Metaverse Router

Summary

Metaverse Router makes it easier for MIIS, ILM, FIM Sync engine administrators to manage multiple provisioning modules, turn on/off provisioning without modifying configuration, turn/off certain modules without re-compiling, allows to specify execution order. C# project

Overview

In traditional configuration MIIS, ILM, FIM Sync Engine allows for only one "scripted" provisioning module.
Whenever Sync Engine provisioning rules are increasing in complexity and more importantly in the number of target connected data sources it have to work with an administrator/programmer is facing difficult task of extending single DLL with code snipes that will provision new entries to completely dissimilar environments. For example single module would provision objects to an Active Directory, as well as to the SQL database as well as to Lotus Notes and to any other kind of directories.
Having to deal with this architecture is rather difficult from support and test stand point. Technically any modification to any business logic within the single module, regardless of the target provisioning data-source, will (or should) trigger full regression testing of provisioning to ALL data-sources; needless to say that this practice is costly from resource/time stand-point.
Another problem posed by "monolithic" provisioning code is creation of "spaghetti" code which is difficult to understand and troubleshoot/extend in the future.
Metaverse Router provides an answer to this dilemma. Microsoft provided the concept of the "Router" within "technical reference" to MIIS/ILM/FIM Sync Engine. However technical reference "Router" relies on the name convention of the files places into "extension" folder, which is not very practical/convenient way of managing multiple provisioning modules.
This Metaverse Router provides administrators with capability of creation of multiple provisioning assemblies/DLLs. It uses an XML configuration file that allows to:
  • Enable or disable individual module without physical deletion of the assembly from "extensions" folder
  • Specification of particular order provisioning assemblies should be executed
  • An ability to turn on and off provisioning without modifying server configuration and therefore triggering request for the full re-synchronization

Installation

Metaverse Router is packaged into MSI module which will install all dependent components onto MIIS, ILM, FIM host server
Simply follow Setup Wizard to install the Metaverse Router

Configuration

Once installed router needs to be configured by an administrator

Sync Engine Modifications

Administrator will need to replace an existing reference to provisioning module with a new reference to the Metaverse Router DLL that will be placed in the \Extensions folder by an installer.
After installation of Metaverse Router you'll need to start "Identity Manager". Click on Tools-Options (Ctrl-Shift-O); Ensure that "Enable Metaverse rules extension" is checked, ensure that "Enable Provisioning Rule Extension" is checked, select "MetaverseRouter.dll" in "Rules extension name".

XML Configuration file modifications

An XML file along with XSD (XML schema) file will be placed in to \MaData folder by an installer. Location of configuration files outside of \Extensions folder allows you to modify (including full or partial disablement) provisioning configuration without causing a need for full re-synchronization which would happen when any change to any file happens in \Extensions folder.
Use your preferred XML editor for modifications of configuration file \Extensions\MetaverseRouter.xml ;

Enabling and disabling provisioning without need for re-synchronization

AlthoughMetaverse Router allows an administrator to bypass a requirement for full re-synchronization after disabling/re-enabling provisioning you should use your best judgment when using Metaverse Router for manipulation of provisioning state, as it is conceivable that under certain conditions Synchronization Engine could be configured in the way that it might require full re-synchronization to achieve state of convergence. To change provisioning state globally, as of fully prevent all provisioning modules from execution, you should use "modules"'s node Boolean attribute named enabled; Setting enabled to "false" will disable execution of all modules that are specified in the MetaverseRouter.xml configuration file regardless of their individual "enablement" state.

Adding and Removing individual provisioning

To add or remove an additional provisioning module into the Metaverse Router administrator should add a "module" node into MetaverseRouter.xml configuration file as a child node of modules root node.
module node contains three attributes that you must contain values:
*name: contains full path and file name on the dynamic library assembly (.dll) implementing IMVSynchronization provisioning interface
*index: a numerical value representing order in which specified module should be executed.
Note that index of each individual "module" node should be unique. Failure to assign unique index to each module node will result in the failure to execute any provisioning code
Note that physical location/order of the "module" node is not important for the order of execution; the order is determined by "index" attribute.
*enabled: a Boolean value representing whether given module has been enabled or disabled

Note

Every change made to configuration file will require restart of the Sync Engine Service. To do so you could use an MMC "Services" snap-in or command line "NET STOP|START MIISERVER| FIMSynchronizationService"

Last edited May 24, 2010 at 8:51 PM by kdmitry, version 2

Comments

No comments yet.