Presentation on theme: "Single Sign-on Integration (SSI) Information Security Project [ Part 3/3 ] Information Security Project [ Part 3/3 ] For Professor Yan Chen; By Team Triad."— Presentation transcript:
Single Sign-on Integration (SSI) Information Security Project [ Part 3/3 ] Information Security Project [ Part 3/3 ] For Professor Yan Chen; By Team Triad [ Naveed | Radu | Moniza ] Login Successful !!! **** password123 1
Current Infrastructure Our Company has SSO Infrastructure Also has silo applications using AD for sign-on We need to integrate silo apps into SSO 1) Current Solution Team Triad – Slide # 4 Problem Statement: Authentication & Authorization SSO Portal -OR-
PROS: Easier to understand Faster site performance No single point of authentication failure CONS: Need to remember additional passwords Users spend more time logging in Wasted infrastructure resources Less Secu re 1) Current Solution Team Triad – Slide # 5 Pros & Cons
HRCustom Current Solution: Jack’s Story … ERPCRMSSO Team Triad – Slide # 6 Meet Jack! This makes Jack … Jack has to remember 5 different passwords Jack uses 5 different websites VERY… FRAZZLED!!!
HRCustomERMCRM SSO Team Triad – Slide # 7 Integrate apps with existing SSO SSO That makes Jack very HAPPY !!! Jack has to remember 1 password Get rid of keys & passwords except 1 Proposed Solution …
Team Triad – Slide # 11 ActiveDirectory + o Federation & Unity (ADFS) o Directory Service (LDAP) o Server Management (ADSM) o Group Policy (GP) Main Features
Team Triad – Slide # 12 Reference: Book: Windows Server® 2008 Active Directory® Resource Kit By Stan Riemer; Conan Kezema; Mike Mulcare ; Byron Wright; Microsoft Active Directory 11 Step process to establish SSO connection. Requires custom code/configuration at Web Server. Next Discussion: Integrating our silo apps (at Web Server) to work with AD’s SSO SSO Scenario with AD: Client accessing internet
Team Triad – Slide # 13 Step 1) Enable Federation on Web Server Step 2) Enable Reading SAML token Step 3) Verify Authentication from SAML token Step 4) Obtain Trust Policy from AzMan Step 5) Retrieve Claims Step 6) Make Authorizing Decisions A LOT of custom code & configuration STEPS: Integrating apps to AD SSO
Team Triad – Slide # 14 SharePoint - Main Component Reference: Book: Essential SharePoint 2010: Overview, Governance, and Planning Standard Portal Search Social People ECM - Enterprise Content Mgmt Enterprise BI Applications BPM - Business Process Mgmt Core Storage Topology Share Services Base APIs Security Integrated with SSO providers (such as AD) Customize security Separate admin portals Security Integrated with SSO providers (such as AD) Customize security Separate admin portals
Team Triad – Slide # 15 SharePoint - Architecture Next Discussion: Integrating our silo applications into SP Site Collection
Team Triad – Slide # 16 STEPS: Integrating apps to SP (& SSO) Step 1) Move & Import app to SP Site Step 2) Update SP Configuration, DB connections Step 3) Configure app to attach SP master page Step 4) Update site roles if necessary NOT many code or configuration changes
Team Triad – Slide # 17 SharePoint Active Directory COMPARISON: AD vs. SP Easier to integrate Easier to configure Added features Can integrate with other SSO providers Require significant code changes More complex integration Does not require SP for SSI SharePoint is preferred But what does Microsoft recommend?
Team Triad – Slide # 18 SharePoint ) Solution Implementation Active Directory 2008 R2 Microsoft Recommendation for SSI Rule of Thumb Reference: Microsoft Press Book: “Microsoft SharePoint Foundation 2010” Authors: Penelope Coventry, Troy Lanphier, Johnathan Lightfoot, Thomas Resing, Michael Doyle Once again, SharePoint is preferred for our scenario
Next Topic … Team Triad – Slide # 19  Cost/ Risk Analysis  Business/ Legal Consequences  Corporations/ Industry adoption of SSI  Implementation  Cost/Risk  Impact: Business/Legal  Adoption: Corp/Industry  Proposed Solution  Current: issues/pros/cons
Work Breakdown Structure (WBS) as follows: Cost of Single Sign-on Integration Team Triad – Slide # 20 SW Costs HW Costs Software/ Hardware Cost Develop/Integrate Support/Repair Deploy/Maintenance Dev/Support Cost Developer Training Training Cost License renewal Dev/Support Training Incremental Cost, 3yrs Total Cost of Ownership (TCO)
Team Triad – Slide # 21 Reference:  Formula: (#3/52*#1)*#2  Formula: (#3/52*#1/2)*#2 Software & Hardware Cost Decommissioning server when integrating with SP. Dev/Support Cost Less work with SharePoint Integration. Training Cost Slightly more training cost for AD. Incremental Cost More support required for AD. TCO for 3 years: SharePoint = $-29,423 Active Directory = $ 51,000 SharePoint is preferred
Risk Analysis Team Triad – Slide # 22 o Investing in Microsoft technology stack o Availability of resources o Slower Performance o System outage affects all applications Risk of Implementing SSI
o Cost savings o Well documented integration o Leadership support o Simple integration options Feasibility Analysis Team Triad – Slide # 23 What makes Implementing SSI, a feasible solution?
o Easier authentication o Single & easy user management o Cross site integration o Single business portal o Simplifies legal requirement Business & Legal Consequences Team Triad – Slide # 24
o Silo apps exist in all major corporations regardless of industry. o Wide solution adoption potential. o SharePoint is industry leader and already well adopted by organizations around the world. Solution Adoption Team Triad – Slide # 25 By Corporations/Industries