BizTalk vs ILM ??

Hello,

As the AD 2003 and Exchange 2003/2007 Administrator I am in charge of
our new ILM server that we are building. However I have learned that
our Programmers recently installed a BizTalk server. If anyone can
help me learn the specific differences it would be greatly
appreciated. Here's our needs:

Automate the creation, modification and deletion of AD accounts,
Mailboxes, group membership, AD attributes, Home Directory folders
(creation and permission modification) based on data that is in our
Registrar's database (MS SQL 2000 and 2005). This also applies to
changing SQL code based on other things changing (which would affect
our programs which have SQL on the backend).

Account username and password synchronization - Single sign-on so that
passwords for various apps are changed if you change it in another
location.

Integrate custom scripts (VBS, Powershell, VB.NET, C++) if we want to
add these.

I learned that they understand Biztalk to be able to do all this and
yet while I'm reading about ILM i see that they're touting it as the
product to use for this as well.

If anyone could help explain the differences between the two products,
give advice about which to use, and point towards a resource that
helps explain this I would greatly appreciate it.

Regards,

BizTalk is a general purpose tool for orchestrating business processes.  An 
identity lifecycle is certainly a business process and much of the stuff to 
be automated could be implemented in BizTalk.  However, it isn't necessarily 
designed to do that out of the box, so you'd essentially be writing a bunch 
of code to put all this together and would have to get on top of the whole 
BizTalk thing to ensure that you designed your workflows appropriately.

ILM is a special purpose tool designed for doing identity lifecycle 
management.  The idea is more along the lines that the product has built in 
functionality to do most if not all of what you want to do, so it is more of 
a configuration exercise rather than a coding exercise.

ILM probably doesn't sound too interesting to your developers, and even if 
you need to do some custom dev for your ILM, that might not be as applicable 
to things they want to do in BizTalk, so it probably doesn't sound too cool. 
It is all .NET though, so it isn't so bad.  It is also almost certainly 
possible to make ILM talk to BizTalk if there was a reason to.

My guess is that you'll get more done faster in ILM and you'll end up 
creating a weak version of ILM in BizTalk much more slowly.  However, you 
might only end up buying one license and maybe it will come out in the wash. 
:)

Maybe you could try a quick pilot of both to see what you are getting into.

Joe K.

-- 
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"blake" <Blake.Whitney@gmail.com> wrote in message 
news:53661cc0-784c-4a5a-89d2-29fc934d632e@m62g2000hsb.googlegroups.com...
> Hello,
>
> As the AD 2003 and Exchange 2003/2007 Administrator I am in charge of
> our new ILM server that we are building. However I have learned that
> our Programmers recently installed a BizTalk server. If anyone can
> help me learn the specific differences it would be greatly
> appreciated. Here's our needs:
>
> Automate the creation, modification and deletion of AD accounts,
> Mailboxes, group membership, AD attributes, Home Directory folders
> (creation and permission modification) based on data that is in our
> Registrar's database (MS SQL 2000 and 2005). This also applies to
> changing SQL code based on other things changing (which would affect
> our programs which have SQL on the backend).
>
> Account username and password synchronization - Single sign-on so that
> passwords for various apps are changed if you change it in another
> location.
>
> Integrate custom scripts (VBS, Powershell, VB.NET, C++) if we want to
> add these.
>
> I learned that they understand Biztalk to be able to do all this and
> yet while I'm reading about ILM i see that they're touting it as the
> product to use for this as well.
>
> If anyone could help explain the differences between the two products,
> give advice about which to use, and point towards a resource that
> helps explain this I would greatly appreciate it.
>
> Regards,
>
> Blake 

Thanks Joe. Actually we already own both so $$ is not an issue here.
We own both for other projects.

Thanks for your insight. I'll be sure to bring it up when our
departments get together.

Blake

On Feb 7, 9:10 pm, "Joe Kaplan"
<joseph.e.kap...@removethis.accenture.com> wrote:
> BizTalkis a general purpose tool for orchestrating business processes.  An
> identity lifecycle is certainly a business process and much of the stuff
to
> be automated could be implemented inBizTalk.  However, it isn't
necessarily
> designed to do that out of the box, so you'd essentially be writing a
bunch
> of code to put all this together and would have to get on top of the
wholeBizTalkthing to ensure that you designed your workflows appropriately.
>
> ILMis a special purpose tool designed for doing identity lifecycle
> management.  The idea is more along the lines that the product has built
in
> functionality to do most if not all of what you want to do, so it is more
of
> a configuration exercise rather than a coding exercise.
>
> ILMprobably doesn't sound too interesting to your developers, and even if
> you need to do some custom dev for yourILM, that might not be as
applicable
> to things they want to do inBizTalk, so it probably doesn't sound too
cool.
> It is all .NET though, so it isn't so bad.  It is also almost certainly
> possible to makeILMtalk toBizTalkif there was a reason to.
>
> My guess is that you'll get more done faster inILMand you'll end up
> creating a weak version ofILMinBizTalkmuch more slowly.  However, you
> might only end up buying one license and maybe it will come out in the
wash.
> :)
>
> Maybe you could try a quick pilot of both to see what you are getting
into.
>
> Joe K.
>
> --
> Joe Kaplan-MS MVP Directory Services Programming
> Co-author of "The .NET Developer's Guide to Directory Services
Programming"http://www.directoryprogramming.net
> --"blake" <Blake.Whit...@gmail.com> wrote in message
>
> news:53661cc0-784c-4a5a-89d2-29fc934d632e@m62g2000hsb.googlegroups.com...
>
>
>
> > Hello,
>
> > As the AD 2003 and Exchange 2003/2007 Administrator I am in charge of
> > our newILMserver that we are building. However I have learned that
> > our Programmers recently installed aBizTalkserver. If anyone can
> > help me learn the specific differences it would be greatly
> > appreciated. Here's our needs:
>
> > Automate the creation, modification and deletion of AD accounts,
> > Mailboxes, group membership, AD attributes, Home Directory folders
> > (creation and permission modification) based on data that is in our
> > Registrar's database (MS SQL 2000 and 2005). This also applies to
> > changing SQL code based on other things changing (which would affect
> > our programs which have SQL on the backend).
>
> > Account username and password synchronization - Single sign-on so
that
> > passwords for various apps are changed if you change it in another
> > location.
>
> > Integrate custom scripts (VBS, Powershell, VB.NET, C++) if we want to
> > add these.
>
> > I learned that they understandBiztalkto be able to do all this and
> > yet while I'm reading aboutILMi see that they're touting it as the
> > product to use for this as well.
>
> > If anyone could help explain the differences between the two
products,
> > give advice about which to use, and point towards a resource that
> > helps explain this I would greatly appreciate it.
>
> > Regards,
>
> > Blake- Hide quoted text -
>
> - Show quoted text -

FWIW, I've definitely heard of organizations that decided to implement their 
identity lifecycle management automation using BizTalk instead of other 
options available and believed they had very valid reasons for doing the 
extra effort.  So, make sure you consider your individual circumstances and 
take what I say with a grain of salt.  I'd be very surprised if ILM isn't 
the better solution though.

One of the hardest things to deal with in AD is pwd sync to other systems. 
ILM has a good solution for this since they have a component that can catch 
pwd changes at the DC level and use that to sync back in.  Any solution that 
doesn't use a pattern like that is likely to fail as it probably requires 
that users can't change their own pwds in AD directly and need to use a 
specific tool like a website instead (which gets messy in a hurry).  To 
implement your own password change intercepter code on the DC is actually 
pretty tricky to get right, as the code runs in the LSA itself, so a tiny 
bug can destabilize your entire AD infrastructure.

Best of luck!

Joe K.

-- 
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"blake" <Blake.Whitney@gmail.com> wrote in message 
news:7821b56e-96d2-4069-99d6-0e1c4776ee88@l1g2000hsa.googlegroups.com...
Thanks Joe. Actually we already own both so $$ is not an issue here.
We own both for other projects.

Thanks for your insight. I'll be sure to bring it up when our
departments get together.

Blake

On Feb 7, 9:10 pm, "Joe Kaplan"
<joseph.e.kap...@removethis.accenture.com> wrote:
> BizTalkis a general purpose tool for orchestrating business processes. An
> identity lifecycle is certainly a business process and much of the stuff 
> to
> be automated could be implemented inBizTalk. However, it isn't necessarily
> designed to do that out of the box, so you'd essentially be writing a 
> bunch
> of code to put all this together and would have to get on top of the 
> wholeBizTalkthing to ensure that you designed your workflows 
> appropriately.
>
> ILMis a special purpose tool designed for doing identity lifecycle
> management. The idea is more along the lines that the product has built in
> functionality to do most if not all of what you want to do, so it is more 
> of
> a configuration exercise rather than a coding exercise.
>
> ILMprobably doesn't sound too interesting to your developers, and even if
> you need to do some custom dev for yourILM, that might not be as 
> applicable
> to things they want to do inBizTalk, so it probably doesn't sound too 
> cool.
> It is all .NET though, so it isn't so bad. It is also almost certainly
> possible to makeILMtalk toBizTalkif there was a reason to.
>
> My guess is that you'll get more done faster inILMand you'll end up
> creating a weak version ofILMinBizTalkmuch more slowly. However, you
> might only end up buying one license and maybe it will come out in the 
> wash.
> :)
>
> Maybe you could try a quick pilot of both to see what you are getting 
> into.
>
> Joe K.
>
> --
> Joe Kaplan-MS MVP Directory Services Programming
> Co-author of "The .NET Developer's Guide to Directory Services 
> Programming"http://www.directoryprogramming.net
> --"blake" <Blake.Whit...@gmail.com> wrote in message
>
> news:53661cc0-784c-4a5a-89d2-29fc934d632e@m62g2000hsb.googlegroups.com...
>
>
>
> > Hello,
>
> > As the AD 2003 and Exchange 2003/2007 Administrator I am in charge of
> > our newILMserver that we are building. However I have learned that
> > our Programmers recently installed aBizTalkserver. If anyone can
> > help me learn the specific differences it would be greatly
> > appreciated. Here's our needs:
>
> > Automate the creation, modification and deletion of AD accounts,
> > Mailboxes, group membership, AD attributes, Home Directory folders
> > (creation and permission modification) based on data that is in our
> > Registrar's database (MS SQL 2000 and 2005). This also applies to
> > changing SQL code based on other things changing (which would affect
> > our programs which have SQL on the backend).
>
> > Account username and password synchronization - Single sign-on so
that
> > passwords for various apps are changed if you change it in another
> > location.
>
> > Integrate custom scripts (VBS, Powershell, VB.NET, C++) if we want to
> > add these.
>
> > I learned that they understandBiztalkto be able to do all this and
> > yet while I'm reading aboutILMi see that they're touting it as the
> > product to use for this as well.
>
> > If anyone could help explain the differences between the two
products,
> > give advice about which to use, and point towards a resource that
> > helps explain this I would greatly appreciate it.
>
> > Regards,
>
> > Blake- Hide quoted text -
>
> - Show quoted text -