In my previous post I gave a very brief overview of the different components of the Microsoft Identity Lifecycle Manager "2" product.  I provided an especially brief description of one of those components, the Microsoft Identity Lifecycle Manager Policy Service (ILM-PS).  I would like to take some time to follow up on that post and provide a deeper description of the ILM-PS at this time.  To do that let me start by taking a step back and discuss briefly some of the motivations behind adding this component in Microsoft Identity Lifecycle Manager "2".

Inclusion of the ILM-PS into the Microsoft Identity Lifecycle Manager "2" product is the realization of a concept that started with Microsoft Identity Lifecycle Manager 2007.  Prior to the release of Microsoft Identity Lifecycle Manager 2007, the Synchronization Engine component was the entirety of the product known as Microsoft Integrated Identity Server (MIIS).  At that time MIIS was, and still is, fantastic at what it does:  synchronize, provision, and deprovision data between heterogeneous data sources.  However, managing the lifecycle of this data was done externally through the external data stores.  In other words, the Synchronization Engine would only perform synchronization, provisioning, or deprovisioning actions when there was a data change in an external store to which it was connected through a Management Agent (MA).  Further, deploying and configuring of the Synchronization Engine was a complex task that often required contracting experts, especially if an enterprise's deployment required the authoring of custom one or more custom MAs.

With the release of Microsoft Identity Lifecycle Manager 2007 the Synchronization Engine is joined by the Certificate Lifecycle Manager (CLM).  The addition of CLM begins the inclusion of the ability to manage the lifecycle of data synchronized by the Synchronization Engine.  The deployment and configuration of the Synchronization Engine remains mostly the same; however, the integration point between the Synchronization Engine and CLM is improved with the inclusion of a custom MA that sits between the Synchronization Engine and the data store that backs the CLM.  This results in the ability for enterprises to use Microsoft Identity Lifecycle Manager 2007 as a complete solution for managing certificate related data.

With the release of Microsoft Identity Lifecycle Manager "2" the Synchronization Engine and Certificate Lifecycle Manager (CLM) are joined by Policy Service.  The Policy Service extends the initial step taken by the CLM to include the ability to manage the lifecycle of data synchronized by the Synchronization Engine into the Microsoft Identity Lifecycle Management product.  Like CLM, the data store backing the Policy Service is connected to the Synchronization Engine with a custom MA.  However, unlike CLM, the Policy Service does not manage one specific type of data.  More precisely, the Policy Service introduces a platform for managing the lifecycle of different types of data providing that data can be represented as a "Resource" within the Policy Service.

Continue At Source