Planning #FIM2010 Security & Best Practices

While supporting supporting FIM customers to assess their FIM environment and helping them to maintain their FIM configuration, 2 discussion topics are alltime favorites: FIM Security and FIM best practices.

For ease of use I’ve been collecting this information in some articles.
Below you’ll find the short links for ease of use:

As you might see, there is still a lot of room for improvement, so I invite you to update the article where you think information is missing.

When discussing a basic FIM setup (using FIM Sync and FIM Service + Portal) a common diagram being drawn is the one below.
It does not discuss the other FIM add-ons (like FIMCM, BHOLD or reporting) but still it’s a useful and very visual guidance for planning you security.

Main purpose is to explain that the initial security setup for your FIM

  • DOES require a collection of security accounts and groups to segregate duties (so installing FIM with one single account, used for all FIM functions and accounts is a very bad idea.)
  • ONLY needs 1 core administrator account with administrator access to the FIM server’s local security
  • DOES NOT require services or technical accounts with local or domain admin rights (except 1, the FIM Installer account)

FIM Security


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s