Microsoft Takes Leap Into Identity Management Market

Microsoft Identity Integration Server 2003 Enterprise Edition, which was released to manufacturing on Wednesday, is based on the Microsoft Metadirectory Services (MMS) but has been rearchitected as a full identity and access management solution, said Michael Stephenson, lead product manager in the Windows Server Division.

It will be available to the channel in August, the Microsoft executive said.

CRN first reported news about the Microsoft identity and access management solution last April, when it was known under the working name of Microsoft Identity Server. The final name, Microsoft Identity Integration Server 2003, was revealed this week.

The solution not only solves an administration nightmare but enables more e-business transactions and helps manage security risks, the Microsoft executive said.

"MIIS is about keeping identity information spread out through different repositories in sync, and it has a single view of that user. It helps corporations keep accounts synchronized," said Stephenson. "This is not just an IT issue anymore. It's at the business decision-maker level. They want to cut operational costs and increase efficiencies. On average, a corporation has 68 user account directories and 12 external [data sources] where users are stored. It's very expensive to manage that infrastructure."

With the launch this summer, Microsoft is entering a territory dominated by specialized ISVs such as Business Layers and Waveset, as well as competitors Novell, IBM and Sun Microsystems, each which already ship robust identity and access management platforms.

Novell's dirXML, eDirectory and combined NSure Resources solutions are highly regarded identity and access management solutions, but it's clear the entry of Microsoft has stimulated a battle in the emerging identity management space.

"We are getting awfully tired of teaching Microsoft how to build software solutions," quipped Novell Vice Chairman Chris Stone. "Maybe someday they'll actually lead like Novell, not follow."

Microsoft channel partners said Microsoft's product is a major improvement over the existing MMS 2.0 services because it offers enhanced directory and database synchronization capabilities, new provisioning and password management features and one-step workflow features for defining rules.

The platform can automatically provision and de-provision user accounts and passwords based on rules defined by an administrator. Administrators can create automated management and provisioning processes by checking off boxes. The single-step workflow technology developed by Microsoft allows a user account that has been added to a human resources system to be automatically provisioned for access to other data sources.

As part of the release schedule, Microsoft will ship a Microsoft-only lightweight version for its Windows Server 2003 customers and a full-fledged version for mixed environments, Stephenson said.

The free Identity Integration Feature Pack for Windows Server Active Directory is solely for Active Directory (Windows 2000 Server or Windows Server 2003) and Exchange 2000/2003. It does not support NT Domain (SAM) integration. The enterprise edition is required for this capability.

The full-featured Microsoft Identity Integration Server 2003 Enterprise Edition offers 17 connectors for competitive offerings, among them Novell eDirectory, Sun ONE Directory Server, IBM DB2 and Lotus Notes, and is priced at $24,999 per processor.

Stephenson acknowledged it's a big up-front cost but claimed that the fixed price will ultimately offer cost and management advantages over the per-object pricing model of other identity and access management solutions. He agreed that the solution will likely be used to manage user identities, not applications, this go-round and that it lacks single-sign-on capabilities.

Channel partners said the new solution is a major improvement over the metadirectory services purchased from Zoom-IT in 1999.

"It is a total rewrite from the previous version and incorporates things like Visual Studio into it and some of the features of Windows 2003," said Alexis Bor, president of Directory Works, a consulting firm in Celebration, Fla., that specializes in building Microsoft metadirectory solutions. "It is really a great improvement over the previous version."

Ted Dinsmore, president of Conchango, a Microsoft solution provider in New York, said MIIS is going to be a lifesaver, especially with increased merger and consolidation activity and the increase in e-business traffic. He also said it is more stable and full-featured than the current Microsoft Metadirectory Services 2.0.

"This is MMS 3.0. Every one of our clients and every corporation in last six months has had this problem," Dinsmore said. "It's a nightmare to manage identities, especially if you have Lotus Notes, Active Directory, a Plumtree Portal and SAP running. It costs organizations thousands of dollars to create and manage user IDs. When you add 500 users to a network, with MIIS, it has rules that propagate the information to all systems, instead of doing it manually."

Microsoft expects the solution will be used in enterprise deployments and will offer training to both systems integrators and midmarket solution providers. To aid with that, the software company created the Microsoft Identity Management Solution Accelerator in conjunction with systems integrator partner PricewaterhouseCoopers that offers planning and implementation guidance for an identity management infrastructure. It is available at no charge.

As part of the announcement, Microsoft also announced the release of Directory Services Markup Language 2.0, a free tool that allows developers to represent directory information in XML and to interoperate with other DSML-enabled directories.

Sun and Novell blasted Microsoft's offering as entry level and questioned how well the company will support other emerging directory standards.

"Microsoft is playing catch-up in the identity management space both in terms of product feature/function and market share," said John Fanelli, senior director of product marketing for Network Identity, Communications and Portal Products at Sun, who claimed that Sun is a leader in the identity management space, anchored by the Sun ONE Directory Server with more than 2 Billion entries.

He said he hopes Microsoft will adhere to standards to enhance future interoperability efforts. "I am encouraged by their support of open standards, although via partnerships, such as SPML [a provisioning standard] and hope that Microsoft sees the value in interoperability by supporting existing standards as expressed by standards bodies such as OASIS and Liberty Alliance, rather than trying to create their own at a disservice to enterprise customers," Fanelli said.

The first public demonstration of the OASIS Service Provisioning Markup Language Specification v1.0 will be held July 9 at Catalyst Conference in San Francisco. SPML is an XML-based framework for exchanging and administering user access rights and resource information across heterogeneous environments, according to Oasis.