Скачать презентацию Identity Management with Microsoft Identity Integration Server Скачать презентацию Identity Management with Microsoft Identity Integration Server

3e7ed6ee60de9d4826862d0f92c3da1b.ppt

  • Количество слайдов: 31

Identity Management with Microsoft Identity Integration Server Identity Management with Microsoft Identity Integration Server

How Integration Happens Flat Files And Sneaker-net • Authentication • Authorization • Identity Data How Integration Happens Flat Files And Sneaker-net • Authentication • Authorization • Identity Data Enterprise Directory • Authentication • Authorization • Identity Data l “Identity Chaos” Ø Ø Ø • Authentication • Authorization • Identity Data HR System Contractor System Lotus Notes Apps Infra Application COTS Application In-House Application Multiple repositories of identity information Multiple user IDs, multiple passwords Decentralized management, ad hoc data sharing

Opportunity For Improvement: • Authentication • Authorization • Identity Data Enterprise Directory • Authentication Opportunity For Improvement: • Authentication • Authorization • Identity Data Enterprise Directory • Authentication • Authorization • Identity Data Metadirectory • Authentication • Authorization • Identity Data • Authentication • Authorization • Identity Data l “Identity Integration” Ø Rock solid software to integrate identity HR System Contractor System Lotus Notes Apps Infra Application COTS Application In-House Application

What is Identity Integration? l Directory Synchronization l Password Management l Provisioning and Workflow What is Identity Integration? l Directory Synchronization l Password Management l Provisioning and Workflow NOS LDAP Identity Data Metadirectory Mainframe/ Unix SQL

Directory Synchronization l l l Active Directory Synchronizes multiple repositories “Agentless” connection to other Directory Synchronization l l l Active Directory Synchronizes multiple repositories “Agentless” connection to other systems Provides attribute-level control Manage global address lists (GAL) Exchange 5. 5 Automate group and DL management i. Planet Metadirectory Notes SQL Oracle

Password Management l l Initial password set Centralized password control via a Web app Password Management l l Initial password set Centralized password control via a Web app Self-service password reset Helpdesk password reset Metadirectory Active Directory Web app i. Planet l Decentralized password synchronization 3 rd party password sync products can easily integrate

Provisioning & Workflow l Simple Provisioning & De-provisioning Ø Ø Ø l Provision users Provisioning & Workflow l Simple Provisioning & De-provisioning Ø Ø Ø l Provision users as they appear in authoritative systems Set initial values for attributes (including password) Disable or delete accounts Complex Workflow Ø Ø Initiate workflow or provisioning system Integrate with Biz. Talk Planning to add support for SPML when finalized Integrate with 3 rd party provisioning systems Business Layers, Wave. Set, Access 360

What Is Microsoft Identity Integration Server? l Microsoft Identity Integration Server is… Ø Ø What Is Microsoft Identity Integration Server? l Microsoft Identity Integration Server is… Ø Ø Ø The next version of Microsoft’s Metadirectory A flexible synchronization and identity integration framework Software that ensures consistency of identity data across repositories Microsoft Identity Integration Server makes it radically easier to design, deploy and manage a metadirectory across an enterprise of any size

Metadirectory Concepts Microsoft Identity Integration Server MV CS CD MA l Connected Data Source Metadirectory Concepts Microsoft Identity Integration Server MV CS CD MA l Connected Data Source (CD) Ø l Management Agent (MA) Ø l Facilitates the communication between Microsoft Identity Integration Server and the CD Connector Space (CS) Ø l Any source and/or destination containing identity data Staging area for inbound or outbound synchronized attributes Metaverse (MV) Ø Ø Central (SQL) store of identity information Matching CS entries to a single MV entry is called “join”

Metadirectory Architecture Metadirectory Identity Repositories CS CS MV Network CS CS SQL Server 2000 Metadirectory Architecture Metadirectory Identity Repositories CS CS MV Network CS CS SQL Server 2000

New Metadirectory Features Capability MMS 2. 2 MIIS 2003 Proprietary SQL 2000 Proprietary VS. New Metadirectory Features Capability MMS 2. 2 MIIS 2003 Proprietary SQL 2000 Proprietary VS. NET languages Limited 1 M SQL Clustering 100 M P P- via ADAM Extensible APIs No WMI, SDK Easily move from test to production No Password Management No Support renames in connected systems No XML-based No Data lineage No Single User View (Polyarchy) No P P P Required Optional Standard datastore Microsoft Identity Integration Server extensions/Scripting Fault tolerance/failover Scalability LDAP access Consulting engagement

demo Installation demo Installation

demo User Interface demo User Interface

Metadirectory Connectors l l l l AD/Exchange 2000/Exchange 2003 ADAM Sun. One Directory (i. Metadirectory Connectors l l l l AD/Exchange 2000/Exchange 2003 ADAM Sun. One Directory (i. Planet) SQL Oracle DSML 2. 0 LDAP Directory Interchange Format (LDIF) Delimited Text Fixed-Width Text Attribute-Value Pair Text NT 4 Exchange 5. 5 Lotus Notes 4. 6 and 5. 0 Novell e. Directory 8. 62/8. 7 Other LDAP-based and RDBMS systems to follow

Management Agents Metadirectory HR System File Active Directory LDAP i. Planet Directory LDAP Management Agents Metadirectory HR System File Active Directory LDAP i. Planet Directory LDAP

demo Creating Management Agents demo Creating Management Agents

demo Running Management Agents demo Running Management Agents

Identity Aggregation • First. Name • Last. Name • Employee. ID HR System given. Identity Aggregation • First. Name • Last. Name • Employee. ID HR System given. Name Clark sn Kent title mail employee. ID 007 telephone • E-Mail Active Directory given. Name sn title mail employee. ID telephone Klarke Kent Superhero Clark@contoso. com 007 • Telephone i. Planet Directory given. Name sn title mail employee. ID telephone Klarek Cenntt 008 867 -5309 Metadirectory given. Name sn title mail employee. ID telephone Clark Kent Reporter Clark@contoso. com 007 867 -5309

demo Identity Aggregation demo Identity Aggregation

Provisioning/Workflow 1. Simple Provisioning/Deprovisioning l l l 2. Create accounts when new users appear Provisioning/Workflow 1. Simple Provisioning/Deprovisioning l l l 2. Create accounts when new users appear in authoritative systems Set initial values for attributes (including password) Disable or delete accounts in response to change in authoritative systems Complex Workflow l l Initiate workflow or provisioning system (ex: Biz. Talk Orchestration) for long-running or multi-part workflow Integrate with ISV Products

Provisioning Scenario Metadirectory HR System Active Directory i. Planet Directory File LDAP Provisioning Scenario Metadirectory HR System Active Directory i. Planet Directory File LDAP

De-Provisioning Scenario Metadirectory HR System Active Directory i. Planet Directory File LDAP De-Provisioning Scenario Metadirectory HR System Active Directory i. Planet Directory File LDAP

demo Simple Provisioning and De-Provisioning demo Simple Provisioning and De-Provisioning

Extending Capabilities l Modify the behavior of Microsoft Identity Integration Server Call methods on Extending Capabilities l Modify the behavior of Microsoft Identity Integration Server Call methods on the interface in response to changes in the system l Model defines a managed interface Configuration set in UI determines which methods are called l Write custom extensions in any programming language with a compiler for the CLR Visual Studio projects auto-generated for VB or C#

demo Extending Microsoft Identity Integration Server using Visual Studio. NET demo Extending Microsoft Identity Integration Server using Visual Studio. NET

Preview Mode l System is transparent in design Ø l Allows the testing of Preview Mode l System is transparent in design Ø l Allows the testing of Ø Ø Ø l Allows architect/developer to preview work in the metadirectory without committing any changes Configuration changes New rules New connected directories Can view all results through the UI

demo Preview Mode demo Preview Mode

Passwords 1. Initial password set l 2. Core functionality Centralized password control l Web-based, Passwords 1. Initial password set l 2. Core functionality Centralized password control l Web-based, extensible application for building self -serve or helpdesk support applications Web App AD MIIS 2003 i. Planet 3. Decentralized password synchronization l Integrate with ISV Products

Visualization l l Different hierarchies suit different needs Multiple hierarchical representations can be discovered Visualization l l Different hierarchies suit different needs Multiple hierarchical representations can be discovered from data Polyarchy eliminates the requirement for fixed hierarchy Polyarchy provides multiple hierarchical views and richer visualization of infrastructure information

Summary l Reduce administration cost GAL management DL/group management Helpdesk password reset l i. Summary l Reduce administration cost GAL management DL/group management Helpdesk password reset l i. Planet Exchange 5. 5 Improved productivity Metadirectory User self-service Faster access to systems l Increased security Active Directory Notes SQL Fast de-provisioning Oracle

© 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. © 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.