Create the Project Vision and Define Scope
Applies To: Windows Server 2003 with SP1
Previous Sections in This Guide
Creating a vision statement helps the project team present a clear understanding of the goals and objectives for the MIIS 2003 deployment. Creating a vision statement includes these tasks:
Identifying the business opportunity.
Examining MIIS 2003 capabilities.
Analyzing preliminary solutions.
Documenting your vision statement.
Identifying the Business Opportunity
The first step of creating the Vision Statement is outlining the business opportunity. The business opportunity statement expresses the current situation in business language, not technical terms. It demonstrates that the project team understands the current environment of the stakeholders and the desired future state. It is important to document this in a Business Opportunity statement so that members of the project team and all others involved with the project have the same objectives as they move forward to the solution design.
Most organizations can identify several scenarios that might address different aspects of the business opportunity, including a number of data sources that could be synchronized using MIIS 2003. When you identify the business opportunity, also think about how the opportunity can affect system costs, improve operations, improve security, and improve quality control.
Examining MIIS 2003 Capabilities
Examine the capabilities of identity integration and management in MIIS 2003. You can do this by installing the product and reading the product documentation, or by reading the scenario walkthroughs. For more information about MIIS 2003, see the Microsoft Identity Integration Server 2003 Web site at http://go.microsoft.com/fwlink/?LinkId=18080.
Common enterprise-level identity management scenarios for MIIS 2003 are the following:
Synchronizing identity data between two or more fundamentally different data sources, such as two or more directory services.
Managing Active Directory user accounts from a single authoritative data source.
Creating group accounts that include member information and provisioning into Active Directory.
Synchronizing separate global address lists (GALs) and multiple Microsoft® Live Communications Server 2003 installations between Active Directory forests.
Managing passwords for numerous systems.
Identity data synchronization
You can use MIIS 2003 to synchronize identity data between multiple data sources. For example, an organization with users who have accounts in both Active Directory and Sun ONE Directory Server 5.1 can use MIIS 2003 to propagate changes made in one directory service to the other. You can choose to synchronize the accounts one way, so that only changes from one data source are accepted in the metaverse, or synchronize both ways, so that changes can come from either data source.
With account provisioning, you can use MIIS 2003 to manage Active Directory user accounts from a single authoritative data source. For example, you can use information from a human resources database to create accounts in Active Directory.
Group account management
You can use MIIS 2003 to create groups with membership information and then provision them into Active Directory. This is similar to account provisioning, with the addition of the group creation process. MIIS 2003 searches for attributes that you configure to determine group membership or exclusion.
For organizations with Exchange 2000 or Exchange 2003 in more than one Active Directory forest, MIIS 2003 can synchronize global address lists between the forests.
You can use MIIS 2003 to let users reset their own passwords. MIIS 2003 also provides a platform for developing password management applications.
Analyzing Preliminary Solutions
As the design team considers preliminary solutions, create a matrix to help you determine which solutions most closely match your business goals and deployment objectives. This is an iterative task and the results at each subsequent step should be recorded on this matrix. Create a separate matrix for each desired system state. For each preliminary solution, consider parameters like the following:
Impact on IT resources
Time to deploy the solution
Meeting goals and requirements
Include your matrixes in the solution proposal.
Table 1 uses the example scenario to illustrate how a typical matrix might look.
Table 1: Solutions Matrix Scenario Example
Two-way synchronization that uses 3 data sources
Multi-point processing of contact data nightly; new database
Enforce company-wide use
Documenting Your Vision Statement
The project’s vision statement forms the basis of further definition of project objectives and investigation.
In the example scenario, the vision statement states:
By using MIIS 2003, Fabrikam will achieve the following high-level solution:
Combine all relevant staff member details from multiple sources.
Remove the data conflicts by synchronizing key data across connected data sources.
Formalize a workflow/dataflow model that minimized administrative effort while enhancing security.
In addition to the vision statement, state any supporting objectives that correlate to business goals. Provide only enough details to support your project. At this level, you do not need to document the actual synchronization process. Instead, use what you have discovered during the high-level design process so far.
Figure 10 provides an example vision statement for the Fabrikam scenario
Record your vision statement and objectives on Worksheet 1: Vision Statement and Solution Objectives and include it in your solution proposal.
Initiating Your Identity Integration Project
Define the Project Structure
Start the Solution Proposal
Document Your Business Goals
Assess Your Current IT Infrastructure
Create the Project Vision and Define Scope
Assess Risks for an MIIS 2003 Project