Upload File

6426b_01

28
Module 1 Exploring Identity and Access Solutions

Upload: feijao-rb

Post on 11-Jul-2016

213 views

Category:

Documents


0 download

Report

DESCRIPTION

6426B_01

TRANSCRIPT

Page 1: 6426B_01

Module 1Exploring Identity and

Access Solutions

Page 2: 6426B_01

Module Overview• The Business Case for Identity and Access Control• Active Directory Server Roles in IDA Management• Overview of Identity Lifecycle Manager 2007

Jaime Odell
Global for all slides with edits. Edited slides will need to be repplaced in the docs after AU/CDM confirms or rejects edits.
Jaime Odell
In 1st line, changed "Manage" to "Management"Also in 1st line, should "identity and access problems" be init capped as "Identity and Access problems" or is it used in more of a generic sense?Ended each line with a period in specific topics, such as "Operational Efficiency."Lowercased "Pros"In 5th line under "Operational Efficiency," I think it's missing a word at the end. "...creates security problems"?The very last sentence is incomplete, so does not match structure of all the other sentences. Please edit to create a complete sentence.
Page 3: 6426B_01

Lesson 1: The Business Case for Identity and Access Control• The Directory Sprawl Phenomenon• Business Reasons to Implement IDA Solutions • IDA Management Solutions• Enhancing Security by Using IDA Management

Page 4: 6426B_01

The Directory Sprawl Phenomenon• Directories provide a centralized repository for user

identity and access control• Many organizations have more than one directory• Keeping directories in sync can lead to user confusion and

unnecessary management overhead

Jaime Odell
In 1st bullet, added period after "application" and added "Server" after "Exchange"In 2nd and 3rd bullets, necessary to init cap "Acquisitions," Development," etc.?In all three bullets, added period to end of parentheticals, and in 2nd and 3rd bullets, init capped "Think"In 3rd bullet, should "directory services" be init capped?Global: Necessary to init cap "Directory Sprawl"? It's lowercase in the docs.
Page 5: 6426B_01

Business Reasons to Implement IDA Solutions• Some of the Business Reasons to implement an IDA

solution are: Reduce the information access workload Increase operational security Enable secure cross-organization collaboration Protect intellectual property

Jaime Odell
Please confirm that the link goes to the site you want. When I checked it, it went to a "Microsoft Identity and Access" site.
Page 6: 6426B_01

IDA Management Solutions• List a few data sources that store identity information. • Suggest a few procedures to provision a new employee to be fully

productive.• What are the security issues that confront individual access to user-

sensitive data? • Discuss a few conventional methods to securely share information or

collaborate with external partners.

Jaime Odell
In first para, in phrase "and how possible solutions," deleted "how"In second para, in phrase "How is that user account Provisioned? (Created))," lowercased "Provisioned" and "Created" and moved parenthetical.
Page 7: 6426B_01

Enhancing Security by Using IDA Management

Security and Access Policies Password Management Strong Authentication

Security Audit Policies Identity-Aware Applications Reducing Information Leaks

Page 8: 6426B_01

Lesson 2: Active Directory Server Roles in IDA Management• What Is a Server Role?• Demonstration: Configuring a Server Role in Windows

Server 2008• Active Directory Roles That Support IDA Solutions• Directory Services in IDA Management• Active Directory Certificate Services in IDA Management• Active Directory Federation Services in IDA Management• Active Directory Rights Management Services in IDA

Management• Overview of IDA Management Technologies

Jaime Odell
Ended last sentence of 1st para with a period and 2nd para with a period.
Page 9: 6426B_01

What Is a Server Role?

Set of Installed Applications

Option to Perform Singular Function

Option to Combine with Other Server Roles

Server Role

Jaime Odell
Global in slide deck: please verify capping of "Role"
Page 10: 6426B_01

Demonstration: Configuring a Server Role in Windows Server 2008 • Configure a server role in Windows Server 2008 by using Server Manager

Page 11: 6426B_01

Active Directory Roles That Support IDA Solutions• Active Directory Domain Services (AD DS)

Provides the foundation for all IDA solutions• Active Directory Lightweight Directory Services (AD LDS)

Provides a directory services infrastructure without the management overhead. It can be used to either isolate or extend the security boundary

• Active Directory Certificate Services (AD CS) Works with AD DS to provide a foundation for enhanced security and

multi-factor authentication. Each Active Directory role will use digital certificates for identity control

• Active Directory Federation Services (AD FS) Provides the ability to connect disparate systems and organizations

without combining security infrastructures. Allows organizations to share management responsibility without sharing “too much” information

• Active Directory Rights Management Services (AD RMS) Provides the ability to secure content, even when the content does not

exist within an organizations security boundary

Jaime Odell
In 2nd para, lowercased "Roles"Under "AD DS and AD LDS Information," deleted spelled-out versions of "AD DS" and "IDA" because they've already been spelled out previously. Spelled out "LDAP" for first reference.
Page 12: 6426B_01

Tools

Platform

Access

Replication

Users

AD LDS

Multiple Instances of AD LDS

DCsBranch

Branch

Branch

AD DS

Hierarchical Network Authentication

Directory Services in IDA Management

Page 13: 6426B_01

Active Directory Certificate Services in IDA Management

Switch Router Wireless Router

Public Key Authentication

Root and Subordinate Enterprise CAs

ManualGroup Web-Based

AD CS

Jaime Odell
In 1st line, added "that is" to end; then deleted "i.e." from beginning of bulleted list.In bull list, please confirm whether "security" s/b upper or lowercase.In last bullet in Notes, the most common use of the acronym SSL is "Secure Sockets Layer." Is this what you intended to write below?
Page 14: 6426B_01

Role

AccessIDA

Identity

Active Directory Federation Services in IDA Management

Secure Identity Access Solution Business-to-Business Scenarios Single Sign-on Access

Manufacturer

Account Partner

Supplier

Resource PartnerAD FS

Page 15: 6426B_01

Active Directory Rights Management Services in IDA Management

Identity Federation

Usage Control

RMS-Enabled Applications

Copy

Forward Print

AD RMS

2008

Page 16: 6426B_01

Overview of IDA Management Technologies

Role

AccessIDA

IDA Management

Identity

AD RMS

Tools

Platform

Access

Replication

Users

AD LDS

DCsBranch

Branch

Branch

AD DS

Applications

Integration

ILM Access

DS

Identity Lifecycle Manager 2007

Manufacturer

Account Partner

Supplier

Resource Partner

AD FS

Jaime Odell
In last section of Notes, is it necessary to init cap "Roles"? Also, changed "i.e." to "that is," added it to end of sentence, and changed items beneath to bulleted list, deleting "etc." at very end.
Page 17: 6426B_01

Lesson 3: Overview of Identity Lifecycle Manager 2007• Components of ILM 2007• System Requirements for ILM 2007• Identity Integration by Using ILM 2007 • Identity Management Process by Using ILM 2007• The Smart Card and Certificate Life Cycle • Smart Card and Certificate Management with ILM 2007

Page 18: 6426B_01

Components of ILM 2007

Certificate and Smart Card Management

Password Management Automated

Provisioning

Microsoft Identity Integration Server 2003

Metadirectory Services and User Provisioning

SQL Server®

Active Directory IIS SMTP

CLM Server

Client

Microsoft Certificate Lifecycle Manager 2007

Jaime Odell
In 1st reference, added "FP1" to end of page title.
Page 19: 6426B_01

System Requirements for ILM 2007

• 1 GHz or faster processor; Pentium 4 recommended

• 512 MB of RAM or higher; 1 GB or more recommended

• 8 GB of available hard-disk space on an NTFS partition

Hardware Requirements

• Windows Server 2003 32-bit Enterprise Edition or Windows Server 2008 32-bit Enterprise Edition

• .NET Framework 2.0 • CLM 2007 Requires Certificate Services • SQL Server 2005 Standard or Enterprise

Edition or later recommended

Software Requirements

Page 20: 6426B_01

Identity Integration by Using ILM 2007

Extranet Active Directory

Intranet Active Directory

Proprietary Directory

ILM 2007

Messaging and Collaboration

MA

MA MA

MA

CS

CS CS

CS

CD

CD CD

CD

MV

Legend:CS = Connector SpaceMA = Management AgentMV = MetaverseCD = Connected Data Source

Jaime Odell
Should the long URL be changed to a fwlink?
Page 21: 6426B_01

Identity Management Process by Using ILM 2007

DataSource1

DataSource2

DataSource3

Metaverse

DataSource1

DataSource2

DataSource3

Updated data is written to the metaverse

Updated data is propagated to other connected data sources

Management Agent

Management Agent

Management Agent

Connector Space

Page 22: 6426B_01

The Smart Card and Certificate Life Cycle

Smart Card and Certificate Life Cycle

Supported operations include:• Smart card and certificate enrollment• Recovery / card replacement• Temporary card issuance• Smart card PIN unblocking• Manager approvals• Smart card PIN change

Retire

Enroll

Mana

ge

Page 23: 6426B_01

Smart Card and Certificate Management with ILM 2007

CA ServerMail Server SQL ServerActiveDirectory Server

CertificateLifecycle Manager

End User

Jaime Odell
Change the URL at the end to a fwlink?
Page 24: 6426B_01

Lab: Exploring IDA Solutions • Exercise 1: Exploring How Active Directory Server Roles Provide IDA

Management Solutions

Estimated time: 60 minutes

Page 25: 6426B_01

Lab Scenario• You will identify the server roles needed to satisfy the business

requirements for Contoso Pharmaceuticals and Northwind Traders. Contoso has entered into a partnership with Northwind Traders. Contoso must provide secure access to a Web application and SharePoint hosted documents to specified individuals at Northwind Traders. Specific Details are available in the student workbook.

Page 26: 6426B_01

Lab ReviewIn this lab, you have:• Created a functionality framework • Taken decisions on creating server roles to achieve required IDA

management solutions • Identified identity synchronization and user provisioning• Identified certificate management• Identified secure access across organizational boundaries• Identified secure access beyond user names and passwords

Page 27: 6426B_01

Module Summary In this module, you have learned to:• Identify and define IDA Solutions• Identify Active Directory Server Roles in IDA Management• Identify the uses and features of ILM 2007

Jaime Odell
A module summary slide was not included in Module 7. Should it be included there, or delete this slide from here?
Page 28: 6426B_01

Module Review and Takeaways• Review Questions• Real World Scenarios• Best Practice

Jaime Odell
Please see changes in docs to see the changes I made to the review questions.

Heidegger Kritik

Chapter-01

United States Constitution

Iron Mills Essay

Steve Jobs' Commencement Speech at Stanford

Physical Modelling Synthesis Overview

Introduction to Six Sigma

Simple Functions in Haskell

Cakes Recipes

The Dutch Republic In International Trade

Venture Capital

Who Killed God

Bhagavad Gita

Star Wars Prequel Trilogy Trivia (Episodes I-III)

Fortran

How Computer Keyboards Work

Do you admire Leonardo da Vinci?

Explore The Levels of Creation

Acetone Peroxide

Rubik's cube solution

Algorithms

Star Wars Original Trilogy Trivia (Episodes IV-VI)

How Computer Monitors Work

Effective Parenting: Establishing Boundaries

I Am a Holocaust Denier and I Am Unafraid

Personality Development

Keyboard Shortcuts for the Opera Browser for Mac OS X

Jan Van Eyck and the Man In A Red Turban

Compressing And Decompressing Folders

European Colinization of Latin America

Disclaimer

Oedipus The King: The Ideal Tragic Play

Life Is Just A Dream - Or Is It?

The Best American Humorous Short Stories

Chapter 24