L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.

Slides:



Advertisements
Similar presentations
Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Advertisements

Leverage MarkITS for agile solutions delivery that balances strategic thinking with tactical execution for “Business & Technology Convergence” MarkITS.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Active Directory Integration with Microsoft Office 365
Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.
Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.
Understanding Active Directory
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.
Security Planning and Administrative Delegation Lesson 6.
Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation.
ArcGIS Server and Portal for ArcGIS An Introduction to Security
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
Tech Ed North America /24/2017 1:59 AM SESSION CODE: SIA327
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
U.S. Department of Agriculture eGovernment Program eGovernment Working Group Meeting February 11, 2004.
U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program.
Office 365: Identity and Access Solutions Suresh Menon Technology Specialist – Office 365 Microsoft Corporation India.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 10 Case Study: Conducting an Information Systems Audit.
Federico Guerrini IDA TSP, EMEA Incubation Team From Identity Synchronization to Identity Management.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
FROM MIT KERBEROS TO MICROSOFT ACTIVE DIRECTORY The Pennsylvania State University’s move from a lower case MIT Kerberos realm to a Standard Microsoft Active.
1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
SEC835 Identity and Access Management Overview. Tasks of IAM Specify the rules of electronic identity Maintain identity Validate identity Define access.
TechNet Architectural Design Series Part 5: Identity and Access Management Gary Williams & Colin Brown Microsoft Consulting Services.
Unified Address Book Security Implications. Unified Address Book Overview –What are we talking about –What is the Risk –What are we doing to minimize.
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
The Four Pillars of Identity: A Solution for Online Success Tom Shinder Principle Writer and Knowledge Engineer, SCD iX Solutions Group Microsoft Corporation.
Fermilab supports several authentication mechanisms for user and computer authentication. This talk will cover our authentication systems, design considerations,
EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.
Dr. Ir. Yeffry Handoko Putra
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.
Identity and Access Management
Basharat Institute of Higher Education
Secure Connected Infrastructure
Secure Single Sign-On Across Security Domains
Stop Those Prying Eyes Getting to Your Data
City-wide Active Directory Project Town Hall II
Enterprise Security in Practice
Data and Applications Security Developments and Directions
SaaS Application Deep Dive
THE STEPS TO MANAGE THE GRID
Azure AD Application Proxy
ESA Single Sign On (SSO) and Federated Identity Management
Access and Information Protection Product Overview October 2013
SharePoint Online Hybrid – Configure Outbound Search
Keeping Member Data Safe
Office 365 Identity Management
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
System Center Marketing
PLANNING A SECURE BASELINE INSTALLATION
Presentation transcript:

L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011

AxM Architecture and Deployment Planning Agenda Main Focus for Discussion. ◦ Problem Definition Currently have several different web application that all have a different ID and Password No web applications have strong authentication Need to utilize current AD credentials Need to use RSA token server for external access (currently used for VPN) Need to federate authentication between Web application and cloud solutions like SF.com (SAML protocol) Has to function with our gateway infrastructure ◦ Solution Analysis ◦ Deployment Planning 2

AxM Architecture and Deployment Planning Agenda Main Focus for Discussion. ◦ Problem Definition ◦ Solution Analysis ◦ Deployment Planning 3 week design phase starting 3/21 1 week for review internal to L’oreal 4 Weeks on AxM (Access Manager) 3 Weeks on FIM (Federated Identify Manager) 3

Problem Definition Understanding the Business Problem ◦ This session is for the RSA consultant(s) to understand the problem to be rectified or the requirement to be satisfied. Areas of discussion are: Business Issues L’Oreal USA’s Strategic Goals Strategic Application Infrastructure Review Tactical Timeframes Organizational Considerations IT Organizational Structure, Roles, and Responsibilities Resources: ◦ RSA Consultants ◦ Project Sponsor / Lead ◦ Others as appropriate 4

Problem Definition (Continued) Business Issue ◦ What brought on the requirement? L’Oreal is trying to design applications to be Cloud Savvy Allow external access with the need for workstation to be part of the domain ◦ Identify business goals and objectives. Seamless authentication between different application hosted internal and external 5

Problem Definition (Continued) L’Oreal USA’s Strategic Goals ◦ Long term strategic and Security strategies? Continue to have one standard solution that is expandable without the need for additional point solution infrastructure Single security enforcement point outside of the application Secure links that could violate entry point security ◦ 6

Problem Definition (Continued) Strategic Application Infrastructure Review ◦ Number of applications ROE, AFS, SharePoint, OWA (growing) ◦ Number of users 1,000 and growing ◦ OS / Application Platforms Windows 2008 SF.com ◦ Web servers IIS ◦ Future planned platform support No change planned 7

Problem Definition (Continued) Implementation and Tactical Timeframes ◦ Expected timeframe to address immediate problem: During the next three weeks we will be developing a design that will go to the CIO and head of Infrastructure for approval to proceed Looking to tackle IIS web based application like ROE & SharePoint Looking to have internal staff learn the process to deploy on future servers ◦ Architecture will be designed and built as a required solution for all applications that require external access via the L’Oreal DMZ ◦ Internal user should not get prompted for token passcode 8

Problem Definition (Continued) Organizational Considerations ◦ project stakeholders (Names, titles, addresses, and phone) ◦ Person responsible for solving the problem? ◦ Person(s) for implementing the solution? All infrastructure and application teams associated with applications mentioned ◦ Responsible Person(s) for maintaining the solution? Security team ◦ Technology areas that are affected by the implementing this solution? Security Application Network Operations 9

Problem Definition (Continued) IT Organizational Structure, Roles, and Responsibilities ◦ Technology Owners Security ◦ Data Owners Application team ◦ Application Owners (Applications integrating with) Different by application ◦ Enterprise & Network Architecture ◦ Enterprise Information Security 10

AxM Architecture and Deployment Planning Agenda Main Focus for Discussion. ◦ Problem Definition ◦ Solution Analysis ◦ Deployment Planning 11

Solution Analysis Understanding the Environment and Architecture ◦ This session is for the RSA to better understand the current environment and identify requirements for future Identity Management deployment. Topics of discussion: Technology Architecture Analysis Identity Management Technology Analysis Data Architecture Analysis Data Administration and Management Analysis Current Access Control Policies Application Architecture Analysis 12

Solution Analysis (Continued) Understanding the Environment and Architecture (Continued) ◦ Resources: RSA Consultants Project Lead Network Architect Enterprise Architect Data Owners Enterprise Information Security Application Owners Others As Needed 13

Solution Analysis (Continued) Technology Architecture Analysis ◦ Conceptual Architecture Number of domains, applications, sites – primary and backup. ◦ Network Architecture Firewalls, load balancers, NAT’ed, etc... ◦ Current IT Operational Policies Policies, including administration, as they relate to security. ◦ Current and Proposed Web Application Requirements Architecture and design, if available. 14

Solution Analysis (Continued) Identity Management Technology Analysis ◦ Authentication Mechanisms Current infrastructure in place to support authentication in all environments, ◦ Federated Identity Architecture Username mapping among participating environments Attribute exchange and mapping among participating environments ◦ Network Architecture Network changes needed for Identity Management support (firewall and port openings). ◦ Technology Architecture Web server and application server changes. 15

Solution Analysis (Continued) Data Architecture Analysis ◦ Enterprise Data Architecture Sources of directory information, logon information, shared application data repositories. ◦ Identity and Authentication Architecture How are user identities currently managed within each environment? How do users currently authenticate themselves within each environment? ◦ Data Migration What repositories will be used to populate Identity Management with user information? How will the data leveraged? For example, will there be bulk migration to Identity Management store, or will Identity Management be able to use existing data store). 16

Solution Analysis (Continued) Data Architecture Analysis (Continued) ◦ Data Maintenance What type of ongoing updates will be required (onetime or reoccurring)? ◦ 17

Solution Analysis (Continued) Data Administration and Management Analysis ◦ Identity and Authentication Mechanisms How are user accounts managed (creation/deletion/modification) How are users currently registered and enrolled into applications What authentication mechanisms are going to be used (Basic User ID & Password, SecurID, Certificate, Custom Auth – e.g. RACF)? If SecurID authentication, what will be the token distribution strategy ◦ Operational and Administrative Model 18

Solution Analysis (Continued) Current Access Control Policies ◦ How are access control privileges administered? ◦ What policies exist today for user and data management? Application Architecture Analysis ◦ Tactical Application(s) Application(s) initially deployed using Identity Management Number of users Data repositories Current authentication and authorization mechanisms by platform 19

Solution Analysis (Continued) Application Architecture Analysis (Continued) ◦ Delegated Administration What type of administrators and who is responsible for web servers, users, applications, etc.? Are administrator’s customer administrators, helpdesk, application owners, or operational owners? Will they have cross functional duties (e.g. setup web servers and manage users)? 20

Solution Analysis (Continued) Application Architecture Analysis (Continued) ◦ Authorization and Policy Administration How will application authorization be administered, URL, granular (method level), or in something in between? How will users be given entitlements; group role membership, smart rules, hybrid? Identify password policies. How will user entitlement be managed and by who? ◦ Security Analysis Auditing and logging needs. Level of data privacy of transactions between systems. Authentication requirements for varying levels of data. 21

AxM Architecture and Deployment Planning Agenda Main Focus for Discussion. ◦ Problem Definition ◦ Solution Analysis ◦ Deployment Planning 22

Deployment Planning To determine the feasibility of meeting the objectives stated above and adjust the schedule or prioritize application integration if necessary and appropriate. Specific tasks may include: Business Objectives ◦ High-level Initial Technology Architecture ◦ Data Migration and Integration Planning ◦ Application Migration and Integration Planning ◦ Rollout and Operational Management Issues/Planning 23

Deployment Planning (Continued) Resources: ◦ RSA Consultants ◦ Project Lead ◦ Others as appropriate 24

Deployment Planning (Continued) Business Objectives ◦ Review business objectives to ensure that proposed solution meet stated goals. High-level Initial Technology Architecture ◦ Identify critical milestones for deployment. ◦ Create a high level plan for implementing recommendations and the deployment of Identity Management. ◦ Physical environment considerations (i.e. hardware, consulting support). ◦ Making recommendations on Identity Management implementation and support plans for production level services. 25

Deployment Planning (Continued) Data Migration and Integration Planning ◦ Identity and Authentication data repository migration and/or integration plan. ◦ Authentication Strategy. ◦ Authorization, Policy, and Administrative data management approach. ◦ Enrollment of end users and setting up administrators and their roles. 26

Deployment Planning (Continued) Application Migration and Integration Plannin ◦ Recommendations for processes and procedures required for success of the deployment, including any future development work for automation of user attribute information gathering. ◦ Create a high level plan for target application integration. ◦ Custom application and/or Identity Management development that may be needed. 27

Deployment Planning (Continued) Rollout and Operational Management Issues/Planning ◦ Identifying potential rollout and deployment obstacles. ◦ Requirements for integration into external database(s) and other resources. ◦ Integration of products/services and integration with 3 rd party products (i.e., , other I&A systems, core Identity Management protected applications). 28

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.