Microsoft again delays identity management server

Microsoft is again delaying the release of the anticipated upgrade to its Identity Lifecycle Manager 2.0 software that has been years in development.

The software is now slated to ship between January and March 2010, a slip that has angered some partners and users.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Some analysts, however, say Microsoft needs the time to ensure the product is right given the important role it plays in the identity infrastructure.

ILM is Microsoft's platform for identity synchronization, certificate and password management, and user provisioning. It has four areas of focus: policy, credential, user and group management.

ILM was originally called Microsoft Identity Integration Server and was the company's meta-directory technology, which it purchased from Zoomit in 1999.

The 2.0 version includes a number of user self-service features, such as password reset. It also includes a new delegation model, a business process framework, "code-less" provisioning, and a set of services that users and partners can tap to extend the server's functionality. ILM 2.0 also integrates its group management, workflow, and other features with SharePoint and Outlook.

Microsoft said Monday that it was delaying the software's release and extending the beta program among its early adopters, as well as ramping up testing on its own networks.

"The deployment and migration has to be seamless and that is where we are focusing the extra time," says John Chirapurath, director of identity and security product management for Microsoft. He says the company will release a second final beta, or Release Candidate, sometime between July and September, and that no features will be cut from ILM 2.0.

One user who requested anonymity said that while ILM 2.0 works fine in general the software suffers from a lot of little bugs that will take time to fix.

Analysts say Microsoft is taking a pragmatic approach because it cannot afford to ship a poor product since ILM 2.0 is tied in with the authorization, group management and compliance issues companies are attempting to solve.

"If they don't get it right it can bring everything to a screeching halt," says Kevin Kampman, an analyst with the Burton Group. ILM's features include such capabilities as allowing a user to authenticate and then do password resets.

"Anything you do that is that comprehensive has to be tested in a broad environment," says Kampman.

Felix Gaehtgens, a senior analyst for Kuppinger Cole says, "The maturity of ILM is evolving. Microsoft will be getting more experience with deployments as they go through this additional year."

While the extra year may help heal ILM's woes, it is not welcome news to users and partners.

Jackson Shaw, senior director of product management for Active Directory and integration solutions at Quest Software, wasn't happy that the news came during the company's annual The Experts Conference (TEC), which focuses on Active Directory and identity.