Hi, everybody.We are having a request from a potential FIM CM customer, which is to be able to generate a Smart Card on client machines without the need to deploy a FIM Client.Are there any plans to provide this functionality?Thank you very much,Mario

As far as I know there are no plans for this. What is the customer's objection to deploying the client software? Even if one was able to deploy a smart card without the client software, they still woudn't be able to perform any management policy functions on that computer. Paul Adare CTO IdentIT Inc. ILM MVP

Hello, Just to expand on Paul's answer here. The FIM CM client is only needed for smart card management functions: request completion, card unblocking, etc. anything that you have allowed the user to do in your smart card management lifecycle model. Having said that smart cards can still operate on a client without the FIM CM client. You would have to figure out what you wanted to do in terms of the registration model and how the user would initially set their PIN, but nothing would stop them from using the card for smart card authentication (assuming of course they were using BaseCSP compliant cards) on Windows XP SP2 and up. An interesting experiment here would be to utilize a terminal services server to serve up a virtualized FIM CM client, which the user could then utilize for card management activities. Of course these are just work arounds and do not directly answer your question!!! - Hugh

To add to Hugh's point on Terminal Services. I had a similar request from a customer who didn't want to deal with software deployment issues as they had a real challenging environment to deal with. Their environment had machines sitting on a rig platform in the middle of North Sea!! The solution was to deploy the client on a Terminal Server and totally avoid the deployment of the client. Worked great for a majority of the user population. The downside to this approach is the performance impact on any card management operation performed on the card as all these operations would then be performed over the wire. It should not be noticable with a decent network connection, however it might become painful with the increase in latency of the link. Hope that provides some perspective. Thanks & Regards, Jameel Syed Principal Consultant, fimGuru - Your window into simplified identities jameel.syed@fimguru.com - http://www.fimguru.com

Thank you all for your replies. Very helpful information. Best regards, Mario