Presentation is loading. Please wait.

Presentation is loading. Please wait.

Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida.

Similar presentations

Presentation on theme: "Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida."— Presentation transcript:

1 Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida

2 Desired State  One person, one identity  Identity management across UF systems – desktop, web-based, enterprise  Support multiple modalities for directory services – LAN-based, web-based, enterprise  Provide public and private identifiers, not SSN  Authoritative source for identity and directory information  Move toward single sign-on

3 Some History  Registry since 1988  Kerberos since 1997  LDAP since 1998  Directory Strategy process 6/00-8/01. White paper. nteam.htm nteam.htm  Directory Project 9/01-January 21, 2003. Largest UF IT Project.

4 Strategy Process  Fourteen months 6/00-8/01  Visit by Ken Klingenstein 4/01  Student ID Process 2/01-8/01 ID recommendation: UFID for entire community. Follow I2 guidelines. Integrate with directory project  Strategy white paper for directory services at UF – why, what, how, who, when (18 months)

5 Directory Project Timeline  IT Review complete 3/01  Directory white paper 8/01  Project launch 10/01  Original target date 4/03  Actual go-live January 21, 2003  Seven FTE on core team  Over 150 participants from across UF

6 Directory Project Charge  Use of models and standards developed by the Internet2 Initiative including the EduPerson schema.Internet2 Initiative  Update to database schema in DB2 and LDAP.  Provide a support mechanism for unit level extensions as desired.  Improve infrastructure of LDAP facility.  Develop processes and policies to ensure maintenance of accurate directory data.  Develop of standard interfaces to reduce need for duplicate databases and enhance accessibility of directory data.  Develop a middleware connection in support of a new UF identifier strategy.  Develop effective data flows to and from existing data systems such as the Registrar and Personnel.  Provide a data model, LDAP schema and set of API's to support functional expansion and growth of new idea.

7 UF Directory Project  Overhaul Registry  Overhaul LDAP. eduPerson, eduPersonAffiliation  Introduce UFID. Publicly visible identifier (nnnn- nnnn) used in place of SSN for business transactions.  Introduce UUID. Private identifier used as key in core systems  SSN as attribute  GatorLink as attribute  Over 1,500 legacy apps modified  All SSN-based processes refactored  Self-service directory access http://phonebook.ufl.edu

8 Consequences  1,272,228 objects in UF LDAP People, Organizations, Groups, Relationships  Better data through new processes Old: Local admin + reconciliation New: Central, self-service + replication  Positioned for new services PeopleSoft, Active Directory, Single Sign On

9 Current State  Five production middleware data systems – LDAP, UF Registry, Kerberos, Netware Directory Services (NDS), PeopleSoft Portal  Active Directory (AD) to be added  Existing integration between PeopleSoft, LDAP, Kerberos and UF Registry  Adhoc integration with Kerberos and NDS  UF Registry provides authoritative source  GatorLink (email, netid), UFID (publicly visible), UUID (private) identifiers

10 Why Six Systems?  LDAP is the open standard for web-based applications  Active Directory is the standard for desktop users  NDS is the legacy system for desktop users  PeopleSoft is the future enterprise system  Kerberos is the open standard for authentication  UF Registry is the current authoritative source with a known data model and service provider for legacy systems

11 Middleware Roadmap  Use LDAP and Kerberos to authenticate PeopleSoft (in place today)  Provide standards-based authentication mechanism for free-standing web apps (in place today via GL Auth)  Implement AD based on Kerberos identity – provide a foundation for future desktop integration. Spring 2003 through 2005  Consider the future of NDS  Migrate UF Registry to PeopleSoft Campus Community. Analysis complete, design in progress, go-live 7/04  7/04: Integrated enterprise middleware systems – AD, LDAP, PeopleSoft, Kerberos

Download ppt "Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida."

Similar presentations

Ads by Google