Microsoft again delays identity management server

ILM includes identity synchronization, provisioning and self-service.

Microsoft is again delaying the release of the anticipated upgrade to its Identity Lifecycle Manager 2.0 software that has been years in development.

The software is now slated to ship between January and March 2010, a slip that has angered some partners and users.

Some analysts, however, say Microsoft needs the time to ensure the product is right given the important role it plays in the identity infrastructure.

ILM is Microsoft's platform for identity synchronization, certificate and password management, and user provisioning. It has four areas of focus: policy, credential, user and group management.

ILM was originally called Microsoft Identity Integration Server and was the company's meta-directory technology, which it purchased from Zoomit in 1999.

The 2.0 version includes a number of user self-service features, such as password reset. It also includes a new delegation model, a business process framework, “code-less” provisioning, and a set of services that users and partners can tap to extend the server’s functionality. ILM 2.0 also integrates its group management, workflow, and other features with SharePoint and Outlook.

Microsoft said Monday that it was delaying the software’s release and extending the beta program among its early adopters, as well as ramping up testing on its own networks.

“The deployment and migration has to be seamless and that is where we are focusing the extra time,” says John Chirapurath, director of identity and security product management for Microsoft. He says the company will release a second final beta, or Release Candidate, sometime between July and September, and that no features will be cut from ILM 2.0.

One user who requested anonymity said that while ILM 2.0 works fine in general the software suffers from a lot of little bugs that will take time to fix.

Analysts say Microsoft is taking a pragmatic approach because it cannot afford to ship a poor product since ILM 2.0 is tied in with the authorization, group management and compliance issues companies are attempting to solve.

“If they don’t get it right it can bring everything to a screeching halt,” says Kevin Kampman, an analyst with the Burton Group. ILM’s features include such capabilities as allowing a user to authenticate and then do password resets.

“Anything you do that is that comprehensive has to be tested in a broad environment,” says Kampman.

Felix Gaehtgens, a senior analyst for Kuppinger Cole says, “The maturity of ILM is evolving. Microsoft will be getting more experience with deployments as they go through this additional year.”

While the extra year may help heal ILM’s woes, it is not welcome news to users and partners.

Jackson Shaw, senior director of product management for Active Directory and integration solutions at Quest Software, wasn’t happy that the news came during the company’s annual The Experts Conference (TEC), which focuses on Active Directory and identity.

“There [are a lot of] scenarios with ILM that people are hyped about,” says Shaw. “There are lots of regulatory issues out there, lots of people getting hit with audit issues and some customers said ILM 2.0 would get them through that. Generally speaking the customer perspective [at TEC] is disappointment.”

Shaw adds: “We have customers at the conference who have said they came for ILM 2.0 and are now saying they wouldn't have come if they'd have known it would have been delayed and will not come back next year if it isn't released by TEC. They stated they were tired of hearing the same presentations on ILM2.”

He notes that vendors who are building tools for ILM also are disappointed in the delay.

“In this day and age I have limited resources and I have made a bet on ILM 2.0 and I am delayed in being able to monetize that bet.”

The excitement around ILM 2.0 is an outgrowth of Microsoft’s own hype. The company has not been shy about trumpeting the importance of ILM, but without shipping software, competitors like IBM, Sun and Oracle are alone in garnering customers.

Microsoft has said it built ILM to function as a Web service so developers can build applications on top of it such as enhanced smart card management. And the company has touted ILM's policy-based management that gives users workflow to build identity-based policies, using ILM 2.0 or Visual Studio tools, that can be enforced, logged and audited. The certificate capabilities support management of third-party certificates, and the new user management features let IT automate and reuse provisioning tasks. Improvements in group management provide the ability to create and manage membership and approval processes.

In June 2008, Bob Muglia, Microsoft's senior vice president of the server and tools business, said at the company’s TechEd conference, “One of the most critical aspects for all business is managing their identities within their organizations.” He said that users would be keenly aware of that as online services begin to filter onto corporate networks and users need to federate identities.

Microsoft released the first public beta of ILM 2.0 at that conference, a release that was originally slated four months earlier. And despite the importance of the software, Muglia also said at TechEd that the final release was being delayed until the first quarter of 2009.

Now, Microsoft has added another year.

But the extra time will not result in additional features that Microsoft plans to eventually include in ILM, most notably support for CardSpace.

Microsoft’s Chirapurath confirmed CardSpace support would not be added to ILM 2.0.

Microsoft has also hinted at support in ILM for the Service Provisioning Markup Language (SPML), but Chirapurath had no new information on that development.

Insider Tip: 12 easy ways to tune your Wi-Fi network
Join the discussion
Be the first to comment on this article. Our Commenting Policies