Forefront Identity Manager
2010 implementation in “Goce
Delcev” University – Stip

Goce Bogatinov, Chief IT Administrator
...
Forefront Identity Manager
2010 implementation in “Goce
Delcev” University – Stip
Partners
Contents

• Presentation of the University "Goce Delchev" – Stip and its
  informational system
• The role and method of i...
General information



•   Established in 2007
•   Elected rector Prof. Dr. Sasa Mitrev
•   More than 13.000 students and ...
Infrastructure
                 Internet links with VPN
                 tunnels to Stip
Infrastructure in Stip
                         Optical links
                         Optical links in construction
     ...
User profiles
• Students
  • undergraduate
  • Master studies
  • PhD studies
• Employees
  •   Administration
  •   Teach...
Student services
• Mail
  • Microsoft Live@EDU
• Learning gateway
  • Moodle
• Student files
  • Microsoft Dynamics CRM
• ...
Employee services
• Mail
  • Microsoft Exchange 2010
• Telephony
  • Cisco UCM, Cisco IP Phones
  • Microsoft Exchange 201...
Challenges
• Unique user name and password for all

• Time and attendance tracking system

• Two-factor authentication

• ...
Implementation stages
         • Specifying and clarifying what is necessary for project implementation
ENVISION • Establi...
ENVISION         PLAN           BUILD         STABILISE       DEPLOY


                                                   ...
ENVISION          PLAN           BUILD         STABILISE   DEPLOY




• 40% of the time spent on this stage

• Functional ...
ENVISION    PLAN      BUILD     STABILISE   DEPLOY



• Building the system in test environment
• Implementation of the pl...
ENVISION     PLAN       BUILD     STABILISE   DEPLOY



 • The process of bringing the solution to an
   acceptable level ...
ENVISION     PLAN       BUILD     STABILISE   DEPLOY



• Large overlap of activities performed in the phase
  of stabiliz...
PKI decision contents
PKI based on Windows Server 2008 R2
1 Offline Root CA
2x Enterprise Issuing CA

CRL and AIA publish ...
FIM 2010 CLM decision contents
•   FIM CLM Application - NLB Cluster FIM 2010 CLM
    servers
•   MS SQL 2008 Failover Clu...
Smart Cards
• Gemalto Hybrid Smart Card .NET + EM4100 contactless chip

   • .NET framework on SmartCard

   • Easy integr...
Gemalto .NET implementation on WSCF

       Microsoft Crypto Next
      Generation Architecture                           ...
Experiences
• Complex system of permissions and role separation
• Profile Templates and Certificate Templates – crucial in...
Recommendations
• The complexity of the system requires thorough planning
• Using virtual environment
• Document every ste...
Q&A




      ???
Thanks for
the attention
Upcoming SlideShare
Loading in...5
×

Forefront Identity Manager

2,134

Published on

Presentation held by Mr.Goce Bogatinov and Mr. Jordan Tikvesanski as a part of the - Cooperation between academia and ICT businesses Session at the 8th SEEITA and 7th MASIT Open Days Conference, 14th-15th October, 2010

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,134
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
39
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Forefront Identity Manager

  1. 1. Forefront Identity Manager 2010 implementation in “Goce Delcev” University – Stip Goce Bogatinov, Chief IT Administrator University „Goce Delcev“ - Stip goce.bogatinov@ugd.edu.mk Jordan Tikvesanski, IT System Administrator University „Goce Delcev“ - Stip jordan.tikvesanski@ugd.edu.mk
  2. 2. Forefront Identity Manager 2010 implementation in “Goce Delcev” University – Stip Partners
  3. 3. Contents • Presentation of the University "Goce Delchev" – Stip and its informational system • The role and method of involvement of Microsoft Consulting Services in the performance of the decision • Intec Systems and Gemalto part in the performance of the decision • Experiences and recommendations
  4. 4. General information • Established in 2007 • Elected rector Prof. Dr. Sasa Mitrev • More than 13.000 students and 500 employees at the moment • 1.200 PC’s and up to 50 servers • 10 Campuses located in different cities • 10 Campuses in Stip
  5. 5. Infrastructure Internet links with VPN tunnels to Stip
  6. 6. Infrastructure in Stip Optical links Optical links in construction Wireless links
  7. 7. User profiles • Students • undergraduate • Master studies • PhD studies • Employees • Administration • Teachers (associates, visiting…) • Student Services • Other personnel • IT Staff • Administrators • Technical staff • Help desk
  8. 8. Student services • Mail • Microsoft Live@EDU • Learning gateway • Moodle • Student files • Microsoft Dynamics CRM • Video conferencing • Polycom • Wireless internet access • Cisco, Microsoft NAP
  9. 9. Employee services • Mail • Microsoft Exchange 2010 • Telephony • Cisco UCM, Cisco IP Phones • Microsoft Exchange 2010 UM • IM, A/V Conferencing, Desktop sharing • Microsoft Office Communicator • Document management • Xerox Docushare • Wireless internet access • Cisco, Microsoft NAP
  10. 10. Challenges • Unique user name and password for all • Time and attendance tracking system • Two-factor authentication • Student/employee ID card
  11. 11. Implementation stages • Specifying and clarifying what is necessary for project implementation ENVISION • Establishing the foundation of the team and core of the project cycle • Collecting as much information as possible PLAN • Development of conceptual solutions in specific design and plan • Making the decision in a test environment and its documentation BUILD • Testing of all aspects of the decision • Improving the quality of the solution to meet the criteria for his release in production STABILIZE • Verification of functionality and usability of the solution of business and user perspective • Setting up in production environment DEPLOY • Transition of the system into operational functioning
  12. 12. ENVISION PLAN BUILD STABILISE DEPLOY Administration and Demands IT Infrastructure maintenance • High level of • Various vendor based • Small team and automation, easy for technology helpdesk, no user use, high level of • Windows Server 2008 defined roles, large availability • AD DS number of critical • MS SQL 2008 systems, large number of helpdesk • MS Exchange 2010 demands. • MS SCCM 2007 • AD Certificate Services • Vmware virtualization technology
  13. 13. ENVISION PLAN BUILD STABILISE DEPLOY • 40% of the time spent on this stage • Functional specs (What are we going to build?) • Conceptual design (How will we build it?) • Timeline of activities (When will we build it?) • Are we ready to build?
  14. 14. ENVISION PLAN BUILD STABILISE DEPLOY • Building the system in test environment • Implementation of the planned functionalities • Testing • Testing • Testing
  15. 15. ENVISION PLAN BUILD STABILISE DEPLOY • The process of bringing the solution to an acceptable level of quality and functionality performed by testing and correction system • Implementation of the solution in production environment • Testing of all aspects of the decision of an isolated group of users – Pilot users
  16. 16. ENVISION PLAN BUILD STABILISE DEPLOY • Large overlap of activities performed in the phase of stabilization • Preparing the physical infrastructure through GPO, distribution of necessary client agents, installing enrollment kiosks… • Operating and maintenance of the system
  17. 17. PKI decision contents PKI based on Windows Server 2008 R2 1 Offline Root CA 2x Enterprise Issuing CA CRL and AIA publish via AD DS and IIS 7.0 Certificate templates • Vraboten Standard • Vraboten Encryption • Student Standard Use of certificates • Authentication (Domain Logon, Application logon, Wi-Fi Access) • E-Mail signing • Disk and data encryption
  18. 18. FIM 2010 CLM decision contents • FIM CLM Application - NLB Cluster FIM 2010 CLM servers • MS SQL 2008 Failover Cluster Backend DB • FIM 2010 client component • Self Service user portal • Administration and configuration portal • FIM CM SQL API for interaction with other systems • Profile templates for students and employees • Smart Card Middleware and Enrolment • Smart card printing
  19. 19. Smart Cards • Gemalto Hybrid Smart Card .NET + EM4100 contactless chip • .NET framework on SmartCard • Easy integration in Microsoft environment • Microsoft Base Smartcard CSP support • CMS Microsoft CMS/FIM 2010 preferred • .NET SDK integration with Microsoft Visual Studio
  20. 20. Gemalto .NET implementation on WSCF Microsoft Crypto Next Generation Architecture Gemalto .NET Crypto architecture Microsoft Smart Card Enabled Applications Microsoft Smart Card Enabled Applications Microsoft Base Smart Card CSP Microsoft Base Smart Card CSP Smart Card Vendor Mini Driver .NET Minidriver DLL MS Smart Card Resource Manager MS Smart Card Resource Manager PC/SC PC/SC Add-on on MS Base CSP witch redirects requests to Gemalto .NET card module
  21. 21. Experiences • Complex system of permissions and role separation • Profile Templates and Certificate Templates – crucial in the further exploitation period • Investments in compatible components • Condition of existing infrastructure • Concomitant use of x86 and 64bit clients • Client works through IE 6.0 +
  22. 22. Recommendations • The complexity of the system requires thorough planning • Using virtual environment • Document every step in the development and implementation of the system • Test the entire system after each change • Use separate user accounts for each user role even if the same person is in question • In system with more than 10,000 users there are no "minor" changes
  23. 23. Q&A ???
  24. 24. Thanks for the attention
  1. Gostou de algum slide específico?

    Recortar slides é uma maneira fácil de colecionar informações para acessar mais tarde.

×