Management Agents (MA)

Management Agents (MA) link specific connected data source to Forefront Identity Manager (FIM). The management agent is responsible for moving data from the connected data source and FIM. When data in FIM is modified, the management agents can also export the data out to the connected data source to keep the connected data source synchronized with the data in FIM. Generally, there is at least one management agent for each connected directory. FIM, Enterprise Edition, includes management agents for the following identity repositories:

  • Active Directory
  • Active Directory Application Mode (ADAM)
  • Attribute-value pair text files
  • Comma separated value files
  • Delimited text files
  • Directory Services Markup Language (DSML) 2.0
  • Exchange 5.5, Exchange 5.5 Bridgehead
  • Exchange 2000 and Exchange 2003 Global Address List (GAL) synchronization
  • Fixed-width text files
  • LDAP Directory Interchange Format (LDIF)
  • Lotus Notes/Domino 4.6/5.0/6.x
  • Novell NDS, eDirectory, DirXML
  • Sun/iPlanet/Netscape directory 4.x/5.x (with "changelog" support)
  • Microsoft SQL Server 2005, 2000, and 7
  • Microsoft Windows NT4 Domains
  • Oracle 8i/9i/10g
  • IBM Tivoli Directory Server
  • SAP 5.0 and 4.7
  • IBM Resource Access Control Facility
  • Computer Associates eTrust ACF2 and Computer Associates eTrust Top Secret
  • Informix, dBase, ODBC and OLE DB support via SQL Server Data Transformation Services

The FIM Connector Space (CS)

The FIM connector space (CS) is a storage area, or staging area, that is used by management agents to move data into and out of a connected data source. Each connected data source has its own logical area in the connector space, which is managed by its corresponding management agent.

The connector space is essentially a mirror of the related connected data source, with each object in the connected data source having a corresponding entry in the connector space. The connector space does not contain the connected directory object itself, but a subset of the object's attributes, as defined by the management agent.
The CS contains all of the attributes of interest from a connected directory, database or file. As this identity data is available in the CS, a company can easily explore this information without having to query the originating stores. This makes it easier to access the data and eliminates the need to program against the multiple stores where the identity information originated, especially where those stores are being used in production under well-defined work loads that would not benefit from ad hoc query activity. 

The Metaverse

The metaverse is a set of tables within FIM that contain the integrated ("joined") identity information from multiple connected sources. All identity information about a specific person, which is stored in multiple connected sources, is synthesized into a single entry in the metaverse.

When you run a management agent, changes that you made to objects in the connected data sources are written to the connector space, rules and disconnector filters are then applied, and the resulting data is then written to the metaverse (if import flow rules detect that this data should be written to the metaverse). The metaverse then sends those changes to the connector space of other connected directories that the object is synchronized with, and their respective management agents then propagate the changes to those connected directories based on the rules defined in the management agents for those connector spaces.

Custom Extensions

While most administrative tasks can be accomplished using FIM, administrators can customize the way management agents and the metaverse work by creating custom extensions. Custom extensions are created using a programming language such as Microsoft Visual Basic® .NET, Visual C++®.NET, or Visual C#® .NET. They are implemented as a Microsoft .NET Framework class library, or dynamic link library (DLL), and are stored in the extensions folder of the FIM root directory.

The following types of custom extensions are supported by FIM:

Rule Extension Description
Management Agent A management agent custom extension is applied to data as it flows to and from a connected data source to the connector space. Each management agent can have only one set of rules extension code built into a single assembly.
Metaverse A metaverse custom extension is applied to data as it is processed when something causes a change to a metaverse entry. The metaverse can have only one extension.