Course History and Future Events
This is a technical hands-on lab with open Q&A. This course assumes you are already familiar with Microsoft Identity Manager 2016 (MIM) and have attended the initial A801 course.
HyperSync replaces or enhances the MIM sync engine solution. When coupled with SoftwareIDM Service Panel, HyperSync replaces and improves what is offered with MIM Sync and the MIM Portal. Managed, programmed, tested, and operated from within the Identity Panel web interface, HyperSync is true SaaS application running natively on Azure App Services, with the option of running on premises. What is compelling when considering HyperSync, is its on-premises Panel Service component that empowers Azure to manage on-premises sources and targets. For those not ready for the cloud-based sync engine, HyperSync also can be installed and operated as on-premises software, much as MIM is operated today.
This course is for the identity solution developer who is planning or participating in a HyperSync implementation as a replacement for Microsoft Identity Manager (MIM), or to fix or enhance an existing MIM. The focus is on migrating MIM to Identity Panel's HyperSync and Service Panel, including coding. Although the focus of this course is solution development, much of the material is useful for those who would like to understand HyperSync in-depth. This course prepares the candidate for the phased replacement of an existing solution (in this case MIM).
Who Should Attend
- Those want to attend A902 to learn the latest Patterns and Practices for migrating from MIM or implementing a new HyperSync solution.
- Those wanting to understand more about the work effort involved in the migration process, the degree to which it can be automated, and the subsequent process required to take it to Production.
- Consulting firms, independent consultants, and internal IT staff responsible for a successful implementation or expansion of a HyperSync deployment.
What you will learn
- How to generate an initial HyperSync baseline configuration for any MIM solution to be migrated.
- How HyperSync can co-exist with your MIM solution before, during and after the migration process.
- How sync solutions for Identity Panel transition to be fully implemented with HyperSync Panel.
- Understand how HyperSync complements, enhances and then fully replaces MIM sync in an Identity Panel configuration.
- Must have attended A850 - Rule Engine Language & Report Writing.
- Own a subscription to the Knowledge Package for Developers or the Knowledge Package for Administrators or considering consulting on the Identity Panel Suite.
- Have experience writing SQL queries or using any language including PowerShell or MIM Portal Rules.
- Be a level 2 engineer or developer with experience implementing MIM for the same data sources you plan to use with Identity Panel. At a minimum this must include the following:
- Active Directory, LDAP
- MIM Service Portal (for declarative sync rule configurations)
- Text Files
- A copy of the following exported XML files from a target MIM configuration:
The diagram below shows how this course fits with suggested learning tracks.
- Using MIM Uplift to import your MIM configuration into Identity Panel
- Preparing the Identity Panel and MIM prerequisites for the migration process
- Generating and importing Identity Panel and HyperSync configuration
- Testing your solution and troubleshooting, including using the As Built documentation.
The course will cover the above items, and in doing so reinforce some key Identity Panel Suite concepts including the data model and the inter-relationship of Identity Panel and HyperSync Panel components. This will proceed according to process below, with flexibility to adapt according to the experience and areas of interest of the attendees.
The course may be delivered as either a morning or afternoon session during the M900 course syllabus at a time most appropriate for the attendees present.
Preparing the Identity Panel and MIM prerequisites for the migration process
The following will be expanded on in greater detail during the course.
- Ensure that there is at least one correctly configured AD provider (with Environment variables as necessary)
- Create a new MS Sync Connection provider to use as a placeholder for your MIM Sync configuration to reference
- Create an empty folder on your MIM server and export your MIM Sync Server config (MV*,xml + multiple MA*.xml files) to that folder
- Upload all exported MIM Sync Server files (XML) to your Identity Panel (IdP) instance via the ~/settings/upliftsettings page - "Upload MIM Configuration" button
- Download the imported MIM config to the $mimJsonFile file (JSON format) in the $path folder via the ~/settings/upliftsettings page - file download button for target MIM Uplift package
- Download the existing IdP Provider config to the $providersBaselineJsonFile file in the $path folder via the ~/settings/providers page - file download button in floating toolbar
- Download the existing IdP Join Rule config to the $joinBaselineJsonFile file in the $path folder via the ~/settings/joins page - file download button in floating toolbar
- Download the existing IdP HS Rule config to the $hsBaselineJsonFile file in the $path folder via the ~/settings/hypersync page - file download button in floating toolbar
- Ensure that all $hsCustomRuleFunctionsJson.schedules.RuleFunctions present in the variable in this script below have been imported to the Custom Rule Functions section:
- Look up the GUID (string format) for the -hvSiloID parameter you will need to supply (use the RuleTester to extract this for "special.Identity Silo.Hyperverse")
- Run this script - specifying the correct parameters
- Upload the generated $providersMIMJsonFile file in the $path folder via the ~/settings/providers page - file upload button in floating toolbar
- Upload the generated $joinMIMJsonFile file in the $path folder via the ~/settings/joins page - file upload button in floating toolbar
- Upload the generated $environmentMIMJsonFile file in the $path folder via the ~/settings/environment/functions page - file upload button in floating toolbar
- Restart PanelService
- Run an schema scan for each new Provider using PanelTool
- Run a full data scan for each new Provider using PanelTool
- Download the updated IdP Provider config over the top of the existing $providersBaselineJsonFile file from step #6
- Re-run the script - same parameters as in step #11 (but with the updated providers file so we get the right silo guids!!!)
- Upload the generated $hsMIMFlowRulesJsonFile file in the $path folder via the ~/settings/hypersync page - file upload button in floating toolbar
Testing your solution and troubleshooting, including using the As Built documentation.
- Browse to the ~/settings/hypersync page and enable the "$hsSchemaPrefixMIM Uplift - Inbound" Attribute Flow Rule Set
- Click on the Search Time Traveler "V" button and select one of the new providers from the Search Silos list
- Click Search to display a list of AD objects (cloned from the existing AD provider but as yet unjoined)
- Expand HyperSync Panel and click the "Synchronize" button
- Inspect the "Errors" band - there should be none now that the Custom Rule Functions are being stubbed - but if there are see TROUBLESHOOTING below
- Browse to ~/settings/versioncontrol and search the "As-Built" report for any "WARNING" messages (uppercase)
- Determine how many Stub functions need to be written by searching the "As-Built" report for any "TBC Stub" references (case sensitive)
- If during any of the steps from #8 onwards there is an upload error, use the ~/settings/versioncontrol As-Built documentation to search for "WARNING" and resolve any broken
existing config and restart from step #4.
- If still getting errors, edit the generated JSON data to remove all but a small subset of the definitions and use a process of elimination to identify the root cause(s).