My Sojourn with MIIS

Microsoft Identity Integration Server: Another sweet product from Microsoft.

This is a product in the Identity Management space. To my knowledge, unlike many other products available today in the market, MIIS is home-made. Via this blog, I am trying to post the knowledge I have received from my one year old friendship with MIIS.

The top features:

1. A state based, Synchronization server.

2. A decent provisioning system.

3. As usual lucid to understand and work

4. As common, has a wonderful group of people working on this and sharing their ideas and solving problems @ MMSUG@yahoogroups.com

5. An inbuilt tool to write your code and thus reduce your pain of writing code

6. Biztalk enabled workflows

7. Doesnt do a RIP v1 kind of data routing.

8. Precendence based Synchronization

9. Has connectors to many known databases and LDAPs

Bad Features:
> Complete Microsoft shop
Means, you have to use all MS products only to implement this product.

I feel, I am still missing something.

Well, this system works primarily as a Metadirectory server. Later it was modified to have the functionalities of a provisioning system.

The architecture:
The application MIIS is at the center, with its own repository called Metaverse. Now it gets connected to different data resources and creates virtual spaces (tables in the MIIS SQL Database) to edit the data that is being imported from the end data resources. To be clear, as any and every data manipulation that has to be done cannot be done on the end resource, we need a place where we can do that. That is called the Connector Space.

For example, if a particular table in an end resource contains 15 columns and we need to work on those fifteen, then we import all these values into the connector space. Later depending upon our needs we would import only the required amount of columns into the metaverse-the main MIIS Repository.

One life Cycle:

End DB -> MIIS -> End DB

Lets talk about a cycle. Data is pulled from the end Authoritative database. The data entirely, will be pulled into a table called mms_connectorspace (table contains data from all data sources, uniquely identified by the dataSource identification number). From here the business rules start getting applied. All rules, related to filtering ids or creating new values or making logical decision etc are worked on this data and final output data is pushed into the Metaverse. To implement all the required resource specific business logic, one implements a DLL for every resource. Now that the data is in the Metaverse, the other logic, like provisioning and deprovisiong and synchronization comes into picture. To handle all this, a special rules extension DLL called the Metaverse Rules Extension DLL is written. This takes care of the afore mentioned. Provisioning or the data being written is written only to the end resource connector space, i.e. the mms_connectorspace with the required id. Then upon export, with specific business logic DLL is configured for every resource, to take the data from the mms_connectorspace table and write it to the endDB.

This is the story.

The advantages in MIIS

1. You get most of the code easily written, because of the reference

2. There is a particular file that can write code for you

3. There are a wonderful set of people at MMSUG@yahoogroups.com just waiting to help.

This relatively, costs you lesser than remaining Identity Management Products.

For those who dont know much about Identity and Access Management, just one line, In the last RSA Security Conference, it was Bill Gates who came up the stage not to announce any other language or operating system, however for their new product ILM 2007 - Identity Life Cycle Manager (MIIS + CLM +++)