Implementing Novell iChain ® at the City of Los Angeles Adam Loughran Senior Systems Engineer,...

Implementing Novell iChain® at the City of Los Angeles

Adam LoughranSenior Systems Engineer, Novell

Robert GilletteIS Development Manager, City of Los Angeles

Will TaylorSenior Systems Architect, City of Los Angeles

© March 9, 2004 Novell Inc.2

Agenda

City of Los Angeles Business Case Study

• Background• Why iChain?• The vision• What we did [w/Demo]• How we did it• Lessons learned• Unexpected benefits• The new vision – where we go from here• Q&A


L.A. Demographics…

City of Los Angeles

• Population 3.8 million• 2nd Largest City in the US• Mayor, 15 Council members• 25,000 City Employees• Supporting 40+ departments, Commissions and

Committees


Why iChain?

The initial decision was driven by the Enterprise Portal Project:• Identity management and Provisioning was a core requirement. There was a need to leverage off current experience with eDirectoryTM.• Needed a common means for authenitication, authorization, access control and Administration. • Appliance design – fast and easy to implement, easier to manage and maintain.• Based on open standards• Cost


The Vision...

Create a common security gateway that can be used both internally and externally for:

Identity management and provisioning Pushing services out in a protected manner Work to enforce security policies in place Create an Infrastruture for e-Govenment

• Employees• Our Government Partners (County, State, etc...) • Business• Citizens• Visitors


What we did...

Used iChain as the hub for the following services:

• Enterprise Portal [Extend Director Standard Edition] (NetStorage, GroupWise and Dynamic Communities)• IBM Host on Demand (Remote vs Internal Access)• Citrix (Host on Demand and Remote Server Administration)• Web Services [UDDI] (Home Grown Applications)


Live from Los Angeles...

Secure Remote Access Demo


Portal (Remote Access)

How we did it [Portal]

ACEHome eDIR

CWEB

IChain

Browser

Portal DMZ


How we did it [Citrix]

Citrix (Remote Access)

Portal

NFuse

Citrix

32 bit Apps

CGS iChain

Home DIR

CW eDIR

ACE

Browser

W/Thin Client(Citrix)

DMZ


How we did it [Host on Demand]

DMZ

Browser

W/Thin Client(Citrix)

iChain

Portal

NFuse

Citrix

Host

Host Demand

CGS

Home DIR

CW eDIR

ACE

Citrix (Remote Access)


How we did it [Host on Demand]

HOST ON DEMAND (Internal Access)

Host

Host Demand

Portal

iChain

Home DIR

CW eDIR

Browser


How we did it [Web Services]

WEB SERVICES (Remote Access)

WEB Service Provider

UDDI

Home DIRACE

CW DIR

iChain

Portal

Browser

DMZ


Lessons Learned

It was important to have the Security Group trained on the product and accept it as the de-facto standard for Web Based Access. A core assignment is to manage the nextwork's perimeter (Firewalls and Physical Security).

• It was clear that iChain is a security applicance and should be managed by the Security group• iChain also provides a central point for the reporting of access to internal city resources by remote users• Transition from just Portal identity management to remote access gateway• It was required to make the move from a departmental service to an enterprise service• Education is a key factor for success


Unexpected Benefits

Some of the benefits we didn't expect

• Highly Re-useable (FIRE – From the Bird to the Ground, City Attorney - CNAP)• Fast Track through security review process (cuts weeks off the review process)• Easy Disaster Recovery• It has become a blue print and best practice to others that are struggling with the identity management issue within the organization


Unexpected Benefits continued…

•Dynamic Groups helps manage administration and reduces time to implement changes

•Duplication of user ID’s is now being addressed and corrected

•Sloppy administration is being replaced by city wide standards and policy based management

•Additional cost saving since all users accounts are being scrutinized. We will be able to reduce both our Netware and GroupWise licenses.


The new Vision – where we go from here

City Wide Services tree. This will include GroupWise®, File and Print Services, Document Management and Application Development Management.

With the Central Directory approach we will be able to populate any directory enabled application.

Service resources will be able to be centrally monitored and deployed.

New services can be quickly deployed.

More emphasis can be placed upon development as the burden of maintenance decrease with centralization.


Wrapping Up

Q & A


General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

Implementing Novell iChain ® at the City of Los Angeles Adam Loughran Senior Systems Engineer,...

Documents

Transcript of Implementing Novell iChain ® at the City of Los Angeles Adam Loughran Senior Systems Engineer,...