1 Simon: What, How and Why Jon Finke Communication and Middleware Technology
2 Overview Brief History –How did we get here? Current Functions Selected Technologies –Change Queues Future Directions
Distant Past – Self service Unix Account –Long Distance Auth Code required Controls Access – RPI only Allows for billing for printing –Open to all students, faculty and staff –User selected “usernames” –Established relationship with Telecom –Desire for campus wide authenticator 3
1991 – Start of Simon Joint “Computing in Curriculum” Accounts for everybody –One Person, One Account, All systems Feeds from HR and Registrar Rudimentary guest management aliases (.forward replacement) 1993 – Hostmaster 1993 – HR moves to Banner – Printmaster - /etc/printcap 4
1994 – ID Cards New ID card system –Same feed requirements as RCS –Simon became SOR for ISO numbers. Established relationship with ID card operations and management. Feed to Library Patron system 5
1996 – Phone Directory Required better HR feed Became source for directory information. –Some fields washed through Banner Student records moved to Banner –Mostly a non event from an IdM perspective –No more student “guests” – start PL/SQL rewrite, Y2K 6
2000 – Simon Web Move from command line to web for user applications. TSM (Backup) billing File Generation (via PL/SQL) 7
2001 – Windows 2000 Drive Windows 2000 domain –Password Sync Phase out SSNs Campus Mailroom database Feed to LDAP server Feed to WebCT - Courseware 8
2002 – BEST Access System New ID card system –Simon record required for access –Including PARKING ID Specific Guest Management Real time HR updates New Meal Card system Task force finds Simon SOR for people 9
2003 – More Feeds Insite – Space management –People feed to space management system –Buildings and room back to Simon Physical Plant management system –Fixx.rpi.edu 10
2004 – Authentication and Authorization VPN only accounts Password Sync to LDAP Password Sync to Applix Demographic based building access 11
2005 – Unified Messaging Voic moves to windows domain –Provisioning via Simon Call Manager (VOIP) via Simon 12
– Status/APEX Status Drives directory Started Status driven accounts Oracle Application Express –Rewriting existing applications –All new applications 13
14 Banner (Oracle Admin System) RegistrarHuman Resources Student RecordsEmployee Records Department Administrators Simon (Oracle Userid Mgmt) People Directory InfoUserids Active Directory (Windows 2000) Photo ID Card System AFS/Kerberos White Pages LDAP & PH ID Guests ID Desk Hartford Directory
Current Functions Account Provisioning –Kerb4, Kerb5, LDAP, Active Directory Telephone Directory (LDAP, Paper) ID Card/Parking Transponders System Configuration –DNS, Aliases, Printing, Firewall Accounting –Printing, Disk, Backup, software licensing 15
Current Functions (cont.) Data Interchange –Accounting (PC Store, Telecom) –Building/Room Inventory –Student “Hold” Telecom Provisioning –VOIP, Voic 16
Technologies Change Queues for other systems Person Status – drives provisioning 17
Password Changes User Web page – encrypts PW with public key and queues it. –Requeue Processor – feeds new back ends. Back end processors – decrypt and apply Notes –Encrypted copies saved –Queue status web page for help desk 18
19 Changing Passwords Database Secure Web Server Web Browser Password Change Page Change Queue Public Key Password Change Server (Private Key) SSL Encrypted with Public Key Windows Domain Controller Windows Domain Controllers
Near Futures Multiple account types (entitlements) Based on person status Delegate control to departments Password queue rewrite Oracle Application Express (APEX) Web Services 20
21 Questions? Comments? Ideas? Jon Finke Rensselaer Polytechnic Institute No animals were harmed in the making of this presentation. All scenes involving animals were monitored by employees of Schenectady County Family Court