Download Identity Management: The Legacy and Real Solutions

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
Document related concepts

Data analysis wikipedia , lookup

Information privacy law wikipedia , lookup

Data vault modeling wikipedia , lookup

Open data in the United Kingdom wikipedia , lookup

Business intelligence wikipedia , lookup

Transcript 
Identity
Management:
The Legacy and
Real Solutions
MIIS
Implementation
Copyright @ 2007
Washington State University
This work is the intellectual property
Of WSU. Permission is granted
for this material to be shared for
non-commercial, educational
purposes, provided that this
copyright statement appears on
the reproduced materials and
notice is given that the copying
is by permission of the copyright
owner. To disseminate otherwise
or to republish requires written
permission.
Implementation Approach
• Define the project
Implementation Approach
• Define the project
• Build the team
Implementation Approach
• Define the project
• Build the team
• Training
Implementation Approach
• Define the project
• Build the team
• Training
• Determine extent of the project
Implementation Approach
• Define the project
• Build the team
• Training
• Determine extent of the project
• Plan the design
Implementation Approach
• Define the project
• Build the team
• Training
• Determine extent of the project
• Plan the design
• Coding
Implementation Approach
• Define the project
• Build the team
• Training
• Determine extent of the project
• Plan the design
• Coding
• Getting help
Define the project
• Why are we doing this
Define the project
• Why are we doing this
• What directories are involved
Define the project
• Why are we doing this
• What directories are involved
• Who is the custodian of the data
Define the project
• Why are we doing this
• What directories are involved
• Who is the custodian of the data
• Which product to use
Training
• MIIS training: Oxford Computer Group via
SQLSoft+
Training
• MIIS training: Oxford Computer Group via
SQLSoft+
• Beginning and Advanced classes
Determine extent of the project
• Break the project into manageable pieces
Determine extent of the project
• Break the project into manageable pieces
• Start with a simple beginning
Determine extent of the project
• Break the project into manageable pieces
• Start with a simple beginning
• Revise the plan after the first phase
Planning
• One authority:
the Metaverse
Planning
• One authority:
•
the Metaverse
Need unique ID
Planning
• One authority:
•
•
the Metaverse
Need unique ID
Which directories
contribute to the MV
Planning
• One authority:
•
•
•
the Metaverse
Need unique ID
Which directories
contribute to the MV
Which directories draw
from the MV
Design and Planning Worksheets
• Utilize the MIIS 2003 Sample Worksheets
http://download.microsoft.com/download/9/e/0/9e0c929d
-10dc-42cb-aaa6-bb501a92ea20/MIIS_Worksheets.doc
Connected Data Sources
Prepared By
Date
Management Agent
Type
Connected Data Source
Owner
Contact (who can change)
Backup and restore policy
Security Issues
All connection and container details
appropriate for this MA type
INSTRUCTIONS: Complete one data sheet for each connected data source in the solution. Include a row for each
object. Do not include objects that are not part of your solution. List all objects in the specified connected data source
that represent any real-world objects.
Name
Unique ID
Notes and Other Policies
Included Attributes
Date
Prepared By
Management Agent
Connected Data Source
Object
INSTRUCTIONS: Complete one data sheet for each object in the connected data source directory. List all appropriate
attributes. Include a row for each attribute, and leave out those attributes that are not appropriate. For those attributes that
are required to follow from the metadirectory to the connected data source, complete the Outbound Attribute section of
the table.
Inbound Attribute
Name
Data Type
Mult
iValu
es
Y/N
Content
Structure
Outbound Attribute
Outbound Y/N
Requires
Validation Y/N
May be
Overwritten
with Null Y/N
Business
Justification
Quality
and
Precedenc
e Notes
N
o
t
e
s
Outbound Attribute Flow
Management Agent
Date
INSTRUCTIONS: Complete one worksheet for each object in the solution. List all outbound attributes Fill out one
worksheet for each connected data source. Map each metaverse attribute to a data source attribute in the
outbound attribute flow.
Connected Data Source Attribute
Name
Validation
Transformation
Metaverse Attribute
Name(s)
Considerations or
Policies Needed
Design and Planning Worksheets
• Utilize the MIIS 2003 Sample Worksheets
http://download.microsoft.com/download/9/e/0/9e0c929d
-10dc-42cb-aaa6-bb501a92ea20/MIIS_Worksheets.doc
• Keep them up to date
Design and Planning Worksheets
• Utilize the MIIS 2003 Sample Worksheets
http://download.microsoft.com/download/9/e/0/9e0c929d
-10dc-42cb-aaa6-bb501a92ea20/MIIS_Worksheets.doc
• Keep them up to date
• Consider the Oxford Computer Group’s
Documentor
http://www.oxfordcomputergroup.com/
Metaverse attributes
Attribute
Connector space
WSUEduEmailAddress
Manual precedence used
Imported using AD Update from user object
using a custom flow rule called mail which uses mail,
msExchHomeServerName.
Imported using UPStest from organization
object using a custom flow rule called UPSmail which uses
mail.
Exported to user.mail using AD Update using
a custom flow rule called mail
case "StudentPhone":
try
{
if (csentry["STUDENT-PHONE"].IsPresent)
{
string stdtphone2 =
csentry["STUDENT-PHONE"].Value;
if (stdtphone2 != "UNLISTED")
mventry["StudentPhone"].Value =
csentry["STUDENT-PHONE"].Value;
}
}
catch (Exception e)
{
Logging.LogException(e, "ADW832SQL MA import
StudentPhone", mventry["WSUNID"].Value, true);
}
break;
Coding
• Settle on a language within the group
C# or VB
Coding
• Settle on a language within the group
C# or VB
• One person on a Management Agent
Phase 2 - Groups
Phase 2 - Groups
• Active Administrative Professional,
Appointed Faculty,
Admitted Graduate Students,
Enrolled Undergraduate Students, etc, etc,
Phase 2 - Groups
Phase 3 - Provisioning
Provisioning
Gotchas
• Group Populator
 Takes a long time
Gotchas
• Group Populator
 Takes a long time
7 days for 160,000 users and 19 groups
Gotchas
• Group Populator
 Takes a long time
 Users can get separated
Gotchas
• Group Populator
 Takes a long time
 Users can get separated
 Groups get disconnected
Gotchas
• Group Populator




Takes a long time
Users can get separated
Groups get disconnected
Placeholders
Gotchas
• Group Populator
• Provisioning
Gotchas
• Group Populator
• Provisioning
 Can only run one provisioning agent at a time
IMVSynchronization[] myMVDlls;
string PREFIX = "MVExtension";
void IMVSynchronization.Initialize()
{
string[] fileNames = Directory.GetFiles(
Utils.ExtensionsDirectory,
PREFIX + "*.dll");
int numFiles = fileNames.Length;
Gotchas
• Group Populator
• Provisioning
 Can only run one provisioning agent at a time
 Sun requires additional care
Container = ",ou=People,o=wsu.edu";
CN = mventry["cn"].Value;
RDN = "uid=" + CN + Container;
if (0 == Connectors)
{
ValueCollection oc;
oc = Utils.ValueCollection("top");
oc.Add("account");
oc.Add("pipuserinfo");
oc.Add("organization");
DN = ManagementAgent.CreateDN(RDN);
csentry = ManagementAgent.Connectors.
StartNewConnector("organization", oc);
csentry.DN = DN;
csentry["o"].Value = "wsu.edu";
csentry.CommitNewConnector();
}
Gotchas
• Group Populator
• Provisioning
• Not real time…for us…
Disaster Recovery
• SQL backup of data
Disaster Recovery
• SQL backup of data
• Keep the key secure
Disaster Recovery
• SQL backup of data
• Keep the key secure
• Backup of the Visual Studio source
Futures
• We plan on doing deprovisioning next
Futures
• We plan on doing deprovisioning next
• Replacing the Core Programs
Futures
• We plan on doing deprovisioning next
• Replacing the Core Programs
• Provisioning to directories in other units
Help
• MIIS Experts page
http://www.miisexperts.org/
Help
• MIIS Experts page
http://www.miisexperts.org/
• Technet Forum
http://forums.microsoft.com/technet/
Help
• MIIS Experts page
http://www.miisexperts.org/
• Technet Forum
http://forums.microsoft.com/technet/
• Users Group
http://www.microsoft.com/communities/newsgroups/
Help
• MIIS Experts page
http://www.miisexperts.org/
• Technet Forum
http://forums.microsoft.com/technet/
• Users Group
http://www.microsoft.com/communities/newsgroups/
• MS Tech·Ed Presentations
The Team
• Diane Dickinson ([email protected])
• Wanda Zeng
([email protected])
• Dean Guenther ([email protected])
• Many, many others….
Related documents
Assignment 1 - Al Akhawayn University
Assignment 1 - Al Akhawayn University
Self – serving bias
Self – serving bias
Marketing Management
Marketing Management
The Cell Theory
The Cell Theory
Quiz 1
Quiz 1
Slide 1
Slide 1
Data Mining and Machine Learning
Data Mining and Machine Learning
2017_74: Plants for water: assessing the impacts of climate change
2017_74: Plants for water: assessing the impacts of climate change
Nature of science
Nature of science
Questions October 4
Questions October 4
Avatars, People, and Virtual Worlds
Avatars, People, and Virtual Worlds