1 / 36

TechNet Architectural Design Series Part 5: Identity and Access Management

TechNet Architectural Design Series Part 5: Identity and Access Management. Gary Williams & Colin Brown Microsoft Consulting Services. Live Meeting Information. Feedback Panel. Questions & Answers. Blog - http://blogs.technet.com/MCSTalks. Session 5: Identity and Access Management .

oren
Download Presentation

TechNet Architectural Design Series Part 5: Identity and Access Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TechNet Architectural Design SeriesPart 5: Identity and Access Management Gary Williams & Colin BrownMicrosoft Consulting Services

  2. Live Meeting Information... • Feedback Panel • Questions & Answers • Blog - http://blogs.technet.com/MCSTalks

  3. Session 5: Identity and Access Management Gary Williams – Identity Management Consultant Colin Brown – Security Consultant MCS Talks Infrastructure Architecture

  4. Agenda • Introduction to Identity Terminology • Challenges & Issues • Identity Environment – Fact Finding • Identity Solutions • Products • Architecture • Work Packages • Recommendations

  5. Introduction to Identity Terminology

  6. Introduction IDA Terminology • IDA / IAM / IdM • Digital Identity • Credential • Security Principal • Authentication • Identity Store • Identity Synchronisation • Identity Integration Services • Provisioning • Identity Lifecycle Management

  7. Introduction IDA Terminology • Entitlement • Authorisation • Trust • Identity Federation • Security Auditing • Access Services • Digital Certificates • Public Key Infrastructure (PKI) • Certificate Revocation List (CRL) • Encryption

  8. Challenges & Issues

  9. Islands Of ApplicationsHas lead to islands of identities Business Automation Customers (B2C) Company (B2E) Partners (B2B) Mobility Applications Client Server Internet Mainframe # of Digital IDs Time Pre 1980’s 1980’s 1990’s 2000’s

  10. Challenges & IssuesWhy do Identity Management projects fail? • Identity ecosystems develop organically • Fragmented identity infrastructures • One system is added at a time • Applications, Databases, Operating Systems • Each system potentially requires a unique identity repository • Changing organisation perimeter • Credentials often do not cross boundaries • Politics • Product/skillset knowledge

  11. Setting the scene What is it we are trying to achieve? Who I am What can I do Authentication Identity & Access Management : Providing the right people with the right access at the right time Authorisation Identity Store Monitoring/Audit Lifecycle Management / Administration

  12. Identity Environment – Fact Finding

  13. Identity Environment – Fact Finding • Identity Drivers & requirements • Extend reach and range • Increase scalability • Lowering costs • Balance centralised vs. distributed management • More general purpose & reusable • Product selection must achieve • Business justification • Work against business requirements • Source of truth (authoritative) repository • Main repository & list of other identity repositories • Identity Flow

  14. Identity Environment – Fact Finding • Information Quality • How and where is identity data created • How is it removed, maintained & synchronised • How is data creation, deletion or modification validated • Operational Procedures • Access rights to all systems • Hire / Fire procedures • Department or role changes • Role definition • Separation of duties (admin controls)

  15. Identity Solutions

  16. Solutions – Identity Products

  17. Solutions - Example Architecture

  18. Solutions – Planning Think strategically act tactically Phased approach This is generally not a technical problem Business processes Workflow definition An Identity and Access Management solution is a long term engagement

  19. Solutions – Work PackagesIDA Framework

  20. Solutions – White PagesArchitectural Overview

  21. Solutions – Provisioning & De-provisioning

  22. Solutions – Provisioning & De-provisioning

  23. Solutions – Password Management • Reduce credentials to a single password or PIN • Simplify the user experience • Reduce helpdesk overhead • Improve overall security

  24. Solutions – Auditing & Reporting • Record identity related events, such as: • Logon/off • Administrative actions • Object access • In order to be able to: • Reveal potential security problems • Ensure user accountability • Provide evidence

  25. Solutions – Profile Management • Capture or create business process to • Define identity profiles • Associate allowable actions • Delineate self-service and administrative actions

  26. Solutions – Role Based Access Control

  27. Solutions – Single Sign-On • Provide a single authentication action • In order to • Reduce user authentication events • Reduce authentication stores and associated management overhead

  28. Solutions – Directory Consolidation • Reduce the number of identity repositories • Complexity • Duplication • Administrative overhead

  29. Solutions – Securing Network Services • Provide a strong authentication mechanism • Provide 2 factor authentication • In order to • Secure network services • Provide security services to applications • Provide higher security assurance

  30. Solutions – Securing Network Services Root CA Issuing CA’s Manual Publish Log Shipping Mirroring Load Balancing RA1 SSL Web VPN TS1 SQL2 AD Exchange TS2 SQL1 RA2 Clients

  31. Solutions – Protecting Data Wherever It Goes • Active Directory • Authentication • Service Discovery • Group Membership • SQL Server • Configuration data • Logging • Cache • RMS Server • Certification • Licensing • Templates • MOSS 2007 • Document Libraries with IRM Workstation • Exchange 2007 SP1 • Pre-licensing Fetching

  32. Recommendations

  33. Goals of an IAM Strategy Secure, pervasive, consistent and reliable authentication and authorisation Open standards that allow integration across security boundaries. Reduce cost of managing identities Extending access to applications & files to out of office/mobile users Improve management and maintenance of user identities.

  34. IAM Strategy Recommendations Document IAM infrastructure. Produce fast results Address high risk areas early Increase integration between directory, security and application services Improve capabilities that promote finding organisational data

  35. IAM Strategy Recommendations Most IAM projects are bigger than organisations expect Not all technologies within IAM provide direct benefits though all are necessary for the complete framework Use the proper justification and benefit statements as part of your deployment

  36. Thank you for attending this TechNet Event Visit the blog at: http://blogs.technet.com/mcstalks Register for the next session, Desktop Deployment, at: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032390854&Culture=en-GB Ihr Potenzial. Unser Antrieb.

More Related