1
BizTalk 2006: How UF Integrated BizTalk into their Identity Management System
BizTalk 2006: How UF Integrated BizTalk into their Identity Management System
Mike Conlon Director of Data Infrastructure George Bryan Project Manager
Presented at Microsoft Higher Education Conference in Redmond, WAJuly 11, 2006
Mike Conlon Director of Data Infrastructure George Bryan Project Manager
Presented at Microsoft Higher Education Conference in Redmond, WAJuly 11, 2006
2
The University of FloridaThe University of Florida
Largest and oldest university in Florida50,000 students in Gainesville 2004-05: #3 in Bachelors degrees
awarded, #4 doctoral; #1 professionalSAT quartiles V: 600-700; M: 620-710Land grant, Medicine, Eng, Bus$2B annual revenue; $500M research2006 NCAA Men’s Basketball
champions
Largest and oldest university in Florida50,000 students in Gainesville 2004-05: #3 in Bachelors degrees
awarded, #4 doctoral; #1 professionalSAT quartiles V: 600-700; M: 620-710Land grant, Medicine, Eng, Bus$2B annual revenue; $500M research2006 NCAA Men’s Basketball
champions
3
IT at UFIT at UF
500 IT professionals and developers across campus and the state
Very decentralized (very!) Over 150 email services 50,000 devices on the open network Directory Project 2001-2003 PeopleSoft implementation 2002-2004 Active Directory project 2003-2004 Password Management 2004 Account Management 2006
500 IT professionals and developers across campus and the state
Very decentralized (very!) Over 150 email services 50,000 devices on the open network Directory Project 2001-2003 PeopleSoft implementation 2002-2004 Active Directory project 2003-2004 Password Management 2004 Account Management 2006
4
Principles for Identity Management (IDM)
Principles for Identity Management (IDM)
Know the people in your environment
All credentials must be attributable to people you know
All authorizations must be attributable to people you know
Base credential strength on authorizations
Support a wide variety of platforms and vendor applications
Know the people in your environment
All credentials must be attributable to people you know
All authorizations must be attributable to people you know
Base credential strength on authorizations
Support a wide variety of platforms and vendor applications
5
Identity Management at UF
Identity Management at UF
Associate each person to a UFID (8 digit number) via UF Directory
Associate each computer credential (GatorLink username and password) to a UFID
Associate authorizations (roles) to UFID
Associate password policies to rolesSupport Active Directory, NDS,
LDAP, Kerberos, WebISO, Radius
Associate each person to a UFID (8 digit number) via UF Directory
Associate each computer credential (GatorLink username and password) to a UFID
Associate authorizations (roles) to UFID
Associate password policies to rolesSupport Active Directory, NDS,
LDAP, Kerberos, WebISO, Radius
6
UF DirectoryUF Directory
Authoritative person database since 2003 Coordinates 17 enterprise systems New LDAP schema (eduPerson, eduOrg) New UFID – 8 digit number GatorLink tied to UFID 50,000 new Gator One cards 1,500 applications modified to eliminate SSN New self-service apps 800 directory coordinators identified and
trained New directory coordinator apps Mainframe DB2 and APIs
Authoritative person database since 2003 Coordinates 17 enterprise systems New LDAP schema (eduPerson, eduOrg) New UFID – 8 digit number GatorLink tied to UFID 50,000 new Gator One cards 1,500 applications modified to eliminate SSN New self-service apps 800 directory coordinators identified and
trained New directory coordinator apps Mainframe DB2 and APIs
7
Directory and IDMDirectory and IDM
Directory coordinators establish identity
UFID assigned to individual Identity resolution is manual Self-service and directory coordinators
for updating contact informationAuthorized processes update official
information (Student, HR) 1.5M people in the UF Directory
Directory coordinators establish identity
UFID assigned to individual Identity resolution is manual Self-service and directory coordinators
for updating contact informationAuthorized processes update official
information (Student, HR) 1.5M people in the UF Directory
8
IDM EntitiesIDM Entities
Persons have UFID, Contact info and Level of Assurance
Affiliations (faculty, staff, alum) identify relationship to university
Roles (PA_USER, UF_GRADER) define access to services
Credentials (GatorLink username and password) control authentication
Password Policies (1-5) regulate password strength
Persons have UFID, Contact info and Level of Assurance
Affiliations (faculty, staff, alum) identify relationship to university
Roles (PA_USER, UF_GRADER) define access to services
Credentials (GatorLink username and password) control authentication
Password Policies (1-5) regulate password strength
9
IDM Entity RelationshipsIDM Entity Relationships
Password Policy
PwdPolicyID PolicyAttributes
Role
RoleID RoleName
Person
UFID LevelOfAssurance ContactInfo
Credential
Username Password
Affiliation
AffiliationID AffiliationName
***1
*
*
1 {0,1}
Password Policy
PwdPolicyID PolicyAttributes
Role
RoleID RoleName
Person
UFID LevelOfAssurance ContactInfo
Credential
Username Password
Affiliation
AffiliationID AffiliationName
***1
*
*
1 {0,1}
10
IDM Starts With PeopleIDM Starts With People
New people enter the environment in many ways. Over 800 directory coordinators are authorized to establish identity
All directory coordinators use a single web-based app to establish identity, creating a UFID for each new person
Identity resolution is manual Two levels of assurance – strong and
weak
New people enter the environment in many ways. Over 800 directory coordinators are authorized to establish identity
All directory coordinators use a single web-based app to establish identity, creating a UFID for each new person
Identity resolution is manual Two levels of assurance – strong and
weak
11
Credentials are Assigned to People
Credentials are Assigned to People
Credentials are created using a self-service application
Users pick their own usernames and their own passwords in accordance with policy
Credential information is pushed into other systems
Credentials are created using a self-service application
Users pick their own usernames and their own passwords in accordance with policy
Credential information is pushed into other systems
12
Updating CredentialsUpdating Credentials
GatorLinkLegacy
Middleware
NDS
PeopleSoftPortal
UFActive
Directory
Kerberos
GatorLinkLegacy
Middleware
NDS
PeopleSoftPortal
UFActive
Directory
Kerberos
13
Problems with UpdatingProblems with Updating
Legacy Middleware is a collection of special scripts and privileges -- difficult to manage and change. Everything is custom
It breaks – about 20 times a month out of 5,000 updates
It doesn’t scale – three integrations are in place, but no good way to get information to other systems regarding state changes in IDM
Legacy Middleware is a collection of special scripts and privileges -- difficult to manage and change. Everything is custom
It breaks – about 20 times a month out of 5,000 updates
It doesn’t scale – three integrations are in place, but no good way to get information to other systems regarding state changes in IDM
14
What Is BizTalk?What Is BizTalk?
BizTalk is an Enterprise Service Bus (ESB) which comprises the next generation of integration middleware
BizTalk is frequently described as the Glue for business interoperability
BizTalk is a Swiss Army Knife for Internet business eCommerce and enables seamless communication across various platforms
BizTalk brings the promise and power of XML to businesses and to their existing and legacy systems
BizTalk is an Enterprise Service Bus (ESB) which comprises the next generation of integration middleware
BizTalk is frequently described as the Glue for business interoperability
BizTalk is a Swiss Army Knife for Internet business eCommerce and enables seamless communication across various platforms
BizTalk brings the promise and power of XML to businesses and to their existing and legacy systems
15
Why BizTalk 2006?Why BizTalk 2006?
Familiar Development Platform (.NET/SQL)
Easy Deployment Flexible and Versatile Existing Support Infrastructure (MS PSS) Connectors to all Major Platforms Common Security Framework Good References (Fortune 500) Cost
Familiar Development Platform (.NET/SQL)
Easy Deployment Flexible and Versatile Existing Support Infrastructure (MS PSS) Connectors to all Major Platforms Common Security Framework Good References (Fortune 500) Cost
16
BizTalk 2006 AdaptersBizTalk 2006 Adapters
Oracle, DB2 and SQL Server™ Database Connectors
Oracle, SAP, PeopleSoft, JD Edwards Application Suites
Windows SharePoint® ServicesAdditional adapters for TIBCO
Rendezvous, TIBCO EMS, Amdocs ClarifyCRM, Host Files, Host Applications, POP3
Oracle, DB2 and SQL Server™ Database Connectors
Oracle, SAP, PeopleSoft, JD Edwards Application Suites
Windows SharePoint® ServicesAdditional adapters for TIBCO
Rendezvous, TIBCO EMS, Amdocs ClarifyCRM, Host Files, Host Applications, POP3
17
BizTalk BasicsBizTalk Basics
Conceptual OverviewLogical OverviewFunctional Overview
Conceptual OverviewLogical OverviewFunctional Overview
18
Broker
Business Process(Orchestration)
Source DestinationMessage Sent Message Sent
Broker
Business Process(Orchestration)
Source DestinationMessage Sent Message Sent
Conceptual Processing Overview
Conceptual Processing Overview
19
Message Box
Send
Transform | Validate | Parse | Security
Bu
sine
ss P
r oce
ssSP2
BP1
SP1
PIPELINE
PSFT
TRANSPORT
Send
BP = Business ProcessSP = Service Provider
Message Box
Send
Transform | Validate | Parse | Security
Bu
sine
ss P
r oce
ssSP2
BP1
SP1
PIPELINE
PSFT
TRANSPORT
Send
BP = Business ProcessSP = Service Provider
Logical Processing Overview
Logical Processing Overview
20
PeopleSoftIntegration Broker
(People Tools 8.4511)
BizTalk MessageBox
(SQL)
1. - Asynchronous message sent
Enterprise Service Bus (ESB)BizTalk 2006
Receive Location
Publish Message
3. Preprocess pipeline handles security, encryption, preprocessing, transformations etc.- Generates Header (Key | Value) and message body (.Net Stream Object)- The pipeline is interested in the content of the message- The pipeline is context aware and message specific
HTTPS Post/ACK
2. Message received by BizTalk adapter- Message validated against existing XML Schemas- If valid “OK” acknowledgement sent
4. All messages are published/persisted into the BizTalk MessageBox pending delivery by the Receive Location
HTTP Adapter
Message Engine
Receive Pipeline
Functional Overview – Receive Message
Functional Overview – Receive Message
21
BizTalk MessageBox
(SQL)
Enterprise Service Bus (ESB)BizTalk 2006
Send Location
SOAPAdapter
Message Engine
Send Pipeline
Process Message
<SP> Web
Service
<SP> Web
Service
Suspend Queue Tracking DBDelivery Queue
Send
Mes
sage
Send Message
Biztalk Message = .NET Stream Object (Some on disk and some in memory. Orchestration expects XML. (Header | Body)
Functional Overview – Route Message
Functional Overview – Route Message
22
Infrastructure Design Considerations
Infrastructure Design Considerations
BizTalk 2006 System Requirements BizTalk 2004 versus 2006
Deploying Applications Resumable Transactions for Received Messages
32 Bit versus 64 Bit Virtualizing Servers SQL 2000 or SQL 2005 Clustering SQL SSO Placement Enterprise BizTalk Groups Web Tier Considerations Using MSMQ and SQL
BizTalk 2006 System Requirements BizTalk 2004 versus 2006
Deploying Applications Resumable Transactions for Received Messages
32 Bit versus 64 Bit Virtualizing Servers SQL 2000 or SQL 2005 Clustering SQL SSO Placement Enterprise BizTalk Groups Web Tier Considerations Using MSMQ and SQL
23
BizTalk Without OrchestrationsBizTalk Without Orchestrations
Receive and Send PortsData TransformationsEnveloping
MaxOccurs = Unbounded
Demo Data Transformations, Maps, Functoids
Receive and Send PortsData TransformationsEnveloping
MaxOccurs = Unbounded
Demo Data Transformations, Maps, Functoids
24
Adding OrchestrationsAdding Orchestrations
Long Running TransactionsCorrelationsDehydrating and Hydrating messages
Using Business RulesPromoting Field to Context for use
in business processes
Demo simple orchestration
Long Running TransactionsCorrelationsDehydrating and Hydrating messages
Using Business RulesPromoting Field to Context for use
in business processes
Demo simple orchestration
25
Tools of the TradeTools of the Trade
Visual Studio (BizTalk Projects) ILDASM – Inspect .NET Assembly XSD – Generates >NET classes or XML Schema from
XML or XSD WSDL – Generates code for XML web services from
WSDL BizTalk System Administrator
Message Tracking Debug Message Flow Configuration Message Box Heart and Soul of BizTalk
BizTalk Deployment Wizard Altova XMLSpy
Excellent for XML/XSD development More functionality than native tools ( new version
2007)
Visual Studio (BizTalk Projects) ILDASM – Inspect .NET Assembly XSD – Generates >NET classes or XML Schema from
XML or XSD WSDL – Generates code for XML web services from
WSDL BizTalk System Administrator
Message Tracking Debug Message Flow Configuration Message Box Heart and Soul of BizTalk
BizTalk Deployment Wizard Altova XMLSpy
Excellent for XML/XSD development More functionality than native tools ( new version
2007)
26
Lessons LearnedLessons Learned
Develop Enterprise Wide SchemasDevelop Enterprise Wide Schemas Good communication with all parties involvedGood communication with all parties involved Use Native BizTalk Capability where possibleUse Native BizTalk Capability where possible Use SQL or MSMQ (File Subsystem for testing Use SQL or MSMQ (File Subsystem for testing
only)only) Use XML configuration files for all applications Use XML configuration files for all applications
(Never encapsulate parameters in code)(Never encapsulate parameters in code) Keep an accurate KB of problem and Keep an accurate KB of problem and
resolutionresolution Use some kind of versioning for development Use some kind of versioning for development
code (Visual Team Suite, Visual SourceSafe code (Visual Team Suite, Visual SourceSafe 2005 or Free solutions such as Subversion or 2005 or Free solutions such as Subversion or Tortoise SVN)Tortoise SVN)
Develop Enterprise Wide SchemasDevelop Enterprise Wide Schemas Good communication with all parties involvedGood communication with all parties involved Use Native BizTalk Capability where possibleUse Native BizTalk Capability where possible Use SQL or MSMQ (File Subsystem for testing Use SQL or MSMQ (File Subsystem for testing
only)only) Use XML configuration files for all applications Use XML configuration files for all applications
(Never encapsulate parameters in code)(Never encapsulate parameters in code) Keep an accurate KB of problem and Keep an accurate KB of problem and
resolutionresolution Use some kind of versioning for development Use some kind of versioning for development
code (Visual Team Suite, Visual SourceSafe code (Visual Team Suite, Visual SourceSafe 2005 or Free solutions such as Subversion or 2005 or Free solutions such as Subversion or Tortoise SVN)Tortoise SVN)
27
More InfoMore Info
UFAD Web SiteUFAD Web Sitewww.ad.ufl.edu
GatorLinkGatorLinkwww.gatorlink.ufl.edu
UF DirectoryUF Directorywww.bridges.ufl.edu/directory
ContactContactMike ConlonMike Conlon [email protected] BryanGeorge Bryan [email protected]
UFAD Web SiteUFAD Web Sitewww.ad.ufl.edu
GatorLinkGatorLinkwww.gatorlink.ufl.edu
UF DirectoryUF Directorywww.bridges.ufl.edu/directory
ContactContactMike ConlonMike Conlon [email protected] BryanGeorge Bryan [email protected]