MIIS2003DeploymentTWPPPT

8/9/2019 MIIS2003DeploymentTWPPPT

1/33

Enabling Cross-Forest IdentityManagement with Microsoft IdentityIntegration Server 2003

An overview of the Microsoft IT organizationexperiences

Published:May 2004


2/33

Solution Overview

Situation Inconsistent cross-forest user experience and lowered user

productivity

Solution Implementation of MIIS 2003

Benefits Reduced costs: $120,000 a year from process automation alone Centralized identity management

Productivity enhanced by cross-forest application functionality Improved directory consistency and data integrity


3/33


4/33

Identity Infrastructure at Microsoft

CorporateCorporateForestForest

WindowsWindowsDeploymentDeployment

WindowsWindowsLegacyLegacy

ExchangeExchangeDevelopmentDevelopment

ExtranetExtranet

TestTestExtranetExtranet

CorporateCorporateStagingStaging

MSNMSN

MSNBCMSNBC

WindowsWindowsDevelopmentDevelopment


5/33

Cross-Forest Application Issues

Cannot see all company personnel in thee-mail address book

Cannot see cross-forest e-mail groupmembership information


6/33

Cross-Forest Application Issues

Cannot use Windows Messenger or seepresence information cross-forest

Inconsistent mobile user print experienceacross forests

Cannot validate RMS-protected documentsacross forests


7/33

Cross-Forest Management Issues

Complex manual management processrequiring multiple custom tools

Cumbersome monitoring


8/33

Significant Cost to Maintain Identity

Infrastructure

$7 million U.S. annual productivity cost dueto slow account creation

$1.6 million U.S. annual help desk cost forpassword resets

$3 million U.S. annual cost for manualaccount replication


9/33

Significant Cost to Maintain Identity

Infrastructure

Increased security risk due to accounttermination delays

High development and maintenance cost ofinternally developed tools


10/33

MIIS 2003 Solution

MIISMIIS

WindowsWindowsDeploymentDeployment

WindowsWindowsLegacyLegacy

ExchangeExchangeDevelopmentDevelopment

WindowsWindowsDevelopmentDevelopment

CorporateCorporateForestForest


11/33

MIIS 2003 Configuration

Metadirectory environment consists of singleCorporate Forest member server

Server is data center standard hardware platform

Server is configured with management agents foreach connected directory

Management agents run at scheduled intervals

Latency is fine-tuned at Microsoft


12/33

MIIS 2003 Configuration

MIIS synchronization data set:

Mail-enabled users and contacts 100,000+

Mail-enabled groups 100,000+

Active Directory Sites 112

Active Directory Subnets 3,400

Active Directory Published Printers 600

MIIS database size 16 GB

Microsoft IT MIIS management agents controldata flow


13/33

Key Functionality Gained from

MIIS 2003

Centralization of identity management

Global address book synchronization


14/33

Key Functionality Gained from

MIIS 2003

Group synchronization services

Other synchronization services

Sites, subnets, and printer synchronization Live Communications Server attribute

synchronization

Windows Rights Management Services

enablement


15/33

Deployment

Deployment team

Project manager, lead technologist, businesslogic developer

Deployment plan

Shared Goals document

Deployment objectives

Primary, secondary, tertiary


16/33

Deployment

Success measures

Definitions of successful synchronization

Metrics for synchronization problems and uptime

Service operations alerting, service availabilityassessment, SQL Server optimization

Support escalation plan

Responsibilities assigned

Events detailed, prioritized, assigned

Procedures and time limits established


17/33

Deployment

Support and staff training plan

Training session for each tier of support

Operational aspects of MIIS 2003

Full automation, including monitoring through MOM

Processes not assigned to MIIS handled manually

Management agents start on the hour to incorporatechanges to user information


18/33

Business Benefits: Simplified Identity

Management

Unified solution

Process automation

Improved management Automated remote monitoring with MOM


19/33

Business Benefits: Resolved Cross-

Forest Application Issues

Unified address book is consistent across forests

Group membership information is visible acrossforests

RMS-protected documents are readable acrossforests

Windows Messenger and presence information

enabled across forests Improved mobile print experience across forests


20/33

Business Benefits: Improved User

Experience and Productivity

Applications and services now workconsistently across Microsoft

Productivity enhanced by new cross-forestapplication functionality

Accurate and consistent informationproviding a holistic view


21/33

Business Benefits: Reduced Cost of

Identity Management

$120,000 U.S. saved annually from processautomation

Annual savings from retiring internallydeveloped tools

Development cost reduction using MIIS2003 for custom functionality


22/33

Lessons Learned: Pre-Deployment

Define all business rules and applicationrequirements up front

Identify identity master


23/33


Determine service-level agreements

Identify all existing systems and processes

that may conflict with synchronization Train development and support staff before

production deployment


24/33


Custom code development and testing lab

More synchronization scenarios emerge as

service matures Deploy an MIIS 2003 warm standby server

for high availability


25/33

Lessons Learned: Piloting

Ensure that pilot users cover all test scenarios

Stage the deployments


26/33

Lessons Learned: Deployment

Plan for data scrubbing and cleanup

Create a deployment strategy

Use MOM Management Pack for MIIS 2003


27/33

Lessons Learned: Deployment

Deploy SQL Sever databasebackup/maintenance

Define run histories and audit files archivalstrategy for troubleshooting and auditing

Implement a disaster recovery plan


28/33

Best Practices

Plan the migration from the test environment tothe production environment

Back up the initial test environment

Back up the encryption keys

Install MIIS and SQL Server in the same domain

Use preview to test synchronizations and

troubleshoot errors Schedule the management agents


29/33

Best Practices for Security

Control access with MIIS 2003 security groups

Implement user rights and permissions to restrictsoftware access to trusted accounts

Enforce strong password policies for all useraccounts

Implement SQL Server 2000 security best

practices Lock down the MIIS 2003 service account


30/33

Best Practices for Security

Periodically change the MIIS 2003 serviceaccount password

Control debug rights to the MIIServer process

Monitor user access frequently

Remove user rights when security breaches aresuspected

Secure your access control lists Build and test your security breach recovery plan


31/33

Conclusion

MIIS 2003 deployed within Microsoft forcentralized identity management and automation

Deployment improved efficiencies and reduced

operating costssaving millions of dollarsannually

Deployment simplified and consolidated identityand access management infrastructure


32/33

For More Information

For more information about Global AddressBook synchronization, seehttp://www.microsoft.com/windowsserver2003/techinfo/overview/miisgalarch.mspx

Additional content on Microsoft IT deploymentsand best practices can be found onhttp://www.microsoft.com

Microsoft TechNet

http://www.microsoft.com/technet/itshowcase Microsoft Case Study Resources

http://www.microsoft.com/resources/casestudies


33/33

This document is provided for informational purposes only.

MIC

ROSOFT MAK

ES NO WARRANTIES, EX

PRESS OR

IMPLI

ED

,IN TH

ISD

OC

UMENT.

2004 MicrosoftCorporation. All rights reserved.

This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THISSUMMARY. Microsoft, Microsoft Press, Visual Studio, Visual SourceSafe, Windows and Windows NT are either registered trademarks

or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and productsmentioned herein may be the trademarks of their respective owners.

Date post:	30-May-2018
Category:	Documents
Upload:	kaka-sahib
View:	216 times
Download:	0 times

MIIS2003DeploymentTWPPPT

Documents