Identity Management “Who do you think they are?”

1,479 views

Published on

A case study and workshop on 4 years development at Blackpool & The Fylde College

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,479
On SlideShare
0
From Embeds
0
Number of Embeds
29
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Simon says “Hello” and then we’re on to the introductions...
  • Who are we? Ken introduces SimonNetwork ManagerOver 22 years @ the collegeKey to creation of CNS – central IT provisionAlong with Christian, recognised the value of Business Integration Simon introduces: John Ken Facilitators – Chrissie Turkington and Keith Wilson from JISC RSC Northwest
  • Briefly discuss the overview of the day Ask questions throughout Why are we doing this workshop? Inform Encourage Let the wider community know we have seen real results for the organisation
  • What is Identity Management?
  • Legacy solution based upon specific identified needs ( KEN: Define business process each time )
  • Defining the authoritative source of user identities ( KEC: Defining Business Process only once ) ( KEC: Authoratative ) Why did we go for identities? High Return on Investment (ROI) A return on Investment in Time ( KEN: Cuts duplication of effort ) ( KEN: Cut in repetition reduces errors ) Always based upon a single source that is:Authoratative Compliant Auditable Data source meets Shibboleth and JANET Acceptable Use Policies ( KEC: Shibboleth replaced Athens, a manual process ) Vault is an authoritative copy providing for the consolidation and integration of many services Where to start? Look for something with tangible requirements / benefits
  • Why Novell?(KEC: Designer: Graphically model your design and implementationJava programming not a pre-requirement.Schema both endsXML document flows through Policies and rules that implement Business Rules
  • Two phases Phase 1 – Staff Phase 2 – Students, Courses, Enrolments Phase 1 Human Resources – Northgate Resources Link – Oracle Database Active Directory Siemens PABX Telephone System – Modified Access Database E-Mail - Novell GroupWise Why start here? HR moving from old HR Globe system to new Northgate ResourceLink HR went through data cleans exercise ( KEC: We did too – WorkforceID in user objects ) No automatic account creation mechanism for staff ( KEC: Inconsistent account requests ) Smaller number of staff users vs. students Future vision – reuse of Identities Remove duplication of effort Authoritative source for data (KEC: KnownAs) Controlled – Process – starters/leavers – 0 day Remove old orphaned accounts Active Directory – MS Apps Technical: Oracle database Required an interface to expose data Enlisted Northgate to create a new interface to our specifications Maintenance requirement Novell IDM Event driven ( XML ) Business process Driver Rules The VAULT Siemens PABX systemAcess DB Authoritative for Telephone numbers ( New starters )
  • Phase 2: Student Record System - Tribal EBS Virtual Learning Environment - Moodle Authentication Directory – AUTH Tree Federated Access System – Shibboleth Capture and maintain authoritative data about Students, courses, schools and enrolments. Why continue here? Remainder of the users Remove legacy system NARS User IDs already in VAULT ( match up ) Present and use course and enrolment data Push enrolment data into Moodle Shibboleth (Athens) Access Manager – SSO AUTH Tree – security Technical description Oracle database – big Intermediate tableClarus – In house advantageMoodle – MySQL 0 day student start Unable to perform 0 day finish – time event instead Self Service – via “Student Directory”
  • Identity Management “Who do you think they are?”

    1. 1. BLACKPOOL AND THE FYLDE COLLEGE<br />An Associate College of Lancaster University<br />Identity Management<br />“Who do you think they are?”<br />A case study and workshop on 4 years development at <br />Blackpool & The Fylde College<br />
    2. 2. BLACKPOOL AND THE FYLDE COLLEGE<br />An Associate College of Lancaster University<br />Organisation Chart<br />Technicians * 8(Front-of-House)<br />Engineers * 8(Back-of-House)<br />Mac Support * 3<br />IT Support Supervisor<br />Simon Bailey<br />(Network Manager)<br />Christine McAllister<br />(Head of Learning & IT)<br />
    3. 3. Overview of the day<br />BLACKPOOL AND THE FYLDE COLLEGE<br />An Associate College of Lancaster University<br />10:15 Session 1: “Identities, a good place to start?”<br />11:00 Tea & Coffee<br />11:15 Session 2: Salford Software discuss different IDM Technologies and IDM within other institutions<br />11:45A pre-lunch introduction to Session 3<br />12:00 Lunch<br />13:00 Session 3: IDM technologies within YOUR organization<br />13:30 Session 4: “Impediments to Identity Wonderland” - Obstacles & Challenges<br />14:15 Session 5: “Into the Cloud” – Managing identities in the cloud <br />15:00 Tea & Coffee, plus feedback, questions and futures….<br />
    4. 4. FAIL!<br />300 orphaned staff accounts <br />Non-fee paying students<br />Archive - storage costs and meaningless backups <br />Can you guarantee that people logging on to your systems are legitimate at all times?<br />BLACKPOOL AND THE FYLDE COLLEGE<br />An Associate College of Lancaster University<br />
    5. 5. What is Identity Management?<br />What is Identity Management?<br />
    6. 6. Before: One-To-One<br />BLACKPOOL AND THE FYLDE COLLEGE<br />An Associate College of Lancaster University<br />Business<br />Application<br />1<br />Business<br />Application<br />2<br />Business<br />Application<br />3<br />DATABASE<br />DATABASE<br />DATABASE<br />Students<br />Students<br />Students<br />Staff<br />Staff<br />Staff<br />Batch Process<br />Batch Process<br />Legacy Account Creation Application<br />(in-house)<br />
    7. 7. After: One-To-Many<br />BLACKPOOL AND THE FYLDE COLLEGE<br />An Associate College of Lancaster University<br />System<br />1<br />System<br />2<br />System<br />3<br />DATABASE<br />DATABASE<br />DATABASE<br />Information Interchange<br />Information Interchange<br />Users<br />Students<br />Staff<br />
    8. 8. BLACKPOOL AND THE FYLDE COLLEGE<br />An Associate College of Lancaster University<br />Designerfor Novell Identity Management<br />
    9. 9. BLACKPOOL AND THE FYLDE COLLEGE<br />An Associate College of Lancaster University<br />
    10. 10. Phase 1 - Staff<br />BLACKPOOL AND THE FYLDE COLLEGE<br />An Associate College of Lancaster University<br />Staff<br />Directory<br />(Browser View)<br />Active Directory<br />HR Database<br />(Northgate RL)<br />DB<br />DB<br />PROC.<br />‘Production’ Directory Services<br />(eDir)<br />Authentication Directory<br />Identity <br />Vault<br />DB<br />DB<br />DB<br />Email Provisioning<br />(GroupWise)<br />Telecom PABX<br />(Siemens Database)<br />Shibboleth<br />DB<br />DB<br />PROC<br />
    11. 11. Phase 2 - Students<br />BLACKPOOL AND THE FYLDE COLLEGE<br />An Associate College of Lancaster University<br />Student<br />Directory<br />Student Record System<br />(Tribal EBS)<br />VLE<br />(Moodle)<br />DB<br />DB<br />PROC<br />Authentication Directory<br />Identity <br />Vault<br />AccessManager<br />‘Production’ Directory Services<br />(eDir)<br />DB<br />DB<br />DB<br />PROC<br />Email Provisioning<br />(GroupWise)<br />Shibboleth<br />DB<br />PROC<br />
    12. 12. In Conclusion<br />Senior Management Buy-in<br />Did we get it?<br />Do you need it?<br />Confidence gained in Phase 1<br />Allowed progression in Phase 2<br />Start small<br />Find High Return on Investment (ROI)<br />In Conclusion<br />BLACKPOOL AND THE FYLDE COLLEGE<br />An Associate College of Lancaster University<br />BLACKPOOL AND THE FYLDE COLLEGE<br />An Associate College of Lancaster University<br />
    13. 13. In Conclusion<br />Consultants<br />Value?<br />Pitfalls<br />Project Management<br />Stakeholder Buy-in<br />In Conclusion<br />

    ×