Installing and Configuring FIM CM Infrastructure

Applies To: Forefront Identity Manager 2010, Forefront Identity Manager Certificate Management

Microsoft® Forefront Identity Manager Certificate Management (FIM CM) is an identity-assurance management system that maximizes the trust and flexibility that is associated with digital certificates and smart cards. The following list describes the basic characteristics of what FIM CM provides. FIM CM installation

• can manage multiple Windows Server 2003, Windows Server® 2008, and Windows Server® 2008 R2 Certification Authority (CA) servers or multiple FIM CM servers can be used to manage a single CA.

• can act as an administrative proxy to the CAs, and it provides a Web-based user interface (UI) (the FIM CM Portal) for FIM CM.

• stores workflow and audit information in a SQL Server database that is accessed by the FIM CM server and the CA modules in FIM CM. This database is known as the FIM CM database.

• is integrated with Active Directory® Domain Services (AD DS) and Active Directory Certificate Services (AD CS). FIM CM stores profile template configuration information in AD DS.

To watch a video about deploying FIM CM, see TechEd Online Video SIA307.

For an overview of FIM 2010 documentation and guidance for using it, see the Documentation Roadmap.

Audience

This document is intended for information technology (IT) planners, systems administrators, system architects, technology decision-makers, consultants, infrastructure planners, and IT personnel.

Prerequisite Knowledge

This document assumes that you have the following prerequisite skills and knowledge:

1. Ability to perform software installation tasks on both server and client computers

2. Ability to configure the TCP/IP settings for computers to be installed on the organization’s network segments.

3. Administrator-level knowledge and experience with Active Directory® Domain Services (AD DS), Microsoft Internet Information Services (IIS), and Microsoft SQL Server® 2008 database software

4. Understanding of Public Key Infrastructure (PKI) concepts and the ability to make appropriate design decisions related to your organization’s PKI.

A description of how to set up and configure dependent technologies such as AD DS, AD CS, and SQL Server 2008 is not within the scope of this document.

Warning

1. If you are only investigating FIM CM and you want to understand basic setup and configuration, see Test Lab Guide: Demonstrate FIM CM 2010 (https://go.microsoft.com/fwlink/?LinkId=205802).
   
   
2. Before installing AD CS or any other CA, be sure you understand the broad implications of setting up PKI for your organization. To get started learning about PKI in general, see Public Key Infrastructure (https://go.microsoft.com/fwlink/?LinkId=205803).
   
   

Time Requirements

The procedures in this document take about 240 minutes to complete depending on your environment. However, carefully considering your FIM CM deployment is more likely something done over a period of weeks, if not longer, depending on the size and complexity your FIM CM deployment.

What This Guide Covers

If you are completely new to this technology, you should first create a test lab as described in Test Lab Guide: Demonstrating FIM CM 2010 (https://go.microsoft.com/fwlink/?LinkID=205802). The following sections describe how to install and configure the FIM CM server:

• Installation Requirements

• Preparing for FIM CM Server Installation

• Installing the FIM CM Server

• Installing the FIM CM CA Files

• Configuring FIM CM

• Configuring the CA for FIM CM

• Configuring FIM CM Groups, Templates, and Permissions

Previous topic

Deployment

Next topic

Installation Requirements

See Also

Concepts

Installing and Configuring FIM CM for Smart Cards
How to Import an External Certificate
How to Set Up FIM CM Behind a Network Load Balancing (NLB) cluster

Other Resources

FIM CM 2010 FAQ
FIM User Forum