Tuesday, November 21, 2006

SP2 Beta is Ready for Download

The MIIS SP2 bits are posted and you can now download them.

Wave goodbye to SQL 2000 and VS2003! The release notes say group performance is improved by 40%, which I'm eager to test.

Wednesday, November 08, 2006

Taming My Memory Hungry XMA

XMA performance can be a really fun challenge. Sometimes the simple solution doesn't prevail, and in my case the simple design to an LDAP XMA didn't make very efficient use of memory on the server. It actually ran the server dry out of memory. Now I'm trying to improve memory usage but I'm seeing some odd behaviour; the memory I'm freeing to garbage collection doesn't seem to be released. If I run the XMA in the miiserver.exe process then it doesn't get released until the service restarts. If I run it in its own process then it gets released but only after the MA finishes running.

UPDATE - November 20
Smaller Queries
Garbage collection issues aside, the XMA needs to use a lot of memory because it is trying to do a full import from an LDAP server that doesn't support paging. To reduce the memory usage on full import I employed a query option that breaks one big query (objectClass=*) into smaller queries, (sn>=m) (sn<=l). This significantly reduced memory usage but I still had a large memory footprint due to another problem.

The XMA for this solution needs to construct attributes based on other attributes, sometimes from other objects. These attributes are very easy to construct if you just query the DS for the ingredients, it even performs well if you only have a modest number of object. It turns out a full import on 1/2 million objects just didn't perform to expectations. To reduce the number of queries to the DS I decided to cache the ingredients into memory. This worked fine, but of course introduced a large memory footprint. I initially decided on using a SearchResultCollection to store the entries in memory but later decided on using a DataTable because it offered me more flexibility and used less memory.

So in the end, the XMA has a lot of work to do and it performs reasonably well on full imports. Luckily it does implement delta imports so full imports will not be a regular activity.

Friday, November 03, 2006

MIIS SP2 is Getting Closer!

Tired of using software even older then MIIS 2003? SP2 gives us SQL 2005 support, .NET 2.0 and VS2005 support among other things. The beta will be downloadable later this month on the Connections site (see detail near the bottom of this post).

Here's the skinny:

Early-Adopter Program for MIIS 2003 SP2 with the Management Agent for SAP now OPEN!!!
Valued Partners, Customers and MIIS Development Community,

I am writing to announce that MIIS 2003 SP 2 and the Management Agent for SAP are available now to MIIS 2003 SP2 Early-Adopter Program participants.

A list of what’s new in this release is provided below.

Our Early-Adopter Program actually incorporates a Supported Technology Adopter Program (the “TAP”) and an Unsupported Beta Program.

It provides access to both MIIS 2003 SP2 and the new Management Agent for SAP. The Management Agent for SAP will require MIIS 2003 SP2.

Customers accepted into the TAP will enjoy free support through the migration to MIIS 2003 SP 2, as well as opportunity to provide feedback to improve the quality of the release.

This provides a valuable opportunity to reduce your risk and deployment time through an upgrade that requires moving your MIIS production database onto SQL Server 2005, and your rule extensions to .NET 2.0.

An important requirement for participating in the TAP is a commitment to deploy MIIS 2003 SP2 into production by the end of January 2007.

Customers who are not participants in the TAP can still enjoy early access to the release, and will have structured opportunities for feedback.
Please read on for details on how to enroll in the program.

For more information, please email miissp2b.

We look forward to working with you in the MIIS SP 2 Early-Adopter Program!

MIIS 2003 SP2 Overview
What’s new with MIIS 2003 Service Pack 2?

A New Platform

o Option for using SQL Server 2005 as the meta-directory data store
o Rule Extension development in Visual Studio 2005 for execution on .NET 2.0

New Management Agents for Integration with Microsoft Technologies

o Microsoft Active Directory and Active Directory Application Mode (ADAM) on Windows Server 2003 R2
o Microsoft Exchange Server 2007 Identity Integration Feature Pack
o SQL Server 2005

New Management Agents for Popular non-Microsoft Technologies

o SAP 4.7 and 5.0
o Oracle 10g
o Revised MA for Lotus Notes 7

New Features
o Microsoft Active Directory access over SSL
o Rule change preview

Quality and Performance Enhancements

The MIIS 2003 SP 2 Early-Adopter Program
Program Structure and Benefits and How to Enroll

The Early-Adopter Program incorporates both a Supported TAP and an Unsupported Beta Program

Benefits of Participating in the Beta Program

o Early access to MIIS 2003 SP 2 and the Management Agent for SAP

o Provide feedback to the Microsoft development team to improve the quality of the release

Additional Benefits of Participating in the Supported TAP

o Customers accepted into the TAP will enjoy support through the migration to MIIS 2003 SP 2

o The upgrade may entail moving the MIIS database onto SQL Server 2005 and will require moving rule extensions onto .NET 2.0, and our TAP provides a valuable opportunity to reduce risk and deployment time.

o We will coordinate with you to ensure that support is available when you deploy into production.

o Support will be made available via telephone and e-mail during your scheduled deployment into production, and provide fixes if necessary.

o We will also provide telephone and e-mail support for the migration from the pre-release versions to the final released version.


o There is one nomination process for both the Supported TAP and the Unsupported Beta Program.
o To enroll in the program, you will complete a nomination form on the Microsoft Connect site, as explained below.
o Instructions will be provided by mid-November for downloading the MIIS 2003 SP 2 installation package from the Microsoft Connect Site.
o Everyone who completes the nomination form will be given access to the release.
o Based on information provided in the nomination form, we will invite a small number of customers to join the TAP.

TAP Requirements

o To participate in the TAP, you must have an existing production deployment of MIIS 2003 SP 1.
o You must commit to deploying MIIS 2003 SP 2 into production by January 2007.
o You are responsible for licenses for Windows Server 2003 Enterprise Edition, SQL Server 2005, and Visual Studio 2005 and other technologies.
o You must complete the nomination form, and complete the survey at the end of the program.

How to Enroll

o Visit the Microsoft Connect Site.
o Sign in using a valid Windows Live ID account.
o Select Available Connections.
o If you plan to use the Management Agent for SAP, locate the MIIS 2003 Management Agent for SAP Early-Adopter Program in the list and select the Apply link to the right.
o Customers not planning on using the SAP Management Agent should locate the MIIS 2003 SP2 Early-Adopter Program entry and select the Apply link to the right.
o Select I Agree on the Terms and Conditions page.
o Complete the Registration form.
o We will be in touch my mid-November with an update on the status of your nomination and instructions for downloading the software.

© Microsoft Corporation 2006

Friday, October 27, 2006

Thursday, October 26, 2006

Reverse Joining

The reverse joins document by Microsoft is a good read if you're looking to design a solution with MIIS to prevent duplicate objects. The guide explains the concept of an Auxilliary MA to interrupt a synchronization cycle. Interrupting the synchronization cycle allows other MAs to evaluate their join rules BEFORE provisioning occurs.

Normally a sync cycle proceeds as follows:
1. Projection creates a new MV object
2. Provisioning rules create new CS objects in other MAs

Using the Aux MA to Interrupt the sync cycle results in this:
1. Projection createa a new MV object
2. Other management agents try to join to the new MV object
3. If a connector doesn't exist (because no join was made) then provision

This simple concept is nicely explained in the guide, but unfortunately no code samples are provided. I've got it working and can vouch that it goes beyond theory ;-). Thanks Markus!

Friday, September 08, 2006

Microsoft Hosed My IBM Directory Server

The OpenLDAP management agent has been a favourite of mine for a while now, but I've run into issues where it stuffs memory into the miiserver.exe process but doesn't release it. The obvious solution to this is to run the XMA in its own process, but I unsuccessfully tried to solve the problem anyway.

Finally I chose to re-write the XMA using the new System.DirectoryServices.Protocols. This turned out to be a lot of fun because the namespace worked REALLY well, was quite easy to use, and was compatible with the IBM DS.

The first bug I found is probably an IBM bug, but I haven't dug into it yet. Anyhow, if you use the default bind type on the connection object it will crash the IBM DS. This feature gives you the opportunity to start the IBM DS service again (yes, I'm running the IBM DS on Windows).

The lesson learned is: change the bind type to something like basic before connecting to the LDAP server.

I'll try to follow uo with an explanation when I find more details.

Update: The slapd log on the IBM DS doesn't show anything at all near the crash, even when turned up to the high logging level. I'll keep looking.

Microsoft E-Learning Freebies

MIIS SP2 promises support for SQL 2005, so it makes sense to start learning more about it if you already haven't.

check out http://microsoftelearning.com

Why is it cool? Simply put there are free courses that are MOC quality. The courses have videos to demonstrate functionality before throwing into lab environments. that's great if you're a sucker for a good visual, like me.

Why is it better than picking up a book? The courses use Virtual Server to host the labs over the web. When it comes to lab time, a window opens up and gives you access to the virtual machine to do the lab exercises. I think they even check the labs to see if you finished them, but who's counting?