Project Plan - Draft OneIT – Identity and Access Management – Sub-Plan 4 Page 1 of 4 Details Project Name: OneIT – Identity and Access Management Sub 4: Enhance Enterprise Provisioning/Deprovisioning Project Team Leads: Mike Noel, Brandon Mills, Jordan O’Konek Project Manager: Kris Halter TeamDynamix Project Number: 241151 Project Overview (What is going to be accomplished) The purpose of this IAM subproject is to enhance and extend enterprise-level provisioning/de-provisioning of services. It include four components: 1. Complete IAM infrastructure refresh (Windows 2003, SQL Server upgrades, Deploy TFS Release Management) 2. Explore integration of HawkID login tools with federation toolset 3. Create an integrated set of self-service Identity Management services 4. Develop solution for external identities IAM infrastructure refresh This refresh of older servers will bring the IAM infrastructure up to current version levels of the OS and SQL. Review of all processes supported by each server before it is migrated will identify any opportunities for standardization, consolidation or retirement. The move to contemporary technologies will allow adoption of TFS Release Management methodologies. Any physical servers needing to be replaced will be virtualized. The overall result will be improvements in daily operations from refactoring and retirement of legacy processes. Explore Integration of authentication tools The HawkID enterprise authentication toolbox includes a variety of technologies. Including Shibboleth, ADFS, HawkID Login Tools, and the F5 load balancer. All provide a secure HawkID login environment. This project component will explore the possibility of integrating the tools for a more seamless Single-sign-on (SSO) experience. Create an integrated set of Self-Service Identity Management services Currently there is a limited set of self-service identity management tools available. Additional self-service service management options are needed for a variety of IT service customers. Opportunities include: 1. Replacement of vended software with locally developed password management tool 2. Rewrite name/address/phone update tool 3. DIY self-service options for security profile setup: HawkID password management, Hawk Alert, ID card charging, Lost/Stolen card reports Develop solution to create and manage external identities We have a well-established Identity and Access Management services for faculty, staff, and students. There are several additional, special populations that need credentials and various services. Multiple solutions exist to create and manage external identities across campus depending on the particular service. This
Transcript
Project Plan - Draft
OneIT – Identity and Access Management – Sub-Plan 4 Page 1 of 4
Details
Project Name: OneIT – Identity and Access Management Sub 4: Enhance Enterprise Provisioning/Deprovisioning Project Team Leads: Mike Noel, Brandon Mills, Jordan O’Konek Project Manager: Kris Halter TeamDynamix Project Number: 241151
Project Overview (What is going to be accomplished)
The purpose of this IAM subproject is to enhance and extend enterprise-level provisioning/de-provisioning of services. It include four components:
1. Complete IAM infrastructure refresh (Windows 2003, SQL Server upgrades, Deploy TFS Release Management)
2. Explore integration of HawkID login tools with federation toolset 3. Create an integrated set of self-service Identity Management services 4. Develop solution for external identities
IAM infrastructure refresh This refresh of older servers will bring the IAM infrastructure up to current version levels of the OS and SQL. Review of all processes supported by each server before it is migrated will identify any opportunities for standardization, consolidation or retirement. The move to contemporary technologies will allow adoption of TFS Release Management methodologies. Any physical servers needing to be replaced will be virtualized. The overall result will be improvements in daily operations from refactoring and retirement of legacy processes. Explore Integration of authentication tools The HawkID enterprise authentication toolbox includes a variety of technologies. Including Shibboleth, ADFS, HawkID Login Tools, and the F5 load balancer. All provide a secure HawkID login environment. This project component will explore the possibility of integrating the tools for a more seamless Single-sign-on (SSO) experience. Create an integrated set of Self-Service Identity Management services Currently there is a limited set of self-service identity management tools available. Additional self-service service management options are needed for a variety of IT service customers. Opportunities include:
1. Replacement of vended software with locally developed password management tool 2. Rewrite name/address/phone update tool 3. DIY self-service options for security profile setup: HawkID password management, Hawk Alert, ID
card charging, Lost/Stolen card reports Develop solution to create and manage external identities We have a well-established Identity and Access Management services for faculty, staff, and students. There are several additional, special populations that need credentials and various services. Multiple solutions exist to create and manage external identities across campus depending on the particular service. This
OneIT – Identity and Access Management – Sub-Plan 4 Page 2 of 4
project component is to develop standardized processes and tools for creating and managing identities plus provisioning services. Examples of special populations include:
1. Parent accounts – controlled by their student 2. Guests 3. Accrediting bodies 4. Search committees (non-university members) 5. State employees housed on campus (e.g., auditors, historical society) 6. Library patrons 7. Local law enforcement (campus emergency alerts) 8. External Workflow routing 9. Applications that are available to external persons 10. Campus workshops (batch input needed) 11. Building contractors
Project Staffing (Who will perform the work)
Team Member Role, Skill Set Estimated Time Commitment (hrs)
Mike Noel Project Leader 20
Jordan O’Konek Project Leader, Developer 100
Brandon Mills Project Leader 20
Kris Halter Project Manager 20
ITS AIS DNA Sys Admins, Developers, DIY Programmers 1,000
ITS-EI SST Sys Admins 200
Ed Hill Architect, UI Passport, SSO 40
Michael Alberhasky Application Developer, PW Reset Tool 300
Michael Domingues Sys Admin, Federated Authentication 80
John Kazmerzak Sys Admin, Federated Authentication 80
Dan Metzler Sys Admin, F5 40
Dave Kelly Sys Admin, F5 40
Total 1940
Project Schedule (When will the work be started/completed)
Milestone Target Status
IAM Infrastructure Refresh 8/1/2015 Complete
Explore integration of authentication tools 7/1/2016 Pending
Create an Integrated set of Self-service Identity Management services 1/1/2017 In Progress
Develop a solution to create and manage external identities 1/1/2017 Pending
Project Budget
Only project budget item identified at this time is the actual implementation effort 1940 hours or $126,100
OneIT – Identity and Access Management – Sub-Plan 4 Page 3 of 4
Project Cost Savings
The following table summarizes the estimated total cost savings of $407,495
Sub-Sub project Savings
Hardware Software Staffing
1. Complete IAM infrastructure refresh (Windows 2003, SQL Server upgrades, Deploy TFS Release Management) $26,625 $64,350
2. Explore integration of HawkID login tools with federation toolset
3. Create an integrated set of self-service Identity Management services
3a Replace vended software with locally developed PW management tool $30,000 $273,920
3b Rewrite name/address/phone update tool
3c DIY self-service options for security profile setup: HawkID password management, Hawk Alert, ID card charging, Lost/Stolen card reports
4. Develop solution for external identities $12,500
Total $ 26,625 $ 30,000 $ 350,770 Additional savings will be realized once we are able to determine the scope of the new DIY functionality and associated cost savings.
Change Control Plan (What is the process for managing change)
Substantial changes to project scope will be brought to the OneIT Steering Committee for evaluation and resolution.
Communications Plan (How will information be communicated)
Target Audience Primary Contact Communication Mechanism
Frequency Purpose/Description of Communication
Author/Owner
OneIT Steering Committee
Program Office Email, meeting discussion
Monthly, ad hoc as needed
Updates on project, feedback
Mike
Project Team Kris Halter Email, meeting discussion
Monthly, ad hoc as needed
Updates on project, feedback
Team
OneIT Leaders Chris Clark Email, meeting discussion
