Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Identity Management: The Legacy and Real Solutions MIIS Implementation Copyright @ 2007 Washington State University This work is the intellectual property Of WSU. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the copyright owner. To disseminate otherwise or to republish requires written permission. Implementation Approach • Define the project Implementation Approach • Define the project • Build the team Implementation Approach • Define the project • Build the team • Training Implementation Approach • Define the project • Build the team • Training • Determine extent of the project Implementation Approach • Define the project • Build the team • Training • Determine extent of the project • Plan the design Implementation Approach • Define the project • Build the team • Training • Determine extent of the project • Plan the design • Coding Implementation Approach • Define the project • Build the team • Training • Determine extent of the project • Plan the design • Coding • Getting help Define the project • Why are we doing this Define the project • Why are we doing this • What directories are involved Define the project • Why are we doing this • What directories are involved • Who is the custodian of the data Define the project • Why are we doing this • What directories are involved • Who is the custodian of the data • Which product to use Training • MIIS training: Oxford Computer Group via SQLSoft+ Training • MIIS training: Oxford Computer Group via SQLSoft+ • Beginning and Advanced classes Determine extent of the project • Break the project into manageable pieces Determine extent of the project • Break the project into manageable pieces • Start with a simple beginning Determine extent of the project • Break the project into manageable pieces • Start with a simple beginning • Revise the plan after the first phase Planning • One authority: the Metaverse Planning • One authority: • the Metaverse Need unique ID Planning • One authority: • • the Metaverse Need unique ID Which directories contribute to the MV Planning • One authority: • • • the Metaverse Need unique ID Which directories contribute to the MV Which directories draw from the MV Design and Planning Worksheets • Utilize the MIIS 2003 Sample Worksheets http://download.microsoft.com/download/9/e/0/9e0c929d -10dc-42cb-aaa6-bb501a92ea20/MIIS_Worksheets.doc Connected Data Sources Prepared By Date Management Agent Type Connected Data Source Owner Contact (who can change) Backup and restore policy Security Issues All connection and container details appropriate for this MA type INSTRUCTIONS: Complete one data sheet for each connected data source in the solution. Include a row for each object. Do not include objects that are not part of your solution. List all objects in the specified connected data source that represent any real-world objects. Name Unique ID Notes and Other Policies Included Attributes Date Prepared By Management Agent Connected Data Source Object INSTRUCTIONS: Complete one data sheet for each object in the connected data source directory. List all appropriate attributes. Include a row for each attribute, and leave out those attributes that are not appropriate. For those attributes that are required to follow from the metadirectory to the connected data source, complete the Outbound Attribute section of the table. Inbound Attribute Name Data Type Mult iValu es Y/N Content Structure Outbound Attribute Outbound Y/N Requires Validation Y/N May be Overwritten with Null Y/N Business Justification Quality and Precedenc e Notes N o t e s Outbound Attribute Flow Management Agent Date INSTRUCTIONS: Complete one worksheet for each object in the solution. List all outbound attributes Fill out one worksheet for each connected data source. Map each metaverse attribute to a data source attribute in the outbound attribute flow. Connected Data Source Attribute Name Validation Transformation Metaverse Attribute Name(s) Considerations or Policies Needed Design and Planning Worksheets • Utilize the MIIS 2003 Sample Worksheets http://download.microsoft.com/download/9/e/0/9e0c929d -10dc-42cb-aaa6-bb501a92ea20/MIIS_Worksheets.doc • Keep them up to date Design and Planning Worksheets • Utilize the MIIS 2003 Sample Worksheets http://download.microsoft.com/download/9/e/0/9e0c929d -10dc-42cb-aaa6-bb501a92ea20/MIIS_Worksheets.doc • Keep them up to date • Consider the Oxford Computer Group’s Documentor http://www.oxfordcomputergroup.com/ Metaverse attributes Attribute Connector space WSUEduEmailAddress Manual precedence used Imported using AD Update from user object using a custom flow rule called mail which uses mail, msExchHomeServerName. Imported using UPStest from organization object using a custom flow rule called UPSmail which uses mail. Exported to user.mail using AD Update using a custom flow rule called mail case "StudentPhone": try { if (csentry["STUDENT-PHONE"].IsPresent) { string stdtphone2 = csentry["STUDENT-PHONE"].Value; if (stdtphone2 != "UNLISTED") mventry["StudentPhone"].Value = csentry["STUDENT-PHONE"].Value; } } catch (Exception e) { Logging.LogException(e, "ADW832SQL MA import StudentPhone", mventry["WSUNID"].Value, true); } break; Coding • Settle on a language within the group C# or VB Coding • Settle on a language within the group C# or VB • One person on a Management Agent Phase 2 - Groups Phase 2 - Groups • Active Administrative Professional, Appointed Faculty, Admitted Graduate Students, Enrolled Undergraduate Students, etc, etc, Phase 2 - Groups Phase 3 - Provisioning Provisioning Gotchas • Group Populator Takes a long time Gotchas • Group Populator Takes a long time 7 days for 160,000 users and 19 groups Gotchas • Group Populator Takes a long time Users can get separated Gotchas • Group Populator Takes a long time Users can get separated Groups get disconnected Gotchas • Group Populator Takes a long time Users can get separated Groups get disconnected Placeholders Gotchas • Group Populator • Provisioning Gotchas • Group Populator • Provisioning Can only run one provisioning agent at a time IMVSynchronization[] myMVDlls; string PREFIX = "MVExtension"; void IMVSynchronization.Initialize() { string[] fileNames = Directory.GetFiles( Utils.ExtensionsDirectory, PREFIX + "*.dll"); int numFiles = fileNames.Length; Gotchas • Group Populator • Provisioning Can only run one provisioning agent at a time Sun requires additional care Container = ",ou=People,o=wsu.edu"; CN = mventry["cn"].Value; RDN = "uid=" + CN + Container; if (0 == Connectors) { ValueCollection oc; oc = Utils.ValueCollection("top"); oc.Add("account"); oc.Add("pipuserinfo"); oc.Add("organization"); DN = ManagementAgent.CreateDN(RDN); csentry = ManagementAgent.Connectors. StartNewConnector("organization", oc); csentry.DN = DN; csentry["o"].Value = "wsu.edu"; csentry.CommitNewConnector(); } Gotchas • Group Populator • Provisioning • Not real time…for us… Disaster Recovery • SQL backup of data Disaster Recovery • SQL backup of data • Keep the key secure Disaster Recovery • SQL backup of data • Keep the key secure • Backup of the Visual Studio source Futures • We plan on doing deprovisioning next Futures • We plan on doing deprovisioning next • Replacing the Core Programs Futures • We plan on doing deprovisioning next • Replacing the Core Programs • Provisioning to directories in other units Help • MIIS Experts page http://www.miisexperts.org/ Help • MIIS Experts page http://www.miisexperts.org/ • Technet Forum http://forums.microsoft.com/technet/ Help • MIIS Experts page http://www.miisexperts.org/ • Technet Forum http://forums.microsoft.com/technet/ • Users Group http://www.microsoft.com/communities/newsgroups/ Help • MIIS Experts page http://www.miisexperts.org/ • Technet Forum http://forums.microsoft.com/technet/ • Users Group http://www.microsoft.com/communities/newsgroups/ • MS Tech·Ed Presentations The Team • Diane Dickinson ([email protected]) • Wanda Zeng ([email protected]) • Dean Guenther ([email protected]) • Many, many others….