Microsoft FIM Knits Identity Security Blanket
Email
Print
Forefront Identity Manager comforts IT pros who must keep track of troublesome user identity, access and authorization tasks in enterprise and federated environments.
Forefront Identity Manager is the result of Microsoft's
latest effort to untangle the mesh of identity procedures and policies that
wrap around high value business assets.
The trick is to keep identity management costs reasonable
while outwitting phishers and satisfying auditors. Forefront Identity Manger
2010- the successor to Identity Lifecycle Manager 2007- succeeds largely
through the extensive use of wizards and streamlined management processes that
should let lower-level staff implement sufficiently challenging and flexible
access policies.
Forefront Identity Manager 2010 (FIM 2010) started shipping
on April 1. FIM 2010 has a list price of $15,000 per server and $18 per
user CAL (Client Access License).
As you might imagine, FIM 2010 carries a "better
together" tradition that makes it most appropriate for shops that are
already users of other Microsoft infrastructure including Active Directory,
Sharepoint and Exchange. While FIM 2010 can interact with a variety of other
directory, collaboration and e-mail notification tools, it is optimized for use
with Microsoft's tools.
These Microsoft infrastructure components made up the test
environment that I used to evaluate FIM 2010. I ran FIM on a Dell PowerEdge
R610 server with 2 quad-core Intel Xeon 5520 processors, 32GB of RAM
and six 146GB drives. Using Microsoft Windows 2008 R2 64-bit edition my test
environment was composed of 12 virtual systems that provided Sharepoint, Active
Directory, Exchange along with a number of Windows 7 systems that accessed
various resources by using identity services that were enabled through FIM
2010.
FIM 2010 is much more than a password or credential
management system, although it does enable user self-service password reset. I
used the product to manage remote access to test documents, create federated
access to resources between different organizations, and streamlined the
onboarding and offboarding process of employees.
While FIM 2010 was significantly easier to use than Identity
Lifecycle Manager 2007, my work with the product indicates that significant IT
resources will still be needed for FIM 2010 daily operations use. Full
implementation of the product will almost certainly require a services
engagement. As might be expected, installing a new version of FIM 2010 or- more
likely- upgrading to FIM 2010 from a previous generation identity management
system is no small task. Even where Microsoft was able to streamline setup
tasks, FIM 2010 operates in highly sensitive and usually highly regulated
territory.
Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at cameron.sturdevant@quinstreet.com.
