1 / 22

ADAM

ADAM. James Cowling Senior Technical Architect. Agenda. What is ADAM? Relevance to IAM Real-world Implementation Scenarios. What is ADAM?. LDAP Directory Based on AD technology Simple and clean to install and uninstall Without AD’s NOS and historical baggage Supports both

Antony
Télécharger la présentation

ADAM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ADAM James Cowling Senior Technical Architect

  2. Agenda • What is ADAM? • Relevance to IAM • Real-world Implementation Scenarios

  3. What is ADAM? • LDAP Directory • Based on AD technology • Simple and clean to install and uninstall • Without AD’s NOS and historical baggage • Supports both • DC=Microsoft, DC=COM • O=Microsoft,C=US • Integrates tightly with AD authentication • Basically Free

  4. Technical Matters of Interest • Installation • Simple to install • Wizard or Unattended • Multiple installs per server • XP install limited to 10000 objects • Password Policies • Complexity rules similar to AD • Backup and Restore • EDB and LOG files

  5. Replication • Replication between ADAM instances on different computers • using AD technology • Flexible replication models possible

  6. Administration • Technical Administration via command-line tools • DSMGMT • Manage partitions, FSMO roles, policies, ports • REPLADMIN • Troubleshoot Replication • DSDBUTIL • Manage and troubleshoot the database • DSACLS • Manage Access Control Lists

  7. Identity Administration • ADSIEdit and LDP supplied with ADAM • Many other tools exist • Web-based • Explorer-integrated • Build or Buy • Delegated Administration Permissions • Through ADAM ACLs in user context • Through 3rd Party tools in service account context

  8. ADAM and IAM • Centralized Identity Storage • Flexible Authentication • Centralized Identity Management • Centralized Role Management

  9. Users Groups Roles Identity Storage

  10. Authentication • Primary Authentication Methods is LDAP simple bind • Forwards Windows Integrated Authentication for unknown users, and • Proxies LDAP Binds for Known Users • to AD and NT4 • in same or trusted domains

  11. Solutions • Single Sign On • HR-Driven Provisioning • Centralized Web-based User Management

  12. Single Sign-On • Publishing Company • 5000 Users • Identities in AD and NT • Require SSO for a WebSphere application

  13. Solution • Central ADAM User Directory • Synchronize with AD and NT using MIIS • ADAM Proxies Authentication requests • Which are routed to AD and NT appropriately

  14. HR-Driven Provisioning • Large Retailer • 65,000 users across multiple companies • Growth partly through acquisition • SAP systems • HR • Location / Facility Management • Portal • Workflow • 34 AD Domains

  15. Goals • Improve Internal Communication • White Pages solution • Improve data quality • Improve Efficiency • Reduce human intervention during provisioning / deprovisioning • Maintain control • Approval workflows for account creation, assignment of portal roles • Increase Security • Identify and remove dormant accounts • Increase confidence in security group memberships

  16. Solution

  17. Centralized User Admin • Reinsurance company • 5000 Users • Offices around the world • “Managed” Offices • Members of global domain • User management provided centrally • “Unmanaged” Offices • Stand-alone domains • Local user management

  18. Goals • Provide global access to global applications • True Single Sign On • Minimize support costs • Centralize Administration • Reduced Sign On – Password Sync • Improve Security • Time-based deprovisioning

  19. Solution • Centralized Web-based User Management • ASP.NET application • Identities in ADAM • Users, Contacts, Companies, incl. Inheritance • MIIS-based provisioning to other systems • Active Directory • Oracle-based LOB systems • HP/UX-based LOB systems • Password Synchronization • AD password is authoritative • Sync to ADAM & HP/UX

  20. Implementation

  21. Questions?

  22. ADAM James Cowling Senior Technical Architect

More Related