Product Information

Microsoft Identity Lifecycle Manager 2007 Frequently Asked Questions

Published: February 4, 2007 | Updated: January 29, 2008
**
Related Links
Download the 180-day Identity Lifecycle Manager 2007 Evaluation Edition
ILM 2007 Partners
Identity and Access
**
On This Page
Product Overview Product Overview
System Requirements System Requirements
How to Buy How to Buy
Upgrading from MIIS 2003 Upgrading from MIIS 2003
Management Agents Management Agents
Partners Partners
Identity Lifecycle Manager Roadmap Identity Lifecycle Manager Roadmap

Product Overview

Q. What is Microsoft Identity Lifecycle Manager (ILM) 2007?
A.

ILM 2007 is a solution that builds on the metadirectory and user provisioning capabilities in Microsoft Identity Integration Server 2003 (MIIS) and adds new capabilities for managing strong credentials such as smart cards, providing an integrated approach that pulls together metadirectory, digital certificate and password management, and user provisioning across Windows and other enterprise systems.

Q. What are the key features of ILM 2007?
A.

ILM 2007 brings together three key features:

(1) Identity synchronization. ILM 2007 synchronizes user accounts and attributes in all of those systems, including synchronization of passwords. Directory synchronization saves time and money that is currently spent on keeping data consistent and enforcing data ownership rules.

(2) User provisioning. ILM 2007 automatically creates user accounts, mailboxes, and other identity information in target systems in real-time so new employees are productive immediately, and also ensures that corporate resource access is instantly revoked for employees who leave the organization.

(3) Certificate management. ILM 2007 includes a workflow and policy-based solution that enables organizations to manage the lifecycle of digital certificates and smart cards. ILM 2007 significantly lowers the costs associated with digital certificates and smart cards by enabling organizations to more efficiently deploy, manage, and maintain a certificate-based infrastructure. It also streamlines the provisioning, configuration, and management of digital certificates and smart cards, while increasing security through strong, multifactor authentication technology.

Q. When will ILM 2007 be available?
A.

ILM 2007 is available today.

Q. How does ILM 2007 relate to MIIS 2003?
A.

ILM 2007 includes and enhances the functionality of MIIS 2003. By integrating the metadirectory and user provisioning features of MIIS 2003 with a management solution for strong credentials, ILM is a powerful solution for managing the entire identity life cycle of users and credentials.

Q. What is Certificate Lifecycle Manager?
A.

Certificate Lifecycle Manager (CLM) is a policy- and workflow-driven technology that helps organizations manage the lifecycle of digital certificates and smart cards. This technology is a key component of ILM 2007.

Q. How can I obtain Certificate Lifecycle Manager?
A.

Certificate Lifecycle Manager is part of ILM 2007. By acquiring ILM 2007 you will gain all of the features and technologies of CLM.

Q. How do I get started with ILM 2007?
A.

A 180-day ILM 2007 Evaluation Edition is available for you to explore how you can manage identities, certificates, and smart cards across your organization. The 180-day ILM 2007 evaluation software requires Microsoft Windows Server 2003 and Microsoft SQL Server 2005 or SQL Server 2000. Additional system requirements for the ILM 2007 Evaluation Edition are detailed in the System Requirements section later in this FAQ.

Q. What languages will ILM 2007 be available in?
A.

ILM 2007 is available in English, German, French, Spanish, Japanese, Chinese, Italian, Dutch, and Portuguese.

Q.
A.

System Requirements

Q. What other software is required to run ILM 2007?
A.

To run ILM 2007 as an evaluation version or in production, you need:

Required Software

Windows Server 2003

ILM 2007 requires Windows Server 2003, Enterprise Edition, and Windows Server 2003 client access licenses (CALs).
Visit the Windows Server 2003 Pricing and Licensing page for details.

SQL Server

ILM 2007 requires SQL Server 2005 or 2000, Enterprise or Standard Edition, Service Pack 3 (SP3).
Visit the SQL Server Pricing page for details.

Required Hardware

1 GHz processor or faster processor recommended; Pentium 4 recommended

512 MB of RAM or higher; 1 GB or more recommended

350 MB of available hard-disk space or more for the default installation. An additional 1 GB of available hard-disk space is recommended for the log file.

8 GB of available hard-disk space on the partition that contains the database files for ILM 2007 metadirectory services and user provisioning

CD-ROM or DVD-ROM drive

Super VGA (1024 x 768) or higher-resolution monitor recommended

Keyboard and mouse or compatible pointing device

At least one network interface card (NIC) is required. If a private network is used, the head node requires at least two NICs, and each compute node requires at least one NIC. Each node may also require a high-speed NIC for a Message Passing Interface (MPI) network.

Certificate and smart card management hardware requirements: CLM-compatible smart card(s) and smart card reader(s)

Detailed Software Requirements

Metadirectory services and user provisioning server requirements

Windows Server 2003 Enterprise Edition or Windows Server 2003 R2 Enterprise Edition

Microsoft .NET Framework 2.0

Microsoft SQL Server 2000 Enterprise Edition, Standard Edition, or Developer Edition with Service Pack 3a or later; or Microsoft SQL Server 2005 Enterprise Edition, Standard Edition, or Developer Edition (32-bit or 64-bit) with Service Pack 1 recommended

Certificate and smart card management server requirements

An Active Directory infrastructure with a domain controller

One (minimum) Windows Server 2003 Enterprise Edition certification authority (CA) installed as an Enterprise CA

The certificate and smart card management server component can be installed on a computer running: Windows Server 2003 Enterprise Edition with Service Pack 1 or later; or Windows Server 2003 Datacenter Edition with Service Pack 1 or later

Microsoft .NET Framework 2.0

Certificate and smart card management client requirements

Operating system (one of the following):

Windows XP Professional with Service Pack 2 or later

Windows 2000 Professional with Service Pack 4 or later

Web browser (one of the following):

Internet Explorer 6.x with Service Pack 1 or later

Internet Explorer 7.x

Vendor middleware (one of the following):

Microsoft Base Cryptographic Service Provider with vendor-specific mini-driver

Legacy cryptographic service provider (CSP) with PKCS11-compatible vendor middleware

Supported PKCS11-compatible card vendors

Axalto Access Client Software version 5.2

AET SafeSign Identity Client version 2.2

Aladdin eToken Runtime Environment version 3.65

Gemplus GemSafe version 4.2 service pack 3

Siemens HiPath SIcurity Card API version 3.1.026

Q. Can SQL Server run on the same server on which ILM 2007 is running?
A.

Yes, SQL Server may be run on the same server on which ILM 2007 is running. Typically, performance is enhanced when SQL Server and ILM 2007 run on the same server.

Q.Can the server-side certificate management components of ILM 2007 run on the same server as the ILM 2007 metadirectory and user provisioning components?
A.

Yes. All of the server-side components of ILM 2007 may run on the same server. However, depending on the security requirements on your environment and the processing required by your ILM 2007 server configuration, you may find it beneficial to run the components on different servers.

Q.
A.

How to Buy

Q. How do I obtain ILM 2007?
A.

ILM 2007 is available through Volume Licensing channels.

Q. How is ILM 2007 licensed?
A.

ILM 2007 is licensed on a Server plus User Client Access License (CAL) basis for production usage. For non-production usage, ILM 2007 is also available in a 180-day Evaluation Edition and as part of the MSDN subscription.

Q. How much does ILM 2007 cost?
A.

ILM 2007 production licenses are priced at $15,000 per server and $25 per user CAL. You must acquire and assign a user CAL for each person for whom Identity Lifecycle Manager 2007 issues or manages one or more digital certificates. Otherwise, you do not need user CALs only to access instances of the server software.

These prices are U.S. prices for the Open NL pricing level and may vary slightly by country and by reseller. This product is only available through volume licensing programs.

Q. When are CALs needed in ILM 2007?
A.

You must acquire and assign a user CAL for each user person for whom Identity Lifecycle Manager 2007 issues or manages one or more digital certificates. Otherwise, you do not need user CALs only to access instances of the server software. Furthermore, the only types of CALs available with ILM 2007 are user CALs. Device CALs are not available.

Q. Is there an external connector license available for ILM 2007?
A.

An ILM 2007 external connector is available for $18,000 per server

Q. If I already have MIIS processor licenses under software assurance, what rights do I have to ILM 2007?
A.

Many MIIS 2003 customers participate in the Software Assurance program, which entitles them, among other benefits, to future versions of MIIS. Future versions of MIIS are being rolled into ILM 2007. As a one-time exception in connection with this transition, we are granting Select, Enterprise, Open License, and Open Value customers with active Software Assurance for MIIS 2003 as of April 30, 2007:

One ILM 2007 server for each qualifying MIIS 2003 processor license with active Software Assurance the customer owns as of April 30, 2007.

ILM 2007 licenses granted under this offer will include Software Assurance coverage. That coverage will expire when the corresponding MIIS 2003 coverage expires. Upon expiration of that coverage, customers may renew their software Assurance on the ILM 2007 license. Customers must acquire ILM 2007 CALs separately.

Q. How do I license SQL Server for use with ILM 2007?
A.

Please consult the SQL Server licensing site for up-to-date information on how SQL Server is licensed, including answers to frequently asked questions.

Q. Do I need to purchase a new SQL Server license to run ILM 2007?
A.

No. You may use a copy of SQL Server that you have already licensed. ILM 2007 does not require a copy for its own exclusive use. It may be shared with other applications.

Q.
A.

Upgrading from MIIS 2003

Q. Is there an upgrade path from MIIS 2003 to ILM 2007?
A.

Setup for ILM 2007 is designed to perform upgrades where appropriate. For example, ILM 2007 Volume License can upgrade an existing MIIS 2003 installation, Identity Integration Feature Pack (IIFP), ILM 2007 Evaluation Edition, and ILM 2007 MSDN. IIFP cannot upgrade anything except a previous IIFP. ILM 2007 MSDN cannot upgrade anything except a previous MIIS 2003 MSDN, etc.

Below is a matrix that shows the upgrade paths available.

Upgrade paths for MIIS 2003, IIFP, and ILM 2007 Versions
Product Being Installed      

Preexisting Product

MIIS 2003 SP2

MIIS 2003 SP2
Web Upgrade

IIFP

ILM 2007

ILM 2007 MSDN

ILM 2007
Evaluation

MIIS

Yes

Yes

No

Yes

No

No

MIIS MSDN

Yes

No

No

Yes

Yes

No

MIIS Evaluation

Yes

No

No

Yes

No

No

IIFP

Yes

No

Yes

Yes

No

No

Q. What is the support lifecycle for MIIS 2003 and Identity Integration Feature Pack?
A.

Mainstream support for MIIS 2003 expires on October 14, 2008. IIFP mainstream support also expires on this date and follows the MIIS 2003 support lifecycle. The details of the MIIS 2003 product support lifecycle can be found at the Microsoft Support Lifecycle.

Q.
A.

Management Agents

Q. Which management agents or connectors are available with ILM 2007?
A.
Connectivity Capabilities of ILM 2007
Type of System Management Agents

Network operating systems and directory services

Microsoft Active Directory Windows Server 2003 R2, 2003, and 2000
Microsoft Active Directory Application Mode Windows Server 2003 R2 and 2003
Microsoft Windows NT 4.0
IBM Tivoli Directory Server
Novell eDirectory 8.6.2, 8.7, and 8.7.x
Sun Directory Server (Netscape/iPlanet/SunONE) 4.x and 5.x

Mainframe

IBM Resource Access Control Facility
Computer Associates eTrust ACF2
Computer Associates eTrust Top Secret
IBM iSeries security (IBM OS/400)

E-mail and messaging

Microsoft Exchange 2003, 2000, and 5.5
Lotus Notes 7.0, 6.x, 5.0, and 4.6

Applications

SAP 5.0 and 4.7
Telephone switches
XML-based systems
DSML-based systems

Databases

Microsoft SQL Server 2005, 2000, and 7
IBM DB2
Oracle 10g, 9i, and 8i

File-based1

Attribute value Pairs
CSV
Delimited
Fixed Width
Directory Services Markup Language (DSML) 2.0
LDAP Interchange Format (LDIF)

All other

Extensible Management Agent for connectivity to all other systems

1These file formats allow for integration with a variety of applications, databases, telephone switches, X.500 systems, and metadirectory products or underlying systems that can produce a file.
Q.
A.

Partners

Q. How can I learn more about ILM 2007 partners?
A.

Visit the Identity and Access Partner page to learn more about ILM 2007 partners.

Q. What smart card platforms are supported by ILM 2007?
A.

Smart card platforms are supported indirectly through the middleware used to interface to the card. The middleware controls which specific cards are supported by it. ILM 2007 supports two forms of middleware: BaseCSP and PKCS#11. Any BaseCSP smart card module that conforms to the BaseCSP specification is supported by ILM 2007. ILM 2007 support for PKCS#11 includes support for the following vendors:

1. Axalto Client Software (ACS) v 5.2

2. AET SafeSign v2.1

3. Aladdin eToken RTE 3.6

4. Gemplus GemSafe v4.2

5. Siemens HiPath SIcurity Card API v3.1.026

Q.
A.

Identity Lifecycle Manager Roadmap

Q. What is Identity Lifecycle Manager "2"?
A.

ILM "2" will extend the functionality of ILM 2007 with new capabilities that will:

1.

Empower people with integrated end-user self-service tools in Office and Windows.

2.

Put IT in control through a robust delegation model and business process framework.

3.

Improve operational efficiency by automating common identity lifecycle management tasks and empowering end users with self-help solutions.

In addition, Microsoft is implementing ILM "2" on a common set of services—including workflow, delegation, Web services APIs, and logging—that customers and independent software vendors can use to customize and extend the functionality in ILM "2".

Q. What are the key differences between ILM 2007 and ILM "2"?
A.

ILM "2" extends the functionality of ILM 2007 with new capabilities focused on empowering end users to manage aspects of their digital identities through tools they are comfortable with, such as Office and Windows. ILM "2" provides a series of solutions for management of users, access, credentials, and policies that empower end users with self-service while ensuring that IT is firmly in control. Microsoft is also implementing ILM "2" on a common set of services—including workflow, delegation, Web services APIs, and audit logs—that customers and ISVs can use to extend the core product functionality.

Q.
A.
Top of pageTop of page