NET capability
Carol Troup
Title
HR
Database
Carole Troup
Carol Troup
E-mail alias
Carol Troup
Title
E-mail alias
Logon name
Metadirectory
E-mail
Directory
Caro Troup
Carol Troup
Logon name
Directory
Service
Carol Troup
Title = Consultant
Title = Sr. Consultant
HR
Database
Carol Troup
Title = Consultant
Title = Sr. Consultant
E-mail
Directory
Carol Troup
Title = Consultant
Title = Sr. Consultant
Directory
Service
Carol Troup
Title = Consultant
`Title = Sr. Consultant
Metadirectory
Tomas Koska
Added
manually
HR
Database
E-mail
Directory
Directory
Tomas Koska
New Object in
Metadirectory
Metadirectory
Tomas Koska
Accounts/Objects
Created
Tomas Koska
Modified
Manually
X
Tomas Koska
Object in
Metadirectory
HR
Database
X
E-mail
Directory
X
NOS
Directory
X
Metadirectory
Tomas Koska
AD User
Solutions
Group
Mgmt
User
Mgmt
Credential
Mgmt
Policy
Mgmt
Custom
Reporting
FIM Clients
Outlook
Custom
Windows
Portals
CM
SSRS
FIM Platform
FIM Sync
FIM Service
App
DB
Request Delegation
AuthN
AuthZ
Processor & Permissions WorkflowWorkflow
Meta
directory
CM
DB
Data
Warehouse
MAs
Cert Mgmt
SCSM
Action
Workflow
Identity Stores
Directories
Applications
Databases
E-Mail Systems






Performance improvements
Self-service password reset enhancements (demo)
New synchronization rule type (demo)
Reporting (demo)
Extensible Connectivity Management Agent 2
BHOLD
More performance improvements
Version support for FIM itself (e.g. Windows Server 2012, SQL Server 2012)
Visual Studio 2010 for extensions
Other version support for WS2012 (AD MA), Office 2013 for client
components, Windows 8 client support (e.g. SSPR)
 SCSM 2012 reporting support




– including new sync rule type
– including password reset






Performance improvements
Self-service password reset enhancements (demo)
New synchronization rule type (demo)
Reporting (demo)
Extensible Connectivity Management Agent 2
BHOLD
More performance improvements
Version support for FIM itself (e.g. Windows Server 2012, SQL Server 2012)
Visual Studio 2010 for extensions
Other version support for WS2012 (AD MA), Office 2013 for client
components, Windows 8 client support (e.g. SSPR)
 SCSM 2012 reporting support




 Provides Report platform
 Provides Data Warehouse
 Configuration of reporting process
 Initial: Used the first time data is extracted
 Initial Partial: Used after a configuration change (e.g. schema extension)
 Incremental: Used in regular operation to extract the changes since the last
incremental extraction
 Extract: from the System Center Service Manager database to the Staging
tables
 Transform and stored in Data Repository
 Loaded into the Data Mart
 Resource Type in FIM as which class in DW
 Attribute in FIM as which Property in DW
 Reference Attribute in FIM as Relationship in DW
 DW Schema defined in Management Packs
 e.g. FIMDisplayName is in FIMEntity and
FIMPerson
 Prevents need for excessive joins
 e.g. FIMPerson has entries in
FIMPerson, FIMEntity and Entity
 FIMGroupHasExplicitMembersFact_2012_April
 FIMGroupHasExplicitMembersFact_2012_May
 e.g. FIMGroupHasExplicitMembersFactvw
 Always report against the views!
Thank you