• Like

Dell active roles

  • 547 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • Is it possible to use Dell Active Roles for automating the user management in Microsoft Dynamics CRM?

    Thanks.

    David.
    Are you sure you want to
    Your message goes here
    Be the first to like this
No Downloads

Views

Total Views
547
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
17
Comments
1
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Intelligent User Administration Jan Spangsberg Sr. Systems Consultant, Dell Software
  • 2. 2 Agenda • Challenges in todays AD administration • The Dell Software solution • GUI examples • Architecture
  • 3. 3 The challenges Security • Internal & external threats • Orphaned accounts mean security loopholes • Users have more access than they need • Too many separate user stores • Managing user access rights is resource- intensive, error prone and time consuming Complexity • New requirements add more administrative tasks • Proving compliance is labor-intensive • Reviewing activity logs only during audits is often too late Compliance Fact: 48% of respondents rated the odds of experiencing a compliance risk within the next 18 months as “high” or “very high.” Source – State of Compliance 2011, PWC
  • 4. 7 Account Lifecycle New User is created (Hire) • Account Creation in AD and other systems • Mailbox and Home Folders Creation • Group and Distribution List Memberships • Access to Applications Granted • E-mail notifications Administration • Information updates • Group /Role Membership • Distribution List Membership • User Profile Editor Deletion (Retire) • Employment Status Changes • Disable Accounts • Disable Access to Resources • Assign Entitlements to others Change in Account (Promotion) • Promotions or Transfers • Project Assignments • Information updates AD Architect HR Application Owner Administrators Help Desk Entitlements Managers Policy Visibility Auditors
  • 5. 8 Spend your time wiselyCreateConfigureInform Elapse Time: Hours / Days 5 minutes 65 minutes Add user to groups Security and Distribution Groups 10 minutes Assign administrative permissions 10 minutes Create user accounts connected sys Send to metadirectory, Unix/Linux, etc. 10 minutes Inform the Business E-mail to IT, Service Desk, Management Facilities, etc. 10 minutes Automatic Automatic Automatic 5 minutes Automatic Automatic Automatic Automatic Effort: 5 minutes Add employee to HR system 5 minutesHR Create user account in Active Directory Location, Unique Name, Strong Password Generation 10 minutes Create Exchange mailbox Controlled Store Selection, Alias Generation 5 minutes Create home directory Location, NTFS permissions, Share permissions 5 minutes Step Without Rules With Rules Typical ActiveRoles deployment time Less than two weeks!!!
  • 6. 9 Consistency Business Rule Examples Description cannot be left blank Phone number must contain 1- ### - ### - #### E-mail address = first letter of first name + last name@dell.com http://www.dell.com/people/ Generate Display Name
  • 7. 11 GUI examples
  • 8. 12 Tree Structure
  • 9. 13 Edit Exchange Properties
  • 10. 14 Change History
  • 11. 15 Architecture
  • 12. 16
  • 13. 18
  • 14. 19 4 layer model Presentation Components MMC UI Web UI ADSI provider PowerShell SPMLReporting Service Components Access Check Policy Enforcement Workflow Identity Data, Applications and Resources Active Directory AD-LDS Exchange OCS/LYNC Windows Servers Synchronization, Connectivity and Extensibility ADFS SAML Quick Connect Q1IM AD- Integrated Systems SDK Add-On Manager Database Components Audit Trail Configuration Virtual Attributes SharePoint
  • 15. 20 ActiveRoles Server for the cloud • Utilize out of the box connectors to synchronize your on-premise AD accounts and attributes to off-premise AD and/or synchronize to ‘cloud- based’ services such as Salesforce, Google Apps, Office365, Lync Online, and SharePoint Online. • Delegate security access controls to specific administrators to manage portions of your cloud integrations using a least privilege model • Automate and co-manage accounts with on- premise Exchange and/or Office365 mailboxes • Perform two-way sync between Active Directory and the cloud Functionality via the Cloud
  • 16. 21 Summary Create • Add employee to HR system • Create user account in AD • Generate location, unique name, strong password • Create Exchange mailbox • Create home folders, NTFS and share permissions Configure • Add user to groups and distribution lists • Grant access to applications • Assign group memberships and role • Assign admin permissions • Create user accounts on connected systems. Modify • Modify user and group status • Disable access to accounts and resources Audit and Inform • Email to IT, service desk and management facilities • Grant visibility • Track change history & user activity
  • 17. 22 A foundation for full IAM Access Governance Privileged Account Management User Activity Monitoring • Granular delegation • Enforce separation of duties • Enterprise privilege safe • Session management • Keystroke logging • Enhancing Sudo • Granular AD auditing • Permissions reporting • Log management • Event alerting • Crisis resolution • Synchronize identity data • Directory consolidation • AD administration • Virtual directory services • Single sign-on • Strong authentication • Password management Identity Administration • Automated provisioning • Access request and certification • Fine-grained application security • Data access management • Role engineering
  • 18. 23 Resources
  • 19. 24 Resources • ActiveRoles Server user community – http://communities.quest.com/community/activeroles • ActiveRoles Server Quest Drive (virtual testware) – https://www.quest.com/common/registration.aspx?requestdefid=28524 • ActiveRoles Server main product page – http://www.quest.com/activeroles-server/ • OnDemand webcasts – http://www.quest.com/events/list.aspx?contenttypeid=16&prod=183 • Whitepapers, tech briefs and datasheet
  • 20. Easier accountability throughout your business We simplify identity & access management 25