Your SlideShare is downloading. ×

Private cloud forefront identity manager 2010 (adam bresson)

1,214

Published on

Forefront Identity Manager 2010

Forefront Identity Manager 2010

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,214
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
37
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. JOURNEY TO THECLOUDFIM 2010 Used for Management ofAD the core of your Identity in thePrivate Cloud
  • 2. Cloud Security Concerns • Security is the number 1 concern for cloud adoption • 75% responded 4 or 5 (on 1 to 5 scale) * • Key security issues: • Isolation of tenants from each other & hosting infrastructure • Compute and network layers • Authentication / Authorization / Auditing of access to cloud services • Unauthorized access / DoS due to weak (or mis)configuration * Source: IDC Enterprise Panel
  • 3. Three Pillars Authentication Authorization Attributes Identity Management Platform
  • 4. To The Cloud!
  • 5. Typical Cloud ID Journey Authentication Authorization Attributes Federated Islands of Silos Identity (Islands of Identity)
  • 6. A Better Journey Authentication Authorization Attributes Federated Islands of Silos Identity Identity Management Platform (Islands of Identity)
  • 7. What is Forefront Identity Manager Self-Service integration Windows Log On FIM Portal Manages Active Directory LOB - secure delegation Applications of administration AD FS login across clouds - enable access to private cloud Databases Integrated login to applications Directories Secure the Private Cloud
  • 8. Common Identity across clouds Private CloudHR System FirstName Terry LastName Adams Title Sales Manager FirstName Terry Exchange Dept Sales LastName Adams SharePoint Mgr: Melissa Meyers Title Sales Manager Web EmplID 123 Dept Sales Sites Line of Group membership and user Mgr: Melissa Meyers Business attributes generated Apps File / Print LoginID Tadams Integrated Workflow Phone 555-1212 and federated Email Tadams@litware.com common FIM 2010 identity Public Cloud Groups Melissa’s Directs All in Sales PaaS Phone Sales App Owners SaaS Firstname Terry LastName Adams AD Windows Azure Office 36 Phone 555-1234 Email LoginID Tadams Email tadams@litware.com
  • 9. Private Cloud Enabled IdentityAll Microsoft solutions for private cloud leverage a single identity store to authenticate userswith Microsoft® Active Directory® across physical and virtual systems. Active Directory System Center Virtual Forefront Identity Machine Manager Manager o Single identity store to authenticate users Forefront™ Security Solutions o Support across physical and Active Directory virtual systems Virtualization o Federated Identity Hardware Presentation Application Forefront Identity Manager Hyper-V™ Terminal Microsoft o Easy user provisioning Services App. Virt. o Identity synchronization o Simplified management of Network Access Protection cloud resources Server and Domain Isolation
  • 10. Solution Example – Enhancing Private Cloud with Identity • Hyper-V and SC Virtual Machine Manager uses roles • Roles can contain users or groups from AD • Delegation of datacenter management • Forefront Identity Manager securely manages membership in AD groups Private Cloud Roles in Leverage AD Manage AD Self Service Hyper-V and Groups in Groups in FIM secure andSystem Center roles compliant
  • 11. Solution Example- Enhancing Private Cloud with IdentityHyper-V Authorization Manager + Common identity in Private Cloud • Default role allows access to all operations • Additional roles with desired rights can be created • 33 different operations OOB grouped under • Hyper-V Service Operations • Hyper-V Networks Operations • Hyper-V Virtual Machine Operations
  • 12. Solution Example - Enhancing Private Cloud with IdentityVirtual Machine Manager + Common identity in Private Cloud• The Administrator profile • Complete administrative access to all the hosts, virtual machines, and library servers in VMM 2008• The Delegated Administrator profile • Grants administrative access to a defined set of host groups and library servers• The Self-Service User profile • Administrative access to a defined set of virtual machines through the Web-based Virtual Machine Manager Self-Service Portal• Additional delegation capabilities in Self service portal
  • 13. FIM (Helping) with The Cloud Oh, alright then Can I have Admin access to the cloud app? RequestApprove User
  • 14. EVERY JOURNEY NEEDS A HISTORY Authentication Authorization Attributes Audit Federated Islands of Silos Identity Identity Management Platform (Islands of Identity)
  • 15. TO THE CLOUD! • Using Hyper-V as an infrastructure for Private Cloud is great for server optimization but, without an IAM architecture in place, this is just moving around the administrative problems. • FIM provides a compliant and well managed AD. Compliance here is about automation of changing access permissions, making sure users have the right access, reporting. • Active Directory provides the common identity platform for classic datacenter hosted systems, to private cloud and also paves the way to enabling use of public cloud resources.
  • 16. QUESTIONS ?

×