SlideShare une entreprise Scribd logo

Forefront Identity Manager

M
MASIT MACEDONIA

Presentation held by Mr.Goce Bogatinov and Mr. Jordan Tikvesanski as a part of the - Cooperation between academia and ICT businesses Session at the 8th SEEITA and 7th MASIT Open Days Conference, 14th-15th October, 2010

1  sur  24
Télécharger pour lire hors ligne
Forefront Identity Manager 2010 implementation in “Goce Delcev” University – Stip Goce Bogatinov, Chief IT Administrator University „Goce Delcev“ - Stip goce.bogatinov@ugd.edu.mk Jordan Tikvesanski, IT System Administrator University „Goce Delcev“ - Stip jordan.tikvesanski@ugd.edu.mk
Forefront Identity Manager 2010 implementation in “Goce Delcev” University – Stip Partners
Contents • Presentation of the University "Goce Delchev" – Stip and its informational system • The role and method of involvement of Microsoft Consulting Services in the performance of the decision • Intec Systems and Gemalto part in the performance of the decision • Experiences and recommendations
General information • Established in 2007 • Elected rector Prof. Dr. Sasa Mitrev • More than 13.000 students and 500 employees at the moment • 1.200 PC’s and up to 50 servers • 10 Campuses located in different cities • 10 Campuses in Stip
Infrastructure Internet links with VPN tunnels to Stip
Infrastructure in Stip Optical links Optical links in construction Wireless links
User profiles • Students • undergraduate • Master studies • PhD studies • Employees • Administration • Teachers (associates, visiting…) • Student Services • Other personnel • IT Staff • Administrators • Technical staff • Help desk
Student services • Mail • Microsoft Live@EDU • Learning gateway • Moodle • Student files • Microsoft Dynamics CRM • Video conferencing • Polycom • Wireless internet access • Cisco, Microsoft NAP
Employee services • Mail • Microsoft Exchange 2010 • Telephony • Cisco UCM, Cisco IP Phones • Microsoft Exchange 2010 UM • IM, A/V Conferencing, Desktop sharing • Microsoft Office Communicator • Document management • Xerox Docushare • Wireless internet access • Cisco, Microsoft NAP
Challenges • Unique user name and password for all • Time and attendance tracking system • Two-factor authentication • Student/employee ID card
Implementation stages • Specifying and clarifying what is necessary for project implementation ENVISION • Establishing the foundation of the team and core of the project cycle • Collecting as much information as possible PLAN • Development of conceptual solutions in specific design and plan • Making the decision in a test environment and its documentation BUILD • Testing of all aspects of the decision • Improving the quality of the solution to meet the criteria for his release in production STABILIZE • Verification of functionality and usability of the solution of business and user perspective • Setting up in production environment DEPLOY • Transition of the system into operational functioning
ENVISION PLAN BUILD STABILISE DEPLOY Administration and Demands IT Infrastructure maintenance • High level of • Various vendor based • Small team and automation, easy for technology helpdesk, no user use, high level of • Windows Server 2008 defined roles, large availability • AD DS number of critical • MS SQL 2008 systems, large number of helpdesk • MS Exchange 2010 demands. • MS SCCM 2007 • AD Certificate Services • Vmware virtualization technology
ENVISION PLAN BUILD STABILISE DEPLOY • 40% of the time spent on this stage • Functional specs (What are we going to build?) • Conceptual design (How will we build it?) • Timeline of activities (When will we build it?) • Are we ready to build?
ENVISION PLAN BUILD STABILISE DEPLOY • Building the system in test environment • Implementation of the planned functionalities • Testing • Testing • Testing
ENVISION PLAN BUILD STABILISE DEPLOY • The process of bringing the solution to an acceptable level of quality and functionality performed by testing and correction system • Implementation of the solution in production environment • Testing of all aspects of the decision of an isolated group of users – Pilot users
ENVISION PLAN BUILD STABILISE DEPLOY • Large overlap of activities performed in the phase of stabilization • Preparing the physical infrastructure through GPO, distribution of necessary client agents, installing enrollment kiosks… • Operating and maintenance of the system
PKI decision contents PKI based on Windows Server 2008 R2 1 Offline Root CA 2x Enterprise Issuing CA CRL and AIA publish via AD DS and IIS 7.0 Certificate templates • Vraboten Standard • Vraboten Encryption • Student Standard Use of certificates • Authentication (Domain Logon, Application logon, Wi-Fi Access) • E-Mail signing • Disk and data encryption
FIM 2010 CLM decision contents • FIM CLM Application - NLB Cluster FIM 2010 CLM servers • MS SQL 2008 Failover Cluster Backend DB • FIM 2010 client component • Self Service user portal • Administration and configuration portal • FIM CM SQL API for interaction with other systems • Profile templates for students and employees • Smart Card Middleware and Enrolment • Smart card printing
Smart Cards • Gemalto Hybrid Smart Card .NET + EM4100 contactless chip • .NET framework on SmartCard • Easy integration in Microsoft environment • Microsoft Base Smartcard CSP support • CMS Microsoft CMS/FIM 2010 preferred • .NET SDK integration with Microsoft Visual Studio
Gemalto .NET implementation on WSCF Microsoft Crypto Next Generation Architecture Gemalto .NET Crypto architecture Microsoft Smart Card Enabled Applications Microsoft Smart Card Enabled Applications Microsoft Base Smart Card CSP Microsoft Base Smart Card CSP Smart Card Vendor Mini Driver .NET Minidriver DLL MS Smart Card Resource Manager MS Smart Card Resource Manager PC/SC PC/SC Add-on on MS Base CSP witch redirects requests to Gemalto .NET card module
Experiences • Complex system of permissions and role separation • Profile Templates and Certificate Templates – crucial in the further exploitation period • Investments in compatible components • Condition of existing infrastructure • Concomitant use of x86 and 64bit clients • Client works through IE 6.0 +
Recommendations • The complexity of the system requires thorough planning • Using virtual environment • Document every step in the development and implementation of the system • Test the entire system after each change • Use separate user accounts for each user role even if the same person is in question • In system with more than 10,000 users there are no "minor" changes
Q&A ???
Thanks for the attention

Recommandé

Comparing forefront identity manager vs. other identity managers
Comparing forefront identity manager vs. other identity managersComparing forefront identity manager vs. other identity managers
Comparing forefront identity manager vs. other identity managersInfraMatix Inc.
 
Evolveum: About the company and its product - midPoint
Evolveum: About the company and its product - midPointEvolveum: About the company and its product - midPoint
Evolveum: About the company and its product - midPointEvolveum
 
Identity as a Managed Cloud Service
Identity as a Managed Cloud ServiceIdentity as a Managed Cloud Service
Identity as a Managed Cloud ServiceForgeRock
 
Case Study: University of California, Berkeley and San Francisco
Case Study: University of California, Berkeley and San FranciscoCase Study: University of California, Berkeley and San Francisco
Case Study: University of California, Berkeley and San FranciscoForgeRock
 
Identity Management Over the Horizon: What’s New and What’s Next
Identity Management Over the Horizon: What’s New and What’s NextIdentity Management Over the Horizon: What’s New and What’s Next
Identity Management Over the Horizon: What’s New and What’s NextENow Software
 
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014Kelly Grizzle
 
OIM Sizing Guide 11gR2PS1
OIM Sizing Guide 11gR2PS1OIM Sizing Guide 11gR2PS1
OIM Sizing Guide 11gR2PS1Atul Goyal
 
Self Service Access Control - Help Yourself to More Productivity
Self Service Access Control - Help Yourself to More ProductivitySelf Service Access Control - Help Yourself to More Productivity
Self Service Access Control - Help Yourself to More ProductivityAtul Goyal
 

Recommandé

Comparing forefront identity manager vs. other identity managers
Comparing forefront identity manager vs. other identity managersComparing forefront identity manager vs. other identity managers
Comparing forefront identity manager vs. other identity managersInfraMatix Inc.
 
Evolveum: About the company and its product - midPoint
Evolveum: About the company and its product - midPointEvolveum: About the company and its product - midPoint
Evolveum: About the company and its product - midPointEvolveum
 
Identity as a Managed Cloud Service
Identity as a Managed Cloud ServiceIdentity as a Managed Cloud Service
Identity as a Managed Cloud ServiceForgeRock
 
Case Study: University of California, Berkeley and San Francisco
Case Study: University of California, Berkeley and San FranciscoCase Study: University of California, Berkeley and San Francisco
Case Study: University of California, Berkeley and San FranciscoForgeRock
 
Identity Management Over the Horizon: What’s New and What’s Next
Identity Management Over the Horizon: What’s New and What’s NextIdentity Management Over the Horizon: What’s New and What’s Next
Identity Management Over the Horizon: What’s New and What’s NextENow Software
 
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014Kelly Grizzle
 
OIM Sizing Guide 11gR2PS1
OIM Sizing Guide 11gR2PS1OIM Sizing Guide 11gR2PS1
OIM Sizing Guide 11gR2PS1Atul Goyal
 
Self Service Access Control - Help Yourself to More Productivity
Self Service Access Control - Help Yourself to More ProductivitySelf Service Access Control - Help Yourself to More Productivity
Self Service Access Control - Help Yourself to More ProductivityAtul Goyal
 
Evolveum: IdM Market Overview
Evolveum: IdM Market OverviewEvolveum: IdM Market Overview
Evolveum: IdM Market OverviewEvolveum
 
CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patter...
CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patter...CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patter...
CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patter...CloudIDSummit
 
Master IAM in the Cloud with SCIM v2.0
Master IAM in the Cloud with SCIM v2.0Master IAM in the Cloud with SCIM v2.0
Master IAM in the Cloud with SCIM v2.0Kelly Grizzle
 
WSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2Con USA 2017: Introduction to Security: End-to-End Identity ManagementWSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2Con USA 2017: Introduction to Security: End-to-End Identity ManagementWSO2
 
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity ServerWSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity ServerWSO2
 
Hayat resume 1
Hayat resume 1Hayat resume 1
Hayat resume 1Hayat Azizi
 
OpenIDM - An Introduction
OpenIDM - An IntroductionOpenIDM - An Introduction
OpenIDM - An IntroductionForgeRock
 
Hitachi ID Password Manager Security Analysis
Hitachi ID Password Manager Security AnalysisHitachi ID Password Manager Security Analysis
Hitachi ID Password Manager Security AnalysisHitachi ID Systems, Inc.
 
BizTalk Server Administration,Operations and Monitoring using BizTalk360
BizTalk Server Administration,Operations and Monitoring using BizTalk360 BizTalk Server Administration,Operations and Monitoring using BizTalk360
BizTalk Server Administration,Operations and Monitoring using BizTalk360 BizTalk360
 
OPENIDM: DID YOU JUST SAAS ME?
OPENIDM: DID YOU JUST SAAS ME?OPENIDM: DID YOU JUST SAAS ME?
OPENIDM: DID YOU JUST SAAS ME?ForgeRock
 
Standardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIMStandardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIMHasiniG
 
Enterprise Security Requirements
Enterprise Security RequirementsEnterprise Security Requirements
Enterprise Security RequirementsWSO2
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Systems, Inc.
 
Monitoring and Management of BizTalk Server - using BizTalk360
Monitoring and Management of BizTalk Server - using BizTalk360Monitoring and Management of BizTalk Server - using BizTalk360
Monitoring and Management of BizTalk Server - using BizTalk360BizTalk360
 
SCIM in the Real World: Adoption is Growing
SCIM in the Real World: Adoption is GrowingSCIM in the Real World: Adoption is Growing
SCIM in the Real World: Adoption is GrowingKelly Grizzle
 
OIM Connector for Webservices
OIM Connector for WebservicesOIM Connector for Webservices
OIM Connector for WebservicesAtul Goyal
 
What is BizTalk360
What is BizTalk360What is BizTalk360
What is BizTalk360BizTalk360
 
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...WSO2
 
Webinar: OpenIDM 3.1
Webinar: OpenIDM 3.1Webinar: OpenIDM 3.1
Webinar: OpenIDM 3.1ForgeRock
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access ManagementDLT Solutions
 
e-Suap Inista 2014 (International Symposium on INnovation in Intelligent SysT...
e-Suap Inista 2014 (International Symposium on INnovation in Intelligent SysT...e-Suap Inista 2014 (International Symposium on INnovation in Intelligent SysT...
e-Suap Inista 2014 (International Symposium on INnovation in Intelligent SysT...Sabino Labarile
 
E suap - INISTA 2014
E suap - INISTA 2014E suap - INISTA 2014
E suap - INISTA 2014Apulian ICT Living Labs
 

Contenu connexe

Tendances

Evolveum: IdM Market Overview
Evolveum: IdM Market OverviewEvolveum: IdM Market Overview
Evolveum: IdM Market OverviewEvolveum
 
CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patter...
CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patter...CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patter...
CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patter...CloudIDSummit
 
Master IAM in the Cloud with SCIM v2.0
Master IAM in the Cloud with SCIM v2.0Master IAM in the Cloud with SCIM v2.0
Master IAM in the Cloud with SCIM v2.0Kelly Grizzle
 
WSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2Con USA 2017: Introduction to Security: End-to-End Identity ManagementWSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2Con USA 2017: Introduction to Security: End-to-End Identity ManagementWSO2
 
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity ServerWSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity ServerWSO2
 
OpenIDM - An Introduction
OpenIDM - An IntroductionOpenIDM - An Introduction
OpenIDM - An IntroductionForgeRock
 
Hitachi ID Password Manager Security Analysis
Hitachi ID Password Manager Security AnalysisHitachi ID Password Manager Security Analysis
Hitachi ID Password Manager Security AnalysisHitachi ID Systems, Inc.
 
BizTalk Server Administration,Operations and Monitoring using BizTalk360
BizTalk Server Administration,Operations and Monitoring using BizTalk360 BizTalk Server Administration,Operations and Monitoring using BizTalk360
BizTalk Server Administration,Operations and Monitoring using BizTalk360 BizTalk360
 
OPENIDM: DID YOU JUST SAAS ME?
OPENIDM: DID YOU JUST SAAS ME?OPENIDM: DID YOU JUST SAAS ME?
OPENIDM: DID YOU JUST SAAS ME?ForgeRock
 
Standardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIMStandardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIMHasiniG
 
Enterprise Security Requirements
Enterprise Security RequirementsEnterprise Security Requirements
Enterprise Security RequirementsWSO2
 
Monitoring and Management of BizTalk Server - using BizTalk360
Monitoring and Management of BizTalk Server - using BizTalk360Monitoring and Management of BizTalk Server - using BizTalk360
Monitoring and Management of BizTalk Server - using BizTalk360BizTalk360
 
SCIM in the Real World: Adoption is Growing
SCIM in the Real World: Adoption is GrowingSCIM in the Real World: Adoption is Growing
SCIM in the Real World: Adoption is GrowingKelly Grizzle
 
OIM Connector for Webservices
OIM Connector for WebservicesOIM Connector for Webservices
OIM Connector for WebservicesAtul Goyal
 
What is BizTalk360
What is BizTalk360What is BizTalk360
What is BizTalk360BizTalk360
 
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...WSO2
 
Webinar: OpenIDM 3.1
Webinar: OpenIDM 3.1Webinar: OpenIDM 3.1
Webinar: OpenIDM 3.1ForgeRock
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access ManagementDLT Solutions
 

Tendances (20)

Evolveum: IdM Market Overview
Evolveum: IdM Market OverviewEvolveum: IdM Market Overview
Evolveum: IdM Market Overview
 
CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patter...
CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patter...CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patter...
CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patter...
 
Master IAM in the Cloud with SCIM v2.0
Master IAM in the Cloud with SCIM v2.0Master IAM in the Cloud with SCIM v2.0
Master IAM in the Cloud with SCIM v2.0
 
WSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2Con USA 2017: Introduction to Security: End-to-End Identity ManagementWSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
WSO2Con USA 2017: Introduction to Security: End-to-End Identity Management
 
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity ServerWSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
WSO2Con USA 2017: Enhancing Customer Experience with WSO2 Identity Server
 
Hayat resume 1
Hayat resume 1Hayat resume 1
Hayat resume 1
 
OpenIDM - An Introduction
OpenIDM - An IntroductionOpenIDM - An Introduction
OpenIDM - An Introduction
 
Hitachi ID Password Manager Security Analysis
Hitachi ID Password Manager Security AnalysisHitachi ID Password Manager Security Analysis
Hitachi ID Password Manager Security Analysis
 
BizTalk Server Administration,Operations and Monitoring using BizTalk360
BizTalk Server Administration,Operations and Monitoring using BizTalk360 BizTalk Server Administration,Operations and Monitoring using BizTalk360
BizTalk Server Administration,Operations and Monitoring using BizTalk360
 
OPENIDM: DID YOU JUST SAAS ME?
OPENIDM: DID YOU JUST SAAS ME?OPENIDM: DID YOU JUST SAAS ME?
OPENIDM: DID YOU JUST SAAS ME?
 
Standardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIMStandardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIM
 
Enterprise Security Requirements
Enterprise Security RequirementsEnterprise Security Requirements
Enterprise Security Requirements
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity Manager
 
Monitoring and Management of BizTalk Server - using BizTalk360
Monitoring and Management of BizTalk Server - using BizTalk360Monitoring and Management of BizTalk Server - using BizTalk360
Monitoring and Management of BizTalk Server - using BizTalk360
 
SCIM in the Real World: Adoption is Growing
SCIM in the Real World: Adoption is GrowingSCIM in the Real World: Adoption is Growing
SCIM in the Real World: Adoption is Growing
 
OIM Connector for Webservices
OIM Connector for WebservicesOIM Connector for Webservices
OIM Connector for Webservices
 
What is BizTalk360
What is BizTalk360What is BizTalk360
What is BizTalk360
 
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
 
Webinar: OpenIDM 3.1
Webinar: OpenIDM 3.1Webinar: OpenIDM 3.1
Webinar: OpenIDM 3.1
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access Management
 

Similaire à Forefront Identity Manager

e-Suap Inista 2014 (International Symposium on INnovation in Intelligent SysT...
e-Suap Inista 2014 (International Symposium on INnovation in Intelligent SysT...e-Suap Inista 2014 (International Symposium on INnovation in Intelligent SysT...
e-Suap Inista 2014 (International Symposium on INnovation in Intelligent SysT...Sabino Labarile
 
Bavel 012916
Bavel 012916Bavel 012916
Bavel 012916Bob Avel
 
System Center Configuration Manager-The Most Popular System Center Component
System Center Configuration Manager-The Most Popular System Center Component System Center Configuration Manager-The Most Popular System Center Component
System Center Configuration Manager-The Most Popular System Center Component C/D/H Technology Consultants
 
Things-factory introduction
Things-factory introductionThings-factory introduction
Things-factory introductionHatio, Lab.
 
Developer Conference 2.1 - (Cloud) First Steps to the Cloud
Developer Conference 2.1 - (Cloud) First Steps to the CloudDeveloper Conference 2.1 - (Cloud) First Steps to the Cloud
Developer Conference 2.1 - (Cloud) First Steps to the CloudMicro Focus
 
JAVA J2EE LEAD coming out of CITI
JAVA J2EE LEAD coming out of CITIJAVA J2EE LEAD coming out of CITI
JAVA J2EE LEAD coming out of CITIvravi123
 
Mcitp course
Mcitp courseMcitp course
Mcitp coursebaluja
 
Javaday jplaton presentation final
Javaday jplaton presentation finalJavaday jplaton presentation final
Javaday jplaton presentation finalGeorge Fylaktopoulos
 
CGM (Computer Graphics Metafile) v SVG (Scalable Vector Graphic)
CGM (Computer Graphics Metafile) v SVG (Scalable Vector Graphic)CGM (Computer Graphics Metafile) v SVG (Scalable Vector Graphic)
CGM (Computer Graphics Metafile) v SVG (Scalable Vector Graphic)Vizualsite LLC
 
System Center 2012: Make IT's life simpler and better
System Center 2012: Make IT's life simpler and betterSystem Center 2012: Make IT's life simpler and better
System Center 2012: Make IT's life simpler and betterC/D/H Technology Consultants
 

Similaire à Forefront Identity Manager (20)

e-Suap Inista 2014 (International Symposium on INnovation in Intelligent SysT...
e-Suap Inista 2014 (International Symposium on INnovation in Intelligent SysT...e-Suap Inista 2014 (International Symposium on INnovation in Intelligent SysT...
e-Suap Inista 2014 (International Symposium on INnovation in Intelligent SysT...
 
E suap - INISTA 2014
E suap - INISTA 2014E suap - INISTA 2014
E suap - INISTA 2014
 
Vishal Sharma
Vishal SharmaVishal Sharma
Vishal Sharma
 
Bavel 012916
Bavel 012916Bavel 012916
Bavel 012916
 
System Center Configuration Manager-The Most Popular System Center Component
System Center Configuration Manager-The Most Popular System Center Component System Center Configuration Manager-The Most Popular System Center Component
System Center Configuration Manager-The Most Popular System Center Component
 
Things-factory introduction
Things-factory introductionThings-factory introduction
Things-factory introduction
 
Sai_Resume
Sai_ResumeSai_Resume
Sai_Resume
 
DeepakD
DeepakDDeepakD
DeepakD
 
Resume_Venugopal
Resume_VenugopalResume_Venugopal
Resume_Venugopal
 
Resume
ResumeResume
Resume
 
Developer Conference 2.1 - (Cloud) First Steps to the Cloud
Developer Conference 2.1 - (Cloud) First Steps to the CloudDeveloper Conference 2.1 - (Cloud) First Steps to the Cloud
Developer Conference 2.1 - (Cloud) First Steps to the Cloud
 
JAVA J2EE LEAD coming out of CITI
JAVA J2EE LEAD coming out of CITIJAVA J2EE LEAD coming out of CITI
JAVA J2EE LEAD coming out of CITI
 
Mcitp course
Mcitp courseMcitp course
Mcitp course
 
Kumar_Resume - LinkedIn
Kumar_Resume - LinkedInKumar_Resume - LinkedIn
Kumar_Resume - LinkedIn
 
Javaday jplaton presentation final
Javaday jplaton presentation finalJavaday jplaton presentation final
Javaday jplaton presentation final
 
CGM (Computer Graphics Metafile) v SVG (Scalable Vector Graphic)
CGM (Computer Graphics Metafile) v SVG (Scalable Vector Graphic)CGM (Computer Graphics Metafile) v SVG (Scalable Vector Graphic)
CGM (Computer Graphics Metafile) v SVG (Scalable Vector Graphic)
 
CGM versus SVG
CGM versus SVGCGM versus SVG
CGM versus SVG
 
Ankit Vakil (1)
Ankit Vakil (1)Ankit Vakil (1)
Ankit Vakil (1)
 
System Center 2012: Make IT's life simpler and better
System Center 2012: Make IT's life simpler and betterSystem Center 2012: Make IT's life simpler and better
System Center 2012: Make IT's life simpler and better
 
Resume
ResumeResume
Resume
 

Plus de MASIT MACEDONIA

Public Private Partnership
Public Private PartnershipPublic Private Partnership
Public Private PartnershipMASIT MACEDONIA
 
Why should SME’s participate in FP 7
Why should SME’s participate in FP 7Why should SME’s participate in FP 7
Why should SME’s participate in FP 7MASIT MACEDONIA
 
ReDeSign – FP7 Project for Cable Industry
ReDeSign – FP7 Project for Cable IndustryReDeSign – FP7 Project for Cable Industry
ReDeSign – FP7 Project for Cable IndustryMASIT MACEDONIA
 
WINS-ICT project overview
WINS-ICT project overviewWINS-ICT project overview
WINS-ICT project overviewMASIT MACEDONIA
 
Opportunities for Macedonian SME's in FP7
Opportunities for Macedonian SME's in FP7Opportunities for Macedonian SME's in FP7
Opportunities for Macedonian SME's in FP7MASIT MACEDONIA
 
Registry integration and dynamics
Registry integration and dynamicsRegistry integration and dynamics
Registry integration and dynamicsMASIT MACEDONIA
 
Vision of registry infrastructure for progressive societies
Vision of registry infrastructure for progressive societiesVision of registry infrastructure for progressive societies
Vision of registry infrastructure for progressive societiesMASIT MACEDONIA
 
Functional e-municipality
Functional e-municipalityFunctional e-municipality
Functional e-municipalityMASIT MACEDONIA
 
ICT Impact in Republic of Kosova
ICT Impact in Republic of KosovaICT Impact in Republic of Kosova
ICT Impact in Republic of KosovaMASIT MACEDONIA
 
IT strategy implementation-gtz role
IT strategy implementation-gtz role IT strategy implementation-gtz role
IT strategy implementation-gtz roleMASIT MACEDONIA
 
IT export promotion strategy
IT export promotion strategy IT export promotion strategy
IT export promotion strategy MASIT MACEDONIA
 

Plus de MASIT MACEDONIA (20)

Public Private Partnership
Public Private PartnershipPublic Private Partnership
Public Private Partnership
 
CSR
CSRCSR
CSR
 
ICT Call 7
ICT Call 7ICT Call 7
ICT Call 7
 
Work programme WINS ICT
Work programme WINS ICTWork programme WINS ICT
Work programme WINS ICT
 
Why should SME’s participate in FP 7
Why should SME’s participate in FP 7Why should SME’s participate in FP 7
Why should SME’s participate in FP 7
 
ReDeSign – FP7 Project for Cable Industry
ReDeSign – FP7 Project for Cable IndustryReDeSign – FP7 Project for Cable Industry
ReDeSign – FP7 Project for Cable Industry
 
WINS-ICT project overview
WINS-ICT project overviewWINS-ICT project overview
WINS-ICT project overview
 
Opportunities for Macedonian SME's in FP7
Opportunities for Macedonian SME's in FP7Opportunities for Macedonian SME's in FP7
Opportunities for Macedonian SME's in FP7
 
Registry integration and dynamics
Registry integration and dynamicsRegistry integration and dynamics
Registry integration and dynamics
 
E-municipality
E-municipalityE-municipality
E-municipality
 
E-gov project
E-gov projectE-gov project
E-gov project
 
Vision of registry infrastructure for progressive societies
Vision of registry infrastructure for progressive societiesVision of registry infrastructure for progressive societies
Vision of registry infrastructure for progressive societies
 
One stop shop
One stop shopOne stop shop
One stop shop
 
Functional e-municipality
Functional e-municipalityFunctional e-municipality
Functional e-municipality
 
ICT Impact in Republic of Kosova
ICT Impact in Republic of KosovaICT Impact in Republic of Kosova
ICT Impact in Republic of Kosova
 
IT strategy implementation-gtz role
IT strategy implementation-gtz role IT strategy implementation-gtz role
IT strategy implementation-gtz role
 
IT export promotion strategy
IT export promotion strategy IT export promotion strategy
IT export promotion strategy
 
AITA
AITAAITA
AITA
 
Inevitable synergy
Inevitable synergy Inevitable synergy
Inevitable synergy
 
MCP Project
MCP ProjectMCP Project
MCP Project
 

Forefront Identity Manager

  • 1. Forefront Identity Manager 2010 implementation in “Goce Delcev” University – Stip Goce Bogatinov, Chief IT Administrator University „Goce Delcev“ - Stip goce.bogatinov@ugd.edu.mk Jordan Tikvesanski, IT System Administrator University „Goce Delcev“ - Stip jordan.tikvesanski@ugd.edu.mk
  • 2. Forefront Identity Manager 2010 implementation in “Goce Delcev” University – Stip Partners
  • 3. Contents • Presentation of the University "Goce Delchev" – Stip and its informational system • The role and method of involvement of Microsoft Consulting Services in the performance of the decision • Intec Systems and Gemalto part in the performance of the decision • Experiences and recommendations
  • 4. General information • Established in 2007 • Elected rector Prof. Dr. Sasa Mitrev • More than 13.000 students and 500 employees at the moment • 1.200 PC’s and up to 50 servers • 10 Campuses located in different cities • 10 Campuses in Stip
  • 5. Infrastructure Internet links with VPN tunnels to Stip
  • 6. Infrastructure in Stip Optical links Optical links in construction Wireless links
  • 7. User profiles • Students • undergraduate • Master studies • PhD studies • Employees • Administration • Teachers (associates, visiting…) • Student Services • Other personnel • IT Staff • Administrators • Technical staff • Help desk
  • 8. Student services • Mail • Microsoft Live@EDU • Learning gateway • Moodle • Student files • Microsoft Dynamics CRM • Video conferencing • Polycom • Wireless internet access • Cisco, Microsoft NAP
  • 9. Employee services • Mail • Microsoft Exchange 2010 • Telephony • Cisco UCM, Cisco IP Phones • Microsoft Exchange 2010 UM • IM, A/V Conferencing, Desktop sharing • Microsoft Office Communicator • Document management • Xerox Docushare • Wireless internet access • Cisco, Microsoft NAP
  • 10. Challenges • Unique user name and password for all • Time and attendance tracking system • Two-factor authentication • Student/employee ID card
  • 11. Implementation stages • Specifying and clarifying what is necessary for project implementation ENVISION • Establishing the foundation of the team and core of the project cycle • Collecting as much information as possible PLAN • Development of conceptual solutions in specific design and plan • Making the decision in a test environment and its documentation BUILD • Testing of all aspects of the decision • Improving the quality of the solution to meet the criteria for his release in production STABILIZE • Verification of functionality and usability of the solution of business and user perspective • Setting up in production environment DEPLOY • Transition of the system into operational functioning
  • 12. ENVISION PLAN BUILD STABILISE DEPLOY Administration and Demands IT Infrastructure maintenance • High level of • Various vendor based • Small team and automation, easy for technology helpdesk, no user use, high level of • Windows Server 2008 defined roles, large availability • AD DS number of critical • MS SQL 2008 systems, large number of helpdesk • MS Exchange 2010 demands. • MS SCCM 2007 • AD Certificate Services • Vmware virtualization technology
  • 13. ENVISION PLAN BUILD STABILISE DEPLOY • 40% of the time spent on this stage • Functional specs (What are we going to build?) • Conceptual design (How will we build it?) • Timeline of activities (When will we build it?) • Are we ready to build?
  • 14. ENVISION PLAN BUILD STABILISE DEPLOY • Building the system in test environment • Implementation of the planned functionalities • Testing • Testing • Testing
  • 15. ENVISION PLAN BUILD STABILISE DEPLOY • The process of bringing the solution to an acceptable level of quality and functionality performed by testing and correction system • Implementation of the solution in production environment • Testing of all aspects of the decision of an isolated group of users – Pilot users
  • 16. ENVISION PLAN BUILD STABILISE DEPLOY • Large overlap of activities performed in the phase of stabilization • Preparing the physical infrastructure through GPO, distribution of necessary client agents, installing enrollment kiosks… • Operating and maintenance of the system
  • 17. PKI decision contents PKI based on Windows Server 2008 R2 1 Offline Root CA 2x Enterprise Issuing CA CRL and AIA publish via AD DS and IIS 7.0 Certificate templates • Vraboten Standard • Vraboten Encryption • Student Standard Use of certificates • Authentication (Domain Logon, Application logon, Wi-Fi Access) • E-Mail signing • Disk and data encryption
  • 18. FIM 2010 CLM decision contents • FIM CLM Application - NLB Cluster FIM 2010 CLM servers • MS SQL 2008 Failover Cluster Backend DB • FIM 2010 client component • Self Service user portal • Administration and configuration portal • FIM CM SQL API for interaction with other systems • Profile templates for students and employees • Smart Card Middleware and Enrolment • Smart card printing
  • 19. Smart Cards • Gemalto Hybrid Smart Card .NET + EM4100 contactless chip • .NET framework on SmartCard • Easy integration in Microsoft environment • Microsoft Base Smartcard CSP support • CMS Microsoft CMS/FIM 2010 preferred • .NET SDK integration with Microsoft Visual Studio
  • 20. Gemalto .NET implementation on WSCF Microsoft Crypto Next Generation Architecture Gemalto .NET Crypto architecture Microsoft Smart Card Enabled Applications Microsoft Smart Card Enabled Applications Microsoft Base Smart Card CSP Microsoft Base Smart Card CSP Smart Card Vendor Mini Driver .NET Minidriver DLL MS Smart Card Resource Manager MS Smart Card Resource Manager PC/SC PC/SC Add-on on MS Base CSP witch redirects requests to Gemalto .NET card module
  • 21. Experiences • Complex system of permissions and role separation • Profile Templates and Certificate Templates – crucial in the further exploitation period • Investments in compatible components • Condition of existing infrastructure • Concomitant use of x86 and 64bit clients • Client works through IE 6.0 +
  • 22. Recommendations • The complexity of the system requires thorough planning • Using virtual environment • Document every step in the development and implementation of the system • Test the entire system after each change • Use separate user accounts for each user role even if the same person is in question • In system with more than 10,000 users there are no "minor" changes
  • 23. Q&A ???