Date post: | 30-May-2018 |
Category: |
Documents |
Upload: | kaka-sahib |
View: | 216 times |
Download: | 0 times |
of 33
8/9/2019 MIIS2003DeploymentTWPPPT
1/33
Enabling Cross-Forest IdentityManagement with Microsoft IdentityIntegration Server 2003
An overview of the Microsoft IT organizationexperiences
Published:May 2004
8/9/2019 MIIS2003DeploymentTWPPPT
2/33
Solution Overview
Situation Inconsistent cross-forest user experience and lowered user
productivity
Solution Implementation of MIIS 2003
Benefits Reduced costs: $120,000 a year from process automation alone Centralized identity management
Productivity enhanced by cross-forest application functionality Improved directory consistency and data integrity
8/9/2019 MIIS2003DeploymentTWPPPT
3/33
8/9/2019 MIIS2003DeploymentTWPPPT
4/33
Identity Infrastructure at Microsoft
CorporateCorporateForestForest
WindowsWindowsDeploymentDeployment
WindowsWindowsLegacyLegacy
ExchangeExchangeDevelopmentDevelopment
ExtranetExtranet
TestTestExtranetExtranet
CorporateCorporateStagingStaging
MSNMSN
MSNBCMSNBC
WindowsWindowsDevelopmentDevelopment
8/9/2019 MIIS2003DeploymentTWPPPT
5/33
Cross-Forest Application Issues
Cannot see all company personnel in thee-mail address book
Cannot see cross-forest e-mail groupmembership information
8/9/2019 MIIS2003DeploymentTWPPPT
6/33
Cross-Forest Application Issues
Cannot use Windows Messenger or seepresence information cross-forest
Inconsistent mobile user print experienceacross forests
Cannot validate RMS-protected documentsacross forests
8/9/2019 MIIS2003DeploymentTWPPPT
7/33
Cross-Forest Management Issues
Complex manual management processrequiring multiple custom tools
Cumbersome monitoring
8/9/2019 MIIS2003DeploymentTWPPPT
8/33
Significant Cost to Maintain Identity
Infrastructure
$7 million U.S. annual productivity cost dueto slow account creation
$1.6 million U.S. annual help desk cost forpassword resets
$3 million U.S. annual cost for manualaccount replication
8/9/2019 MIIS2003DeploymentTWPPPT
9/33
Significant Cost to Maintain Identity
Infrastructure
Increased security risk due to accounttermination delays
High development and maintenance cost ofinternally developed tools
8/9/2019 MIIS2003DeploymentTWPPPT
10/33
MIIS 2003 Solution
MIISMIIS
WindowsWindowsDeploymentDeployment
WindowsWindowsLegacyLegacy
ExchangeExchangeDevelopmentDevelopment
WindowsWindowsDevelopmentDevelopment
CorporateCorporateForestForest
8/9/2019 MIIS2003DeploymentTWPPPT
11/33
MIIS 2003 Configuration
Metadirectory environment consists of singleCorporate Forest member server
Server is data center standard hardware platform
Server is configured with management agents foreach connected directory
Management agents run at scheduled intervals
Latency is fine-tuned at Microsoft
8/9/2019 MIIS2003DeploymentTWPPPT
12/33
MIIS 2003 Configuration
MIIS synchronization data set:
Mail-enabled users and contacts 100,000+
Mail-enabled groups 100,000+
Active Directory Sites 112
Active Directory Subnets 3,400
Active Directory Published Printers 600
MIIS database size 16 GB
Microsoft IT MIIS management agents controldata flow
8/9/2019 MIIS2003DeploymentTWPPPT
13/33
Key Functionality Gained from
MIIS 2003
Centralization of identity management
Global address book synchronization
8/9/2019 MIIS2003DeploymentTWPPPT
14/33
Key Functionality Gained from
MIIS 2003
Group synchronization services
Other synchronization services
Sites, subnets, and printer synchronization Live Communications Server attribute
synchronization
Windows Rights Management Services
enablement
8/9/2019 MIIS2003DeploymentTWPPPT
15/33
Deployment
Deployment team
Project manager, lead technologist, businesslogic developer
Deployment plan
Shared Goals document
Deployment objectives
Primary, secondary, tertiary
8/9/2019 MIIS2003DeploymentTWPPPT
16/33
Deployment
Success measures
Definitions of successful synchronization
Metrics for synchronization problems and uptime
Service operations alerting, service availabilityassessment, SQL Server optimization
Support escalation plan
Responsibilities assigned
Events detailed, prioritized, assigned
Procedures and time limits established
8/9/2019 MIIS2003DeploymentTWPPPT
17/33
Deployment
Support and staff training plan
Training session for each tier of support
Operational aspects of MIIS 2003
Full automation, including monitoring through MOM
Processes not assigned to MIIS handled manually
Management agents start on the hour to incorporatechanges to user information
8/9/2019 MIIS2003DeploymentTWPPPT
18/33
Business Benefits: Simplified Identity
Management
Unified solution
Process automation
Improved management Automated remote monitoring with MOM
8/9/2019 MIIS2003DeploymentTWPPPT
19/33
Business Benefits: Resolved Cross-
Forest Application Issues
Unified address book is consistent across forests
Group membership information is visible acrossforests
RMS-protected documents are readable acrossforests
Windows Messenger and presence information
enabled across forests Improved mobile print experience across forests
8/9/2019 MIIS2003DeploymentTWPPPT
20/33
Business Benefits: Improved User
Experience and Productivity
Applications and services now workconsistently across Microsoft
Productivity enhanced by new cross-forestapplication functionality
Accurate and consistent informationproviding a holistic view
8/9/2019 MIIS2003DeploymentTWPPPT
21/33
Business Benefits: Reduced Cost of
Identity Management
$120,000 U.S. saved annually from processautomation
Annual savings from retiring internallydeveloped tools
Development cost reduction using MIIS2003 for custom functionality
8/9/2019 MIIS2003DeploymentTWPPPT
22/33
Lessons Learned: Pre-Deployment
Define all business rules and applicationrequirements up front
Identify identity master
8/9/2019 MIIS2003DeploymentTWPPPT
23/33
Lessons Learned: Pre-Deployment
Determine service-level agreements
Identify all existing systems and processes
that may conflict with synchronization Train development and support staff before
production deployment
8/9/2019 MIIS2003DeploymentTWPPPT
24/33
Lessons Learned: Pre-Deployment
Custom code development and testing lab
More synchronization scenarios emerge as
service matures Deploy an MIIS 2003 warm standby server
for high availability
8/9/2019 MIIS2003DeploymentTWPPPT
25/33
Lessons Learned: Piloting
Ensure that pilot users cover all test scenarios
Stage the deployments
8/9/2019 MIIS2003DeploymentTWPPPT
26/33
Lessons Learned: Deployment
Plan for data scrubbing and cleanup
Create a deployment strategy
Use MOM Management Pack for MIIS 2003
8/9/2019 MIIS2003DeploymentTWPPPT
27/33
Lessons Learned: Deployment
Deploy SQL Sever databasebackup/maintenance
Define run histories and audit files archivalstrategy for troubleshooting and auditing
Implement a disaster recovery plan
8/9/2019 MIIS2003DeploymentTWPPPT
28/33
Best Practices
Plan the migration from the test environment tothe production environment
Back up the initial test environment
Back up the encryption keys
Install MIIS and SQL Server in the same domain
Use preview to test synchronizations and
troubleshoot errors Schedule the management agents
8/9/2019 MIIS2003DeploymentTWPPPT
29/33
Best Practices for Security
Control access with MIIS 2003 security groups
Implement user rights and permissions to restrictsoftware access to trusted accounts
Enforce strong password policies for all useraccounts
Implement SQL Server 2000 security best
practices Lock down the MIIS 2003 service account
8/9/2019 MIIS2003DeploymentTWPPPT
30/33
Best Practices for Security
Periodically change the MIIS 2003 serviceaccount password
Control debug rights to the MIIServer process
Monitor user access frequently
Remove user rights when security breaches aresuspected
Secure your access control lists Build and test your security breach recovery plan
8/9/2019 MIIS2003DeploymentTWPPPT
31/33
Conclusion
MIIS 2003 deployed within Microsoft forcentralized identity management and automation
Deployment improved efficiencies and reduced
operating costssaving millions of dollarsannually
Deployment simplified and consolidated identityand access management infrastructure
8/9/2019 MIIS2003DeploymentTWPPPT
32/33
For More Information
For more information about Global AddressBook synchronization, seehttp://www.microsoft.com/windowsserver2003/techinfo/overview/miisgalarch.mspx
Additional content on Microsoft IT deploymentsand best practices can be found onhttp://www.microsoft.com
Microsoft TechNet
http://www.microsoft.com/technet/itshowcase Microsoft Case Study Resources
http://www.microsoft.com/resources/casestudies
8/9/2019 MIIS2003DeploymentTWPPPT
33/33
This document is provided for informational purposes only.
MIC
ROSOFT MAK
ES NO WARRANTIES, EX
PRESS OR
IMPLI
ED
,IN TH
ISD
OC
UMENT.
2004 MicrosoftCorporation. All rights reserved.
This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THISSUMMARY. Microsoft, Microsoft Press, Visual Studio, Visual SourceSafe, Windows and Windows NT are either registered trademarks
or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and productsmentioned herein may be the trademarks of their respective owners.