Wow - if everything was as poorly documented as FIM 2010 (Forefront Identity Manager 2010), the World would surely look a lot different! Given the very poor assistance available when it comes to programmatic interaction with FIM, I’ll be doing a short intro to aid people that are in the same boat as I was when starting playing around with this “beast”.
First off – let’s establish some terminology. The following 3 entities are important to know:
|FIM Service||Windows Service + Web Service (hosted by the Windows Service)|
|FIM Sync||Windows Service|
|FIM Portal||SharePoint (WSS 3.0) based website.|
This guy is the more recent entry point to FIM. It is technically a Windows Service (‘Forefront Identity Manager Service’) which runs under a specific account (‘FIMServiceAccount’). In the FIM World – this service account is “God” and can in FIM do “anything”. This FIM Service holds the most extension points to FIM (5,6,7,8). The Windows Service hosts and presents a WCF-service to the outside Clients, which is the entry point (5) of all incoming Requests to FIM. In the above illustration – the FIM Service is seen as ‘FIM Web Service’. This component has it’s own database (name = ‘FIMService’).
This is also a Windows Service (‘Forefront Identity Manager Synchronization Service’) and is the ‘traditional’ functionality of FIM. This service is responsible for calling the various Management Agents in FIM when a ‘Run Profile’ is executed. Management Agents are seen as ‘Adaptors’ (10) in the above illustration. This component has it’s own database (name = ‘FIMSyncronizationService’).
The FIM Portal is a WSS 3.0 website that allows the user to indirectly manipulate the objects in the metaverse. Indirectly means that manipulation is made into the Portals database and subsequently synchronized to the metaverse (see below). This portal has the traditional WSS databases (see documentation on WSS at Microsoft’s website).
Sync Service (further)
The FIM Sync service is functionally an ‘engine’ that manipulates a number of sub-elements that is also important to know about. These elements are seen below:
|Metaverse||A ‘space’ containing combined identity information for all entities|
|Management Agent||An adapter that connects the Connector Space objects with the outside system (e.g. HR-system, AD or other system)|
|Connector Space||A temporary storage area for entities|
This is technically a set of SQL-server tables (now we are comfortable again!) holding all attributes about entities modeled in FIM. These ‘entities’ are typically Persons but can in theory be anything you wish to model in FIM. Entities in the Metaverse are manipulated by Management Agents. Management Agents update and modify the metaverse from multiple connected data sources via their representations found in the Connector Space. As an example, an HR-system does not hold all attributes about an employee, but only a subset. The entire list of attributes relevant to an employee is a combination of different sources (HR, telephone system etc). that in unison form the "’truth” about an employee. The metaverse object (Person) holds the combined ‘truth’ about this employee – combining the various Connector Space objects into one.
A Management Agent (MA) is basically an adapter that connects the Connector Space object with a specific source/target system. An example could be a MA that connects a HR-system holding data about employees with the employee representation in the Connector Space.
The connector space is a storage area where object additions, deletions, and modifications are written before they are synchronized with the metaverse or the connected data source. Again this is a set of SQL-server tables. It is important to recognize that a single Connector Space representation of e.g. a Person holds only a subset of the full metaverse objects attributes (as per the metaverse description).
The 3 entities are seen in combination below. As previously mentioned, the Metaverse representation is the full ‘truth’ about an entity and is the combined attribute collection from the in the above 3 connector space objects.
“How are the ‘FIM Service’ and the ‘FIM Sync’ Service related” - you might ask? And with good rights. It is not evident from the above where the connection exists (which it does!). The FIM Service and it’s data is synchronized with the metaverse via a Management Agent as any other external system. The FIM Sync Service and it’s metaverse therefore sees the portal data a just another external system.
I sincerely hope this gave an initial overview of FIM 2010’s components.