Download
slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
ADAM PowerPoint Presentation

ADAM

192 Vues Download Presentation
Télécharger la présentation

ADAM

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. ADAM James Cowling Senior Technical Architect

  2. Agenda • What is ADAM? • Relevance to IAM • Real-world Implementation Scenarios

  3. What is ADAM? • LDAP Directory • Based on AD technology • Simple and clean to install and uninstall • Without AD’s NOS and historical baggage • Supports both • DC=Microsoft, DC=COM • O=Microsoft,C=US • Integrates tightly with AD authentication • Basically Free

  4. Technical Matters of Interest • Installation • Simple to install • Wizard or Unattended • Multiple installs per server • XP install limited to 10000 objects • Password Policies • Complexity rules similar to AD • Backup and Restore • EDB and LOG files

  5. Replication • Replication between ADAM instances on different computers • using AD technology • Flexible replication models possible

  6. Administration • Technical Administration via command-line tools • DSMGMT • Manage partitions, FSMO roles, policies, ports • REPLADMIN • Troubleshoot Replication • DSDBUTIL • Manage and troubleshoot the database • DSACLS • Manage Access Control Lists

  7. Identity Administration • ADSIEdit and LDP supplied with ADAM • Many other tools exist • Web-based • Explorer-integrated • Build or Buy • Delegated Administration Permissions • Through ADAM ACLs in user context • Through 3rd Party tools in service account context

  8. ADAM and IAM • Centralized Identity Storage • Flexible Authentication • Centralized Identity Management • Centralized Role Management

  9. Users Groups Roles Identity Storage

  10. Authentication • Primary Authentication Methods is LDAP simple bind • Forwards Windows Integrated Authentication for unknown users, and • Proxies LDAP Binds for Known Users • to AD and NT4 • in same or trusted domains

  11. Solutions • Single Sign On • HR-Driven Provisioning • Centralized Web-based User Management

  12. Single Sign-On • Publishing Company • 5000 Users • Identities in AD and NT • Require SSO for a WebSphere application

  13. Solution • Central ADAM User Directory • Synchronize with AD and NT using MIIS • ADAM Proxies Authentication requests • Which are routed to AD and NT appropriately

  14. HR-Driven Provisioning • Large Retailer • 65,000 users across multiple companies • Growth partly through acquisition • SAP systems • HR • Location / Facility Management • Portal • Workflow • 34 AD Domains

  15. Goals • Improve Internal Communication • White Pages solution • Improve data quality • Improve Efficiency • Reduce human intervention during provisioning / deprovisioning • Maintain control • Approval workflows for account creation, assignment of portal roles • Increase Security • Identify and remove dormant accounts • Increase confidence in security group memberships

  16. Solution

  17. Centralized User Admin • Reinsurance company • 5000 Users • Offices around the world • “Managed” Offices • Members of global domain • User management provided centrally • “Unmanaged” Offices • Stand-alone domains • Local user management

  18. Goals • Provide global access to global applications • True Single Sign On • Minimize support costs • Centralize Administration • Reduced Sign On – Password Sync • Improve Security • Time-based deprovisioning

  19. Solution • Centralized Web-based User Management • ASP.NET application • Identities in ADAM • Users, Contacts, Companies, incl. Inheritance • MIIS-based provisioning to other systems • Active Directory • Oracle-based LOB systems • HP/UX-based LOB systems • Password Synchronization • AD password is authoritative • Sync to ADAM & HP/UX

  20. Implementation

  21. Questions?

  22. ADAM James Cowling Senior Technical Architect