6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 1 Enterprise Directory...

6 Nov 2003A. Vandenberg ©

Teach A Man to FishEducause 2003 Anaheim, CA

Enterprise DirectoryImplementation Roadmap –

Directions Provided

Art VandenbergDirector, Advanced Campus Services

Georgia State University

avandenberg@gsu.edu

“Copyright Art Vandenberg 2003. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate

otherwise or to republish requires written permission from the author.”

Roadmap – Introduction

Roadmap’s Layered Detail

• Roadmap Intro & main sections (5 pp.)– Project Planning, Prep & Requirements– Architecture Design, Policy Development– Data Flow, Business Process– Implementation & Deployment

• Next level, outline of topics (24 pp.)• Detail level articles, documents, links (~340 pp.)• Dual tracks: Technical & Policy

• Technology/architecture & policy/management activity work together• GOAL: directory-enable applications• Directories reflect (variety of) institutional goals and environments

Roadmap – Project Planning

http://www.nmi-edit.org/roadmap/plan/plan-set.html

• Develop business case, secure support (educate, assemble drivers, business case)

• Develop project plan• Decide on implementation strategy, timing, and organizational approach• Develop communications and PR plan• Discuss with stakeholders when appropriate• Develop project specifics

• Assemble resources (funding, structure, communication plan)

• Articles, documents, templates, links – READY TO USE!

Roadmap – Architecture & Policy

http://www.nmi-edit.org/roadmap/design/design-set.html

• Campus identifier strategy– Guidelines, templates, examples– Do you know where your identifiers are?

• Directory Services Architecture– Models, recipe, schemas for higher education

• Education and communication• Policy and process development

Identifiers, Authentication& Directories

• Directory components (1,000 words)

Directories & Details!

• Best Practice Design for LDAP Directory• Schema

– Flat as possible - minimizes update overhead– UID unique across tree– Create “campus person” (CampusEduPerson)– Use dc naming: dc=yourschool, dc=edu– ... and more

• Naming– Choose distinguishedName (DN) carefully– UID rather than commonName (Jim Smit, Jim Smit?)

• You have a rich Roadmap to guide you

LDAP Recipe

• Recommendations to lead to common directory schema and deployments

• Started 2000, living doc, now 30 pp.

• Good source of information – USE THIS!

• Directory Information Tree (DIT)– Dc naming (leverage Domain Name System)

– Ou=people, dc=yourschool, dc=edu

– uid=avandenberg, ou=people, dc=gsu, dc=edu

Non-flat, non unique uid, no dc-naming

o=Georgia State University

ou=Information Systems

ou=ACS ou=UCCS

cn=Art Vann

cn=Jan Smit

cn=Sue West

cn=Mae Jones

cn=Jan Smit

Cn=Jan Smit, ou=ACS, ou=Information Systems, o=Georgia State University

Flat, unique uid, dc-naming

dc=edu

dc=gsu

ou=people ou=unit

uid=avann

uid=jsmit

uid=jsmit2

ou=acs

ou=uccs

uid=jsmit2, ou=people, dc=gsu, dc=edu

eduPerson object Class• LDIF (LDAP Data Interchange Format)...dn: cn=schemachangetype: modify...add: attributetypesattributetypes: ( 1.3.6.1.4.1.5923.1.1.1.1 NAME 'eduPersonAffiliation' DESC 'eduPerson per Internet2 and EDUCAUSE' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )...add: objectclassesobjectclasses: ( 1.3.6.1.4.1.5923.1.1.2 NAME 'eduPerson' AUXILIARY MAY ( eduPersonAffiliation $ eduPersonNickname $ eduPersonOrgDN $ eduPersonOrgUnitDN $ eduPersonPrimaryAffiliation $ eduPersonPrincipalName $ eduPersonEntitlement $ eduPersonPrimaryOrgUnitDN $ ))

Directory Architectures -cont’d

Working with Stakeholders

• Who are the stakeholders?– Technical, functional, management, users...

– What are key application drivers? Get that buy-in!

• Ad hoc or formal committees?

• Stewardship (preferred) vs. ownership– Data administration – how’s it done?

• Identifying policy gaps is important

• Establish same enterprise focus as for ERP systems

Roadmap – Data Flow &Business Process

http://www.nmi-edit.org/roadmap/data/data-set.html

• Integrated provisioning architecture:– data sources/providers

– data flow & meta-processes

– Application targets/consumer

• Chicken & egg: business flow & technical– You have to solve it together (functional & technical)

• Keeping that in mind… let’s look at overall concept

Directory Business Flowconsolidation, intelligence, provisioning

Select Meta-Directory Model

• Enterprise directory / metadirectory

• Physical or virtual “person registry”

• Data load requirements

• Provisioning model for consumer apps

• ETL (extract, transform, load) tools

• Integration/synchronization services

UMBC Meta-Directory

• Source systems: HR and SIS with data in Oracle RDBMS• Database triggers create change logs• Updates applied to iPlanet LDAP• Perl scripts query iPlanet change logs

– update Active Directory– Update Remedy trouble ticket

• Perl scripts = intelligence• iPlanet directory = registry

BC Meta-Directory

• Source is the registry (corporate DB, VSAM files)

• Single entry point/identifier create (even Peoplesoft)

• Identity reconciliation moot

• Student & HR “activate” user, marking for feed

• Fed to iPlanet, email, voicemail, Radius, etc.

• Transactions real-time or batch (ftp & update scripts)

• Initial user entry/activation/script triggers = intelligence

Business Process Design/Impact

• Policies & procedures of existing systems of record– Human Resources, Student, Financial, Alumni, ancilliary…

• Can you leverage an existing initiative?

• What are directory update or service targets?

• Directory use policy (users & applications)

• Is there a Data Stewardship Policy?

• Do users know how their data is used?

• New identifier issues (new identifiers, new issues both)

Roadmap – Enterprise Directory &Applications Implementation

http://www.nmi-edit.org/roadmap/app/app-set.html

• Requirements & Analysis complete...– Business processes, data flows complete– Meta directory architecture complete

• Design– system & network, schema (eduPerson), metadirectory flow

• Implement– LDAP server, eduPerson data load, access controls, applications

• Deploy– testing, verification, transition & release to ops

The Communication Plan

• Who knows what and when?

• Content and context for the plan

• Words to live by:– No surprises! Manage expectations. “Under promise, over-

deliver.”

• Phased approach with multiple communication modes

• Optimal result:– Deliver what they want, which just happens to be what you are

offering...

Repeat as needed…

Contact

Enterprise Directory Implementation Roadmaphttp://www.nmi-edit.org/roadmap/directories.html

Art Vandenbergavandenberg@gsu.edu

Thank you

6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 1 Enterprise Directory...

Documents

Transcript of 6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 1 Enterprise Directory...

UT TeleCampus Cost Study (2002-2003) Darcy W. Hardy Rob Robinson Educause 2004.

Building the Midwest Instructional Technology Center EDUCAUSE Midwest Regional Conference 2003 Nancy Millichap and Alex Wirth-Cauchon, MITC March 26, 2003.

Educause: BiblioBouts

Educause 2014

EDUCAUSE Center

EDUCAUSE Data, Research & Analytics Leah Lang, EDUCAUSE CSG January 2012 ©2012 EDUCAUSE 1.

»BEYOND THE BOTTOM LINE: Contract Web Development in Higher Education Educause 2003, November 4-7 »© Mary Pickering, 2003. This work is the intellectual.

Vandenberg Air Force Base Final Hazardous Waste Facility ... · vandenberg air base vandenberg afb, california 93437 hazardous waste facility permit attachment "a" table of contents

guide - EDUCAUSE

Educause 2013

Cascade-Case based learning, presentation Educause 2003 Anaheim.

Southwest Educause 2003 © Baylor University 2003 Adapting Enterprise Security to a University Environment Bob Hartland Director of IT Servers and Network.

MOOCs EDUCAUSE

Portfolio : 1 : Estate Philippe Vandenberg

Space as a Change Agent - EDUCAUSE Review | EDUCAUSE

November 7th, 2003 John Bruggeman - EDUCAUSE 2003 Conference 1 Defining Risk and Fixing the Top 20 Security 101 for a small school.

EDUCAUSE 07

Webdisk Storage Anywhere, Anytime for Everyone Presented at Educause, 2003 Copyright 2003, Jeremy Mortis and Harold Esche. This work is the intellectual.

An Introduction to EDUCAUSE and the EDUCAUSE/Internet2 Security Task Force

EDUCAUSE Center for Applied Research An Update. New EDUCAUSE Initiatives for 2002 EDUCAUSE Core Data Survey Virtual Communities Initiative Institute for.