K12 Secure Identity Management Identity Based Collaborative Learning Solution.
-
Upload
titus-newhall -
Category
Documents
-
view
217 -
download
2
Transcript of K12 Secure Identity Management Identity Based Collaborative Learning Solution.
K12 Secure Identity Management
Identity Based Collaborative Learning Solution
Agenda
• Introduction to Condrey Consulting Corporation • Introduction to No Child Left Behind (NCLB)• Introduction to the Schools Interoperability
Framework (SIF)• Benefits and Solution Overview • Components of SIF Provisioning Solution• Phased Solution Approach
•Identity Based Collaborative Learning•SIF Enabled Identity Management
• Live Demo• Q&A
Condrey Consulting CorporationCompany Overview
• David Condrey – Owner and CEO• US Software Engineering Corporation based in
Greenville, SC • Customers in 33 countries representing
Commercial, Fortune 1000, State & Federal Government, Military, Healthcare, Higher-Ed and K12
• Well known and respected by customers, especially in the academic market
• Well known at Novell – Model Partner• Invested in the future of Novell
Condrey Consulting Products Overview
• File System Factory™ – Novell Nsure - Novell Price List• Identity Based Storage Management• Ties Provisioning to the NetWare OS – Event Driven and
Policy Based• Lifecycle Content and Data Management (ePortfolio)
•IUAdmin™ • Identity Based Personal and Collaborative Storage Access
– Integrates with File System Factory™ – Integrates with exteNd Portal, Virtual Office and iChain
• Web Based Access to Personal and Group Content• Web Based Help Desk Administration • Web Based User Self-Service and Password Reset
•AuditLogin™ and TrustFun• Who’s Accessing Storage and What Rights Do They Have?
- Login/Logout - Date, Time,Workstation- Trend Reports and Graphs- File and Directory Rights Analysis
File System Factory Education Customers• University of Kentucky – 43,000 users• Northern Illinois University – 67,000 users• Minnesota State Colleges and Universities – 93,000 users• Charleston County Schools, SC – 42,000 users• University of Georgia – 60,000 users• Embry Riddle University – 12,000 users• Hemet School District, Los Angeles• Grand Rapids Community College• Savannah Chatham County Schools, Georgia• Douglas County Schools, Georgia• Newton County Schools, Georgia
More File System Education Customers
•Northwestern Michigan University•Old Dominion University•Madison Area Technical College•Waukesha County Technical College•Blackhawk PA School District•Marysville Village Schools•Spearfish School District•Maine Township High School District•Waubonsee Community College•Western Illinois Univeristy•Escondido Union High School District•Sutton Public Schools
•Escondido Union High School District•Sutton Public Schools•Ramaz School•Augsburg College •Southwestern Community District No. 9•Le Moyne College•Macon County R-1 •Grant MacEwan College•Clemson University•Community Consolidated School District – Illinois•Ramaz School•Augsburg College
Sample of Education Customers Leveraging
File System Factory, IUAdmin and AuditLogin
Introduction to NCLB
No Child Left Behind
No Child Left BehindProgram Summary
NCLB requires schools to:
• increase student access to technology
• help students to achieve higher academic standards
• improve teachers’ ability to use technology for instruction
• increases technology implementation for schools, especially those serving
disadvantaged children
To receive much of the NCLB federal funding, local school districts must provide government agencies with strategic plans for implementing educational technology.
Financial Allocation: In fiscal year 2002, Congress allocated $22.2 billion for education and No Child Left Behind implementation nationwide.
• The “Digital Portfolio" is a strategy that has gained wide-spread acceptance in the education field
• Digital portfolios make it easier to track a student's progress and work over the years.
• Allows students to store their material in digital format on a server to be reviewed by team members.
• The portfolio contains samples of significant student work over time and should be available to the student throughout their school career, making it easier for teachers to access student work and thus track performance.
• Digital portfolios are useful when applying to post-high school institutions or moving into careers in the private sector.
• Digital Identity is key
NCLB and Digital Portfolio’s
• http://www.kn.pacbell.com/news/CAschools/sas.html
• http://www.southalabama.edu/tomorrowsteachers/portfolios.html
• http://schools.nycenet.edu/d75/instructionalservices/assessment/altassessment/datafolio.html
• http://www.pupilpages.com/
• http://www.mandia.com/kelly/portfolio.htm
NCLB and ePortfolio Links
Schools Interoperability FrameworkSIF
• Not a product, but a technical blueprint
• Designed for and by K-12 technology providers and educators
• Manages data within the K-12 environment
• Enables diverse applications to interact and share data
• Works cross-platform, over a Web-based interface
• Allows automated reporting
K-12 Identity Management Reality
•Data Silo’s•Duplication of work•Inconsistent application of business policy•Time consuming – productivity delays•Little security confidence, significant exposure
Library Automation
e-Mail GradeBook
NetworkAccount
Transportation
Student Information
Services
Data Warehouse
FoodServices
SIF components
Zone Integration Server (ZIS)
SIF Agents
Applications
SIF Data Objects
Novell Network Account
School Badge
Instructional Software
(Plato)
Transportation
Library Automation
Student Information
Services
Data Warehou
se
FoodServices
User
SIF integration
Food
Serv
ice
Gra
de B
ook
HR
/ F
inan
ce
Lib
rary
SIS
Tra
nsp
ort
ati
on
Instr
ucti
on
al S
erv
ices
Voic
e T
ele
ph
on
y
Data Warehousing
Accountibility, Reporting,
Planning, etc.
K-12 data model
School
District
State
Federal
SIF vendors (Cont.)
Student Information Systems• Pearson Education Technologies
– SASIxp
– Edustructures SIF Agent for SASIxp
– www.edustructures.com
• Sungard Pentamation– Open Series Student Management
System
– www.pentamotion.com
• Central Susquehanna Intermediate Unit– CSIU Administrative Software Suite
– www.csiu-technology.org
SIF vendors (Cont.)
•Library Automation•Follett Software Co – www.fsc.follett.com
•SIRS Mandarin – www.mlasolutions.com
•Sagebrush Spectrum
•Telephony•Parlant Technology – www.parlant.com
•Classroom Software•Renaissance Learning – www.renlearn.com
•Transportation •VersaTrans Solutions – www.versatrans.com
•Food Service•School-Link Technologies – www.school-
linktechnologies.com
SIF vendors (Cont.)
• Novell
• Microsoft
• Apple
• IBM
• Sun Microsystems
• Edustructures -ZIS
•Data Warehouse• TetraData
• eScholar
SIF Government Members
US Department of Education Virginia Department of Education
Delaware Department of Education Idaho Dept of Education/Rich Mincer
Maryland State Dept of Education National Center for Education Statistics (NCES)
Ohio Department of Education Ohio SchoolNet Commission
SIF benefits
Teachers
• Real-time access to critical information
• Better data analysis
• Teachers time better spent
Students
• Personalized Student Content
• Improved timeliness of service
• Accurate School Data
• Increased Efficiency
IT Departments
• Reduced support costs
• Reduced time needed to manage multiple data sources
• Save money using existing systems and infrastructure
Administrators
• Increased Efficiency
• Reduced redundancy and errors
• Reduced compatibility issues
• NCLB
Additional Information on SIF
http://www.sifinfo.org
http://www.opengroup.org/sif/cert/
http://www.sifinfo.org/vendors/sif_vendor_member.asp
Components of K12 SIF Provisioning Solution
• Novell eDirectory• Edustructures
• SIFWorks™ Zone Integration Server (ZIS)• Nsure Identity Manager SIF User Agent
• Life Cycle Student Account Management• Novell File System Factory
• Lifecycle Content and Data Management (ePortfolio)• File Rights and Trustee Analysis
•IUAdmin• Web based access to personal and collaborative content• Self-Service Password Reset and Help Desk
•AuditLogin and TrustFun• Who’s accessing storage and what rights do they have
•Novell iChain• Secure Access to Web Applications
Components of K12 SIF Identity Provisioning Solution
Digital IdentitiesThe key to student and faculty provisioning
Digital IdentitiesThe key to student and faculty provisioning
Novell eDirectory
Stores information about people, services, and resources
Manages relationships between them
Directs interactions and triggers events
Stores information about people, services, and resources
Manages relationships between them
Directs interactions and triggers events
• Founding Member of SIF• Member of SIF Board of Directors• Strategic Partner Alliances
– NCS Learn, Follett– School-Link, Versatran– Novell and others
• SIFWorks Enterprise ZIS Server• Cross Platform Support
– Netware, Windows, Linux, Solaris, MacOS X• SASIxp SIF Agent• www.edustructures.com
Edustructures Zone Integration Server
Nsure Identity Manager SIF User Agent (DirXML)
• SIF Agent for Provisioning Students
• Built on Award Winning DirXML Technology
• Supports the Following SIF Object Types:
• Student Personal
• Staff Personal
• Student School Enrollment
Novell File System Factory
Automatic Disk Space for all
Students or
Staff!
Novell File System Factory
Automatic Disk Space
for each Class or Work
Group!
Novell File System Factory
AutomatedHome Directory Management:
Create It,Manage It,
and most importantly…Clean It Up!
Novell File System Factory
Lifecycle Data andePortfolio Management:
Create ItMove It
Manage It
Novell File System Factory
All you have to do is create the users and groups…
…Any way you want…
…We’ll handle the rest!
FSF
NetWare
NetWare
Provision Storage as well as Accounts with Novell File System Factory and Identity Management
eDirectory
BorderManager
ZENworks for
Desktops
NetMail
Identity MgrSIF
Identity MgrAD
ActiveDirector
y
LINUX
• Policy-based
• Event-driven
• Load balancing
• Storage creation• Storage management• Storage cleanup
• Personal user storage• Group storage
Driver DriverZIS
High School25MB
Middle School 10MB
FSF Methodology
Target File
Systems
SERV1/VOL1:POLICIES
SCSD
ES MS HS
Algorithm: Random BalanceRights: RWCEMFAQuota: 150 MBTemplate: SERV1/VOL1:PoliciesDelWait: 90 Days
150MB
Copy
BSmith
BSmith
RWCEMFA
Policy
BJones
BJones
New workflow component allows employee’s manager to review, reassign, or vault user data prior to deletion.
•Create•Rename•Delete
Policy Assignment & Data Migration
BSmith 25MB
Jefferson
Employee Students Other
Sunshine Elem Lincoln Middle Riverside High
Policy
Policy
Policy
BSmith
BSmith
BSmith 50MB
• Seamless
• Fault-tolerant
• Safe
Scheduler – 9:00PM
Northern Illinois UniversityData Migration - Backfill
NIU
Faculty Students Other
Policy
BSmith
RJones
KJackson
RCroom
DWyatt
RJones
KJackson
BSmith
RCroom
DWyattBSmith
RCroom DWyatt
RJones
KJackson
Admin issues Backfill with “Enforce Policy Paths” option, which will move data.
Pentium Pro 200’s –
67,672 Users
Pentium Pro 200’s –
0 Users
NCS
Education Group Policy Example
Target File
Systems
SERV1/VOL1:GroupSample
Jefferson
Courses Employee Student
Algorithm: Random BalanceRights: noneQuota: 500 MBTemplate: SERV1/VOL1:GroupSampleDelWait: Never
150MB
Copy
SPAN340-001
SPAN340-001
Policy
Assign Policy to Courses Container
Automatically Create Group Storage and Assign Policies
Copy Course Files for Each Student from Template
Create Course Group
Object
Group Policy TemplatesConfiguration StepsSPAN340-001.MS.COURSES.STATEU
Create eDir
Objects
Assign Rights to Directories
Create Template
Create Group Object
Assign Members & Owners to the Group
Create FSF Group Policy Using the FSF Management
Interface
Group Policy Templates
JSmith.Students.STATEU
MRoberts.Students.STATEU
NFrost.Students.STATEU
PJones.Students.STATEU
RBrooks.Students.STATEU
SSmith.Students.STATEU
STimms.Students.STATEU
TJones.Students.STATEU
TSmythe.Students.STATEU
WClark.Students.STATEU
ABelcher.Staff.STATEU
KAlesanto.Staff.STATEU
Members Owners
Assign Students as Members and Instructors as Owners
Group Policy Templates
File System Factory Automatically Provisions Storage for Students and Instructors
Backfill - Apply or Reapply Policy to Existing Objects On Demand
SCSD
COURSES FACULTY STUDENTS
Policy
BSmith
RJones
KJackson
RCroom
DWyatt
RJones
KJackson
BSmith
RCroom
DWyatt
BSmith
RCroom
DWyatt
BSmith
RCroom DWyatt
RJones
KJackson
Admin issues Backfill with “Enforce Policy Paths” option, which will move data.
Later, the same operation can be used to replace existing servers.
• Provision storage for pre-existing users according to policy.
• Begin managing pre-existing storage according to policy.
Where’s my stuff?
Users need an easy way to find their storage …even if you need to move it.
Personal Storage and Group Storage.
Map a Drive? There’s only so many letters in the alphabet.
Login Script Management is a headache for group storage.
URAccess
End-User tool for dynamically building personalized access links to storage.
Leverages Home_Directory user attribute for personal storage.
Leverages cccFSFactoryHomedir group attribute for shared storage.
Creates a local set of UNC paths and description presented to the user in a Windows UI.
Like App-Launcher for ZENworks, except provides access to storage.
List can be refreshed at any time.
Supports multiple tree connections.
URAccess
Executive Storage DashboardStorage Trends on User and Group
Policies
Administrative Storage Dashboard
Storage Health Check
https://your.server.name.or.ip.address:8009/FSF/HTTP_FSFExecutiveDashboard.
Event Statistics
Web Based Quota Manager Policy Configuration
Quota Manager – Help Desk Interface
https://your.server.name.or.ip.address:8009/FSF/HTTP_FSFQuotaMgr
Quota Manager – Help Desk Interface
Green = space available > 25% of quota
Yellow = space available < 25% of quota Red = space available < 10% of quota
Quota Manager – Help Desk Interface
File System Rights Analysis
Rights Analysis
OWNERS
MEMBERS
Novell eGuide Manager
Workflow Configuration
Employee Data Manager Interface
What are the requirements?
Any Novell supported version of NDS® or eDirectory (6.xx, 7.xx, 8.xx, 85.xx, 8.6.x, 8.7.x)
NetWare 5.1 SP6 or laterNetWare 6.0 SP4 or laterNetWare 6.5 or later
NetWare 4.x SP9 or laterNetWare 5.0 SP6a or laterNetWare 5.1 SP6 or laterNetWare 6.0 SP4 or laterNetWare 6.5 or later
NetWare 6.0 SP4 or laterNetWare 6.5 or later
NDS/eDir
FSF_Event
FSF_Engine
File System Factory for:
Microsoft
Active Directory
Linux
Coming up Next
FSF
NetWare
NetWare
Provision and De-Provision Storage for Netware, Active Directory and Linux Based on Policy
eDirectory
BorderManager
ZENworks for
Desktops
NetMail
Identity MgrPeopleSoft
Identity MgrAD
ActiveDirector
y
LINUX
PeopleSoft Driver
Driver
FSF
IUAdmin™
User Self Service
PersonalAnd Group
Storage Access
Help Desk
Managed By File System
Factory Events & Policies
Personal Storage
Group Storage
ePortfolio
IUAdmin™
• Web Based Access to Netware Personal Content and ePortfolio Managed by File System Factory Policies• Web Based Access to Collaborative Group Content Based on File System Factory Policies• Integrate with Novell Extend Portal, Netware 6.5 Virtual Office Portal and Novell iChain• User Self Service
• Self-Service Password Reset• Let Users Optionally fix their own problems
• Help Desk Administration• Location and Departmental based Help Desk • Help Desk Group Management• User Help Indicators Identify Account Problems
Intruder Lockout Grace Logins
Login Disabled
Account Expired
Help Desk Dashboard
IUAdmin™ Architecture
IUAdminCore
Architecture
User SelfService
HelpDesk
FileSystem
Mgt
ResourceMgt
AuditLogin Trustfun
File SystemAccess
Other products provideManagement Paks that plug in
to the architecture.
FileSystemFactory
ePortfolio
• Built on top of Novell’s HTTPSTK..no Built on top of Novell’s HTTPSTK..no webserver to install or configure.webserver to install or configure.
• SSL connections for security.SSL connections for security.
• Contextless Login.Contextless Login.
• No schema extensions. However No schema extensions. However optional extensions are provided optional extensions are provided for increased functionality.for increased functionality.
• Runs on Netware 5.1 or above with Runs on Netware 5.1 or above with any version of eDirectory.any version of eDirectory.
Self Service and Password Reset
Self Service Password Reset
No More Floppy Drive Headaches
• Virus’s
• Limited Space
• Drive Failures
• Management Nightmare
IUAdmin
SolutionFile System Factory
AuditLogin Graph
AuditLogin - Log File Report
Securely Linking eEducation to Everything
Novell iChain
What is iChain?
iChain is Novell technology for web security• Reduces the complexities of implementing and
managing secure web applications• Proxy based Architecture• Supports more HTTP services than any of it’s
competitors• Provide single sign-on to web based resources• Supports Enterprise and Project based solutions
Why iChain?
Firewall
Intranet
Internet
Student
Internet
Parent
IUAdmin
IIS
SEC
UR
ITY
Web Servers and Applications
SEC
UR
ITY
Linux/Apache
SEC
UR
ITY
Issues when creating a Secure Web infrastructure:
• Direct Access to Web Servers (increase possibility of hacking)
• Multiple User Identities (no single sign on)
• Need to install SSL services on each web server
• Need to change links in HTML content from HTTP to HTTPS
• Many different Web Server Technologies
Teacher
Firewall
SEC
UR
ITY
IN
FR
AS
TR
UC
TU
RE
Web Servers andApplications
Teacher
One Net
Student
Parent
IUAdmin
Linux/Apache
eDirectory™
iChain®
Benefits of iChain:• Single Authentication Point
• Provides Web Single Sign On (headers and Form Fill) Sends Personalized content to applications
• Rewrites HTML data (completely hide internal DNS infrastructure)
• Dynamically encrypts content as it passes through proxy
• Single SSL Certificate can be used for all internal web sites (proxy based)
• No change to HTML content
• No change to applications authentication process
• Secures all HTTP servers
• Remove Direct Access to Web Servers
iChain Solution
IIS
Phase 1• Identity Based Collaborative Learning
– Personal Content and Class Storage– Web Based Access for Teachers and Students– Student ePortfolio - Cradle to Job– User Self Service and Web Based Help Desk– Faculty and IT Staff Training
• SIF Readiness Assessment– Technology Infrastructure Assessment– High-Level SIF Design and Plan (Naming
Standards)– Executive Level Presentation of Findings
• Minimum Phase 1 Software Requirements– Novell File System Factory– IUAdmin and AuditLogin
Phased Approach – Phase 1
Phase 1 Policy Based Collaborative Learning
ZENWorks™
GroupWise®
NetMail
Novell
BorderManager
IUAdmin™
AuditLogin™
eDirectory™
File System Factory™
Policy Based Storage
Home DirectoryClass Storage
Student ePortfolio
User
AuditLogin Report & Graph
User
Product Licenses Novell SLA
• File System Factory™Condrey Consulting
• IUAdmin™• AuditLogin™, TrustFun
UIMPORT LDAP IDM Console One
User
Faculty Students
SCSD
SHS
STUDENTS
SMS
STUDENTS
User
Production Tree
Internet
Novell BorderManag
er
K12 Student ProvisioningGrade Promotion
Student Locker
Home Directory
ePortfolio
Class Storage
User
HS1
IUAdmin
MS1
HD
EP
Grade Promotion eDirectory
UIMPORT LDAPCustom or3rd Party
Console OneIDM
FSF
Production Tree
Internet
K12 Student ProvisioningGraduation
User
HS1 IUAdmin™
EPHD
ePortfolio EP
IUAdmin™
SCSD
DIST
SMS
STUDENTS
Graduated
Novell BorderManag
er
Student LockerGraduation
eDirectory
UIMPORT LDAPCustom or3rd Party
Console OneIDM
FSF
Phase 1 Benefits
Teachers
• Web based access to resources and data
• Team Collaboration with students and teachers
• Teacher ePortfolio
Students
• Personalized Student Content
• Improved timeliness of service
• Web Based Access to resources and lesson assignments
IT Departments
• Reduced help desk support costs
• Reduced time needed to manage personal and group storage
• Leverage existing systems and infrastructure – No upgrades
Administrators
• Meet NCLB requirement for personalize content
• Minimal cost with large return
• Web based access to resources and data
Description Cost Maint Totals
File System Factory – 5000 Students (SLA) $2,500.00 $0.00 $2,500.00
IUAdmin – 900 Faculty and 12th Grade Students $700.00 $140.00 $840.00
AuditLogin – Site District License $1,000.00 $350.00 $1,350.00
TrustFun – Site District License $400.00 $125.00 $525.00
Software Cost $5,215.00
* Hardware Cost $0.00
Total Software and Hardware Cost $5,215.00
# Students in District = 5000
* FTE for File System Factory# Faculty in District = 500
# Students in 12th Grade = 400
FTE for IUAdmin = 900
* Hardware costs depends on the clients current environment Recommend one server for IUAdmin Resource Portal
Phase One Pilot Example
Current IUAdmin Educational PricingFlexible Pricing Based on District Needs
IUADMIN Government/Educational Pricing*
New License Maintenance Maintenance
User Count SKU# Price SKU# Price
1000 IAV101KEDU $700 IAMT01KEDU $140
2000 IAV102KEDU $1,000 IAMT02KEDU $200
4000 IAV104KEDU $1,600 IAMT04KEDU $320
8000 IAV108KEDU $2,400 IAMT08KEDU $480
16000 IAV116KEDU $3,200 IAMT16KEDU $640
32000 IAV132KEDU $4,800 IAMT32KEDU $960
Unlimited IAV1UNLEDU $6,400 IAMTUNLEDU $1,280
Current AuditLogin Educational Pricing
Government and Education Pricing*
AuditLogin
Description SKU# Price
Gov/Education New Licenses
V3 Single Server ALV3NSSEDU $100
V3 Three Server Pack (save 25%) ALV3N3PEDU $225
V3 Site License ALV3NSTEDU $1,000
Gov/Education Maintenance
V3 Yearly Upgrade Protection and Maintenance Option*** ALMAINTEDU $350
Gov/Education Upgrade from Version 2
V3 Three Server Pack Upgrade** ALV3USSEDU $50
V3 Site License Upgrade ** ALV3USTEDU $500
Phase 2 – SIF-Enabled Identity Management• Detailed SIF Identity Management Design and Plan• SIF Production Pilot
– Two Schools and District Office– Knowledge Transfer and Training
• Full SIF Deployment Phase - Remaining Schools• Minimum Software Requirements
– Edustructures SIFWorks - SLA– SIS SIF Agent – Specific to vendor– NSure Identity Manager SIF Driver (DirXML) - SLA– Novell iChain – SLA– Hardware Requirements – Depends on Size of District
Phased Approach – Phase 2
User Provisioning / De-Provisioning
User Access Management
Content Management& Personalization
AuditLoginTrustFun
IUAdmin
File System Factory
Phase 1
Phase 2
Nsure Identity Mgr SIFWorks
Novell iChain
NW 6.5 Virtual Office eXtend
Portal
SIF-Enabled Identity Management Phases
Collaborative Learning
SIF Provisioni
ng
User
ZENWorks
NetMail®
Novell iChain
Extend Portal / Virtual Office
IUAdmin
AuditLoginInstructional
Services
eDirectory™
File System Factory
User
AuditLogin Report & Graph
DirXML
H.R. &Finance
VoiceTelephon
y
Library Automation
Student Information
Services
Transportation
FoodServices
Policy Based Storage
Home DirectoryClass Storage
Student ePortfolio
User
Faculty Students
Student Provisioning Phase 2
Q & A
TrustFun Rights Analysis
TrustFun Report
Trustee Assignment Detail