Saturday, August 31, 2013

Windows is Making a Comeback (at my house)

I spend all day with my hands inside Windows servers, but slowly Apple infiltrated my house.  It all started so innocently with that first iPod, then suddenly the kids had an iPad and both parents had iPhones.  I’d been a Windows Mobile user since it came out but ‘took a break’ and switched to iPhone for a while.

Last year I switched back to Windows Phone and love it.  Last month I picked up a Surface Pro and freaking LOVE it, and at the same time scored a cheap Surface RT intended for the kids but my wife likes it so much she commandeered it (like taking candy from a baby?).

Hopefully the trend in this house is and indication of Microsoft doing good things and maybe even winning some market share.

Thursday, August 29, 2013

Am I really a good integrator or just a good googler?

I’m a big fan of Scott Hanselman, even though I’m not a web developer I really enjoy his take on the software craft, and highly recommend a podcast he’s involved in, This Developer’s Life.

Anyhow, I just read a blog post by Scott:

Am I really a developer or just a good googler?

This applies directly to systems integration, and working with FIM.  It is so relevant because FIM demands knowledge of so many disparate things and software development (ignore it at your peril, see Button Monkeys).  Could you integrate with system Foo without pouring over its documentation or crawling its community’s forums and blogs?  Could you write a VBA sync rule script by hand without the sync engine stopping you cold in your notepad tracks? (aside: if you can, let’s talk)

Anyhow, I do follow some of Scott’s suggestions which is easy because the developer community tends to have more support.  The question is, what are the systems integrator equivalents?  Momentum seems to be accelerating for FIM with the annual Oxford Identity Summit and the monthly FIM User Group by Unify Solutions.  Virtualization and PowerShell are awesome tools here too, in that you can automate most of what you want to do, allowing you to focus on the part you want to learn (for me that means build, try, fail, repeat).

I like to think that I fail faster than most, and hopefully learn more, and maybe even rely less on my mad google skillz.

FIM without SharePoint

A funny thing happened a while back.  it was time to deploy our FIM solution to the production servers and I connected to the servers for the first time.  Our deployment is automated of course so should not have taken more than a few minutes but something caught me by surprise once I’d logged on; no Start button!

Call me a button monkey but I’d been expecting to get a few clicks in on the same OS we’d used for development and testing (Windows Server 2008 R2).  Low and bhold I was staring down at Windows Server 2012.  I asked my manager if we should correct this and was told we should proceed with the latest OS release (fair enough).

This could have thrown a wrench into my deployment but lucky for me this deployment does not use the FIM Portal.  We have a custom (and beautiful) web application (obviously I can’t take credit for the UX design or web programming). This custom UI only depends on IIS, which happily installs on Server 2012 with a simple PowerShell command.

So off I went installing the FIM Service and IIS, then deploying my web app and FIM Service configuration, and voila, the job was done.

FIM is supported on Server 2012 but, but it gets a little tricky because SharePoint 2010 is not supported.  To run the FIM Portal on Server 2012 you have to run SharePoint 2013 and configure it just so (this is covered in a TechNet article by Microsoft, but I found it difficult to get it working).  Anyhow, it is supported but luckily I didn’t need to do the hard part because we simply don’t use the FIM Portal.  To be honest, we do use the FIM Portal but only for administrative purposes.  It runs on a small VM somewhere running Server 2008 R2 and SharePoint 2010, and users don’t have access to it.

Building Solutions with the FIM Service

The FIM Service seems to be the unsung here of the FIM architecture diagram.  So often I hear people refer to it as the FIM Portal, which seems to carry a bunch of misconceptions such as:

  • FIM requires IIS (it doesn’t, just the portal does)
  • FIM requires SharePoint (again, only the portal does)
  • FIM workflow requires SharePoint (still no, the FIM Service has its own WF host)
  • FIM Service requires FIM Sync (it doesn’t, even though the install makes you think so)

My point here is that the FIM service can be a very useful component in a solution, which is not obvious because it is not a complete solution on its own.  For example, Self-Service Password Reset (SSPR) is a killer app for the FIM Service.  SSPR gets important functionality from the FIM Service including:

  • workflow hosting
  • policy processing
  • web service interfaces
  • storage
  • administrative interfaces (PowerShell and the FIM Portal)

A close look at the FIM Service reveals that it was built to support solutions like SSPR, but not just SSPR.  The FIM Service is extensible and well documented, meaning you could very well use it for your own killer app.  This raises the build versus buy dilemma of course, and I’ve spent quite a bit of time doing both.  Most recently I’ve been working on a team building a great app around the FIM Service (this is mostly why I’ve been quite silent lately).

To summarize my recent experience I have to say that the FIM Service is a great component that can be used in custom solutions.  It provides key functionality and is well supported by Microsoft and the community.  Truly cool and creative solutions can be built around it, if you are willing to build a solution (write good code).  There are challenges, and I will be addressing those in future posts but I have to say that the solution I’ve been working on is so cool that I show it off every chance I get