TNWiki Summit 2015 - FIM 2010 Best Practices & Technet Wiki

1.0x

TNWiki Summit 2015 - FIM 2010 Best Practices & Technet Wiki

Created 2 years ago

Duration 0:00:00
lesson view count 87
Select the file type you wish to download
Slide Content
  1. International TechNet Wiki Summit2015

    Slide 1 - International TechNet Wiki Summit2015

    • Peter Geelen
    • FIM 2010 Best Practices & Technet
  2. Peter Geelen (Blog, Twitter, LinkedIn, TN Profile)

    Slide 2 - Peter Geelen (Blog, Twitter, LinkedIn, TN Profile)

    • Sr. Premier Field Engineer - Security & Identity at Microsoft
    • Former MVP on Forefront Identity Manager
    • TechNet Wiki Governance
    • TechNet Wiki & Wiki Blog Administrator
    • TechNet Forum Administrator for Wiki and FIM
    • TechNet Wiki Blogger
    • TechNet Wiki Twitter / Announcements blog Administration
    • http://social.technet.microsoft.com/wiki/tags/pgtag/default.aspx
    • About
    • 2
    • Peter Geelen
  3. Agenda

    Slide 3 - Agenda

    • Purpose
    • The bigger picture
    • Approach
    • Business requirements
    • Technical design considerations
    • Technical configuration best practices
    • Operational best practices
    • FIM Governance
    • Hints & tips
    • References
    • 3
    • Peter Geelen
  4. Purpose

    Slide 4 - Purpose

    • This session will provide you with :
    • a practical framework to implement Forefront Identity Manager (FIM) best practices, supported by some experience from the field.
    • Hands-on guidance to verify your technical setup
    • A list of items to assess the configuration, management and operations of your FIM infrastructure
    • 4
    • Peter Geelen
  5. Scope: Technical vs Operational Best Practices

    Slide 5 - Scope: Technical vs Operational Best Practices

    • The health of a FIM configuration covers more than a technical check.
    • It also handles the documentation needed to complete the end-to-end execution of the FIM project (from business requirements definition to release into Production).
    • Additionally, this session looks into the procedures needed to handle the operations and maintenance of the FIM environment.
    • This session does not cover
    • Advanced performance tuning of the FIM Sync engine customization
    • Advanced Source code development
    • Advanced tuning of FIM Service and portal customization
    • Business functional configuration of FIM components like MPR, Workflows, …
    • 5
    • Peter Geelen
  6. Approach

    Slide 6 - Approach

    • 6
    • Peter Geelen
  7. Preparing: Security

    Slide 7 - Preparing: Security

    • Key attention points
    • AD vs Local Security
    • Required security groups and accounts
    • User accounts vs service accounts
    • Segregation of duties
    • Least privilege
    • Keep your AD and Server security under control
    • Minimize admin accounts
    • Minimize admin rights
    • No AD or local admin rights needed for service and application accounts (* except FIMInstall admin, locally on FIM Servers)
    • 7
    • Peter Geelen
  8. Preparing: Security

    Slide 8 - Preparing: Security

    • http://aka.ms/FIM2010Security
    • Groups and Accounts to configure
    • 5 FIM Security groups
    • FIM Installation account (FIMInstallAdmin)
    • FIM Sync service
    • FIM Service
    • FIM MA
    • Other MA accounts (1 per MA)
    • Application pool accounts (Portal, PWReset, PWReg, …)
    • And
    • Task scheduler, secondary portal admin, ..
    • BHOLD (3), FIM CM (6), FIM Reporting (7)
    • 8
    • Peter Geelen
  9. Preparing: Security

    Slide 9 - Preparing: Security

    • 9
    • Peter Geelen
  10. Hardware and OS

    Slide 10 - Hardware and OS

    • Design decisions to make
    • Topology Infrastructure
    • # servers: performance, high availability vs cost
    • DTAP (Development/Test/Acceptance/Production environments)
    • Hardware
    • CPU
    • Disk
    • Memory
    • OS
    • SQL Server
    • 10
    • Peter Geelen
  11. SQL Server Database Settings

    Slide 11 - SQL Server Database Settings

    • HW vs SQL Server best practices (Database and log files on separate disks)
    • Change database default settings
    • Recovery model
    • Database presizing and Auto growth
    • Fragmentation
    • Location
    • Maintenance
    • Backup
    • Log
    • 11
    • Peter Geelen
  12. FIM Synchronization Settings

    Slide 12 - FIM Synchronization Settings

    • Check deprecated features
    • Overall statistics (explicit connectors, …)
    • Management agents
    • Connection security (Service Account, …)
    • Filtering
    • Join & projection
    • Attribute flows (Portal vs Sync engine)
    • Deprovisioning…
    • FIM MA
    • Security account filtering
    • http://aka.ms/FIMDeprecatedFeatures
    • 12
    • Peter Geelen
  13. FIM Synchronization Settings

    Slide 13 - FIM Synchronization Settings

    • Synchronization Run profiles
    • Which profiles to use (or not)?
    • Setting up proper sequencing
    • Use Delta & Full cycles properly
    • Importance of Run History cleaning (vs SQL)
    • High impact on SQL DB storage
    • Minimize FIM Sync history (only keep useful, recent history)
    • Clean up history regularly
    • Clean up in small chunks
    • 13
    • Peter Geelen
  14. FIM Synchronization Operations

    Slide 14 - FIM Synchronization Operations

    • Setup monitoring to track
    • Run execution times
    • Error rate
    • Issues via Event viewer
    • 14
    • Peter Geelen
  15. FIM Portal

    Slide 15 - FIM Portal

    • Admin accounts protection
    • FIM Service account protection
    • Custom objects: Advisory on Naming standards
    • 15
    • Peter Geelen
  16. FIM Disaster Recovery Planning

    Slide 16 - FIM Disaster Recovery Planning

    • http://aka.ms/FIMDRP
    • Disaster scenarios to cover
    • Infrastructure failure
    • Server failure
    • Component failure
    • Configuration errors
    • Human error
    • Data quality
    • FIM hotfixes
    • 16
    • Peter Geelen
  17. Maintenance

    Slide 17 - Maintenance

    • http://aka.ms/fim2010planningoperations
    • Related to normal operations (E.g.. daily)
    • Delta sync cycles
    • Check task results
    • Remediate errors
    • Escalate data issues to owner
    • Related to off-peak operations
    • Full cycles (+related actions above)
    • Continuous (depending environment)
    • Monitor Event Viewer
    • Remediate errors
    • 17
    • Peter Geelen
  18. Useful Links

    Slide 18 - Useful Links

    • FIM 2010
    • http://aka.ms/FIM2010Bestpractices
    • http://aka.ms/FIMDRP
    • http://aka.ms/FIMDeprecatedFeatures
    • http://aka.ms/startToFIM
    • http://aka.ms/FIMShortcuts
    • FIM 2010 Security
    • http://aka.ms/FIMSecurity
    • http://aka.ms/FIMGuids
    • MIM 2015
    • http://aka.ms/mim2015
    • 18
    • Peter Geelen
  19. Useful Links

    Slide 19 - Useful Links

    • MOF (Microsoft Operations Framework)
    • https://technet.microsoft.com/en-us/solutionaccelerators/dd320379.aspx
    • MOF Technology Library
    • (https://technet.microsoft.com/library/ee923724.aspx)
    • 19
    • Peter Geelen
  20. Questions?

    Slide 20 - Questions?

    • 20
    • Peter Geelen