Lessons In Access Management - supporting cloud and mobile with a complete infrastructure update for Queensland Education

Craig Gilmour, Chief Identity Architect UNIFY Solutions

Department of Education & Training Overview

Copyright © 2015 Cloud Identity Summit. All rights reserved. 3

Department of Education & Training Overview

Copyright © 2015 Cloud Identity Summit. All rights reserved. 4

•  Approx 1300 Schools •  School Staff: 90,000 •  Students: 530,000 •  Over 1.1 million Managed Identities

Key Applications – Utilisation Examples

•  ELearning, Student & Teacher Collaboration Tools •  5 Apps, 600,000 + Users, “Dial-tone” required

•  Education: Peak Loads on all systems •  120,000+ adds, moves, changes in 24 hour

•  Student Management System (OneSchool) •  Peak Page Load: 13600 per min (day: 5.65 M) •  Peak simultaneous users 7027

Copyright © 2015 Cloud Identity Summit. All rights reserved. 5

A brief History of Identity Initiatives •  2003 – 2008: Identity Tactical & Prep

•  Schools Managed Internet Service •  Tactical IdM, Strategy & IAM Vendor Engagement

•  2008 – 2012: “IAM 1.0” Build & Deploy (phases) •  In Parallel: Central Student Management System

•  2012 – 2014: Operational & Strategy Review Copyright © 2015 Cloud Identity Summit. All rights reserved. 6

What did we build?

What’s this cloud thing?

Copyright © 2015 Cloud Identity Summit. All rights reserved. 7

Copyright © 2015 Cloud Identity Summit. All rights reserved. 8

Challenges & New Requirements •  Complexity & Operational Overheads •  Adding New Applications: complex & vendor required •  Cloud, Cloud, Cloud & Mobile

•  Cloud Access Management Policies & Patterns •  O365 (Exchange Online) – 650,000 Identities •  Cloud Online Learning Applications - accelerated

•  Rapid change, time for a new approach •  Decision: Replacement of Access Components

Copyright © 2015 Cloud Identity Summit. All rights reserved. 9

AM Refresh Project Objectives •  Aggressive Timeframe: 2014: February – June 30 •  Federation first & loosely coupled •  Provide a path for cloud & mobile •  Strong Microsoft Platform Support •  On-premise Identities & Credentials & Desktop SSO •  30 Applications (WAM, Federation, LDAP, Custom) •  Dual Datacentre (redundant, automatic failover, etc) •  Scale - current load + O365 (ExchangeOnline)

Copyright © 2015 Cloud Identity Summit. All rights reserved. 10

Copyright © 2015 Cloud Identity Summit. All rights reserved. 11

AM Refresh Project Activities - Summary •  Project Governance & Major Executive Support! •  Implement Massive Infrastructure Changes

•  Dev, Test, UAT, Prod •  50 + hardware load-balancer configurations

•  Testing, migration, support plans, ops handover, etc •  June 30 2014: Made it… except 1 App •  Ongoing: O365 Migration, upgrades, new Apps

Copyright © 2015 Cloud Identity Summit. All rights reserved. 12

Copyright © 2015 Cloud Identity Summit. All rights reserved. 13

Copyright © 2015 Cloud Identity Summit. All rights reserved. 14

PATTERNS •  On-Premise Identities &

Credentials •  On-Premise IdP •  On-Premise Applications •  Cloud Apps & Mobile •  Future: IDaaS & IaaS:

•  PingOne / Azure / Combination

Copyright © 2015 Cloud Identity Summit. All rights reserved. 15

Where To Now – Enabling the Future! •  Standard Patterns for App Integration

•  Internally Developed & COTS •  “As a Service”

•  Support IaaS Management & Role Access •  Mobile Initiatives (OAuth & API Access) •  Flexible, Supportable, Manageable Architecture

•  Adapt to “What’s next”

Copyright © 2015 Cloud Identity Summit. All rights reserved. 16

Copyright © 2015 Cloud Identity Summit. All rights reserved. 17