Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Management at UHI Millennium Institute

Published bySebastian Gilbert Modified over 10 years ago

Similar presentations

Presentation on theme: "Identity Management at UHI Millennium Institute"— Presentation transcript:

1 Identity Management at UHI Millennium Institute
UHI 25/03/2017 Identity Management at UHI Millennium Institute Jem Taylor Head of Strategy & Development UHI Learning & Information Services Jem Taylor

2 UHI 25/03/2017 UHI advertising UHI is important for the Highlands & Islands region and is an exciting place to work You want to hear about IDM I want to talk about UHI and what we are doing 30 slides in 45 minutes: 90 seconds per slide So I will press on to the IDM part quite quickly And it may be that I am talking to a future colleague amongst you so I want you to remember UHI as well as IDM! Jem Taylor

3 UHI 25/03/2017 UHI Mission “To establish for the Highlands and Islands of Scotland a collegiate university which will reach the highest standards and play a pivotal role in our educational, economic, social and cultural development” The Highlands and Islands of Scotland is the largest European region which has no local University. HE is recognised as a key motor for the economy – in due time we expect UHI to become the largest single economic motor in our region, overtaking Local Government. Jem Taylor

4 The UHI Challenge Distance Geography Cost Service Provision NAFC
UHI 25/03/2017 NAFC Shetland College Orkney College Distance Geography Cost Service Provision Thurso College Lews Castle College Inverness College Moray College & HTI SMO EO SFIA Perth College Argyll College & DML Jem Taylor

5 UHI 25/03/2017 A short history … 1993: The University of the Highlands and Islands Project “UHIp” A dozen partners including 8 FE colleges, a NERC research institute, a statutory body, an industry-funded college, etc All partners have an independent IT history and therefore a dozen different legacies I am still just advertising UHI to you … Jem Taylor

6 UHI 25/03/2017 The Dark Ages … 1995: kilostream-based connections between UHI’s Academic Partners Shared JANET connection Very basic for a very few staff UHI employs its first three staff 10 years ago Jem Taylor

7 The Middle Ages … Summer 1996: integrated service: ISDN-6 VC
UHI 25/03/2017 The Middle Ages … Summer 1996: integrated service: ISDN-6 VC 12 studios, 12-way ISDN MCU, BT lines SOEID funded, so gives desired illusion of being free at the point of use September 1996: Millennium Commission announces £33m funding in c. £100m initiative Feb 1997: new offices, new staff, 3yr plan More and faster kilostream connections (change of the cost trade-off between systems and telecoms) This is when I joined – payroll number 004 Jem Taylor

8 Early Modern History … 1998:UHI WAN project
UHI 25/03/2017 Early Modern History … 1998:UHI WAN project High Speed networking – 45Mbit/sec Interim upgrades to 2Mbit/sec UHI needed to build a WAN so as to be able to … Share facilities and costs across UHI Share costs of JANET & Internet access One WWW server, many ‘web sites’ other ‘server’ facilities - eg. Videoconferencing across data network Reduce other costs eg. telephony costs on PSTN Enable Campus-style collaborative working Rapid development phase – lots of capital, even more challenging problems (i.e. lots is not always enough) Jem Taylor

9 UHI’s territory covers over half of Scotland 1/6th of the UK’s area
UHI 25/03/2017 Check the map scale … 150 miles UHI’s territory covers over half of Scotland 1/6th of the UK’s area 1/60th of the UK’s total population. HE + FE accessed by about 25,000 distinct people every year Most FE students are ‘low FTE’ 300 miles Xmas lights Jem Taylor

10 The UHI Network UHI 25/03/2017 ClydeNet SoL AbMAN EastMAN FATMAN JANET UHI staff & students are connected by high bandwidth network internet, , telephone and video conferencing Effectively a regional ‘campus LAN’ organised by location rather than by department Multiple ‘private’ IP data networks Internal telephony for UHI Future proof: Video; student broadcasting etc. UHI LIS looks after shared/common systems Shared corporate systems Single internal eDirectory Quite a lot like a conventional campus University with independently-minded departments: typical of the older universities in the UK, except that they are large, established and wealthy. Jem Taylor

11 UHI Today … April 2001: an HEI with SHEFC funding
UHI 25/03/2017 UHI Today … April 2001: an HEI with SHEFC funding AY 2004/5: over 3,800 student FTEs 50% over age 25, 50%:50% gender balance, more than 5,200 enrolments New Year 2005: moved to new HQ, this time moving about 70 staff over weekend 2007: University title ? My department – Learning and Information Services – has about 30 staff and is slowly out-growing the building we are about to move out of. Jem Taylor

12 UHI IDM problem Complex / diverse IT environment …
UHI 25/03/2017 UHI IDM problem Complex / diverse IT environment … Shared / common Student Records system … ICT and Library systems need to be available to all students … IT Administrative overhead costs … Student Records quality & timeliness … Our IDM problem looks like it is primarily about reducing overhead costs and improving the student experience (by reducing helpdesk interactions) Jem Taylor

13 Student Records Funds & Bursary Attendance Current Students Class List
UHI 25/03/2017 Student Records Current Students Assessment Award or Progression Attendance Funds & Bursary SQA interface SQA Module Registration Class List Assessment Register Current Students Assessment Award or Progression Attendance Funds & Bursary SQA interface SQA Module Registration Class List Assessment Register Runs the student experience … Jem Taylor

14 Student Records rôle in ‘business’
UHI 25/03/2017 Student Records rôle in ‘business’ SAAS Student funding SQA Registration & Awards HESA HE statistical returns UCAS national admissions system for full-time HE Current Students Assessment Award or Progression Attendance Funds & Bursary SQA interface SQA Module Registration Class List Assessment Register SFC Scottish FE and HE funding council SQA Entry qualifications Black box in the external environment Manage & run UHI: UHI RAM IDM LIS & ICT systems SLC Student Loans Company FES FE statistical returns Jem Taylor

15 IDM as part of the ‘business’
UHI 25/03/2017 IDM as part of the ‘business’ UHI username/password (Directories) incoming Students IDM H:/ folder (NetWare) Current Students Assessment Award or Progression Attendance Funds & Bursary SQA interface SQA Module Registration Class List Assessment Register Minerva People UHI (GroupWise) UHI library borrower (OLIB) PAT ESi Course enrolment Black box in the internal environment Library card / ID card Module registrations Module registrations Module registrations Minerva Groups VLE teaching group (CLAN vle) Jem Taylor

16 Why ? Save IT and Library staff trouble?
UHI 25/03/2017 Why ? Save IT and Library staff trouble? It does, but that is not why we are doing it Make sure all students are enrolled? YES Make Student Records a *management tool* for the business instead of being just a record of what has already happened  Jem Taylor

17 UHI 25/03/2017 When ? Allocate accounts *before* enrolment so as to assist induction processes As soon as details are available Only applies to students who go through some kind of records processing before enrolment No help for ‘walk-ins’ (but nothing is) Lock accounts on the day individual students are *due* to leave (planned expiry) No ‘summer gap’ for continuing students No summer clearouts anymore: only delete expired accounts, and should be able to do so in-year  Jem Taylor

18 Student lifecycle (multi-Annual) course (another) course application P
UHI 25/03/2017 Student lifecycle (multi-Annual) course (another) course application P 1st year - P 2nd year enrolment Create with planned expiry Lock on expiry Unlock and extend Jem Taylor

19 How will ID flow around? Novell Identity Manager Siva2
UHI 25/03/2017 How will ID flow around? Novell Identity Manager Student records STAFF & STUDENTS  IDM system IDM system  eDirectory IDM system  Active Directory eDirectory  GroupWise Password synchronisation  all of the above Siva2 eDirectory to everywhere else: CLAN vle, MVN forum, self-provisioning through GuanXi Idp, Shibb world, etc Alistair Young is our software development ID expert IDM mainly for the bread&butter of Desktop Login, File & Print Siva / GuanXi for Bodington/TETRA/Sakai and the rest of the web-enabled e-scape  Jem Taylor

20 ID Flow design STU table PRS table UHI.AC.UK production GroupWise
UHI 25/03/2017 ID Flow design SITS:Vision student record holds permanent identity STU table PRS table UHI.AC.UK production GroupWise Create/ modify Create/ modify Create/ modify UHI_NDS_TREE production eDirectory UHI_IDM_TREE identity management system UHI.AD production Active Directory REG4 DEP1 IDM-AD create Self-service portal Passwd sync Passwd sync Siva2 Jem Taylor

21 UHI 25/03/2017 Comparison: Siva1 Home-made: very flexible but requires in-house effort for maintenance and development Create-only: seek and ignore existing accounts Deals with Students only Logic for user account defaults is in java code ‘pliers’ utility to get data from SITS: unreliable Although Java code, method for GroupWise is Windows™ only: would prefer to be on Linux Jem Taylor

22 Comparison: IDM + Siva2 Identity Manager Siva2
UHI 25/03/2017 Comparison: IDM + Siva2 Identity Manager Manufacturer supported: drivers available for other systems too Create or Modify logic, including changing end-date / withdrawal SITS:Vision source for Staff as well as Students New ORACLE based ‘minerva’ utility for feeder: more robust Will be able to feed other future ID sources into the same place Uses eDirectory template objects to define defaults for new users Runs natively on Novell NetWare, Windows™ and Linux platforms Web-based control interfaces based on iManager Siva2 Will run from triggers in the eDirectory API Will not care how user is created: will fire for manual creates Can do anything, including modify eDirectory accounts Jem Taylor

23 Siva Connected Systems
UHI 25/03/2017 Siva Connected Systems CLAN vle (which is heavily Groups based) MVN forum (ditto) GuanXi Identity Provider for Shibboleth and everything else we build ourselves  Jem Taylor

24 What about Citrix? Citrix likes Active Directory 
UHI 25/03/2017 What about Citrix? Citrix likes Active Directory  We decided to offer a UHI-wide Active Directory … In parallel with e-Directory, not instead of With the same content in both technologies Our service offering is now Content instead of Technology  Our users can use either (any) technology Our job is to assure & sync the information Jem Taylor

25 Simplified ID Flow for Citrix
UHI 25/03/2017 Simplified ID Flow for Citrix SITS:Vision student record holds permanent identity STU table PRS table UHI.AC.UK production GroupWise Create/ modify UHI_NDS_TREE production eDirectory UHI.AD production Active Directory REG5 IDM-AD Create/ modify create Magic Passwd sync Siva2 Jem Taylor

26 Citrix needs to login to NetWare…
UHI 25/03/2017 Citrix needs to login to NetWare… Citrix uses Active Directory authn  But all Home Drives (H:) are NetWare  Citrix has tools for login to both worlds  But it doesn’t work ‘out of the box’ because we need Location at Login … Behind the scenes, LDAP contextless login fails – Citrix can’t find the user’s e-Directory context  Jem Taylor

27 UHI 25/03/2017 Call a consultant ! If all our users lived in the same context Citrix would work just fine …  With IDM, they can ! A bespoke IDM driver maintains a ‘secret’ area in the e-Directory … This is a flat space with an alias for each user … All users appear in the same context  Jem Taylor

28 IDM to the rescue! All users appear in the same context …
UHI 25/03/2017 IDM to the rescue! All users appear in the same context … All users are also in their real context … Novell choice dialogue at normal login  So … Carefully hide the Aliases container from all e-Directory users except IDM & Citrix Take care not to break aliases Tighten up so that all users are maintained by IDM (not by technicians)  Jem Taylor

29 UHI 25/03/2017 Next Up Bread & butter IDM becomes responsibility of records-oriented staff who know the data Handle withdrawals etc. based on Academic Regulations (policy basis) Provide more subtle information based on the information content of the student record e.g. to run Sharepoint need up-to-the-minute Groups management in the Directory Same communities as in Siva but distinct IDM flow Common vocabulary so staff (users) can understand Jem Taylor

30 Technology Designer for Identity Manager on Windows XP
UHI 25/03/2017 Technology Designer for Identity Manager on Windows XP Very good tool Has all the basic drivers Use to control and deploy, as well as to design IDM3 on NetWare/ED For eDirectory accounts For GroupWise accounts IDM3 on W2003/AD+ED For AD accounts Jem Taylor

31 Development IDM platform
UHI 25/03/2017 Development IDM platform Same scale and structure as the real environment Want to be able to copy IDM drivers back and forth easily Designer for Identity Manager Drivers dataflow and modification IDM3 on NetWare/ED VNC view of DSTRACE IDM3 on W2003/AD and W2003/ED VNC view of dstrace iManager Control of migration, driver On/Off, etc Big fat VMware server with half a dozen virtual servers Development environment is an important system worth resourcing Jem Taylor

32 UHI 25/03/2017 Thank You! Q & A Jem Taylor

Download ppt "Identity Management at UHI Millennium Institute"

Similar presentations

Trying to implement IDM at MMU The pitfalls and minefields of an Identity Management project at Manchester Metropolitan University Mike Preece Manchester.

Trying to implement IDM at MMU The pitfalls and minefields of an Identity Management project at Manchester Metropolitan University Mike Preece Manchester.
1 The Networked Learning Environment. 2 Blackboards Product Strategy Leading institutions are harnessing the power of information networks to connect.

1 The Networked Learning Environment. 2 Blackboards Product Strategy Leading institutions are harnessing the power of information networks to connect.
Synthesis of JISC / SURF / I2 workshop w.r.t. learning & teaching in UK Higher Education Ted Smith Technologies Centre

Synthesis of JISC / SURF / I2 workshop w.r.t. learning & teaching in UK Higher Education Ted Smith Technologies Centre
Una Bennett, Head of MIAP 17 th March 2010 Update to UCAS/MIAP Consultation Event.

Una Bennett, Head of MIAP 17 th March 2010 Update to UCAS/MIAP Consultation Event.
Accessing electronic journals from off- campus This causes lots of headaches, but dont despair, heres how to do it! (Please note – this presentation is.

Accessing electronic journals from off- campus This causes lots of headaches, but dont despair, heres how to do it! (Please note – this presentation is.
© University of Reading 2007 www.reading.ac.uk Go to View > Master > Slide Master to put your unit name here 20 April 2014 IT Services Identity Management.

© University of Reading Go to View > Master > Slide Master to put your unit name here 20 April 2014 IT Services Identity Management.
Knowledge Management at the Gordon – Staff Portal Project Presented by Deirdre Carmichael 12 September 2008.

Knowledge Management at the Gordon – Staff Portal Project Presented by Deirdre Carmichael 12 September 2008.
SharePoint for Oxford: Briefing Session

SharePoint for Oxford: Briefing Session
HE in FE: The Higher Education Academy and its Subject Centres Ian Lindsay Academic Advisor HE in FE.

HE in FE: The Higher Education Academy and its Subject Centres Ian Lindsay Academic Advisor HE in FE.
Submit, feed back, publish: Using Blackboard to enhance students assessment experience and improve administrative process efficiencies Louise Thorpe Program.

Submit, feed back, publish: Using Blackboard to enhance students assessment experience and improve administrative process efficiencies Louise Thorpe Program.
Omni eControl. New Features in Version 2.x - Manage Mixed Networks: eDirectory, Active Directory, GroupWise, Exchange eControl Version 2.0 New Features.

Omni eControl. New Features in Version 2.x - Manage Mixed Networks: eDirectory, Active Directory, GroupWise, Exchange eControl Version 2.0 New Features.
With Folder HelpDesk for Outlook, support centres and other helpdesks can work efficiently with support cases inside Microsoft Outlook. The support tickets.

With Folder HelpDesk for Outlook, support centres and other helpdesks can work efficiently with support cases inside Microsoft Outlook. The support tickets.
Information Technology Environmental Scan Information Sources State of Maryland, USM, MHEC IT Plans SU IT Plan,Tech Fluency Policy, and 2001 Tech survey.

Information Technology Environmental Scan Information Sources State of Maryland, USM, MHEC IT Plans SU IT Plan,Tech Fluency Policy, and 2001 Tech survey.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Services Course Windows Live SkyDrive Participant Guide.

Services Course Windows Live SkyDrive Participant Guide.
Mark Tysom Janet, UK TF-MSP Meeting Valletta, 28 November 2014 Sharing Services Between NRENs Case study: v-scene.

Mark Tysom Janet, UK TF-MSP Meeting Valletta, 28 November 2014 Sharing Services Between NRENs Case study: v-scene.
General Operation and Facts As of 3/24/2014. Virtual Desktop 1. What is a Virtual Desktop? 2. Why VDI? 3. Installing the Virtual Desktop 4. Accessing.

General Operation and Facts As of 3/24/2014. Virtual Desktop 1. What is a Virtual Desktop? 2. Why VDI? 3. Installing the Virtual Desktop 4. Accessing.
People Database project John Byrne. Project aims Improve current Computing Service resource management processes Provide a reference 'People Database'

People Database project John Byrne. Project aims Improve current Computing Service resource management processes Provide a reference 'People Database'
Linda Stewart Head of European Development UHI Millennium Institute – creating the University of the Highlands & Islands of Scotland.

Linda Stewart Head of European Development UHI Millennium Institute – creating the University of the Highlands & Islands of Scotland.
Elizabeth McHugh UHI Electronic Resources Manager Implementing Electronic Resources in the UHI Millennium Institute: The Challenges.

Elizabeth McHugh UHI Electronic Resources Manager Implementing Electronic Resources in the UHI Millennium Institute: The Challenges.

Similar presentations

Ads by Google