Test Lab Guide: Installing Forefront Identity Manager 2010

  • Article

Applies To: Forefront Identity Manager 2010

Authored By: Bill Mathers

A downloadable version of this document is available at Test Lab Guide: Forefront Identity Manger 2010 (https://go.microsoft.com/fwlink/?LinkID=205228).

Microsoft® Forefront® Identity Manager (FIM) 2010 changes the current state of identity management by providing powerful end user self-service capabilities. IT pros are also given more tools to solve day-to-day tasks, such as delegating administration and creating workflows for common identity management tasks. In addition, FIM 2010 is built on a .NET and WS-* based foundation for developers to build more customized and extensible solutions.

Microsoft Forefront Identity Manager 2010 helps IT pros achieve new levels of reliability with greater flexibility, enhanced user experiences, and increased protection for business communications by doing the following:

  • Empowering people:

    • With FIM 2010 end-users can easily perform self-service tasks, such as group and distribution list management with self-help tools integrated into a Microsoft SharePoint® based console as well as directly in Microsoft Office Outlook®.

    • FIM 2010 provides IT professionals with the tools they need to manage identities through a SharePoint-based policy and workflow management console.

    • Developers have access to extensibility features through extensive public APIs.

  • Delivering agility and efficiency:

    • FIM 2010 integrates an enterprises' heterogeneous infrastructure, including directories, databases, and line-of-business applications.

    • FIM 2010 enables management of heterogeneous strong-authentication systems, such as third-party certificate authorities.

  • Increasing security and compliance:

    • FIM 2010 provides management features that enable system auditing and compliance. By integrating the tools IT pros use to manage identities, credentials, and resources, FIM 2010 helps organizations integrate policies across the organization and secure the enterprise.

    • Integrated management tools allow organizations to better enjoy the security benefits of strong authentication.

In This Guide

This guide contains instructions for setting up a test lab based on the Forefront Identity Manager 2010 Test Lab Guide and deploying Forefront Identity Manager 2010 using one new server computer, two preexisting server computers, and one preexisting client computer. The resulting Forefront Identity Manager 2010 test lab demonstrates and verifies installation. Future test lab guides will demonstrate the powerful functionalities of FIM 2010.

Important

The following instructions are for configuring a Forefront Identity Manager 2010 test lab using a scaled-out deployment. That is, the FIM Portal and the FIM database will not be residing on the same server. Individual computers are needed to separate the services provided on the network and to clearly show the desired functionality. This configuration is neither designed to reflect best practices nor does it reflect a desired or recommended configuration for a production network. The configuration, including IP addresses and all other configuration parameters, is designed only to work on a separate test lab network. Attempting to adapt this Forefront Identity Manager 2010 test lab configuration to a pilot or production deployment can result in configuration or functionality issues. To ensure proper configuration and operation for your pilot or production Forefront Identity Manager 2010 deployment, use the information in Planning and Architecture (https://go.microsoft.com/fwlink/?LinkId=204576) for planning and design decisions and Deployment (https://go.microsoft.com/fwlink/?LinkId=204575) for the steps to properly configure the Forefront Identity Manager 2010 and supporting infrastructure servers.

Test Lab Overview

In this test lab, Forefront Identity Manager 2010 is deployed with:

  • One computer running the FIM Synchronization Service and FIM Portal named FIM1. FIM1 uses the Windows Server® 2008 R2 Enterprise Edition operating system.

  • One preexisting server running SQL Server® 2008 Enterprise with Service Pack 2, named APP1.

  • One preexisting server running Microsoft Exchange Server 2010 with Service Pack 1, named EX1.

The Forefront Identity Manager test lab uses the following subnet:

  • The intranet established by the Base Configuration Test Lab Guide, referred to as the Corpnet subnet (10.0.0.0/24).

Computers on each subnet connect using a hub or switch. See the following figure.

FIM Test Lab Guide Architecture

This test lab will guide you through the Forefront Identity Manager 2010 installation process. The purpose of this test lab is to allow for the creation of a basic test lab environment that consists of Forefront Identity Manager 2010. This test lab guide can be used as a building block for additional test lab guides that demonstrate increased functionality or additional features of Forefront Identity Manager 2010.

Hardware and Software Requirements

The following are required components of the test lab:

  • The product disc or files for Windows Server 2008 R2 Enterprise Edition.

  • The product disc or files for Exchange Server 2010 with Service Pack 1.

  • The product disc or files for SQL Server 2008 Enterprise .

  • The product disc or files for Microsoft SQL Server 2008 Enterprise Service Pack 2 64-bit.

  • The product disc or files for Windows SharePoint Services 3.0 with Service Pack 2.

  • The product disc or files for Forefront Identity Manager 2010.

  • The files for Forefront Identity Manager 2010 Synchronization Service Update (KB978864).

  • The files for Forefront Identity Manager 2010 Service and Portal Update (KB978864).

  • The files for Microsoft SQL Server 2008 Feature Pack, April 2009 - Microsoft SQL Server 2008 Native Client.

The following table provides a summary of the Microsoft software that is used in this guide.

Software

Additional information

Microsoft Exchange Server 2010 with Service Pack 1 – 64-bit

Microsoft Exchange Server 2010 with Service Pack 1 (https://go.microsoft.com/fwlink/?LinkId=202857).

Microsoft SQL Server 2008 Enterprise – 64-bit

Microsoft SQL Server 2008 Enterprise (https://go.microsoft.com/fwlink/?LinkId=207697).

Microsoft SQL Server 2008 Enterprise Service Pack 2 – SQLServer2008SP2-KB2285068-x64-ENU.exe

SQLServer2008SP2-KB2285068-x64-ENU.exe(https://go.microsoft.com/fwlink/?LinkId=207700)

Windows SharePoint Services 3.0 with Service Pack 2

Windows SharePoint Service 3.0 with Service Pack 2 (https://www.microsoft.com/download/en/details.aspx?id=5719).

Forefront Identity Manager 2010

Forefront Identity Manager 2010 (https://go.microsoft.com/fwlink/?LinkId=204577).

Forefront Identity Manager 2010 Synchronization Service Update (KB978864)

This is a recommended update for the RTM of Forefront Identity Manager 2010. This release provides additional product fixes since the last update release. (https://go.microsoft.com/fwlink/?LinkId=204578)

Forefront Identity Manager 2010 Service and Portal Update 2 (KB2635086)

This is a recommended update for RTM and Update 1 of Forefront Identity Manager 2010. This release provides all fixes included in Update 1 and additional product fixes since the last update release. (https://support.microsoft.com/kb/2635086)

Microsoft SQL Server 2008 Feature Pack, April 2009 - Microsoft SQL Server 2008 Native Client

Microsoft SQL Server 2008 Native Client (SQL Server Native Client) (https://go.microsoft.com/fwlink/?LinkId=204702) is a single dynamic-link library (DLL) containing both the SQL OLE DB provider and SQL ODBC driver. It contains run-time support for applications using native-code APIs (ODBC, OLE DB, and ADO) to connect to Microsoft SQL Server 2000, 2005, or 2008. SQL Server Native Client should be used to create new applications or enhance existing applications that need to take advantage of new SQL Server 2008 features. This redistributable installer for SQL Server Native Client installs the client components needed during run time to take advantage of new SQL Server 2008 features, and optionally installs the header files needed to develop an application that uses the SQL Server Native Client API.

Steps for Configuring the Forefront Identity Manager 2010 Test Lab

There are nine steps to follow when setting up the Forefront Identity Manager 2010 test lab based on the Forefront Identity Manager 2010 Test Lab Guide.

  • Step 1: Set up the Base Configuration—The Base Configuration is the core of all Test Lab Guide scenarios. The first step is to complete the Base Configuration.

  • Step 2: Set up the Exchange Server 2010 with Service Pack 1 Test Lab Guide (TLG)—The second step is to complete the Exchange Server 2010 with Service Pack 1 test lab guide. This provides Active Directory® attributes and e-mail functionality for the FIM Service account.

  • Step 3: Set up the SQL Server 2008 Enterprise with Service Pack 2 TLG—The third step is to complete the SQL Server 2008 Enterprise with Service Pack 2 test lab guide. This provides the database server for your FIM installation.

  • Step 4: Configure FIM1—The fourth step includes installing the operating system, and then configuring and joining FIM1 to the domain.

  • Step 5: Install FIM 2010 Prerequisite Software—The fifth step walks you through installing prerequisite software.

  • Step 6: Perform FIM 2010 Prerequisites Tasks—The sixth step includes performing prerequisite tasks.

  • Step 7: Install FIM 2010 Synchronization Service and FIM Portal—The seventh step includes performing installation tasks.

  • Step 8: Perform FIM 2010 Post-Installation Tasks— The eighth step includes performing post installation tasks

  • Step 9: Verify the Installation— The ninth step includes verifying the installation was successful

This guide provides steps for configuring the computers of the Forefront Identity Manager 2010 test lab. The following sections provide details about how to perform these tasks.

Test Lab Guide Specific Information and Instructions

The following section is a list of additional information on configuring the test lab. It also includes items that may be omitted from the test lab guides that this test lab builds upon. This is to allow for quicker deployment.

  • The Base Configuration TLG—EDGE1 and INET1 are not required. The steps requiring setup and configuration may be excluded from the setup of the base configuration.

  • The Exchange Server 2010 with Service Pack 1 TLG— EX1 is not required but a valid mail attribute is required for the FIMService account. A work around is to populate the mail attribute using ADSIEDIT. Please note that future test lab guides that demonstrate workflow and notification will probably use an Exchange server.

  • The SQL Server 2008 with SP 2 TLG—The SQL Server 2008 R2 TLG may be substituted for this TLG. SQL Server 2008 R2 is now fully supported with FIM 2010.

This guide provides steps for configuring the computers of the Forefront Identity Manager 2010 test lab. The following sections provide details about how to perform these tasks.