Скачать презентацию Enterprise Directory Implementation Roadmap Directions Provided Art Скачать презентацию Enterprise Directory Implementation Roadmap Directions Provided Art

3405a798a6a4f30b46485f2f8ab2c5bd.ppt

  • Количество слайдов: 23

Enterprise Directory Implementation Roadmap – Directions Provided Art Vandenberg Director, Advanced Campus Services Georgia Enterprise Directory Implementation Roadmap – Directions Provided Art Vandenberg Director, Advanced Campus Services Georgia State University avandenberg@gsu. edu “Copyright Art Vandenberg 2003. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author. ” 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 1

Roadmap – Introduction 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Roadmap – Introduction 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 2

Roadmap’s Layered Detail • Roadmap Intro & main sections (5 pp. ) – – Roadmap’s Layered Detail • Roadmap Intro & main sections (5 pp. ) – – Project Planning, Prep & Requirements Architecture Design, Policy Development Data Flow, Business Process Implementation & Deployment • Next level, outline of topics (24 pp. ) • Detail level articles, documents, links (~340 pp. ) • Dual tracks: Technical & Policy • Technology/architecture & policy/management activity work together • GOAL: directory-enable applications • Directories reflect (variety of) institutional goals and environments 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 3

Roadmap – Project Planning http: //www. nmi-edit. org/roadmap/plan-set. html • Develop business case, secure Roadmap – Project Planning http: //www. nmi-edit. org/roadmap/plan-set. html • Develop business case, secure support (educate, assemble drivers, business case) • Develop project plan • Decide on implementation strategy, timing, and organizational approach • Develop communications and PR plan • Discuss with stakeholders when appropriate • Develop project specifics • Assemble resources (funding, structure, communication plan) • Articles, documents, templates, links – READY TO USE! 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 4

Roadmap – Architecture & Policy http: //www. nmi-edit. org/roadmap/design-set. html • Campus identifier strategy Roadmap – Architecture & Policy http: //www. nmi-edit. org/roadmap/design-set. html • Campus identifier strategy – Guidelines, templates, examples – Do you know where your identifiers are? • Directory Services Architecture – Models, recipe, schemas for higher education • Education and communication • Policy and process development 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 5

Identifiers, Authentication & Directories • Directory components (1, 000 words) 6 Nov 2003 A. Identifiers, Authentication & Directories • Directory components (1, 000 words) 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 6

Directories & Details! • Best Practice Design for LDAP Directory • Schema – – Directories & Details! • Best Practice Design for LDAP Directory • Schema – – – Flat as possible - minimizes update overhead UID unique across tree Create “campus person” (Campus. Edu. Person) Use dc naming: dc=yourschool, dc=edu. . . and more • Naming – Choose distinguished. Name (DN) carefully – UID rather than common. Name (Jim Smit, Jim Smit? ) • You have a rich Roadmap to guide you 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 7

LDAP Recipe • Recommendations to lead to common directory schema and deployments • Started LDAP Recipe • Recommendations to lead to common directory schema and deployments • Started 2000, living doc, now 30 pp. • Good source of information – USE THIS! • Directory Information Tree (DIT) – Dc naming (leverage Domain Name System) – Ou=people, dc=yourschool, dc=edu – uid=avandenberg, ou=people, dc=gsu, dc=edu 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 8

Non-flat, non unique uid, no dc-naming o=Georgia State University ou=Information Systems ou=ACS ou=UCCS cn=Art Non-flat, non unique uid, no dc-naming o=Georgia State University ou=Information Systems ou=ACS ou=UCCS cn=Art Vann cn=Mae Jones cn=Jan Smit cn=Sue West Cn=Jan Smit, ou=ACS, ou=Information Systems, o=Georgia State University 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 9

Flat, unique uid, dc-naming dc=edu dc=gsu ou=people ou=unit uid=avann ou=acs uid=jsmit ou=uccs uid=jsmit 2, Flat, unique uid, dc-naming dc=edu dc=gsu ou=people ou=unit uid=avann ou=acs uid=jsmit ou=uccs uid=jsmit 2, ou=people, dc=gsu, dc=edu 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 10

edu. Person object Class • LDIF (LDAP Data Interchange Format). . . dn: cn=schema edu. Person object Class • LDIF (LDAP Data Interchange Format). . . dn: cn=schema changetype: modify. . . add: attributetypes: ( 1. 3. 6. 1. 4. 1. 5923. 1. 1 NAME 'edu. Person. Affiliation' DESC 'edu. Person per Internet 2 and EDUCAUSE' EQUALITY case. Ignore. Match SYNTAX '1. 3. 6. 1. 4. 1. 1466. 115. 121. 1. 15' ). . . add: objectclasses: ( 1. 3. 6. 1. 4. 1. 5923. 1. 1. 2 NAME 'edu. Person' AUXILIARY MAY ( edu. Person. Affiliation $ edu. Person. Nickname $ edu. Person. Org. DN $ edu. Person. Org. Unit. DN $ edu. Person. Primary. Affiliation $ edu. Person. Principal. Name $ edu. Person. Entitlement $ edu. Person. Primary. Org. Unit. DN $ )) 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 11

Directory Architectures -cont’d 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Directory Architectures -cont’d 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 12

Working with Stakeholders • Who are the stakeholders? – Technical, functional, management, users. . Working with Stakeholders • Who are the stakeholders? – Technical, functional, management, users. . . – What are key application drivers? Get that buy-in! • Ad hoc or formal committees? • Stewardship (preferred) vs. ownership – Data administration – how’s it done? • Identifying policy gaps is important • Establish same enterprise focus as for ERP systems 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 13

Roadmap – Data Flow & Business Process http: //www. nmi-edit. org/roadmap/data-set. html • Integrated Roadmap – Data Flow & Business Process http: //www. nmi-edit. org/roadmap/data-set. html • Integrated provisioning architecture: – data sources/providers – data flow & meta-processes – Application targets/consumer • Chicken & egg: business flow & technical – You have to solve it together (functional & technical) • Keeping that in mind… let’s look at overall concept 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 14

Directory Business Flow consolidation, intelligence, provisioning 6 Nov 2003 A. Vandenberg © Teach A Directory Business Flow consolidation, intelligence, provisioning 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 15

Select Meta-Directory Model • • • Enterprise directory / metadirectory Physical or virtual “person Select Meta-Directory Model • • • Enterprise directory / metadirectory Physical or virtual “person registry” Data load requirements Provisioning model for consumer apps ETL (extract, transform, load) tools Integration/synchronization services 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 16

UMBC Meta-Directory • • Source systems: HR and SIS with data in Oracle RDBMS UMBC Meta-Directory • • Source systems: HR and SIS with data in Oracle RDBMS Database triggers create change logs Updates applied to i. Planet LDAP Perl scripts query i. Planet change logs – update Active Directory – Update Remedy trouble ticket • Perl scripts = intelligence • i. Planet directory = registry 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 17

BC Meta-Directory • • Source is the registry (corporate DB, VSAM files) Single entry BC Meta-Directory • • Source is the registry (corporate DB, VSAM files) Single entry point/identifier create (even Peoplesoft) Identity reconciliation moot Student & HR “activate” user, marking for feed Fed to i. Planet, email, voicemail, Radius, etc. Transactions real-time or batch (ftp & update scripts) Initial user entry/activation/script triggers = intelligence 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 18

Business Process Design/Impact • Policies & procedures of existing systems of record – Human Business Process Design/Impact • Policies & procedures of existing systems of record – Human Resources, Student, Financial, Alumni, ancilliary… • • • Can you leverage an existing initiative? What are directory update or service targets? Directory use policy (users & applications) Is there a Data Stewardship Policy? Do users know how their data is used? New identifier issues (new identifiers, new issues both) 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 19

Roadmap – Enterprise Directory & Applications Implementation http: //www. nmi-edit. org/roadmap/app-set. html • Requirements Roadmap – Enterprise Directory & Applications Implementation http: //www. nmi-edit. org/roadmap/app-set. html • Requirements & Analysis complete. . . – Business processes, data flows complete – Meta directory architecture complete • Design – system & network, schema (edu. Person), metadirectory flow • Implement – LDAP server, edu. Person data load, access controls, applications • Deploy – testing, verification, transition & release to ops 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 20

The Communication Plan • Who knows what and when? • Content and context for The Communication Plan • Who knows what and when? • Content and context for the plan • Words to live by: – No surprises! Manage expectations. “Under promise, overdeliver. ” • Phased approach with multiple communication modes • Optimal result: – Deliver what they want, which just happens to be what you are offering. . . 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 21

Repeat as needed… 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Repeat as needed… 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 22

Contact Enterprise Directory Implementation Roadmap http: //www. nmi-edit. org/roadmap/directories. html Art Vandenberg avandenberg@gsu. edu Contact Enterprise Directory Implementation Roadmap http: //www. nmi-edit. org/roadmap/directories. html Art Vandenberg avandenberg@gsu. edu Thank you 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 23