Microsoft FIM Knits Identity Security Blanket
Forefront Identity Manager comforts IT pros who must keep track of troublesome user identity, access and authorization tasks in enterprise and federated environments.
Forefront Identity Manager is the result of Microsoft's latest effort to untangle the mesh of identity procedures and policies that wrap around high value business assets. The trick is to keep identity management costs reasonable while outwitting phishers and satisfying auditors. Forefront Identity Manger 2010- the successor to Identity Lifecycle Manager 2007- succeeds largely through the extensive use of wizards and streamlined management processes that should let lower-level staff implement sufficiently challenging and flexible access policies.Forefront Identity Manager 2010 (FIM 2010) started shipping on April 1. FIM 2010 has a list price of $15,000 per server and $18 per user CAL (Client Access License).As you might imagine, FIM 2010 carries a "better together" tradition that makes it most appropriate for shops that are already users of other Microsoft infrastructure including Active Directory, Sharepoint and Exchange. While FIM 2010 can interact with a variety of other directory, collaboration and e-mail notification tools, it is optimized for use with Microsoft's tools. These Microsoft infrastructure components made up the test environment that I used to evaluate FIM 2010. I ran FIM on a Dell PowerEdge R610 server with 2 quad-core Intel Xeon 5520 processors, 32GB of RAM and six 146GB drives. Using Microsoft Windows 2008 R2 64-bit edition my test environment was composed of 12 virtual systems that provided Sharepoint, Active Directory, Exchange along with a number of Windows 7 systems that accessed various resources by using identity services that were enabled through FIM 2010. FIM 2010 is much more than a password or credential management system, although it does enable user self-service password reset. I used the product to manage remote access to test documents, create federated access to resources between different organizations, and streamlined the onboarding and offboarding process of employees. While FIM 2010 was significantly easier to use than Identity Lifecycle Manager 2007, my work with the product indicates that significant IT resources will still be needed for FIM 2010 daily operations use. Full implementation of the product will almost certainly require a services engagement. As might be expected, installing a new version of FIM 2010 or- more likely- upgrading to FIM 2010 from a previous generation identity management system is no small task. Even where Microsoft was able to streamline setup tasks, FIM 2010 operates in highly sensitive and usually highly regulated territory.