Installing and Configuring FIM CM Infrastructure
Applies To: Forefront Identity Manager 2010, Forefront Identity Manager Certificate Management
Microsoft® Forefront Identity Manager Certificate Management (FIM CM) is an identity-assurance management system that maximizes the trust and flexibility that is associated with digital certificates and smart cards. The following list describes the basic characteristics of what FIM CM provides. FIM CM installation
can manage multiple Windows Server 2003, Windows Server® 2008, and Windows Server® 2008 R2 Certification Authority (CA) servers or multiple FIM CM servers can be used to manage a single CA.
can act as an administrative proxy to the CAs, and it provides a Web-based user interface (UI) (the FIM CM Portal) for FIM CM.
stores workflow and audit information in a SQL Server database that is accessed by the FIM CM server and the CA modules in FIM CM. This database is known as the FIM CM database.
is integrated with Active Directory® Domain Services (AD DS) and Active Directory Certificate Services (AD CS). FIM CM stores profile template configuration information in AD DS.
To watch a video about deploying FIM CM, see TechEd Online Video SIA307.
For an overview of FIM 2010 documentation and guidance for using it, see the Documentation Roadmap.
This document is intended for information technology (IT) planners, systems administrators, system architects, technology decision-makers, consultants, infrastructure planners, and IT personnel.
This document assumes that you have the following prerequisite skills and knowledge:
Ability to perform software installation tasks on both server and client computers
Ability to configure the TCP/IP settings for computers to be installed on the organization’s network segments.
Administrator-level knowledge and experience with Active Directory® Domain Services (AD DS), Microsoft Internet Information Services (IIS), and Microsoft SQL Server® 2008 database software
Understanding of Public Key Infrastructure (PKI) concepts and the ability to make appropriate design decisions related to your organization’s PKI.
A description of how to set up and configure dependent technologies such as AD DS, AD CS, and SQL Server 2008 is not within the scope of this document.
- If you are only investigating FIM CM and you want to understand basic setup and configuration, see Test Lab Guide: Demonstrate FIM CM 2010 (http://go.microsoft.com/fwlink/?LinkId=205802).
- Before installing AD CS or any other CA, be sure you understand the broad implications of setting up PKI for your organization. To get started learning about PKI in general, see Public Key Infrastructure (http://go.microsoft.com/fwlink/?LinkId=205803).
The procedures in this document take about 240 minutes to complete depending on your environment. However, carefully considering your FIM CM deployment is more likely something done over a period of weeks, if not longer, depending on the size and complexity your FIM CM deployment.
What This Guide Covers
If you are completely new to this technology, you should first create a test lab as described in Test Lab Guide: Demonstrating FIM CM 2010 (http://go.microsoft.com/fwlink/?LinkID=205802). The following sections describe how to install and configure the FIM CM server: