Presentation is loading. Please wait.

Presentation is loading. Please wait.

TechNet Architectural Design Series Part 5: Identity and Access Management Gary Williams & Colin Brown Microsoft Consulting Services.

Published byHannah Daniel Modified over 8 years ago

Similar presentations

Presentation on theme: "TechNet Architectural Design Series Part 5: Identity and Access Management Gary Williams & Colin Brown Microsoft Consulting Services."— Presentation transcript:

1 TechNet Architectural Design Series Part 5: Identity and Access Management Gary Williams & Colin Brown Microsoft Consulting Services

2 Live Meeting Information... Feedback Panel Questions & Answers Blog - http://blogs.technet.com/MCSTalks http://blogs.technet.com/MCSTalks

3 Session 5: Identity and Access Management Gary Williams – Identity Management Consultant Colin Brown – Security Consultant MCS Talks Infrastructure Architecture

4 Agenda Introduction to Identity Terminology Challenges & Issues Identity Environment – Fact Finding Identity Solutions ProductsArchitecture Work Packages Recommendations

5 Introduction to Identity Terminology

6 IDA / IAM / IdM Digital Identity Credential Security Principal Authentication Identity Store Identity Synchronisation Identity Integration Services Provisioning Identity Lifecycle Management Introduction IDA Terminology

7 EntitlementAuthorisationTrust Identity Federation Security Auditing Access Services Digital Certificates Public Key Infrastructure (PKI) Certificate Revocation List (CRL) Encryption Introduction IDA Terminology

8 Challenges & Issues

9 Pre 1980’s 1980’s1990’s2000’s # of Digital IDs Time Applications Mainframe Client Server Internet BusinessAutomation Company(B2E) Partners(B2B) Customers(B2C) Mobility Islands Of Applications Has lead to islands of identities

10 Identity ecosystems develop organically Fragmented identity infrastructures One system is added at a time Applications, Databases, Operating Systems Each system potentially requires a unique identity repository Changing organisation perimeter Credentials often do not cross boundaries Politics Product/skillset knowledge Challenges & Issues Why do Identity Management projects fail?

11 Identity & Access Management : Providing the right people with the right access at the right time Identity Store Authentication Authorisation Who I am What can I do Lifecycle Management / Administration Monitoring/Audit Setting the scene What is it we are trying to achieve?

12 Identity Environment – Fact Finding

13 Identity Drivers & requirements Extend reach and range Increase scalability Lowering costs Balance centralised vs. distributed management More general purpose & reusable Product selection must achieve Business justification Work against business requirements Source of truth (authoritative) repository Main repository & list of other identity repositories Identity Flow Identity Environment – Fact Finding

14 Information Quality How and where is identity data created How is it removed, maintained & synchronised How is data creation, deletion or modification validated Operational Procedures Access rights to all systems Hire / Fire procedures Department or role changes Role definition Separation of duties (admin controls) Identity Environment – Fact Finding

15 Identity Solutions

16 Solutions – Identity Products Active Directory Domain ServicesActive Directory Lightweight Directory ServicesActive Directory Federation ServicesActive Directory Certificate ServicesActive Directory Rights Management ServicesIdentity Lifecycle ManagerMicrosoft Partners

17 Solutions - Example Architecture

18 Solutions – Planning Think strategically act tactically Phased approach This is generally not a technical problem Business processes Workflow definition An Identity and Access Management solution is a long term engagement

19 Solutions – Work Packages IDA Framework

20 Solutions – White Pages Architectural Overview

21 Solutions – Provisioning & De-provisioning

22

23 Reduce credentials to a single password or PIN Simplify the user experience Reduce helpdesk overhead Improve overall security Solutions – Password Management

24 Record identity related events, such as: Logon/off Administrative actions Object access In order to be able to: Reveal potential security problems Ensure user accountability Provide evidence Solutions – Auditing & Reporting

25 Capture or create business process to Define identity profiles Associate allowable actions Delineate self-service and administrative actions Solutions – Profile Management

26 Solutions – Role Based Access Control

27 Provide a single authentication action In order to Reduce user authentication events Reduce authentication stores and associated management overhead Solutions – Single Sign-On

28 Reduce the number of identity repositories ComplexityDuplication Administrative overhead Solutions – Directory Consolidation

29 Provide a strong authentication mechanism Provide 2 factor authentication In order to Secure network services Provide security services to applications Provide higher security assurance Solutions – Securing Network Services

30 SQL1 SQL2 Root CA Manual Publish Issuing CA’s RA1 RA2 Clients VPN AD SSL Web Exchange TS1 TS2 Log Shipping Mirroring Load Balancing Solutions – Securing Network Services

31 Workstation RMS Server Certification Licensing Templates Active Directory Authentication Service Discovery Group Membership SQL Server Configuration data Logging Cache MOSS 2007 Document Libraries with IRM Exchange 2007 SP1 Pre-licensing Fetching Solutions – Protecting Data Wherever It Goes

32 Recommendations

33 Goals of an IAM Strategy Secure, pervasive, consistent and reliable authentication and authorisation Open standards that allow integration across security boundaries. Reduce cost of managing identities Extending access to applications & files to out of office/mobile users Improve management and maintenance of user identities.

34 IAM Strategy Recommendations Document IAM infrastructure. Produce fast results Address high risk areas early Increase integration between directory, security and application services Improve capabilities that promote finding organisational data

35 IAM Strategy Recommendations Most IAM projects are bigger than organisations expect Not all technologies within IAM provide direct benefits though all are necessary for the complete framework Use the proper justification and benefit statements as part of your deployment

36 Ihr Potenzial. Unser Antrieb. Thank you for attending this TechNet Event Visit the blog at: http://blogs.technet.com/mcstalks Register for the next session, Desktop Deployment, at: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventI D=1032390854&Culture=en-GB

Download ppt "TechNet Architectural Design Series Part 5: Identity and Access Management Gary Williams & Colin Brown Microsoft Consulting Services."

Similar presentations

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM

Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.

Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
Virtual techdays INDIA │ 18-20 august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –

Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
Understanding Active Directory

Understanding Active Directory
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Automated Policy Enforcement Adam Vincent, Layer 7 Federal Technical Director

Automated Policy Enforcement Adam Vincent, Layer 7 Federal Technical Director
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Identity and Access Management

Identity and Access Management
Making Identity and Access Management Real – The Early Days Brian Lauge Pedersen Senior Technology Specialist.

Making Identity and Access Management Real – The Early Days Brian Lauge Pedersen Senior Technology Specialist.
Microsoft ® Application Virtualization 4.5 Infrastructure Planning and Design Series.

Microsoft ® Application Virtualization 4.5 Infrastructure Planning and Design Series.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Understanding Active Directory

Understanding Active Directory
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
Microsoft ® Application Virtualization 4.6 Infrastructure Planning and Design Published: September 2008 Updated: February 2010.

Microsoft ® Application Virtualization 4.6 Infrastructure Planning and Design Published: September 2008 Updated: February 2010.
Identity Lifecycle Management Jonny Chambers Senior Technical Specialist Microsoft Ireland

Identity Lifecycle Management Jonny Chambers Senior Technical Specialist Microsoft Ireland
Virtual techdays INDIA │ 18-20 august 2010 Secure Collaboration: All You Need to Know about Extending Active Directory Rights Management Services (AD RMS)

Virtual techdays INDIA │ august 2010 Secure Collaboration: All You Need to Know about Extending Active Directory Rights Management Services (AD RMS)

Similar presentations

Ads by Google