Gillette Road Middle School Fifth Grade Orientation May 8, 2014 7:00 P.M.
Meeting Date: August 5 th, 2010Time:2:00 PM – 3:00 PM Facilitator:Garry GilletteRecorder: G....
-
Upload
edwin-grant -
Category
Documents
-
view
213 -
download
0
Transcript of Meeting Date: August 5 th, 2010Time:2:00 PM – 3:00 PM Facilitator:Garry GilletteRecorder: G....
Meeting Date:
August 5th, 2010 Time: 2:00 PM – 3:00 PM
Facilitator: Garry Gillette Recorder: G. Gillette Location: FCC2A Conference Room Number of Pages: 1
Topic Time
FrameStart Time
Responsible
Meeting Kick Off 5 minutes 2:00 Facilitator Agenda 45 minutes 2:05 Facilitator Open Discussion 5 minutes 2:50 Project team Wrap Up 5 Minutes 2:55 Facilitator
Fermilab Identity Management (FIdM) Project Briefing Agenda
Tom Ackenhusen Sripada Joshi Amanda PetersenBill Boroski Mark O Kaletka Vacation Jack Schmidt
Vacation Eileen Berman Vacation Rich Karuhn Nelly StanfieldDave Shuman Vacation Rob Kennedy Peter StomenhoffDave Coder Mark Leininger Laura StoverIrwin Gaines Griselda Lopez Mark ThomsAnil Garg Al Lilianstrom Julie Trumbo
Garry Gillette Patty Mcbride Vicky WhiteVacation Gerald Guglielmo
VacationScott Nolan
AGENDA:
• Introductions• Project Directives• FidM Definition• FIdM Agile Deployment Timeline• Project Deliverable Review• Fidm & PeopleSoft Integration
Project Directives
» Single Source of Truth» Bidirectional Interface to Applications» Traceability of Computer Services Usage» Authorization Mechanism» Single Cut Off Point» Connection with External Entities (Shib-other LDAP)» Lightweight Guest ID
Fermilab Identity Management (FIdM)
• Identity Management (IdM) -- the set of business processes—and the supporting infrastructure service components—that create, maintain, and use digital identities within legal and policy contexts.
• Identity Management architectures integrate core components such as user provisioning, access management, identity lifecycle management, directory services, identity data content integration technologies, role management, federation, and identity audit.
• Why implement next generation FIdM?
• Streamline and automate biz process (on-boarding, reorg, etc.)• Role and Request-based Access and Authorization Management• Eliminate duplication of information• Improve security – password management, authentication services, real-time deprovisioning• TCO reduction for FIdM• Improve end-user experience• Keep current FIdM Systems supportable and maintainable (Oracle 10g 11g)• Regulatory compliance
Deliverable #1
Deliverable #1
Deliverable # 1Deliverable #2
Deliverable #3
Deliverable#4
Deliverable #2
Deliverable #3
Deliverable #4
Deliverable # 2
Deliverable # 3
Deliverable # 4
Development Environment
Staging Environment
PROD Environment
Deliverable #3
Pilot Environment
FIdM Agile Deployment TimelineDeliverable # 1
Dependency on resource commitment and availability
Deliverable # 2
Development• Transition Deliverables 1 and 2 from Pilot Dev (+ implement remaining Use-Cases)
• Complete Deliverables 3 and 4• Knowledge Transfer and Support for Team Fermilab • Team Fermilab are implementing D1-2 in Staging and Prod• Achieve Functional Parity with legacy Fermilab Infrastructure
Pilot • Implement initial Use-Cases• Fully functional Pilot FIdM approved by FIdM Steering Committee
• Multiple Pilot iterations expected to reach that point)
• 75% FIdM Infrastructure is online • 10g vs. 11g software decision • Virtual vs. Physical Environment Decision (Staging & Prod)
• Project Plan, Finalize Detailed Requirements, Design and Architecture Documentation Deliverables
• Documentation for Deliverables 1,2 and (partial) 3 complete
• Team Fermilab ready to begin Staging and Prod Deployments
FIdm Project Pilot and Development Stages
FIdM Project Staging and Prod Stages
Staging• Fermilab Staff implements FidM • Knowledge Transfer and Support provided to Team Fermilab
• Unit/Load/Acceptance Testing• Documentation• End-User Training
Prod• Team Fermilab implements FidM per • Unit/Load/Acceptance Testing• Documentation• Transition and Go-Live / CNAS to FIdM cut-over
• Post Go-Live Support• Establish Framework to Manage new FidM Functionality Requests
Pilot -- Deliverables: • Deliverable #1
– Stand up Environments , Infrastructure, DB, App Servers
– Install and Configure new Products– Next Generation Directory Services (11g) – Stand up Oracle Virtual Directory Services– Directory Services integrations: AD, LDAP, possibly KDC– Document all deliverables
• Deliverable #1 Accomplishments» Single Source of Truth» Connection Interfaces for External Entities» New 11g Infrastructure -- providing underpinning
baseline for other components; also maintains vendor support
» FSST Virtualization layer installed
August T0 September
2010
Pilot Phase: The Pilot phase constitutes the bulk of work to validate the FIdM roadmap. This deployment phase will be done in accordance with the project plan and initial design specifications identified in the discovery phase.
Pilot Phase Continued:
•Deliverable #2: AAAAA Service Framework
•AAAAA Services Framework will Provide:• Authentication– framework to consolidate existing
authentication mechanisms• Authorization – showcase RBAC• Audit – “Who, accessed What, When” reports• Administration – Full Centralized Life-Cycle
Management Framework for Accounts, Groups, Org-Unit, etc.
• Automation – Identity Workflow and Approval Engine, Self and Delegated Administration Services
•Accomplishments:• Traceability of Fermilab IT Services Use• Single Cut-Off Point (PoC mode)• Authorization Mechanisms • Lightweight Guest Self Registration• Interface for Connection to External Entities (Shib, Fed
ID)• Sign-off on all Pilot Deliverables
August T0 September
2010
OAM, OIM and 10g vs. 11g Release
– Pilot/Dev to be implemented on OAM 10g (per original plan)
–NEW: Also stand up IdM 11g in parallel in Pilot
– Provide Cost/Benefit Analysis of 10g vs. 11g– Pilot Decision Point: 10g vs. 11g
Oracle IdM Product 11g Release
– Deliverable #3 – Replace CNAS Interfaces with FSST
• Replace CNAS Interfaces with FSST • Bridge the gap from Pilot to Development • Full Documentation• Support Team Fermilab for Staging and Prod• Unit Testing• Acceptance Testing by Stakeholders
– FSST– Sign off on FSST Deliverable
– Accomplishments– Single Source of Truth– Bidirectional Interface to Applications– Traceability of Computer Services Usage– Authorization Mechanism
October to December 2010
Development Phase: The Development phase constitutes the bulk of the hours as will iteratively deploy the FIdm
solution. The development phase will be done in accordance with the project plan and final design specifications uncovered in the previous phase
• Deliverable #3 FSST Replaces 14 CNAS Interfaces
LDAP & Active
Directory
EBSProject/Task View
Modified Employee Records when they are entered/saved in PS
fnal_cnas_effdt Interface Table
Modified Employee Records Every 15 Minutes
HRMS/CNAS Interface
Table
CNAS
New Look-upTable Values
Direct Entry of Empoyees, Visitors, Contractors, and Locations
MIT KDC
W2K KDCKerberos Accounts
(New, Updates, Terminations)
Kerberos Accounts(New, Updates, Terminations)
People/Locations
Company Code/PA Organizations/Dept, Supervisor,
Timecard ApproverDaily Extracts
Computer Security
Compliance
AP Invoice Approval (Access)
ORG PLUS
Updated/Returing
Employees
SPIRES
VO/Grid
BSS Help Desk
BAAD
FESS
CD Online Phone
Directory
ES&H Systems & Database
CD/MIS Comp
All Other Web Queries that Search by
Name
Property Query
Sunflower
ListservAll Hands
Support Services Extract
FSST(Single
Source of Truth)
CNAS Stub
Development Phase Continued: – Deliverable #4 -- FSST Integration Development with HRMS
– Integrate FidM with HRMS solution– FSST, OIM, HRMS replace remaining CNAS Stub– Establish Framework to Manage new FidM Functionality Request s
October to December 2010
EBS Project/Task View
Modified Employee Records when they are entered/saved in PS
fnal_cnas_effdt Interface Table
Modified Employee Records Every 15 Minutes
HRMS/CNAS Interface
Table
CNAS
Direct Entry of Empoyees, Visitors, Contractors, and Locations
MIT KDC
W2K KDC
People/Locations
Company Code/PA Organizations/Dept, Supervisor,
Timecard ApproverDaily Extracts
FSST(Single
Source of Truth)
Kerberos Accounts(New, Updates, Terminations)
Kerberos Accounts(New, Updates, Terminations)
Updated/Returing
Employees
Direct Entry of Empoyees, Visitors, Contractors, and Locations
OIM
Updated/ReturingEmployees
New Look-upTable Values
New Look-upTable Values
Company Code/PA Organizations/Dept, Supervisor,
Timecard ApproverDaily Extracts
Project/Task View
People/Locations
Kerberos Accounts(New, Updates, Terminations)
Kerberos Accounts(New, Updates, Terminations)
– Resourcing Requirements during Deliverables 1- 4:
• FIdM Platform (hardware, VMWare, OS)• Networking• CNAS• Active Directory • OID LDAP• PeopleSoft• EBS
– Resourcing recommendations for Staging, Prod and Beyond – 1-2 FTEs
– 5 % FidM Steering Committee – 5% DBA and Platform Admins– 90% FIdM Maintenance & Continuous Integration
• 10% Maintenance and Operations of FIdM• 80% Continuous Fermilab App Integration and Business
Process Implementation
Staging and Prod Deployments:Fermilab Resourcing Recommendations
SummaryPilot -- 9/27
• Fully functional Pilot FIdM Approved and Accepted by Steering Committee (multiple iterations expected to reach that point)
• 75% FIdM Infrastructure is online • 10g vs. 11g software decision is made• Project Plan, Final Requirements, Design and Architecture Documentation Deliverables
• Documentation for Deliverables 1,2 and (partial) 3 complete• Team Fermilab ready to begin Staging and Prod Deployments
Development -- 12/31• Complete Deliverables 3 and 4 • End-to-end Unit and Acceptance Testing • Knowledge Transfer and Support for Team Fermilab (Staging & Prod)• (In progress) Team Fermilab are implementing D1 and D2 in Staging and Prod
• Establish Framework to Manage new FidM Functionality Requests
Q&A ?