Identity & Infrastructure Applications Development & Release Plans Tim Purkiss
Outline Identity & Infrastructure Applications Services Recent changes to UPI Identity & Access Management (Vidit) and Office 365 (Duncan) IDINA Release 2.0 Spring and Summer 2013
IDINA Services UPI: UCL Person Identifier Services System Computer Reps Tool Find UPI Database account registrations Identity & Access Management and Office 365
Recent changes to UPI Materialized Views Restructuring core views Main Source Unicode Project work
Use of Materialized Views Person DataKey RecordsAssociations Person Data with preferences Main Telephone Main Main UserID Main Source
Core views – Before Resource Link SITS Services System UPI_V_SR_PERSONUPI_V_SITS_PERSONUPI_V_RL_PERSON UPI_V_PERSON_ALLUPI_V_PERSON
Core views – Now UPI_V_PERSON_BASE Resource Link SITS Services System UPI_V_PERSON_SEARCH UPI_V_SR_PERSONUPI_V_SITS_PERSONUPI_V_RL_PERSON UPI_V_PERSON_PREF Preferences UPI_V_PERSON Contact info
Main Source - Now Resource Link 1 SITS 2 Services System 3
Main Source Current associations? 1 Highest ranked association? 2 StaffHonPGUGVisitorCasualAlumniApplicant InvigilatorExt. Examiner
Identity and Access Management (IAM) Components Microsoft Forefront Identity Manager (FIM) Synchronise data between different data sources Manage identities and groups, configure workflows and define rules and policies via a portal Online User Registration (OUR) Enable applicants to register personal credentials centrally Allow UCL student joiners to collect UCL userid and set a password electronically Role Account Registration and Management (RARM) Facilitate members of ISD Service Desk to request role accounts and track their provisioning Data store, procedures and jobs Consolidate identity and preference data Generate and maintain UCL userids
Value added so far Near real-time (replace legacy overnight batch process) userid provisioning in: UNIX Active Directory (old and new) service for UCL Alumni OUR integration with: Student pre-enrolment system UCAS applicant portal Student accommodation system (StarRez) RARM: Easy to use web application to request role accounts (e.g. administrator account) Prevent bad practice of manually creating these accounts without any tracking/auditing Allow user to request multiple accounts in one go (batch feature)
IAM Developments User sID migration from the old domain to the new one Remove dependency on ADMT Group provisioning and management using FIM OUR integration with: Online Admissions system (direct applicants) Improvements in RARM Improvements in the userid generation process
/ Office 365 Project Office 365: Project The Service
Stage Five - Workstreams
Transition to Office 365 All service subscribers are required to move to Office 365 by September 2013
Transition to Office 365 All service subscribers are required to move to Office 365 by September 2013 Phase one Like-for-like Hosted Mail and Calendar Service –25GB mailbox –Minimal change to service wrap –Most preparatory work is behind the scenes and communications related: AD changes Identity Lifecycle Manager (ILM)/Directory Synchronisation Provisioning scripts Management Tools Comprehensive test plan to document end user experience
Transition to Office 365 All service subscribers are required to move to Office 365 by September 2013 Phase one Like-for-like Hosted Mail and Calendar Service –25GB mailbox –Minimal change to service wrap –Most preparatory work is behind the scenes and communications related: AD changes Identity Lifecycle Manager (ILM)/Directory Synchronisation Provisioning scripts Management Tools Comprehensive test plan to document end user experience Phase two –Business requirements analysis with UCL community for future Office 365 enhancements (Sharepoint, Lync, WebApps)
Office 365 Schedule Development: In progress ADDEV -> EISD-DEV.ucl.ac.uk Test : 29 April 2013 ADTEST -> EISD-TEST.ucl.ac.uk Production: **12 July 2013 ** AD -> LIVE.ucl.ac.uk
support structure 3 rd Line Support (CIA)SOM & Deputy SOM – (CIA) SO – Maria Darmon ADS Service Desk User Query SoP Service DeskISD Service Desk AISC Service Desks
IDINA Release 2.0 Main Source – phase III Data cleansing Service monitoring IAM developments Computer Reps Tools Find UPI
Data Cleansing Add Archive data from UPIMGR Remove records from Services System Tidy up Services System users/permissions
Service Monitoring Fix Services System feedback Rationalise multiple sync processes
IAM Developments Userid sID migration from the old domain to the new one Improvements in RARM Improvements in the userid generation process
Computer Reps Tools Include Role Accounts Group membership look-up Find UPI Move from as01 Re-platform to Java/Spring
Next Steps for Release 2.0 UAT prepared by 18 th Jan Details of what data will change and how. Beta version of Comp Reps tool Deploy Find UPI
Spring and Summer 2013 CSO / Intranet groups Known As names in searches Improved Notifications Interfaces Decommission old UPI Web Services?
CSO and Intranet Remove batch file transfer Standardize CSO/Directory data –Consistent results with other UPI data –Remove duplication
Notifications Some systems use this mechanism to get Person updates. Interfaces can benefit from only being notified for a change that interests that system.
Known As names in searches Reduce UPI duplication/misallocation Interfaces SITS RALIC Telecoms Remedy / ITSM RPS
Old UPIMGR Continue decommissioning Web Services…? Technology in need of application
Questions…?