1. BLACKPOOL AND THE FYLDE COLLEGE An Associate College of Lancaster University Identity Management “Who do you think they are?” A case study and workshop on 4 years development at Blackpool & The Fylde College
2. BLACKPOOL AND THE FYLDE COLLEGE An Associate College of Lancaster University Organisation Chart Technicians * 8(Front-of-House) Engineers * 8(Back-of-House) Mac Support * 3 IT Support Supervisor Simon Bailey (Network Manager) Christine McAllister (Head of Learning & IT)
3. Overview of the day BLACKPOOL AND THE FYLDE COLLEGE An Associate College of Lancaster University 10:15 Session 1: “Identities, a good place to start?” 11:00 Tea & Coffee 11:15 Session 2: Salford Software discuss different IDM Technologies and IDM within other institutions 11:45A pre-lunch introduction to Session 3 12:00 Lunch 13:00 Session 3: IDM technologies within YOUR organization 13:30 Session 4: “Impediments to Identity Wonderland” - Obstacles & Challenges 14:15 Session 5: “Into the Cloud” – Managing identities in the cloud 15:00 Tea & Coffee, plus feedback, questions and futures….
4. FAIL! 300 orphaned staff accounts Non-fee paying students Archive - storage costs and meaningless backups Can you guarantee that people logging on to your systems are legitimate at all times? BLACKPOOL AND THE FYLDE COLLEGE An Associate College of Lancaster University
6. Before: One-To-One BLACKPOOL AND THE FYLDE COLLEGE An Associate College of Lancaster University Business Application 1 Business Application 2 Business Application 3 DATABASE DATABASE DATABASE Students Students Students Staff Staff Staff Batch Process Batch Process Legacy Account Creation Application (in-house)
7. After: One-To-Many BLACKPOOL AND THE FYLDE COLLEGE An Associate College of Lancaster University System 1 System 2 System 3 DATABASE DATABASE DATABASE Information Interchange Information Interchange Users Students Staff
8. BLACKPOOL AND THE FYLDE COLLEGE An Associate College of Lancaster University Designerfor Novell Identity Management
9. BLACKPOOL AND THE FYLDE COLLEGE An Associate College of Lancaster University
10. Phase 1 - Staff BLACKPOOL AND THE FYLDE COLLEGE An Associate College of Lancaster University Staff Directory (Browser View) Active Directory HR Database (Northgate RL) DB DB PROC. ‘Production’ Directory Services (eDir) Authentication Directory Identity Vault DB DB DB Email Provisioning (GroupWise) Telecom PABX (Siemens Database) Shibboleth DB DB PROC
11. Phase 2 - Students BLACKPOOL AND THE FYLDE COLLEGE An Associate College of Lancaster University Student Directory Student Record System (Tribal EBS) VLE (Moodle) DB DB PROC Authentication Directory Identity Vault AccessManager ‘Production’ Directory Services (eDir) DB DB DB PROC Email Provisioning (GroupWise) Shibboleth DB PROC
12. In Conclusion Senior Management Buy-in Did we get it? Do you need it? Confidence gained in Phase 1 Allowed progression in Phase 2 Start small Find High Return on Investment (ROI) In Conclusion BLACKPOOL AND THE FYLDE COLLEGE An Associate College of Lancaster University BLACKPOOL AND THE FYLDE COLLEGE An Associate College of Lancaster University
Simon says “Hello” and then we’re on to the introductions...
Who are we? Ken introduces SimonNetwork ManagerOver 22 years @ the collegeKey to creation of CNS – central IT provisionAlong with Christian, recognised the value of Business Integration Simon introduces: John Ken Facilitators – Chrissie Turkington and Keith Wilson from JISC RSC Northwest
Briefly discuss the overview of the day Ask questions throughout Why are we doing this workshop? Inform Encourage Let the wider community know we have seen real results for the organisation
What is Identity Management?
Legacy solution based upon specific identified needs ( KEN: Define business process each time )
Defining the authoritative source of user identities ( KEC: Defining Business Process only once ) ( KEC: Authoratative ) Why did we go for identities? High Return on Investment (ROI) A return on Investment in Time ( KEN: Cuts duplication of effort ) ( KEN: Cut in repetition reduces errors ) Always based upon a single source that is:Authoratative Compliant Auditable Data source meets Shibboleth and JANET Acceptable Use Policies ( KEC: Shibboleth replaced Athens, a manual process ) Vault is an authoritative copy providing for the consolidation and integration of many services Where to start? Look for something with tangible requirements / benefits
Why Novell?(KEC: Designer: Graphically model your design and implementationJava programming not a pre-requirement.Schema both endsXML document flows through Policies and rules that implement Business Rules
Two phases Phase 1 – Staff Phase 2 – Students, Courses, Enrolments Phase 1 Human Resources – Northgate Resources Link – Oracle Database Active Directory Siemens PABX Telephone System – Modified Access Database E-Mail - Novell GroupWise Why start here? HR moving from old HR Globe system to new Northgate ResourceLink HR went through data cleans exercise ( KEC: We did too – WorkforceID in user objects ) No automatic account creation mechanism for staff ( KEC: Inconsistent account requests ) Smaller number of staff users vs. students Future vision – reuse of Identities Remove duplication of effort Authoritative source for data (KEC: KnownAs) Controlled – Process – starters/leavers – 0 day Remove old orphaned accounts Active Directory – MS Apps Technical: Oracle database Required an interface to expose data Enlisted Northgate to create a new interface to our specifications Maintenance requirement Novell IDM Event driven ( XML ) Business process Driver Rules The VAULT Siemens PABX systemAcess DB Authoritative for Telephone numbers ( New starters )
Phase 2: Student Record System - Tribal EBS Virtual Learning Environment - Moodle Authentication Directory – AUTH Tree Federated Access System – Shibboleth Capture and maintain authoritative data about Students, courses, schools and enrolments. Why continue here? Remainder of the users Remove legacy system NARS User IDs already in VAULT ( match up ) Present and use course and enrolment data Push enrolment data into Moodle Shibboleth (Athens) Access Manager – SSO AUTH Tree – security Technical description Oracle database – big Intermediate tableClarus – In house advantageMoodle – MySQL 0 day student start Unable to perform 0 day finish – time event instead Self Service – via “Student Directory”