cis 2015-lessons in access management - supporting cloud and mobile with a complete infrastructure...
TRANSCRIPT
Lessons In Access Management - supporting cloud and mobile with a complete infrastructure update for Queensland Education
Craig Gilmour, Chief Identity Architect UNIFY Solutions
Department of Education & Training Overview
Copyright © 2015 Cloud Identity Summit. All rights reserved. 3
Department of Education & Training Overview
Copyright © 2015 Cloud Identity Summit. All rights reserved. 4
• Approx 1300 Schools • School Staff: 90,000 • Students: 530,000 • Over 1.1 million Managed Identities
Key Applications – Utilisation Examples
• ELearning, Student & Teacher Collaboration Tools • 5 Apps, 600,000 + Users, “Dial-tone” required
• Education: Peak Loads on all systems • 120,000+ adds, moves, changes in 24 hour
• Student Management System (OneSchool) • Peak Page Load: 13600 per min (day: 5.65 M) • Peak simultaneous users 7027
Copyright © 2015 Cloud Identity Summit. All rights reserved. 5
A brief History of Identity Initiatives • 2003 – 2008: Identity Tactical & Prep
• Schools Managed Internet Service • Tactical IdM, Strategy & IAM Vendor Engagement
• 2008 – 2012: “IAM 1.0” Build & Deploy (phases) • In Parallel: Central Student Management System
• 2012 – 2014: Operational & Strategy Review Copyright © 2015 Cloud Identity Summit. All rights reserved. 6
What did we build?
What’s this cloud thing?
Copyright © 2015 Cloud Identity Summit. All rights reserved. 7
Challenges & New Requirements • Complexity & Operational Overheads • Adding New Applications: complex & vendor required • Cloud, Cloud, Cloud & Mobile
• Cloud Access Management Policies & Patterns • O365 (Exchange Online) – 650,000 Identities • Cloud Online Learning Applications - accelerated
• Rapid change, time for a new approach • Decision: Replacement of Access Components
Copyright © 2015 Cloud Identity Summit. All rights reserved. 9
AM Refresh Project Objectives • Aggressive Timeframe: 2014: February – June 30 • Federation first & loosely coupled • Provide a path for cloud & mobile • Strong Microsoft Platform Support • On-premise Identities & Credentials & Desktop SSO • 30 Applications (WAM, Federation, LDAP, Custom) • Dual Datacentre (redundant, automatic failover, etc) • Scale - current load + O365 (ExchangeOnline)
Copyright © 2015 Cloud Identity Summit. All rights reserved. 10
AM Refresh Project Activities - Summary • Project Governance & Major Executive Support! • Implement Massive Infrastructure Changes
• Dev, Test, UAT, Prod • 50 + hardware load-balancer configurations
• Testing, migration, support plans, ops handover, etc • June 30 2014: Made it… except 1 App • Ongoing: O365 Migration, upgrades, new Apps
Copyright © 2015 Cloud Identity Summit. All rights reserved. 12
PATTERNS • On-Premise Identities &
Credentials • On-Premise IdP • On-Premise Applications • Cloud Apps & Mobile • Future: IDaaS & IaaS:
• PingOne / Azure / Combination
Copyright © 2015 Cloud Identity Summit. All rights reserved. 15
Where To Now – Enabling the Future! • Standard Patterns for App Integration
• Internally Developed & COTS • “As a Service”
• Support IaaS Management & Role Access • Mobile Initiatives (OAuth & API Access) • Flexible, Supportable, Manageable Architecture
• Adapt to “What’s next”
Copyright © 2015 Cloud Identity Summit. All rights reserved. 16