Account Management, The Next Generation Unified Directories at the Rochester Institute of Technology Dan Tobin Matt Campbell.

Slides:

Advertisements

Similar presentations

Yammer Technical Solutions Overview

Advertisements

NetPay provides best and effective solution for company Managers to maintain their employee scheduling task (including staff in/out details, overtime,

Using the Self Service BMC Helpdesk

Extern name server - translates addresses of s messages - enables users to use aliases - … ID cards system - controls entrance to buildings,

Multi-Mode Survey Management An Approach to Addressing its Challenges

When Account Management Is Not Enough Identity at RIT Matt Campbell Sr. Infrastructure Engineer

UNIT-e Research & Development Microsoft Technology Day Stephen Cain (System Architect)

Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.

1 A Web-Based Integral Evaluator: A Demonstration of the Successful Integration of WebEQ, Maple, and Java Wanda M. Kunkle Department of Mathematics & Computer.

Hyperion EPM Overview & Case Study.

SWE Introduction to Software Engineering

Student Information system

The Homegrown Single Sign On (SSO) Project at UM – St. Louis.

Distributed Systems: Client/Server Computing

Is Your IT Out of Alignment? Chargeback and Billing with Parallels Automation Brian Shellabarger, Chief Architect - SaaS.

Avoiding a Mess with Your “Spaghetti” Integrations.

#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.

Microsoft Identity and Access Solutions Market Trends and Futures

Installing Samba Vicki Insixiengmay Jonathan Krieger.

Distributed Databases Dr. Lee By Alex Genadinik. Distributed Databases? What is that!?? Distributed Database - a collection of multiple logically interrelated.

Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer State of Windows Services at the UW.

31/10/2000NT Domain - AD Migration - JLab 2000 NT DOMAIN - ACTIVE DIRECTORY MIGRATION Michel Jouvin LAL Orsay

ABSTRACT Before the evolution of computers, all the details in a banking systems used to be maintained manually. This is not advisable because maintenance.

WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.

Rev Jul-o6 Oracle Identity Management Automate Provisioning to Oracle Applications and Beyond Kenny Gilbert Director of Technology Services.

Student Success Plan for Delaware. SSP Homepage The SSP Homepage is the central point from which students can access all of the features and functions.

ABSTRACT Zirous Inc. is a growing company and they need a new way to track who their employees working on various different projects. To solve the issue.

1 Presenters: Lucretia Parham Janice Zeigler Armstrong Atlantic State University May 14 10:15 a.m. - 11:15 a.m. Presenters: Lucretia Parham Janice Zeigler.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Cloud Models – Iaas, Paas, SaaS, Chapter- 7 Introduction of cloud computing.

Preparing your Fabric & Apps for Windows Server 2003 End of Support Jeff Woolsey Principal Program Manager.

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

ENTERPRISE RESOURCE PLANNING.  ERP is a Enterprise Resource Planning, used by company to help them to store and manage dataevery stage of business and.

Uniting Cultures, Technology & Applications A Case Study University of New Hampshire.

Budget Module For Sage MIP Fund Accounting. Sage Requirements Fund Accounting 10.0 or higher Budget Module optional but required for multiple budget versions.

Developing Applications for SSO Justen Stepka Authentisoft, LLC

University of Michigan Enterprise Directory Services Appendix A Conceptual Architecture.

Can a German Software Giant Provide Client/Server Solutions? SAP.

SATERN for Supervisors Updated: January Session Objectives At the end of the session, participants will be able to:  Describe the benefits of SATERN.

Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:

UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma

Bringing the Library to You: Integrating Library Resources into Online Classrooms ACRL/CNI/EDUCAUSE Joint Virtual Conference - Innovate and Motivate: Next.

Using NMI Components in MGRID: A Campus Grid Infrastructure Andy Adamson Center for Information Technology Integration University of Michigan, USA.

Riva Managed Identity Integration for Active Directory and Novell ® GroupWise ® Aldo Zanoni CEO, Managing Director Omni Technology Solutions

Scaling NT To The Campus Integrating NT into the MIT Computing Environment Danilo Almeida, MIT.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

TCC's Next Generation Integration Challenges and Success Stories Dr. John Kontogianes – Executive VP and CAO Randy Dominguez – Dean of Distance Learning.

9 Systems Analysis and Design in a Changing World, Fourth Edition.

Information Technology Current Work in System Architecture January 2004 Tom Board Director, NUIT Information Systems Architecture.

- NCSU project goals and requirements - Adoption Drivers - Current challenges and pain points - Identacor at NCSU - Identacor Features - NCSU Key Benefits.

CS223: Software Engineering Lecture 2: Introduction to Software Engineering.

SPI NIGHTLIES Alex Hodgkins. SPI nightlies  Build and test various software projects each night  Provide a nightlies summary page that displays all.

CS223: Software Engineering Lecture 14: Architectural Patterns.

Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:

CERN IT Department CH-1211 Genève 23 Switzerland t Single Sign On, Identity and Access management at CERN Alex Lossent Emmanuel Ormancey,

SharePoint and Active Directory Update March 18, 2010.

DocuShare Replacement with SharePoint and Active Directory

What Is 365Kin? The SharePoint Self-Service Portal.

Cloud, big data, and mobility Your phone today probably meets the minimum requirements to run Windows Server 2003 Transformational change up.

Education Solution.

DCE Deployment at PSU Steven Kellogg Director, Advanced Information Technologies Center for Academic Computing

Making the Case for Business Intelligence

Windows interoperability with Unix/Linux

Microsoft - Managing Office 365 Identities and Requirements

Network Services.

PSJA AUTOMATION WORKFLOW AND LESSONS LEARNED

Authentication Protocol

DBOS DecisionBrain Optimization Server

Lecture 23 CS 507.

Presentation transcript:

Account Management, The Next Generation Unified Directories at the Rochester Institute of Technology Dan Tobin Matt Campbell

About RIT RIT is one of the nation’s top comprehensive universities and sets the national standard for career-oriented education. Located in suburban Rochester, N.Y., RIT is a private university that enrolls more than 15,500 students in its eight colleges. RIT is recognized for its programs in business, engineering, art and design, photography, science and mathematics, liberal arts, computing, and many other areas.

Early Campus Computing Computing services on campus initially consisted of isolated systems saw the first multi-user system with accounts issued to all students. –This was the primary account system for the next decade. –Managing accounts was relatively easy with only one system to contend with.

Enter Complexity The rise of the World Wide Web led to a demand for Unix servers. As became increasingly mainstream, LDAP was deployed to provide an RIT directory. Other services, such as file sharing further complicated the process of managing user accounts.

Systems Abound Accounts now needed to be created in the following locations: –DCE Server –LDAP Server –VMS Cluster –Tru64 Unix Cluster –Samba Server

High Level Requirements Synchronize as many passwords as possible. Provide a centralized method to update all accounts for a user. Make the system easily expandable. Build as much cross-platform code as feasible. Updates should occur in real-time. Budgets are tight, resources are low. Minimize expenditures.

A Modular Solution HelpDesk Web Client Master Server Platform Specific Module Platform Specific Module Platform Specific Module Platform Specific Module Oracle Database

Resources One full-time co-op student and two part- time student employees were hired for this project. One full-time staff member managed the project. This kept costs relatively low and gave real world experience to RIT students.

Key Benefits Modules can be added without the need to update the entire system. Centralized control of account updates insures synchronization of information. Accounts can be added for all systems with only one tool. Off load considerable amounts of system support.

Two years pass…

New Directory As the existing systems continued to age, the demand for a replacement grew. Microsoft Exchange was selected as the solution. With Exchange came the need for an Active Directory environment. Therefore, another account base was added.

Too Many Passwords Accounts now needed to be created in the following locations: –DCE Server –LDAP Server –VMS Cluster –Tru64 Unix Cluster –Samba Server –Kerberos Server –Microsoft Active Directory

New Requirements Unify information across all directories. Provide self-service applications to reduce HelpDesk calls. There also emerged a need for more detailed information to be contained in the directories. Users wanted to be able to manage their own “identity” information. These requirements demanded slight changes.

COTS? Off the shelf solutions were sought to provide the directory integration. The IBM Directory Integrator was determined to be the best. During evaluation of this product, we came to the realization that our current systems was already 90% of the way there. Due to the proprietary nature of the IBM product, and the amount of development time required to integrate it into our environment, the decision was made to expand our own existing software.

A Modular Solution HelpDesk Web Client Master Server Platform Specific Module Platform Specific Module Platform Specific Module Platform Specific Module Oracle Database

Small Changes Self-Help Clients

New Benefits A platform independent interface API allows for rapid tool development. Self-Help applications off load HelpDesk support. One step closer to a single username and password for all RIT services. Hooks into the system allowed for password database migration, without the need to make all users change their passwords at once. Groups could be created in Active Directory and LDAP for classes, colleges, departments, etc.

Groups A breakdown of the groups synchronized across directories: –7 Divisions –10 Centers –20 Colleges –380 Departments –717 Academic Programs –490 Disciplines –5225 Courses –11846 Course Sections And this is just the start!

New Caveats Existing tools must be removed, disabled, or restricted. –Ex: Unix passwd command, Active Directory Users and Computers –Ex: LDAP updates restricted to software only Adding a single point to update accounts also adds a single point of failure. Self-help tools allow for self imposed problems. –Ex: Giving users the ability to update their forward also gives them the ability to forward it into the bit bucket in error.

Application Demonstration

The Future The immediate future of the system will be a shift from simple account management to more inclusive identity management.

More Information Related RIT presentation: Track 3 Seamless University: Physically Consolidated, Logically Distributed Thursday, October 21, :10 a.m. – 9:00 a.m. Meeting Room 103 This session presents RIT's efforts to consolidate and integrate various services, such as account management and directory services, and still provide flexibility, better manage costs, and move toward a seamless university.

Questions? Dan Tobin Matt Campbell