is your enterprise ready for a metadirectory??? presented by brian picard cissp
TRANSCRIPT
Is Your Enterprise Ready For A MetaDirectory???
Presented by Brian Picard CISSP
Personal Background Progressive Insurance – Security Architect
◦ 11 Long Years ( 6 years in Identity/Security )
◦ CISSP, GIAC – GSEC, Microsoft Server/Client Certified
◦ Wide range of background experience ( ie Server Administration, Networking, Development, Identity, and Security Architecture )
Private Consulting – Anything Technical◦ 10 Years ( 5 years in Identity/Security )
◦ Network Development
◦ Server Implementations
◦ Custom Development
◦ Security Consultations and Instruction
AgendaWhat is a MetaDirectory?TimeframesPre WorkImplementationPost Implementation
What is a Meta DirectoryDefinition: A system that
provides data flow between dissimilar data stores.
Timeframes
Pre Work◦Involved Teams◦Product
Selection◦Documentation
Pre WorkImplementati
onPost Work
Implementation◦Design◦Elevation
ProceduresPost Work
◦Care and Feeding◦Additional Uses
Involved Teams◦Human Resources◦Telecom◦Real Estate◦Network OS◦Corporate Directory◦Mainframe Access◦Email Systems◦External Compliance Vendors◦Employee DB History◦Physical Access◦Application Teams◦…
Pre WorkImplementati
onPost Work
Product SelectionMy Magic Triangle
IBM Directory Integrator
(IDI)
Identity Lifecycle Manager
(ILM)
Sun Directory
Server Ent Edition(DSEE)
Pre WorkImplementati
onPost Work
Microsoft’s ILM
Pros◦Good For High #’s of
Changes◦No remote agents
Cons– Slower– Lots of Custom Code
OverviewTelecomHR
ILM Server
Real Estate
Corp Director
y
Active Director
y
Application A
ReadWrite
Application B
Pre WorkImplementati
onPost Work
IBM’s IDI
Pros◦Extremely Fast Changes◦Limited Coding
Cons– Limited Transformations– Remote Agents
Overview
HR Telecom Real Estate
Corp Director
y
Application A
Application B
Agent
Agent
Agent
Agent
ReadWrite
Pre WorkImplementati
onPost Work
Sun’s DSEE
Pros◦Extremely Fast Changes◦Most Accurate Data
Cons– Slower Data Retrieval – Remote Agents
Overview
HR
TelecomReal
Estate
Agent
Agent
Agent
ReadWrite
Sun DSEE
Pre WorkImplementati
onPost Work
Application A
DocumentationAttribute MappingElevation Work FlowCycle Processing MapsPrioritization matrix Customer/Provider Surveys
Pre WorkImplementati
onPost Work
Attribute Mapping
Pre WorkImplementati
onPost Work
Meta Verse HR RealEstate Phone Switch Corp DirectoryFirstName Fname first fnameLastName Lname last lnameLocation loc seat locsManager mgr manager
PhoneExtention pnum NetworkNumEmployeeNumber enum emplnum empl empl
Salary $$ WhatDoYouMakeEyeColor eyes
FavorateDrink drink WhatsInTheGlass WhatCanIBuyYou
Provider Consumer
Elevation Work FlowPre Work
Implementation
Post Work
Cycle Processing MapsPre Work
Implementation
Post Work
Batch Processing (12:00 AM -
6:00 AM)
Real Time Processing
Cycle (6:00 AM - 10:00 AM)
Real Time Processing Cycle (10:00
AM - 2:00 PM)
Real Time Processing
Cycle (2:00 PM - 6:00 PM)
Real Time Processing
Cycle (6:00 PM - 10:00 PM)
Non-Processing Time (10:00 PM
- 12:00 PM)
Daily Processing Cycle
Prioritization matrix Pre Work
Implementation
Post Work
Technical Level
Organizational Acceptance
Data Integrity Gain
Dollar Spend/Savings Totals
Weighting 2 4 1 3CustomerEmail 3 2 2 3 21Mainframe 4 4 3 4 27HR 7 5 6 2 35Corp Directory 7 2 5 8 37Active Directory 7 7 7 9 45
Technical Level is used to gauge the difficulty of moving this customer into the Meta Directory.
1-3 This is a high level of work involving multiple teams and a full project.
5-6 This is a medium level of difficulty requiring only a few teams and no project
9-10 This is a low level of difficulty and requires only a single team and very little time.
SurveysProvider
◦What attributes can you provide?◦What attributes are open for general
distribution?◦What attributes do you want to approve for
distribution?◦What level of SLA do you have?
Consumer◦What attributes do you need?◦What platform are they being moved to?◦How many server support this?◦What level of SLA do you have?
Pre WorkImplementati
onPost Work
DesignBusiness and Technical RequirementsHardware/Physical LayoutProcessing CycleMetaverse Design (Attribute
Mapping)Custom Code Sub DesignsMonitoringTestingBackup and Restore
Pre WorkImplementati
onPost Work
Elevation ProceduresDon’t forget about software
elevations best practicesFollow the elevation process flow,
that’s why you made itTake your time rolling out new
systems and verify things are working properly before moving on
Pre WorkImplementati
onPost Work
Care and FeedingLog Review
◦Look for errors in the processing cycle◦Verify the correct cycles are running at
the correct times◦Verify non-prod systems are available as
described in your SLAPerformance Review
◦Verify your processing cycles aren’t running long
◦Verify your server doesn’t get inundated when new systems come on board
Pre WorkImplementati
onPost Work
Additional UsesVersion Upgrades
◦Peoplesoft UpgradeProduct Changes
◦Directory Servers
Pre WorkImplementati
onPost Work
Wrap-UpSpend the time to do the upfront
documentationThink through how this will fit into your
enterprise both technically and non-technically
Explain your SLAs, Designs, and Prioritization to everyone involved ahead of the actual implementation
Be sure that all implemented systems are meshing well together before moving onto the next system.
Brian Picard CISSP GSEC [email protected]