Advice To Microsoft Identity Lifecycle Manager 2007 Consultants: Transitioning from ILM 2007 to ILM "2"
In recently helping a Microsoft Identity Lifecycle Manager 2007 solutions expert solve a problem for their customer within the Microsoft Identity Lifecycle Manager "2" Beta 3 release. He had already defined his scenario within the Microsoft Identity Lifecycle Manager "2" request processing model and had run into some issues with the Out-Of-Box (OOB) workflow activities. Unfortunately, his scenario was outside the ability of the OOB support and required writing a custom activity, which I walked him through doing. In his thank you for my assistance he included the following remark: "I’m starting to see that ILM 2007 consultants are going to need to be very deep in WF if they want be able to exploit ILM 2 to its full potential."
While I completely agree with his assessment, it got me thinking about what advice I have for those of you out there that have a strong knowledge of the Microsoft Identity Lifecycle Manager 2007 product to assist your transition to the Microsoft Identity Lifecycle Manager "2" product. To that point I will take yet another pause from peeling back the onion of the Microsoft Identity Lifecycle Manager "2" request processing model and focus today's blog posting on that advice.
Let me start by assuring those out there who have spent (or are about to spend) the time to understand the Microsoft Identity Lifecycle Manager 2007 product that you have not wasted your time. The components that made up that product are still an integral part of the Microsoft Identity Lifecycle Manager "2" product. The Synchronization Engine and Certificate Lifecycle Manager will continue to be the focal points of a number of solutions for enterprises and those solutions will look very similar to solutions built on top of Microsoft Identity Lifecycle Manager 2007. With the release of Microsoft Identity Lifecycle Manager "2" there will be new functionality in the form of the web services platform I have been writing about up until now. These new web services will provide additional extensibility and is where I would recommend solutions experts focusing their time.
When thinking about educating yourself about the new Microsoft Identity Lifecycle Manager "2" web services platform as a transition from Microsoft Identity Lifecycle Manager 2007 to Microsoft Identity Lifecycle Manager "2", I like to break it into three pieces: conceptual processing model, Windows Workflow Foundation integration, and Windows Communication Foundation integration. I would also recommend exploring these areas in that order. The Windows Workflow Foundation and Windows Communication Foundation integration will help with implementing custom solutions using those extensibility points; however, it does not make sense to start writing custom code until you understand the concepts behind how that code will affect the processing model of the Microsoft Identity Lifecycle Manager "2" product. Once you do understand the request processing model at a conceptual level it is most likely that your first scenario that requires custom code will involve the Windows Workflow Foundation extensibility rather than the Windows Communication Foundation extensibility.
How do you educate yourself about the Microsoft Identity Lifecycle Manager "2" request processing model? Personally, I recommend a certain MSDN blog that is focused on this specific topic. :) Honestly, this is the exact purpose I am trying to fill with this blog at the moment. Beyond my blog I would also recommend Bobby and Nima's ILM Blog (these two generally focus on actually walk you through specific scenarios rather than conceptual discussions), and the other online references in my ILM References section in the side bar of my blog. Bobby and Nima's ILM Blog is currently the best resource for describing the Codeless Provisioning feature of Microsoft Identity Lifecycle Manager "2". (Essentially, how to configure the Synchronization Engine without writing a single line of code.) Hopefully more resources will become available as time goes on.
After you have gained an understanding of the Microsoft Identity Lifecycle Manager "2" request processing model I would point you towards learning how to customize the OOB web portal. The portal that ships with Microsoft Identity Lifecycle Manager "2" supports managing custom resource types and allows for customizing the user experience for managing those types. This customization does have its limits but will go a long way to providing custom solutions for managing resources not included within the shipping product.
As an example, it is a good bet that enterprises will want to add a "Computer" resource type in their deployments of Microsoft Identity Lifecycle Manager "2". This is actually an example that the product group has used in demonstrations of Microsoft Identity Lifecycle Manager "2" at various conferences. The shipping web portal will allow you to create this resource type, attached existing attributes, and create any new attributes needed to accurately describe the data tracked for a "Computer". The portal will then provide a default user experience for managing these types immediately. Enterprises can go a step further and create an appropriate instance of a configuration resource to "teach" the portal how to provide a better user experience when managing these types.
How do you education yourself about customizing the Microsoft Identity Lifecycle Manager "2" web portal? Well that is an even trickier question than the request processing model. I am most likely not going to get into that topic on my blog (I prefer the custom code side of things). I cannot speak for Bobby and Nima's ILM Blog but that is the resource I would recommend at the moment. The Microsoft Identity Lifecycle Manager "2" SDK should include documentation and, hopefully, a sample or two. If anyone reading this has their own blog, I would be happy to reference any posts you have on this topic.
Once you have an understanding of the Microsoft Identity Lifecycle Manager "2" request processing model and portal customization you will find yourself at the point where additional extensibility requires custom code (of some type). Welcome to my world! :) At this point I would recommend diving deeper into the Windows Workflow Foundation technology. Given the customization support for custom resource types in the Microsoft Identity Lifecycle Manager "2" web portal enterprises are more likely going to need custom business logic before they need custom web service clients. I believe that the majority of custom solutions will require some sort of custom business logic.
There are two methods of Windows Workflow Foundation centered extensibility within the [IML2] product: custom workflows and custom activities. In both cases, the word "custom" simply means that it is not supported OOB by the Microsoft Identity Lifecycle Manager "2" product. In the case of custom workflows this means that the Microsoft Identity Lifecycle Manager "2" web portal's process designer cannot create the appropriate XOML. This will require using a Windows Workflow Foundation designer application, such as Visual Studio, to create a XOML out of band and then use the Microsoft Identity Lifecycle Manager "2" web portal process designer to import that workflow. In the case of custom activities this means that the Microsoft Identity Lifecycle Manager "2" product did not ship with an activity that performs the required logic. This will require using a code editor, such as Visual Studio, to author and compile the custom code that will express the custom business logic. Using Windows Workflow Foundation specific language, this could be a composite activity (i.e. an activity made up of child activities) or a completely new activity.
How do you educate yourself about Windows Workflow Foundation? This is a bit easier than the topics discussed thus far since the technology has been available for some time and there are a number of books available. Personally, I recommend "Essential Windows Workflow Foundation" by Dharma Shukla and Bob Schmidt (ISBN #978-0321399830). This provides a great overview of the technology and dives fairly deep, leaving appropriate topics to other resources. It covers more than you will need to know for extending Microsoft Identity Lifecycle Manager "2"; however, that knowledge would not be wasted as it will provide context and allow you to ask questions and understand answers about why I chose to design our extensibility a certain way. While learning about Windows Workflow Foundation I would recommend focusing on the following topics (appropriate chapter titles from "Essential Windows Workflow Foundation" provided):
- The Windows Workflow Foundation conceptual model - [Deconstructing WF]
- The Windows Workflow Foundation activity model - [Activity Execution] and [Advanced Activity Execution]
- How to author Windows Workflow Foundation activities - [Activity Execution], [Advanced Activity Execution], and [Advanced Authoring]
- XOML only workflows - [WF Programs] and [Applications]
As an additional resource for learning Windows Workflow Foundation, I am planning on spending some time here discussing the above topics in general. I am also planning on providing detailed discussions and examples of the Windows Workflow Foundation extensibility inside of Microsoft Identity Lifecycle Manager "2". With some general knowledge of the Windows Workflow Foundation technology and how it specifically relates to Microsoft Identity Lifecycle Manager "2" you should be able to build the vast number of possible scenarios on top of Microsoft Identity Lifecycle Manager "2".
Finally, the next level of extensibility to look at would be our integration with the Windows Communication Foundation technology. This is the technology we used to implement our WS-STAR compliant web services. Since we implemented our web services to be WS-STAR compliant it is not necessary to use Windows Communication Foundation and, if you are familiar with developing web service clients, you could just educate yourself about our protocols. However, I would recommend looking into the Windows Communication Foundation technology as a way to quickly author web service clients with minimal code. (Of course I could be biased since I helped to ship that piece of technology in my prior product team.) The use of Windows Communication Foundation within an Microsoft Identity Lifecycle Manager "2" solution will normally involve writing a custom client to interact with our web service. I have seen some solutions that required using Windows Communication Foundation to write a custom web service client as part of a Windows Workflow Foundation custom activity that would interact with an external web service to make business logic decisions in managing resources within Microsoft Identity Lifecycle Manager "2".
How do you educate yourself about Windows Communication Foundation? This is a question similar to how you educate yourself about Windows Workflow Foundation. These technologies shipped at the same time and there are a number of books available. The interesting part here is that the books about Windows Communication Foundation often cover the entire technology and focus on writing web services instead of clients. Writing clients tends to be a small chapter after explaining how to write services. I do not have any specific book recommendations, but I would recommend trying to find a book that spends some time talking specifically about creating Windows Communication Foundation clients.
As a side note of some significance, there were some important differences between versions 3.0 and 3.5 of Windows Communication Foundation, and we have built Microsoft Identity Lifecycle Manager "2" on top of version 3.5. In particular, we make use of the WS-SecureConversations standard and make use of those context headers to make our services durable.
I hope this was of some use to you Microsoft Identity Lifecycle Manager 2007 solutions experts looking to transition to Microsoft Identity Lifecycle Manager "2". I am still hoping to provide more details here about the Microsoft Identity Lifecycle Manager "2" request processing model and Windows Workflow Foundation integration. Ideally this post will give you some idea of how you can further educate yourself in parallel while you are waiting for me to cover the specific topic of your interest. (Just as a reminder, if you do have a specific topic of interest please feel free to use my Contact form or by using Comments of any of my posts.)