Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Management: The Legacy and Real Solutions MIIS Implementation.

Published byAndrew Elliott Modified over 8 years ago

Similar presentations

Presentation on theme: "Identity Management: The Legacy and Real Solutions MIIS Implementation."— Presentation transcript:

1 Identity Management: The Legacy and Real Solutions MIIS Implementation

2 Copyright @ 2007 Washington State University This work is the intellectual property Of WSU. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the copyright owner. To disseminate otherwise or to republish requires written permission.

3 Implementation Approach Define the project

4 Implementation Approach Define the project Build the team

5 Implementation Approach Define the project Build the team Training

6 Implementation Approach Define the project Build the team Training Determine extent of the project

7 Implementation Approach Define the project Build the team Training Determine extent of the project Plan the design

8 Implementation Approach Define the project Build the team Training Determine extent of the project Plan the design Coding

9 Implementation Approach Define the project Build the team Training Determine extent of the project Plan the design Coding Getting help

10 Define the project Why are we doing this

11 Define the project Why are we doing this What directories are involved

12 Define the project Why are we doing this What directories are involved Who is the custodian of the data

13 Define the project Why are we doing this What directories are involved Who is the custodian of the data Which product to use

14 Training MIIS training: Oxford Computer Group via SQLSoft+

15 Training MIIS training: Oxford Computer Group via SQLSoft+ Beginning and Advanced classes

16 Determine extent of the project Break the project into manageable pieces

17 Determine extent of the project Break the project into manageable pieces Start with a simple beginning

18 Determine extent of the project Break the project into manageable pieces Start with a simple beginning Revise the plan after the first phase

19 Planning One authority: the Metaverse

20 Planning One authority: the Metaverse Need unique ID

21 Planning One authority: the Metaverse Need unique ID Which directories contribute to the MV

22 Planning One authority: the Metaverse Need unique ID Which directories contribute to the MV Which directories draw from the MV

23

24 Design and Planning Worksheets Utilize the MIIS 2003 Sample Worksheets http://download.microsoft.com/download/9/e/0/9e0c929d -10dc-42cb-aaa6-bb501a92ea20/MIIS_Worksheets.doc

25 Connected Data Sources Prepared ByDate Management AgentType Connected Data Source Owner Contact (who can change) Backup and restore policy Security Issues All connection and container details appropriate for this MA type INSTRUCTIONS: Complete one data sheet for each connected data source in the solution. Include a row for each object. Do not include objects that are not part of your solution. List all objects in the specified connected data source that represent any real-world objects. NameUnique IDNotes and Other Policies

26 Included Attributes Prepared By Date Management Agent Connected Data Source Object INSTRUCTIONS: Complete one data sheet for each object in the connected data source directory. List all appropriate attributes. Include a row for each attribute, and leave out those attributes that are not appropriate. For those attributes that are required to follow from the metadirectory to the connected data source, complete the Outbound Attribute section of the table. Inbound AttributeOutbound Attribute NameData Type Mult i- Valu es Y/N Content StructureOutbound Y/N Requires Validation Y/N May be Overwritten with Null Y/N Business Justification Quality and Precedenc e Notes NotesNotes

27 Outbound Attribute Flow Management AgentDate INSTRUCTIONS: Complete one worksheet for each object in the solution. List all outbound attributes Fill out one worksheet for each connected data source. Map each metaverse attribute to a data source attribute in the outbound attribute flow. Connected Data Source AttributeMetaverse Attribute NameValidationTransformationName(s) Considerations or Policies Needed

28 Design and Planning Worksheets Utilize the MIIS 2003 Sample Worksheets http://download.microsoft.com/download/9/e/0/9e0c929d -10dc-42cb-aaa6-bb501a92ea20/MIIS_Worksheets.doc Keep them up to date

29 Design and Planning Worksheets Utilize the MIIS 2003 Sample Worksheets http://download.microsoft.com/download/9/e/0/9e0c929d -10dc-42cb-aaa6-bb501a92ea20/MIIS_Worksheets.doc Keep them up to date Consider the Oxford Computer Group’s Documentor http://www.oxfordcomputergroup.com/

30 Metaverse attributes AttributeConnector space WSUEduEmailAddressManual precedence used Imported using AD Update from user object using a custom flow rule called mail which uses mail, msExchHomeServerName.AD Updateusermailmail, msExchHomeServerName Imported using UPStest from organization object using a custom flow rule called UPSmail which uses mail.UPStestorganizationUPSmail mail Exported to user.mail using AD Update using a custom flow rule called mailuser.mailAD Updatemail

31 case "StudentPhone": try { if (csentry["STUDENT-PHONE"].IsPresent) { string stdtphone2 = csentry["STUDENT-PHONE"].Value; if (stdtphone2 != "UNLISTED") mventry["StudentPhone"].Value = csentry["STUDENT-PHONE"].Value; } catch (Exception e) { Logging.LogException(e, "ADW832SQL MA import StudentPhone", mventry["WSUNID"].Value, true); } break;

32 Coding Settle on a language within the group C# or VB

33 Coding Settle on a language within the group C# or VB One person on a Management Agent

34 Phase 2 - Groups

35 Active Administrative Professional, Appointed Faculty, Admitted Graduate Students, Enrolled Undergraduate Students, etc, etc,

36 Phase 2 - Groups

37 Phase 3 - Provisioning

38 Provisioning

39 Gotchas Group Populator  Takes a long time

40 Gotchas Group Populator  Takes a long time 7 days for 160,000 users and 19 groups

41 Gotchas Group Populator  Takes a long time  Users can get separated

42 Gotchas Group Populator  Takes a long time  Users can get separated  Groups get disconnected

43 Gotchas Group Populator  Takes a long time  Users can get separated  Groups get disconnected  Placeholders

44 Gotchas Group Populator Provisioning

45 Gotchas Group Populator Provisioning  Can only run one provisioning agent at a time

46 IMVSynchronization[] myMVDlls; string PREFIX = "MVExtension"; void IMVSynchronization.Initialize() { string[] fileNames = Directory.GetFiles( Utils.ExtensionsDirectory, PREFIX + "*.dll"); int numFiles = fileNames.Length;

47 Gotchas Group Populator Provisioning  Can only run one provisioning agent at a time  Sun requires additional care

48 Container = ",ou=People,o=wsu.edu"; CN = mventry["cn"].Value; RDN = "uid=" + CN + Container; if (0 == Connectors) { ValueCollection oc; oc = Utils.ValueCollection("top"); oc.Add("account"); oc.Add("pipuserinfo"); oc.Add("organization"); DN = ManagementAgent.CreateDN(RDN); csentry = ManagementAgent.Connectors. StartNewConnector("organization", oc); csentry.DN = DN; csentry["o"].Value = "wsu.edu"; csentry.CommitNewConnector(); }

49 Gotchas Group Populator Provisioning Not real time…for us…

50 Disaster Recovery SQL backup of data

51 Disaster Recovery SQL backup of data Keep the key secure

52 Disaster Recovery SQL backup of data Keep the key secure Backup of the Visual Studio source

53 Futures We plan on doing deprovisioning next

54 Futures We plan on doing deprovisioning next Replacing the Core Programs

55 Futures We plan on doing deprovisioning next Replacing the Core Programs Provisioning to directories in other units

56 Help MIIS Experts page http:// www.miisexperts.org / http:// www.miisexperts.org /

57 Help MIIS Experts page http:// www.miisexperts.org / http:// www.miisexperts.org / Technet Forum http://forums.microsoft.com/technet/

58 Help MIIS Experts page http:// www.miisexperts.org / http:// www.miisexperts.org / Technet Forum http://forums.microsoft.com/technet/ Users Group http://www.microsoft.com/communities/newsgroups/ http://www.microsoft.com/communities/newsgroups/

59 Help MIIS Experts page http:// www.miisexperts.org / http:// www.miisexperts.org / Technet Forum http://forums.microsoft.com/technet/ Users Group http://www.microsoft.com/communities/newsgroups/ http://www.microsoft.com/communities/newsgroups/ MS Tech·Ed Presentations

60 The Team Diane Dickinson (diane@wsu.edu)diane@wsu.edu Wanda Zeng (zeng@wsu.edu)zeng@wsu.edu Dean Guenther (guenther@wsu.edu)guenther@wsu.edu Many, many others….

Download ppt "Identity Management: The Legacy and Real Solutions MIIS Implementation."

Similar presentations

What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.

What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.
Linda Ricks Managing Director, Information Systems May 25, 2006 Project and Resource Portfolio Management.

Linda Ricks Managing Director, Information Systems May 25, 2006 Project and Resource Portfolio Management.
Web Application Management Moving Beyond CMS Douglas Clark Director, Web Applications Copyright Douglas Clark 2003 This work is the intellectual property.

Web Application Management Moving Beyond CMS Douglas Clark Director, Web Applications Copyright Douglas Clark 2003 This work is the intellectual property.
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau 2004. This work is the intellectual property of the authors. Permission is granted for.

Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
1 Extending Authenticated Online Services with Friend Accounts at Washington State University Brian Foley Technology Architect/Application Developer.

1 Extending Authenticated Online Services with "Friend Accounts" at Washington State University Brian Foley Technology Architect/Application Developer.
Selecting a Business Intelligence Standard for Higher Education Mid Atlantic Educause Conference Baltimore, Maryland Baltimore, Maryland January 10, 2006.

Selecting a Business Intelligence Standard for Higher Education Mid Atlantic Educause Conference Baltimore, Maryland Baltimore, Maryland January 10, 2006.
February 2006 copyright Michael Welch, Blinn College This work is the intellectual property of the author. Permission is granted for this material to be.

February 2006 copyright Michael Welch, Blinn College This work is the intellectual property of the author. Permission is granted for this material to be.
Delivering Windows OS Updates at Yale with SUS EDUCAUSE Security Professionals Workshop May 17, 2004 Washington DC Ken Hoover, Systems Programmer

Delivering Windows OS Updates at Yale with SUS EDUCAUSE Security Professionals Workshop May 17, 2004 Washington DC Ken Hoover, Systems Programmer
Identity Management: The Legacy and Real Solutions Project Overview.

Identity Management: The Legacy and Real Solutions Project Overview.
Pam Downs Ajay Gupta The Pennsylvania Prince George’s State University Community College Copyright Penn State University-2008. This work is the intellectual.

Pam Downs Ajay Gupta The Pennsylvania Prince George’s State University Community College "Copyright Penn State University This work is the intellectual.
Copyright Statement © Jason Rhode and Carol Scheidenhelm. 2006. This work is the intellectual property of the authors. Permission is granted for this material.

Copyright Statement © Jason Rhode and Carol Scheidenhelm This work is the intellectual property of the authors. Permission is granted for this material.
Copyright Dong Chen, 2006. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Dong Chen, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
1 sm Using E-Business Solutions to Meet Management Challenges: Interoperability & Flexibility Bring Success to the Implementation of Specialized Components.

1 sm Using E-Business Solutions to Meet Management Challenges: Interoperability & Flexibility Bring Success to the Implementation of Specialized Components.
MIT ROLES DB Internet 2 Authority Architectures CAMP, June 2004.

MIT ROLES DB Internet 2 Authority Architectures CAMP, June 2004.
University of Washington CUMREC 2003 Uncompromised Web Applications: Variety Without Chaos University of Washington CUMREC 2003 Copyright University of.

University of Washington CUMREC 2003 Uncompromised Web Applications: Variety Without Chaos University of Washington CUMREC 2003 Copyright University of.
Copyright Shanna Smith & Tom Bohman (2003). This work is the intellectual property of the authors. Permission is granted for this material to be shared.

Copyright Shanna Smith & Tom Bohman (2003). This work is the intellectual property of the authors. Permission is granted for this material to be shared.
University of California, Irvine Security Access Management at UC Irvine: Adding Decentralization and Ending Paper Mark Askren, Assistant Vice Chancellor.

University of California, Irvine Security Access Management at UC Irvine: Adding Decentralization and Ending Paper Mark Askren, Assistant Vice Chancellor.
Cheryl Ast Project Team Leader, Administrative Computing Services (949) 824-7367 2003 EDUCAUSE Southwest Regional Conference University of.

Cheryl Ast Project Team Leader, Administrative Computing Services (949) EDUCAUSE Southwest Regional Conference University of.
Cheryl Ast Project Team Leader, Administrative Computing Services (949) 824-7367 CUMREC 2003 University of California, Irvine Tuesday, May.

Cheryl Ast Project Team Leader, Administrative Computing Services (949) CUMREC 2003 University of California, Irvine Tuesday, May.
Moving Your Paperwork Online Western Washington University E-Sign Web Forms Copyright Western Washington University, 2004. This work is the intellectual.

Moving Your Paperwork Online Western Washington University E-Sign Web Forms Copyright Western Washington University, This work is the intellectual.

Similar presentations

Ads by Google