Metaverse Router
Summary
Metaverse Router makes it easier for MIIS, ILM, FIM Sync engine administrators to manage multiple provisioning modules, turn on/off provisioning without modifying configuration, turn/off certain modules without re-compiling, allows to specify execution order. C# project
Overview
In traditional configuration MIIS, ILM, FIM Sync Engine allows for only one "scripted" provisioning module.
Whenever Sync Engine provisioning rules are increasing in complexity and more importantly in the number of target connected data sources it have to work with an administrator/programmer is facing difficult task of extending single DLL with code snipes that will provision new entries to completely dissimilar environments. For example single module would provision objects to an Active Directory, as well as to the SQL database as well as to Lotus Notes and to any other kind of directories.
Having to deal with this architecture is rather difficult from support and test stand point. Technically any modification to any business logic within the single module, regardless of the target provisioning data-source, will (or should) trigger full regression testing of provisioning to ALL data-sources; needless to say that this practice is costly from resource/time stand-point.
Another problem posed by "monolithic" provisioning code is creation of "spaghetti" code which is difficult to understand and troubleshoot/extend in the future.
Metaverse Router provides an answer to this dilemma. Microsoft provided the concept of the "Router" within "technical reference" to MIIS/ILM/FIM Sync Engine. However technical reference "Router" relies on the name convention of the files places into "extension" folder, which is not very practical/convenient way of managing multiple provisioning modules.
This Metaverse Router provides administrators with capability of creation of multiple provisioning assemblies/DLLs. It uses an XML configuration file that allows to:
- Enable or disable individual module without physical deletion of the assembly from "extensions" folder
- Specification of particular order provisioning assemblies should be executed
- An ability to turn on and off provisioning without modifying server configuration and therefore triggering request for the full re-synchronization
Installation
Metaverse Router is packaged into MSI module which will install all dependent components onto MIIS, ILM, FIM host server
Simply follow
Setup Wizard to install the
Metaverse Router
Configuration
Once installed router needs to be configured by an administrator
Sync Engine Modifications
Administrator will need to replace an existing reference to provisioning module with a new reference to the
Metaverse Router DLL that will be placed in the \Extensions folder by an installer.
After installation of
Metaverse Router you'll need to start "Identity Manager". Click on Tools-Options (Ctrl-Shift-O); Ensure that "Enable Metaverse rules extension" is checked, ensure that "Enable Provisioning Rule Extension" is checked, select "MetaverseRouter.dll" in "Rules extension name".
XML Configuration file modifications
An XML file along with XSD (XML schema) file will be placed in to \MaData folder by an installer. Location of configuration files outside of
\Extensions folder allows you to modify (including full or partial disablement) provisioning configuration without causing a need for full re-synchronization which would happen when any change to any file happens in
\Extensions folder.
Use your preferred XML editor for modifications of configuration file
\Extensions\MetaverseRouter.xml ;
Enabling and disabling provisioning without need for re-synchronization
Although
Metaverse Router allows an administrator to bypass a requirement for full re-synchronization after disabling/re-enabling provisioning you should use your best judgment when using Metaverse Router for manipulation of provisioning state, as it is conceivable that under certain conditions Synchronization Engine could be configured in the way that it might require full re-synchronization to achieve state of convergence. To change provisioning state globally, as of fully prevent all provisioning modules from execution, you should use
"modules"'s node Boolean attribute named
enabled; Setting
enabled to
"false" will disable execution of all modules that are specified in the
MetaverseRouter.xml configuration file regardless of their individual "enablement" state.
Adding and Removing individual provisioning
To add or remove an additional provisioning module into the
Metaverse Router administrator should add a
"module" node into
MetaverseRouter.xml configuration file as a child node of
modules root node.
module node contains three attributes that you must contain values:
*name: contains full path and file name on the dynamic library assembly (.dll) implementing IMVSynchronization
provisioning interface
*index: a numerical value representing order in which specified module should be executed.
Note that index of each individual
"module" node should be unique. Failure to assign unique index to each module node will result in the failure to execute any provisioning code
Note that physical location/order of the
"module" node is not important for the order of execution; the order is determined by
"index" attribute.
*enabled: a Boolean value representing whether given module has been enabled or disabled
Note
Every change made to configuration file will require restart of the Sync Engine Service. To do so you could use an MMC "Services" snap-in or command line "NET STOP|START MIISERVER| FIMSynchronizationService"