Dan Tobin Matt Campbell
description
Transcript of Dan Tobin Matt Campbell
![Page 1: Dan Tobin Matt Campbell](https://reader036.fdocuments.us/reader036/viewer/2022062501/56815d61550346895dcb684b/html5/thumbnails/1.jpg)
Account Management, The Next Generation Unified Directories at the Rochester Institute of Technology
Dan TobinMatt Campbell
![Page 2: Dan Tobin Matt Campbell](https://reader036.fdocuments.us/reader036/viewer/2022062501/56815d61550346895dcb684b/html5/thumbnails/2.jpg)
About RIT
RIT is one of the nation’s top comprehensive universities and sets the national standard for career-oriented education. Located in suburban Rochester, N.Y., RIT is a private university that enrolls more than 15,500 students in its eight colleges. RIT is recognized for its programs in business, engineering, art and design, photography, science and mathematics, liberal arts, computing, and many other areas.
![Page 3: Dan Tobin Matt Campbell](https://reader036.fdocuments.us/reader036/viewer/2022062501/56815d61550346895dcb684b/html5/thumbnails/3.jpg)
Early Campus Computing
• Computing services on campus initially consisted of isolated systems.
• 1982 saw the first multi-user system with accounts issued to all students.– This was the primary account system for the
next decade.– Managing accounts was relatively easy with
only one system to contend with.
![Page 4: Dan Tobin Matt Campbell](https://reader036.fdocuments.us/reader036/viewer/2022062501/56815d61550346895dcb684b/html5/thumbnails/4.jpg)
Enter Complexity
• The rise of the World Wide Web led to a demand for Unix servers.
• As Email became increasingly mainstream, LDAP was deployed to provide an RIT directory.
• Other services, such as file sharing further complicated the process of managing user accounts.
![Page 5: Dan Tobin Matt Campbell](https://reader036.fdocuments.us/reader036/viewer/2022062501/56815d61550346895dcb684b/html5/thumbnails/5.jpg)
Systems Abound
• Accounts now needed to be created in the following locations:– DCE Server– LDAP Server– VMS Cluster– Tru64 Unix Cluster– Samba Server
![Page 6: Dan Tobin Matt Campbell](https://reader036.fdocuments.us/reader036/viewer/2022062501/56815d61550346895dcb684b/html5/thumbnails/6.jpg)
High Level Requirements
• Synchronize as many passwords as possible.• Provide a centralized method to update all
accounts for a user.• Make the system easily expandable.• Build as much cross-platform code as feasible.• Updates should occur in real-time.• Budgets are tight, resources are low. Minimize
expenditures.
![Page 7: Dan Tobin Matt Campbell](https://reader036.fdocuments.us/reader036/viewer/2022062501/56815d61550346895dcb684b/html5/thumbnails/7.jpg)
A Modular Solution
HelpDesk WebClient
Master Server
Platform SpecificModule
Platform SpecificModule
Platform SpecificModule
Platform SpecificModule
Oracle Database
![Page 8: Dan Tobin Matt Campbell](https://reader036.fdocuments.us/reader036/viewer/2022062501/56815d61550346895dcb684b/html5/thumbnails/8.jpg)
Resources
• One full-time co-op student and two part-time student employees were hired for this project.
• One full-time staff member managed the project.
• This kept costs relatively low and gave real world experience to RIT students.
![Page 9: Dan Tobin Matt Campbell](https://reader036.fdocuments.us/reader036/viewer/2022062501/56815d61550346895dcb684b/html5/thumbnails/9.jpg)
Key Benefits
• Modules can be added without the need to update the entire system.
• Centralized control of account updates insures synchronization of information.
• Accounts can be added for all systems with only one tool.
• Off load considerable amounts of system support.
![Page 10: Dan Tobin Matt Campbell](https://reader036.fdocuments.us/reader036/viewer/2022062501/56815d61550346895dcb684b/html5/thumbnails/10.jpg)
Two years pass…
![Page 11: Dan Tobin Matt Campbell](https://reader036.fdocuments.us/reader036/viewer/2022062501/56815d61550346895dcb684b/html5/thumbnails/11.jpg)
New Directory
• As the existing Email systems continued to age, the demand for a replacement grew.
• Microsoft Exchange was selected as the solution.
• With Exchange came the need for an Active Directory environment.
Therefore, another account base was added.
![Page 12: Dan Tobin Matt Campbell](https://reader036.fdocuments.us/reader036/viewer/2022062501/56815d61550346895dcb684b/html5/thumbnails/12.jpg)
Too Many Passwords
• Accounts now needed to be created in the following locations:– DCE Server– LDAP Server– VMS Cluster– Tru64 Unix Cluster– Samba Server– Kerberos Server– Microsoft Active Directory
![Page 13: Dan Tobin Matt Campbell](https://reader036.fdocuments.us/reader036/viewer/2022062501/56815d61550346895dcb684b/html5/thumbnails/13.jpg)
New Requirements• Unify information across all directories.• Provide self-service applications to reduce
HelpDesk calls.• There also emerged a need for more detailed
information to be contained in the directories.• Users wanted to be able to manage their own
“identity” information.
These requirements demanded slight changes.
![Page 14: Dan Tobin Matt Campbell](https://reader036.fdocuments.us/reader036/viewer/2022062501/56815d61550346895dcb684b/html5/thumbnails/14.jpg)
COTS?• Off the shelf solutions were sought to provide
the directory integration.• The IBM Directory Integrator was determined to
be the best.• During evaluation of this product, we came to
the realization that our current systems was already 90% of the way there.
• Due to the proprietary nature of the IBM product, and the amount of development time required to integrate it into our environment, the decision was made to expand our own existing software.
![Page 15: Dan Tobin Matt Campbell](https://reader036.fdocuments.us/reader036/viewer/2022062501/56815d61550346895dcb684b/html5/thumbnails/15.jpg)
A Modular Solution
HelpDesk WebClient
Master Server
Platform SpecificModule
Platform SpecificModule
Platform SpecificModule
Platform SpecificModule
Oracle Database
![Page 16: Dan Tobin Matt Campbell](https://reader036.fdocuments.us/reader036/viewer/2022062501/56815d61550346895dcb684b/html5/thumbnails/16.jpg)
Small ChangesHelpDesk Web
Client
Master Server
Platform SpecificModule
Platform SpecificModule
Platform SpecificModule
Feed ProcessorClients
Platform SpecificModule
Oracle Database
Interface APISelf-Help
Clients
![Page 17: Dan Tobin Matt Campbell](https://reader036.fdocuments.us/reader036/viewer/2022062501/56815d61550346895dcb684b/html5/thumbnails/17.jpg)
New Benefits• A platform independent interface API allows for rapid tool
development.• Self-Help applications off load HelpDesk support.• One step closer to a single username and password for
all RIT services.• Hooks into the system allowed for password database
migration, without the need to make all users change their passwords at once.
• Groups could be created in Active Directory and LDAP for classes, colleges, departments, etc.
![Page 18: Dan Tobin Matt Campbell](https://reader036.fdocuments.us/reader036/viewer/2022062501/56815d61550346895dcb684b/html5/thumbnails/18.jpg)
Groups• A breakdown of the groups synchronized across
directories:– 7 Divisions– 10 Centers– 20 Colleges– 380 Departments– 717 Academic Programs– 490 Disciplines– 5225 Courses– 11846 Course Sections
• And this is just the start!
![Page 19: Dan Tobin Matt Campbell](https://reader036.fdocuments.us/reader036/viewer/2022062501/56815d61550346895dcb684b/html5/thumbnails/19.jpg)
New Caveats• Existing tools must be removed, disabled, or
restricted.– Ex: Unix passwd command, Active Directory Users
and Computers– Ex: LDAP updates restricted to software only
• Adding a single point to update accounts also adds a single point of failure.
• Self-help tools allow for self imposed problems.– Ex: Giving users the ability to update their email
forward also gives them the ability to forward it into the bit bucket in error.
![Page 20: Dan Tobin Matt Campbell](https://reader036.fdocuments.us/reader036/viewer/2022062501/56815d61550346895dcb684b/html5/thumbnails/20.jpg)
Application Demonstration
![Page 21: Dan Tobin Matt Campbell](https://reader036.fdocuments.us/reader036/viewer/2022062501/56815d61550346895dcb684b/html5/thumbnails/21.jpg)
The Future
• The immediate future of the system will be a shift from simple account management to more inclusive identity management.
![Page 22: Dan Tobin Matt Campbell](https://reader036.fdocuments.us/reader036/viewer/2022062501/56815d61550346895dcb684b/html5/thumbnails/22.jpg)
More Information• Related RIT presentation:
Track 3Seamless University: Physically Consolidated, Logically Distributed
Thursday, October 21, 20048:10 a.m. – 9:00 a.m. Meeting Room 103
This session presents RIT's efforts to consolidate and integrate various services, such as account management and directory services, and still provide flexibility, better manage costs, and move toward a seamless university.