Automating Active Directory and Beyond……
Sven KniestAutomation EvangelistNetIQMGT221
Bans SagooSolutions EngineerNetIQMGT221
Agenda
AD ChallengesWhy Automate AD?Where does NetIQ fit in?AD Automation ExamplesGoing beyond AD Automation....
Active DirectoryOwnership and Challenges
“Active Directory has become indispensable!”
“I need to reduce admin privileges."
“I need to increase security and improve compliance."
“Efficiency- efficient transitions!”
“Ownership is hybrid; Security and Operations.”
“We are growing by merger and acquisition."
“There is a shift from operations to security, from CIO to CISO."
“Security should be involved.” “Security IS involved.”
“Reduce admin workload!”
“We need to do more with the same resources."
Native
Criticality
Automation
SecurityToday’s AD needs control over user permissions and change, as well as rich reporting and auditing capabilities
Role of AD is evolving; increased demands by the business
Native tools lack secure administration features
Organizations should look to automation to decrease workload and simplify compliance
Active Directory Management and Security
Why automate AD?
Reduce manual work Implement approval steps for critical changesFaster response time to incidents and requestsEverybody has to follow the process
NetIQ: Active Directory Management and Security Solution Overview
Microsoft: Windows • Exchange • Active Directory
Migrate and Optimize Manage and Secure Automate and Integrate
Reduce Complexity and Administrative Cost
Categorize and Prioritize Tasks
Model and Assess AD and Exchange Migration
Securely Delegate Privileges
Decrease Number of Privileged Accounts
Enable Task-Based Provisioning
Integrate Human Resource & Ticketing Systems
Graphically Build Automated Business Processes
Temporarily Assign Elevated Privileges
Extend Active Directory to Unix, Linux, and Mac
No Impact Migration & Restructuring
Delegated Administration & Offline Management
Automated Administration & User Self Service
Increase Control and Compliance
Authoritative Auditing and Compliance Reporting
Model and Predict Impact of Group Policy Change
Reduce Time to Detect Unauthorized Changes
Schedule Migration around Business Needs
Track and Evaluate Project Progress
Maintain User Connectivity
Enforce Policies throughout the Project
Detect and Remediate Unauthorized Changes
Enable Cross Functional Approval s
Automate
Model
Measure
Improve
Introducing NetIQ® Aegis™The Control & Automation Platform for IT Processes
NetIQ Aegis is a software platform that models, automates, measures and improves run books and ITIL-based processes, bringing control and automation to IT Operations
ITILProcess(macro)
Run Books(micro)
NetIQ Aegis Architecture
Workflow Automation Engine
NetIQ Products
Enterprise Service Bus & Resource Model
3rd Party Best-of-breed products
Run Books(Event Correlation, Fault Recovery, Routine Server Restarts, etc. )
Processes (ITIL Incident Management, Change Management, DR testing, etc.)
Correlation Engine
AM SM SCM
NCA
MO
M/
SCOM
HPOV
Remedy
Smarts
AdaptersBi-directional data collection and control
Activity LibrariesWorkflow building blocks that control other tools
Process TemplatesProvides built-in knowledge
Presentation LayerConsoles tailored to specific users
Independent EnginesAllow data processing scalability
Resource Mgmt DB Normalizes data from diverse tools
Ops ConsoleConfig Console Reports
…
…
AD Management Workflows Examples
AD Provisioning (feed from a datasource)User provisioning from HR feed
Self Empowerment / Just in time delegationTemporary local Administrator on machine requestGroup membership request form
AD Security Event ManagementAuto rollback unauthorized GPO changeHigh profile group membership rollback
AD MaintenanceAutomatically Disable accounts who have not logged in for X daysEmail users whose password is about to expire
Compliance Reporting / SignoffEmails the group owner every 60 days of the group membership and have them sign off on it
Active Directory Automationdemo
Flexibility
Others*
Secure Configuration Manager
Security Manager
OpsManager
BMCRemedy
AppManager
EMC Smarts
Any 3rd PartyIntegration
Secure Administration
Database
FindRows
UpdateRows
Insert Rows
RetrieveValues
ExecuteSQL
ExecuteStored Proc
VB Script
CommandLine
Any GUI*
Web UI
XML WebService (SOAP)
CheckAnalysis
Run Policy Templates
ReportAutomation
ExceptionHandling
Job Management Graph Data
Maintenance
Custom Properties
Deployment CorrelationEvent Management
Escalation
EventManagement
TribalKnowledge
ForensicExtraction
Enable ProcessingRules
DisableProcessing Rules
Force ConfigurationChange
Alert Management
OU Management
ContactManagement
Permissions Resolution
User Provisioning
AssignTicket
UpdateTicket
CloseTicket
EscalateTicket
CreateTicket
ObjectManagement
ObjectOperations
TaskExecution
ImpactAnalysis
NotificationManagement
ManipulateAlerts
Task Execution
ManageMaintenance
Respond To Alerts
Spoof Email
SaveAttachment
Await Email
Respond To Email
Simplicity
PerformanceCounters
*Pending Release
NetIQ Aegis: Enterprise Architecture Synchronicity
Category Process Examples SupportingIntegrate Raise the priority of events based on end-user impact as identified by synthetic transactions in
Operations Manager or other tools such as HP SiteScope.
Benefit: Reduce unplanned downtime by steering focus to high-impact events.
IT Operations Managers
Synchronize Operations Manager alert status, configurations or maintenance mode with other tools such as a manager of managers, service desk (tickets/RFCs), CMDB, etc. Benefit: Improve operational efficiency through workflow coordination and reduce development costs by integrating via a single message bus.
IT Operations Directors & Integration Developers
Automate Take multiple remedial actions, such as file manipulation or restarting services, when a series of events or conditions meet multiple criteria.Benefit: Automate more complex reaction decisions than are possible natively.
Server and Application
AdministratorsManage scheduled tasks or processes with complex exceptions, such as holidays or end of quarter, to perform file deletion, routine server reboots, update data, etc.Benefit: Replace the need for additional, costly job scheduling tools.
Server and Application
AdministratorsAutomate the administration of Operations Manager, such as agent integrity checks (e.g. confirming that applicable machines are posting data streams) or assigning the best management server to allocate an agent based on location and load.Benefit: Reduce the total cost of ownership for Operations Manager.
Operations Manager
Administrators
Extend Drive alert resolution through progressive escalations, state changes and authorizations.Benefit: Reduce unplanned downtime due to missed alerts.
IT Operations Managers
Enrich alerts with information such as current machine configuration, owner, related issues, etc. by enabling access to disparate knowledge repositories.Benefit: Accelerate resolution and reduce administrator troubleshooting workload/time.
Operations Manager
Administrators
Integrate, Automate and Extend Systems Center Operations ManagerAutomated Process Examples with Aegis
System Center Operations Manager 2007Alert Enrichment Example
demo
question & answer
ActionsDownload Aegis and create your own processes.If your wondering how to get started....come and talk to us now!Catch us at the Exhibitor stand in Hall 4 (S2)Please fill in your evaluation.Competition Details: Win an iPOD Nano.The other sessions by NetIQ:
GPO Management (Goetz Walecki)SCOM Impact Management (Frank Hoerner)
ResourcesDownload Aegis: http://www.netiq.com/f/form/form.asp?id=3185&origin=prodRead about Aegis: http://www.netiq.com/products/aegis/default.aspNetIQ website: http://www.netiq.com/
[email protected]@attachmate.com
Complete an evaluation on CommNet and enter to win an Xbox 360 Elite!