Mgs Fed Portal
-
Upload
nirmala-last -
Category
Technology
-
view
401 -
download
0
Transcript of Mgs Fed Portal
Copyright Copyright 2003 MG Solutions LLC (MGS). All Rights Reserved2003 MG Solutions LLC (MGS). All Rights Reserved
Copyright & Disclosure © 2003 All rights reserved. No part of this document may be reproduced in any form including photocopying or translation to another language, without prior consent of MG Solutions LLC.
This document in no way implies a commitment to perform any or all of the functions described herein, unless accompanied by a signed Statement of Work specifically mentioning this version of the document.
This document contains confidential material and requires written permission to be disseminated outside of MGS.
Federated Identity Portals
Creating A Global Delivery Platform
Copyright Copyright 2003 MG Solutions LLC (MGS). All Rights Reserved2003 MG Solutions LLC (MGS). All Rights Reserved
Copyright & Disclosure © 2003 All rights reserved. No part of this document may be reproduced in any form including photocopying or translation to another language, without prior consent of MG Solutions LLC.
This document in no way implies a commitment to perform any or all of the functions described herein, unless accompanied by a signed Statement of Work specifically mentioning this version of the document.
This document contains confidential material and requires written permission to be disseminated outside of MGS.
Presentation Outline:
The Big Picture: Expanding The Portal ROI
Taking A 360° Degree View To Application Development & Services Deployment
Impact Of Federated Portals
Copyright Copyright 2003 MG Solutions LLC (MGS). All Rights Reserved2003 MG Solutions LLC (MGS). All Rights Reserved
Federated Identity Portal ROI
What often times started as a specific purpose portal can be expanded to become a Global Delivery Platform for services and content – taking fully advantage of Sun’s core infrastructure focus:
First Stage:
Specific Purpose Portal (i.e. Employee Portal)
Global DeliveryPlatform
• Global Directory Services
• Content Management
Secure Remote / Mobile Access
• Enterprise SSO and Global SSO (Federation)
• Application Development Framework
Increasing PortalROI
• Services Inventory Management
Copyright Copyright 2003 MG Solutions LLC (MGS). All Rights Reserved2003 MG Solutions LLC (MGS). All Rights Reserved
The Big Picture: Creating A Global Delivery Platform Via Federated Identity Portals
First Stage:
Specific Purpose Portal (i.e. Employee Portal)
• Application Development Framework
Increasing PortalROI
Companies can reap great rewards and cost savings from designing and developing applications using the Federated Portal Concept:• Component based development• Expand use of portlets using WSDL • Easily integrate new services with other JSR 168 compliant portal environments• Simplify integration of external applications / services using GSO• More standards based integration points (STRUTS support)
Copyright Copyright 2003 MG Solutions LLC (MGS). All Rights Reserved2003 MG Solutions LLC (MGS). All Rights Reserved
Federated Portals Serving As An Application Development Framework
WSDL services can be utilized within the portal or elsewhere
By using portals as an application framework, development can be done in a modular fashion, since adding / changing features will not impact the overall services of the web site
GSO allows companies to extend easy access to new services provided by partners, etc. instead of expensive integration efforts
JSR 168 compliant development allows for easy reuse (exchange) of portlets in other compliant environments
WSRP – invoke remote portlets from other web/portal instances
Copyright Copyright 2003 MG Solutions LLC (MGS). All Rights Reserved2003 MG Solutions LLC (MGS). All Rights Reserved
The Big Picture: Creating A Global Delivery Platform Via Federated Identity Portals
First Stage:
Specific Purpose Portal (i.e. Employee Portal)
• Enterprise And Global Identity Management
Increasing PortalROI
Companies can reap great rewards and cost savings from taking advantage of the underlying Identity / Directory Services of the Federated Portal Concept:• Manage external users and their access by using the same building blocks & tools as deployed for the enterprise• Create common access validation architectures among CoT’s• Delegate access control as needed to any of the offered portal services as opposed to managing each underlying application access individually
Copyright Copyright 2003 MG Solutions LLC (MGS). All Rights Reserved2003 MG Solutions LLC (MGS). All Rights Reserved
Global Delivery Architecture
Building A Global Delivery Infrastructure Solution
ExternalClient
Sun Gateway Servers
Content / DocumentManagement Services are managed through the Portal/Identity Server’s Profiles/Policies to provide for consistent Content Work Flow and only authorized access to any of the Portal Content (Doc’s, RDBMS based content, etc.)
Sun Portal Servers & Sun Application Server (or Third Party Application Server) including Middleware Connectors
Existing Applications and Services are protected via the Sun agents to ensure only authorized access. Mainframe and other non-web enabled apps are delivered through Citrix integrated emulation software. The Citrix Password Manager handles Mainframe and Client/Server applications.
InternalClient
Firewall 1
DMZ
Firewall 2
Enterprise wide LDAP Sun Directory Services including Meta Directory Services
Building A Global Delivery Infrastructure Solution
ExternalClient
Sun Gateway Servers
Content / DocumentManagement Services are managed through the Portal/Identity Server’s Profiles/Policies to provide for consistent Content Work Flow and only authorized access to any of the Portal Content (Doc’s, RDBMS based content, etc.)
Sun Portal Servers & Sun Application Server (or Third Party Application Server) including Middleware Connectors
Sun Identity Server enforcing global Network Identity Services including Policy / Role based Authentication and Authorization consistently for Extranet as well as Intranet users that can extend to Federated GSSO. The WaveSet component handles workflow based provisioning to various backend system’s user stores.
InternalClient
Firewall 1
DMZ
Firewall 2
Enterprise wide LDAP Sun Directory Services including Meta Directory Services
Copyright Copyright 2003 MG Solutions LLC (MGS). All Rights Reserved2003 MG Solutions LLC (MGS). All Rights Reserved
Infrastructure Solution for Network Identity
Portal Portal Server Server
Directory Directory Server Server
Central Directory Central Directory
Application SecurityApplication Security
Certificate SevicesCertificate Sevices& Management& Management
CustomerCustomer
Employee Employee SupplierSupplier
PartnerPartner
PBXPBX HR HR DatabaseDatabase
MessagingMessagingServerServer
MS ActiveMS ActiveDirectoryDirectory
Identity Provisioning Identity Provisioning & Synchronization & Synchronization Identity ManagementIdentity Management
ProfilesProfiles/Attributes/Attributes
AuthorizationAuthorization
AuthenticationAuthentication
AdministrationAdministration
WaveSet Workflow Management WaveSet Workflow Management
● Java System Identity Server
Central Access Management,authentication, Web SSO, federation, self-service, delegated authority
Identity Identity Server Server
SSOSSO
AuditAudit
FederationFederation
Self-serviceSelf-service
PoliciesPolicies
MetaMeta––Directory Directory
Java System Directory Server● Stores Identity Profiles● Massive Scalability● Multi-platform
Java System Meta-Directory Server / WaveSet Provisioning● Consolidates & Synchronizes Identity Information● Works with Microsoft Active Directory
● Java System Portal Server integrated with Citrix Web Interface and Citrix Password Manager
Copyright Copyright 2003 MG Solutions LLC (MGS). All Rights Reserved2003 MG Solutions LLC (MGS). All Rights Reserved
Creating A Common Access Validation Architecture - CAVA
ClientClient
Organization A Web Organization A Web Services secured Services secured and managed by the and managed by the Local Identity Local Identity Infrastructure (Infrastructure (LPDLPD))
Organization D Organization D Web Services Web Services secured and secured and managed by the managed by the Local IdentityLocal Identity Infrastructure Infrastructure ((LPDLPD))
Organization C Organization C Web Services Web Services secured and secured and managed by the managed by the Local Identity Local Identity Infrastructure Infrastructure ((LPDLPD))
AuthNAuthN based on based on CAC or CAC or UserID/Password UserID/Password AuthenticationAuthentication
GPDGPD
GPDGPD
CoTCoT
IdPIdP
IdPIdP SPSP
SPSP
GSOGSO
GLOGLO
AuthZAuthZ
AuthZAuthZ
GPDGPD
IdPIdP SPSP
GPDGPDIdPIdP SPSP
AuthZAuthZ
AuthZAuthZ
Organization B Organization B Web Services Web Services secured and secured and managed by the managed by the Local Identity Local Identity Infrastructure Infrastructure ((LPDLPD))
Copyright Copyright 2003 MG Solutions LLC (MGS). All Rights Reserved2003 MG Solutions LLC (MGS). All Rights Reserved
The Big Picture: Creating A Global Delivery Platform Via Federated Identity Portals
First Stage:
Specific Purpose Portal (i.e. Employee Portal)
• Services Inventory Management
Increasing PortalROI
Companies can reap great rewards and cost savings from managing their applications as a centralized Services Inventory using the Federated Portal Concept:• Coordinate more easily SW releases and license requirements due to centralized delivery• Monitor service quality and performance centrally• Arrive at broader needs analysis based on global analytics data• Organize services more efficiently and avoid redundancy
Copyright Copyright 2003 MG Solutions LLC (MGS). All Rights Reserved2003 MG Solutions LLC (MGS). All Rights Reserved
Service Inventory Management
Steps Towards Creating A Services Inventory Via Federated Identity Portals:
• Organize Portal Content/Applications as Services using Tabs / Nested Tabs
• Create Reports:• To Monitor Usage Of Specific Services (Applications or Content)• To Monitor Service Quality (Uptime, Response Delays, etc.)• To Bill Users For Specific Services• To Identify Redundant Or Unused Services• To Centrally Manage SW License Needs/Purchases
• Create A Deployment Infrastructure:• To Automate Distribution Of New/Modified Applications• To Automate Publishing Of New Content
Copyright Copyright 2003 MG Solutions LLC (MGS). All Rights Reserved2003 MG Solutions LLC (MGS). All Rights Reserved
Example: Measurement Of Portal
1.) Portal Usage Based Measurement • Tracks login and logout time• Provides for Time Out Reminder feature• No channel / application level changes required• Least details, but simplest approach• Provides for overall portal usage based Bill Back Information
2.) Services (Tabs) Based Usage Measurement• Tracks login and logout time• Provides for Time Out Reminder feature• Tracks switching of Tabs• No channel / application level changes required• Provides for service centric Bill Back Information
3.) Applications Based Usage Measurement• Tracks login and logout• Provides for Time Out Reminder feature• Requires channel / application level changes• Tracks usage per channel and underlying application• Most detailed Bill Back Information
Copyright Copyright 2003 MG Solutions LLC (MGS). All Rights Reserved2003 MG Solutions LLC (MGS). All Rights Reserved
Impact Of Federated Identity Portals
By Building Out A Global Delivery Platform Based On Federated Identity Portals:
• Companies will be able to save millions in integration costs typically associated with trying to incorporate each others services
• Companies will be able to reuse their IT investments in the broadest sense saving them millions in leveraged HW/SW and development costs
• Companies will be enabled to enforce a consistent service delivery model, that allows them to increase quality across the board while providing for a faster delivery of new applications and content
• Companies can rely on a strong security model that extends seamlessly from intranet to extranet, and from internal users to external users
• Companies can rely on a standards based approach for application dev / integration as well as identity services validating their investments for many years to come
Copyright Copyright 2003 MG Solutions LLC (MGS). All Rights Reserved2003 MG Solutions LLC (MGS). All Rights Reserved
Sun Microsystems, Inc.www.sun.com
Citrix, Inc.www.citrix.com
MGS - MG Solutions LLCwww.mgsportal.com
THANK YOU
Copyright Copyright 2003 MG Solutions LLC (MGS). All Rights Reserved2003 MG Solutions LLC (MGS). All Rights Reserved
APPENDIX
Copyright Copyright 2003 MG Solutions LLC (MGS). All Rights Reserved2003 MG Solutions LLC (MGS). All Rights Reserved
Quick Glossary
Auth N AuthenticationAuth Z AuthorizationGSSO / GSO Global Sign ONGLO Global Logout
SAML Security Assertion Markup Language
SOAP Simple Object Access ProtocolPKI Public Key InfrastructureCoT Circle of TrustIdP Identity ProviderISF Identity Services FrameworkSP Service ProviderUDDI Universal Description Discovery and IntegrationLPTA Leightweight Third-Party Token AuthenticationJCO Java Connector ObjectJCA Java Connector ArchitectureWSDL Web Services Description LanguageBPC Business Process Connector