Chapter 2. Installation

As we have already discussed, Microsoft Forefront Identity Manager 2016 (MIM 2016) is not one product but a family of products.

This also means that there are many different ways of installing the product, depending on what parts you want and how you would like to separate them on different systems.

We can choose to separate the different components based on the load or just because we like it clean.

As an example, we will look at the setup used by The Financial Company. They are doing a split installation for the configuration to include sync and service on separate physical nodes.

In this chapter, we will look at the following topics:

  • Prerequisites for installing different components of MIM 2016
  • How to actually install the components
  • A few post-installation steps to get it working

Capacity planning

At the Microsoft download center, you can download the Forefront Identity Manager Capacity Planning Guide (http://bit.ly/MIMCapacityPlanning). We will not dig deep into capacity planning in this book, but make sure your setup is done in a way that allows you to easily make your MIM environment expand to cope with future needs.

If you look at the following table, you'll see that capacity planning is not easy because there is no straight answer to the problem. When we have 10,000 users, how should we plan our MIM environment? There are many parameters to look at:

Design factor

Considerations

Topology

This is the distribution of MIM services among computers on the network.

Hardware

This is the physical hardware and any virtualized hardware specifications that you are running for each MIM component. It includes CPU, memory, network adapter, and hard drive configurations.

MIM policy configuration objects

This is the number and type of MIM policy configuration objects, which includes sets, Management Policy Rules (MPRs), and workflows—for example, how many workflows are triggered for operations, how many set definitions exist, and what the relative complexity of each is.

Scale

This is the number of users, groups, calculated groups, and custom object types, such as computers, to be managed by MIM. Also, consider the complexity of dynamic groups, and be sure to factor in group nesting.

Load

This is the frequency of the anticipated use—for example, the number of times you expect new groups or users to be created, the passwords to be reset, or the portal to be visited in a given time period. Note that the load may vary during the course of an hour, day, week, or year. Depending on the component, you may have to design for peak or average load.

The fact that MIM 2015 release includes a number of performance improvements also makes it harder to find relevant facts as so far, most performance testing has been around earlier releases.

We would like to point out one fact, though. In the earlier versions of MIM, FIM, MIIS, and ILM, there were huge performance gains by colocating the synchronization service database with the synchronization service itself. In modern 10-Gigabit networks, and with the changes in the design of MIM, this is no longer the case. Also, as centralized database servers tend to have better CPU and disk performance, you could even gain performance today by having the database and the service separated.

Note

When looking at the overall performance in MIM, databases are the components to focus on!

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.14.130.24