Identity & Infrastructure Applications Development & Release Plans Tim Purkiss

Outline Identity & Infrastructure Applications Services Recent changes to UPI Identity & Access Management (Vidit) and Office 365 (Duncan) IDINA Release 2.0 Spring and Summer 2013

IDINA Services UPI: UCL Person Identifier Services System Computer Reps Tool Find UPI Database account registrations Identity & Access Management and Office 365

Recent changes to UPI Materialized Views Restructuring core views Main Source Unicode Project work

Use of Materialized Views Person DataKey RecordsAssociations Person Data with preferences Main Telephone Main Main UserID Main Source

Core views – Before Resource Link SITS Services System UPI_V_SR_PERSONUPI_V_SITS_PERSONUPI_V_RL_PERSON UPI_V_PERSON_ALLUPI_V_PERSON

Core views – Now UPI_V_PERSON_BASE Resource Link SITS Services System UPI_V_PERSON_SEARCH UPI_V_SR_PERSONUPI_V_SITS_PERSONUPI_V_RL_PERSON UPI_V_PERSON_PREF Preferences UPI_V_PERSON Contact info

Main Source - Now Resource Link 1 SITS 2 Services System 3

Main Source Current associations? 1 Highest ranked association? 2 StaffHonPGUGVisitorCasualAlumniApplicant InvigilatorExt. Examiner

Identity and Access Management (IAM) Components Microsoft Forefront Identity Manager (FIM) Synchronise data between different data sources Manage identities and groups, configure workflows and define rules and policies via a portal Online User Registration (OUR) Enable applicants to register personal credentials centrally Allow UCL student joiners to collect UCL userid and set a password electronically Role Account Registration and Management (RARM) Facilitate members of ISD Service Desk to request role accounts and track their provisioning Data store, procedures and jobs Consolidate identity and preference data Generate and maintain UCL userids

Value added so far Near real-time (replace legacy overnight batch process) userid provisioning in: UNIX Active Directory (old and new) service for UCL Alumni OUR integration with: Student pre-enrolment system UCAS applicant portal Student accommodation system (StarRez) RARM: Easy to use web application to request role accounts (e.g. administrator account) Prevent bad practice of manually creating these accounts without any tracking/auditing Allow user to request multiple accounts in one go (batch feature)

IAM Developments User sID migration from the old domain to the new one Remove dependency on ADMT Group provisioning and management using FIM OUR integration with: Online Admissions system (direct applicants) Improvements in RARM Improvements in the userid generation process

/ Office 365 Project Office 365: Project The Service

Stage Five - Workstreams

Transition to Office 365 All service subscribers are required to move to Office 365 by September 2013

Transition to Office 365 All service subscribers are required to move to Office 365 by September 2013 Phase one Like-for-like Hosted Mail and Calendar Service –25GB mailbox –Minimal change to service wrap –Most preparatory work is behind the scenes and communications related: AD changes Identity Lifecycle Manager (ILM)/Directory Synchronisation Provisioning scripts Management Tools Comprehensive test plan to document end user experience

Transition to Office 365 All service subscribers are required to move to Office 365 by September 2013 Phase one Like-for-like Hosted Mail and Calendar Service –25GB mailbox –Minimal change to service wrap –Most preparatory work is behind the scenes and communications related: AD changes Identity Lifecycle Manager (ILM)/Directory Synchronisation Provisioning scripts Management Tools Comprehensive test plan to document end user experience Phase two –Business requirements analysis with UCL community for future Office 365 enhancements (Sharepoint, Lync, WebApps)

Office 365 Schedule Development: In progress ADDEV -> EISD-DEV.ucl.ac.uk Test : 29 April 2013 ADTEST -> EISD-TEST.ucl.ac.uk Production: **12 July 2013 ** AD -> LIVE.ucl.ac.uk

support structure 3 rd Line Support (CIA)SOM & Deputy SOM – (CIA) SO – Maria Darmon ADS Service Desk User Query SoP Service DeskISD Service Desk AISC Service Desks

IDINA Release 2.0 Main Source – phase III Data cleansing Service monitoring IAM developments Computer Reps Tools Find UPI

Data Cleansing Add Archive data from UPIMGR Remove records from Services System Tidy up Services System users/permissions

Service Monitoring Fix Services System feedback Rationalise multiple sync processes

IAM Developments Userid sID migration from the old domain to the new one Improvements in RARM Improvements in the userid generation process

Computer Reps Tools Include Role Accounts Group membership look-up Find UPI Move from as01 Re-platform to Java/Spring

Next Steps for Release 2.0 UAT prepared by 18 th Jan Details of what data will change and how. Beta version of Comp Reps tool Deploy Find UPI

Spring and Summer 2013 CSO / Intranet groups Known As names in searches Improved Notifications Interfaces Decommission old UPI Web Services?

CSO and Intranet Remove batch file transfer Standardize CSO/Directory data –Consistent results with other UPI data –Remove duplication

Notifications Some systems use this mechanism to get Person updates. Interfaces can benefit from only being notified for a change that interests that system.

Known As names in searches Reduce UPI duplication/misallocation Interfaces SITS RALIC Telecoms Remedy / ITSM RPS

Old UPIMGR Continue decommissioning Web Services…? Technology in need of application

Questions…?