6426b_01
Post on 11-Jul-2016
213 Views
Preview:
DESCRIPTION
TRANSCRIPT
Module 1Exploring Identity and
Access Solutions
Module Overview• The Business Case for Identity and Access Control• Active Directory Server Roles in IDA Management• Overview of Identity Lifecycle Manager 2007
Lesson 1: The Business Case for Identity and Access Control• The Directory Sprawl Phenomenon• Business Reasons to Implement IDA Solutions • IDA Management Solutions• Enhancing Security by Using IDA Management
The Directory Sprawl Phenomenon• Directories provide a centralized repository for user
identity and access control• Many organizations have more than one directory• Keeping directories in sync can lead to user confusion and
unnecessary management overhead
Business Reasons to Implement IDA Solutions• Some of the Business Reasons to implement an IDA
solution are: Reduce the information access workload Increase operational security Enable secure cross-organization collaboration Protect intellectual property
IDA Management Solutions• List a few data sources that store identity information. • Suggest a few procedures to provision a new employee to be fully
productive.• What are the security issues that confront individual access to user-
sensitive data? • Discuss a few conventional methods to securely share information or
collaborate with external partners.
Enhancing Security by Using IDA Management
Security and Access Policies Password Management Strong Authentication
Security Audit Policies Identity-Aware Applications Reducing Information Leaks
Lesson 2: Active Directory Server Roles in IDA Management• What Is a Server Role?• Demonstration: Configuring a Server Role in Windows
Server 2008• Active Directory Roles That Support IDA Solutions• Directory Services in IDA Management• Active Directory Certificate Services in IDA Management• Active Directory Federation Services in IDA Management• Active Directory Rights Management Services in IDA
Management• Overview of IDA Management Technologies
What Is a Server Role?
Set of Installed Applications
Option to Perform Singular Function
Option to Combine with Other Server Roles
Server Role
Demonstration: Configuring a Server Role in Windows Server 2008 • Configure a server role in Windows Server 2008 by using Server Manager
Active Directory Roles That Support IDA Solutions• Active Directory Domain Services (AD DS)
Provides the foundation for all IDA solutions• Active Directory Lightweight Directory Services (AD LDS)
Provides a directory services infrastructure without the management overhead. It can be used to either isolate or extend the security boundary
• Active Directory Certificate Services (AD CS) Works with AD DS to provide a foundation for enhanced security and
multi-factor authentication. Each Active Directory role will use digital certificates for identity control
• Active Directory Federation Services (AD FS) Provides the ability to connect disparate systems and organizations
without combining security infrastructures. Allows organizations to share management responsibility without sharing “too much” information
• Active Directory Rights Management Services (AD RMS) Provides the ability to secure content, even when the content does not
exist within an organizations security boundary
Tools
Platform
Access
Replication
Users
AD LDS
Multiple Instances of AD LDS
DCsBranch
Branch
Branch
AD DS
Hierarchical Network Authentication
Directory Services in IDA Management
Active Directory Certificate Services in IDA Management
Switch Router Wireless Router
Public Key Authentication
Root and Subordinate Enterprise CAs
ManualGroup Web-Based
AD CS
Role
AccessIDA
Identity
Active Directory Federation Services in IDA Management
Secure Identity Access Solution Business-to-Business Scenarios Single Sign-on Access
Manufacturer
Account Partner
Supplier
Resource PartnerAD FS
Active Directory Rights Management Services in IDA Management
Identity Federation
Usage Control
RMS-Enabled Applications
Copy
Forward Print
AD RMS
2008
Overview of IDA Management Technologies
Role
AccessIDA
IDA Management
Identity
AD RMS
Tools
Platform
Access
Replication
Users
AD LDS
DCsBranch
Branch
Branch
AD DS
Applications
Integration
ILM Access
DS
Identity Lifecycle Manager 2007
Manufacturer
Account Partner
Supplier
Resource Partner
AD FS
Lesson 3: Overview of Identity Lifecycle Manager 2007• Components of ILM 2007• System Requirements for ILM 2007• Identity Integration by Using ILM 2007 • Identity Management Process by Using ILM 2007• The Smart Card and Certificate Life Cycle • Smart Card and Certificate Management with ILM 2007
Components of ILM 2007
Certificate and Smart Card Management
Password Management Automated
Provisioning
Microsoft Identity Integration Server 2003
Metadirectory Services and User Provisioning
SQL Server®
Active Directory IIS SMTP
CLM Server
Client
Microsoft Certificate Lifecycle Manager 2007
System Requirements for ILM 2007
• 1 GHz or faster processor; Pentium 4 recommended
• 512 MB of RAM or higher; 1 GB or more recommended
• 8 GB of available hard-disk space on an NTFS partition
Hardware Requirements
• Windows Server 2003 32-bit Enterprise Edition or Windows Server 2008 32-bit Enterprise Edition
• .NET Framework 2.0 • CLM 2007 Requires Certificate Services • SQL Server 2005 Standard or Enterprise
Edition or later recommended
Software Requirements
Identity Integration by Using ILM 2007
Extranet Active Directory
Intranet Active Directory
Proprietary Directory
ILM 2007
Messaging and Collaboration
MA
MA MA
MA
CS
CS CS
CS
CD
CD CD
CD
MV
Legend:CS = Connector SpaceMA = Management AgentMV = MetaverseCD = Connected Data Source
Identity Management Process by Using ILM 2007
DataSource1
DataSource2
DataSource3
Metaverse
DataSource1
DataSource2
DataSource3
Updated data is written to the metaverse
Updated data is propagated to other connected data sources
Management Agent
Management Agent
Management Agent
Connector Space
The Smart Card and Certificate Life Cycle
Smart Card and Certificate Life Cycle
Supported operations include:• Smart card and certificate enrollment• Recovery / card replacement• Temporary card issuance• Smart card PIN unblocking• Manager approvals• Smart card PIN change
Retire
Enroll
Mana
ge
Smart Card and Certificate Management with ILM 2007
CA ServerMail Server SQL ServerActiveDirectory Server
CertificateLifecycle Manager
End User
Lab: Exploring IDA Solutions • Exercise 1: Exploring How Active Directory Server Roles Provide IDA
Management Solutions
Estimated time: 60 minutes
Lab Scenario• You will identify the server roles needed to satisfy the business
requirements for Contoso Pharmaceuticals and Northwind Traders. Contoso has entered into a partnership with Northwind Traders. Contoso must provide secure access to a Web application and SharePoint hosted documents to specified individuals at Northwind Traders. Specific Details are available in the student workbook.
Lab ReviewIn this lab, you have:• Created a functionality framework • Taken decisions on creating server roles to achieve required IDA
management solutions • Identified identity synchronization and user provisioning• Identified certificate management• Identified secure access across organizational boundaries• Identified secure access beyond user names and passwords
Module Summary In this module, you have learned to:• Identify and define IDA Solutions• Identify Active Directory Server Roles in IDA Management• Identify the uses and features of ILM 2007
Module Review and Takeaways• Review Questions• Real World Scenarios• Best Practice
top related