Every day most of us take for granted people’s ability to login, authenticate, and access the data they need. We start to take more notice when people can’t access their data, perhaps remotely over the internet, or there is a need for companies to share data. Under all of this is an assumed cost of managing and maintaining the identity and access to these resources. The Forefront products in the “Identity and Access Solution” can help save costs through various means such as reducing help desk calls and also enable secure access to their data from anywhere and even between companies.
The question is how do all of the Microsoft components fit together to accomplish this? Here is a high-level breakdown of what each of the products in this solution do and some ways on how they work together:
Forefront Identity Manager (FIM) – I like to think of FIM as your identity management hub. You can reduce your management and support costs through things like automated user group provisioning, user password reset tools, creating automated identity policies, and user self-management of distribution lists/groups. FIM ties in with many third party applications and identity stores to make it even more compelling. Note: FIM just released its final code today. See the RSA announcement which has links to other deeper dive videos.
Active Directory Rights Management Services (ADRMS) – This is an essential component from Microsoft to enable data-centric security and defense in depth in your organization. This runs on top of Windows Server 2008, integrates with your identity to provide specific access, and can also be run in conjunction with RSA’s DLP technology. Essentially, granularly secure who has what access your files or emails (even outside your organization) and help prevent data loss.
Forefront Unified Access Gateway (UAG) – This product is essential to enable the granular secure anywhere access to your data. It scales and extends Direct Access (DA) in Windows Server 2008 R2. If you don’t have DA, there are tons of other capabilities to publish various services (such as ADFS) individually, via a single-sign-on portal, or through a SSL-VPN. The previous version of UAG was called IAG and UAG runs on top of TMG.
Active Directory Federation Services (ADFS) 2.0 – This is great to enable seamless data sharing and collaboration between separate organizations, even if the other organization is using something other than Active Directory as their identity store.
Windows Identity Foundation and Windows Cardspace - These are separate developer tools to help enable your applications to have more robust and interoperable authentication and good user authentication experiences.
To compliment this post, please check out the video interview I did with Brjann Brekkan on the IAM solution. We chat about the solution for ~6 minutes and for the remaining ~10 min give you a demo screencast of some of the interesting scenarios enabled.
You can also download the video in various formats by going to the original post on Edge.