Microsoft FIM Knits Identity Security Blanket

 
 
By Cameron Sturdevant  |  Posted 2010-07-22 Email Print this article Print
 
 
 
 
 
 
 

Forefront Identity Manager comforts IT pros who must keep track of troublesome user identity, access and authorization tasks in enterprise and federated environments.

Forefront Identity Manager is the result of Microsoft's latest effort to untangle the mesh of identity procedures and policies that wrap around high value business assets. 

The trick is to keep identity management costs reasonable while outwitting phishers and satisfying auditors. Forefront Identity Manger 2010- the successor to Identity Lifecycle Manager 2007- succeeds largely through the extensive use of wizards and streamlined management processes that should let lower-level staff implement sufficiently challenging and flexible access policies. 

Forefront Identity Manager 2010 (FIM 2010) started shipping on April 1. FIM 2010 has a list price of $15,000 per server and $18 per user CAL (Client Access License).

As you might imagine, FIM 2010 carries a "better together" tradition that makes it most appropriate for shops that are already users of other Microsoft infrastructure including Active Directory, Sharepoint and Exchange. While FIM 2010 can interact with a variety of other directory, collaboration and e-mail notification tools, it is optimized for use with Microsoft's tools.

These Microsoft infrastructure components made up the test environment that I used to evaluate FIM 2010. I ran FIM on a Dell PowerEdge R610 server with 2 quad-core Intel Xeon 5520 processors, 32GB of RAM and six 146GB drives. Using Microsoft Windows 2008 R2 64-bit edition my test environment was composed of 12 virtual systems that provided Sharepoint, Active Directory, Exchange along with a number of Windows 7 systems that accessed various resources by using identity services that were enabled through FIM 2010.

FIM 2010 is much more than a password or credential management system, although it does enable user self-service password reset. I used the product to manage remote access to test documents, create federated access to resources between different organizations, and streamlined the onboarding and offboarding process of employees.

While FIM 2010 was significantly easier to use than Identity Lifecycle Manager 2007, my work with the product indicates that significant IT resources will still be needed for FIM 2010 daily operations use. Full implementation of the product will almost certainly require a services engagement. As might be expected, installing a new version of FIM 2010 or- more likely- upgrading to FIM 2010 from a previous generation identity management system is no small task. Even where Microsoft was able to streamline setup tasks, FIM 2010 operates in highly sensitive and usually highly regulated territory.



 
 
 
 
Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at cameron.sturdevant@quinstreet.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel