Today I attended two days of training on ILM V2 and summarized what new features are compared to ILM 2007.
What is ILM?
As its name implies, it is an identity management software.
When a person enters an enterprise, he or she has different identities. For example, an ad account is his identity, an ERP system account is his identity, an email account is also an identity, a attendance card is also an identity, and a wage system ID is also his identity. Therefore, we often see that a person uses different systems with different accounts, and the profile varies with different systems. For example, the phone number in system A is old, and the title in system B is outdated because the employee has appreciated. The payroll card in the financial system is still sending money, despite leaving the company. The email is still there. Maybe the departing employee can still access the email.
All these questions are to be answered.
- How to ensure the integrity and consistency of the user's identity.
- How to promptly provide information to various systems when an employee joins the company, such as automatic email opening and automatic ERP Account Opening
- How do employees revoke permissions when they leave.
- After the employee status changes, for example, the location change, whether the email box is switched in time, the mobile phone is changed, and whether the email box is updated to various systems in time.
When the company grows up, such as preparing to go public, auditor will ask you the above four questions. These issues involve the company's financial controls. At this time, companies generally use the so-called ILM software to achieve this demand. Microsoft's ILM, formerly called miis, is one of the solutions. Of course, Oracle, sun, Ca, and Novell all have similar solutions. Microsoft's solution link: http://www.microsoft.com/windowsserver/ilm2/technicalresources.mspx
Ebay has a typical case study. Http://www.microsoft.com/casestudies/casestudy.aspx? Casestudyid = 49509
What are the new features of ILM V2.
Adds a web portal and the ILM service. Previously, ILM was a winform.ProgramThe system administrator and Auditor are the only users. ILM can implement most of the trivial tasks of helpdesk. Some companies use ILM to reduce the cost of helpdesk.
New Web portal role:
-
- An end user's self-service portal, for example, you can change your phone number. Self-help requests are like a security group or distribution list, or self-help password resetting. In the past, we had to notify the company's helpdesk to update the specific system, and ILM was responsible for sync.
-
- The system administrator defines workflows and policies through the web portal, including synchronous policies and process policies. There are also some permission settings. For example, you can define that all people can view the basic information of others. HR employees can view all people's information.
-
- As an HR system for SMEs, if the company has a mature HR system, the HR system is the authority of many employees. If the company does not have an HR system, the portal can be used as a small HR system. You can enter user information. ILM will get this information, automatically open an ad account, and synchronize the identity to other systems.
-
- Declarative definition of your synchronization policies or provision and deprovision policies ." = Not requiredCode"
- previously, we often had two types of C # projects: extension of an agent, such as import or export policies.
- csentry ["displayname"]. value = mventry ["nickname"]. value + ". "+ mventry [" Sn "]. value, of course, there are some super complicated ones. For example, if it is a male, male is added; otherwise, female is added. If it is the boss, add cxo and the like
- another type is provision extension. For example, you can create an account on an active directory or another system.
- there are some join extension statements.
- the previous practice is the biggest deficiency. Developers are required to intervene and write code for each change. After a long time, developers cannot see the so-called rules.
- the new method allows you to define a synchronous policy through the web portal, which is called from. You can add some expressions and processes, such as the provision ad process, who needs to approve them, and then go to provision. Send an email to the user after successful provision
- practices.
- the ILM service has a new database and model, as well as a new agent. After you update these policies and processes through the portal, write them to the database (ILM service V2's own)
- ILM reads the policy through the agent and defines a new metaverse object. Then, during sync, the policy defined by the new MV object is dynamically executed. Thus, sync and provision can be implemented without the need for C # Code
- Of course, it is limited to simple expressions. If the C # code contains more than 10 lines, it is difficult to use an expression to describe clearly.
- Outlook 2007 has a group add-in. One of the two groups is not approved or automatically managed based on rules. For example, all IT department members are in all it. The other is determined by the owner, such as the killing club. After a new employee joins the company, click Add group addin to apply for membership. After confirmation, the system will send an email to the owner, and the owner will directly send approve in outlook. All these dynamic operations follow the definition of a workflow.
Certificate Management CLM is not much enhanced
These features look good, and finally confirmed the required system environment.
- Windows Server 2008
- SQL Server 2008
- Exchange 2007
- Office 2007
- Active Directory 2007
The features are good. Do you think about the upgrade costs? Haha. Finally, it was funny. Someone asked why the database must be 2008 million? 2005?
Answer: The design results. By design, haha. Classic answer.