Microsoft Corp. says that the Identity Integration Server 2003 it released to manufacturing Wednesday represents more than just a name change for the product, which was formerly known as Metadirectory Services 2003.
Microsoft Identity Information Server (MIIS) 2003 goes beyond the functionality of a traditional metadirectory by adding features such as automatic account provisioning and password management to its existing ability to integrate user identity information across multiple account stores running on different systems, said Michael Stephenson, a lead product manager at Microsoft.
"This is a major revision to the product," said Jamie Lewis, CEO and research chair at Burton Group in Midvale, Utah. "They have started to build in the foundation for provisioning and password-management capabilities that increase the functionality of the product. It's something the whole market is doing. Directory and metadirectory services are evolving into a broader set of identity management tools and services."
Chicago-based law firm Katten Muchin Zavis Rosenman, which has about 1,600 employees, is has already begun to see benefits from the new functionality since it began deploying a release candidate of the product in late May, according to application development manager Alexander Diaz. Diaz said the firm began using Microsoft Metadirectory Services (MMS) with the goal of single entry for basic employee information, such as name, department and location, in some 20 different systems. The capabilities in the old MMS product were limited, he said.
"The previous system used a proprietary Web store for the metadirectory information. The new product leverages SQL Server, so it scales a lot more than the previous version," Diaz said. "You can store a lot more information, and you can deploy a lot more connectors without running into the limitation on the directory store. Because it's using the SQL back end as its data store and they redesigned the whole identity server, the server itself outperforms the old one."
Diaz said he also likes the fact that with MIIS, he can now use Microsoft programming languages, such as Visual Basic and C#, to provision accounts and extend capabilities to other Windows application programming interfaces (API). He can, for example, use Visual Basic .Net to access the Windows APIs to create user home directories and the necessary security to prevent unauthorized users from accessing them. Diaz said he can also write directly to APIs in a network fax application that the company uses, and more efficiently handle the renaming of accounts.
"Some of those things had to be handled manually by administrators in the past," Diaz said. "I'm eliminating a lot of the tedious, mundane tasks that are repetitive in nature."
He said connectors to non-Microsoft systems such as Lotus Notes and to Microsoft's SQL Server have also improved in the enterprise edition of MIIS. Diaz said the old connector to SQL Server was targeted at pulling data from human resources systems, noting, "The new one is really a full-fledged connector and lets you push or pull data."
Diaz said MIIS 2003 also allows the law firm to synchronize passwords on multiple systems more effectively and lets users change their own passwords.
While Microsoft's vision is strong, the first round of its identity management server may fall short in the area of password management for other users, said John Enck, an analyst at Stamford, Conn.-based Gartner Inc. Enck said the password management function does not address Unix, IBM's AS/400 or mainframe password management; customers would need to implement Services for Unix and/or Host Integration Services to address password management for those platforms.
Enck said MIIS 2003 also falls short in the area of workflow. For example, users must integrate Microsoft's BizTalk Server or a third-party product for workflow tied to identity management.
In connection with Wednesday's announcement, Microsoft also disclosed that Active Directory in Application Mode (ADAM) will be available later this summer. ADAM will enable users to deploy Active Directory as an LDAP directory service for application-specific data while using the distributed Active Directory infrastructure for user sign-on, according to Microsoft. ADAM will be available as a free download to run on the Standard, Enterprise and Datacenter editions of Windows Server 2003 and, for development purposes, on Windows XP, Stephenson said.
Microsoft also announced the Identity Integration Feature Pack for Windows Server Active Directory, which integrates identity information between multiple Active Directory forests or between ADAM implementations. The feature pack is available for free to customers who have licensed the enterprise edition of Windows Server, according to Stephenson. s
Find your next job with techworld jobs